advertisement
A Delhi court on Wednesday, 25 September, directed technology company Apple to give location details of expelled BJP MLA Kuldeep Singh Sengar’s phone on the day he is accused to have raped a 17-year-old girl from Unnao.
District Judge Dharmesh Sharma, holding an in-chamber proceedings, directed the iPhone-maker to file the reply by 28 September when it will next hear the matter, a lawyer related to the case said.
The company has a centralised and standardised process for receiving, tracking, processing, and responding to legal requests. The Quint answers questions on what happens when Apple or a phone manufacturer/service provider is sent a request to provide data on its customers.
Apple has a good track record in complying with lawful legal requests from Indian law enforcement authorities. According to Apple’s Transparency report for the period July - December 2018, it complied with over 50 percent requests in all the four categories of requests it received from India:
According to Apple’s transparency report, the company has “a centralised and standardised process for receiving, tracking, processing, and responding to legal requests from law enforcement, government, and private parties worldwide, from when a request is received until when a response is provided.”
The request by the Delhi court may not seem irregular to those familiar with these kinds of cases, as Call Detail Records (CDR) are commonly used in criminal trials to establish location of an accused.
Law enforcement agencies are allowed to access CDRs under the licences agreed by telecom companies, provided the request is authorised by the appropriate officials.
However, location data from the manufacturer of a phone is not the same as a CDR, and the legal procedure for this will be different.
Central to this will be an assessment of whether or not the right to privacy is infringed by this request – location data from Sengar’s phone would no doubt be something he would have a legitimate expectation of privacy over.
Of course, there are circumstances under law whereby even the fundamental right to privacy can be restricted. The Supreme Court has evolved a four step test of proportionality for such a situation. Applying it to the current fact situation, it would go something like this:
The Delhi court is expected to have asked itself these questions before issuing this order, though it is unclear at present how rigorous a proportionality analysis has been conducted here.
Question 1 itself may be hard to answer, as the basis for asking Apple for this information is not certain, unlike a request to a telecom company.
Question 3 could also go against this request, though a lack of CDRs given the time frame, could rule out other effective alternatives.
Apple does not comply with requests asking them to unlock a phone or provide biometric details of its customers.
Apple had a famous public spat with the Federal Bureau of Investigation (FBI) in 2016 when it asked Apple to break encryption and unlock the phone of a dead gunman from the San Bernardino mass shooting in California on 2 December 2015.
“...encryption to protect our customers’ personal data because, we believe, it’s the only way to keep their information safe,” Cook had written in the letter.
“If Apple has the data with itself and the contents of the legal order satisfy its privacy policy, it will have the technical ability to provide such location data. Some elements of location data are stored in the device itself. However, location data may also be queried by third party apps, like Google Maps, or backed up to Apple servers,” said Apar Gupta, executive director, Internet Freedom Foundation.
“Therefore the availability of personal information, as to whether it is stored locally on the device or whether it is available, will determine compliance. This, to a degree, also depends on user preferences and privacy settings regarding GPS data which differs across individual smartphones,” Gupta added.
Sengar could potentially file a writ petition in the high court to ensure the proportionality test is properly applied. Even Apple could contest this, especially if, for instance, there is no law/rule under which such a request could have been made to them. Apple’s response on 28 September could, therefore, become a crucial flash point for privacy, much like the case in the USA.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)