How can US law enforcement agencies access your data? Let’s count the ways

A brazen hack that exposed consumer data collected by Apple and the Facebook-parent company Meta has raised fresh questions about how secure our data is in the hands of tech companies and how easily law enforcement can get hold of the information big tech collects.

It was revealed last week that hackers obtained the information of some Apple and Meta users by forging an emergency legal request, one of several mechanisms by which law enforcement agencies can request or demand that tech companies hand over data such as location and subscriber information.

Lawmakers and privacy advocates argued the forgery was a warning sign that the system is in need of reform. "No one wants tech companies to refuse legitimate emergency requests," but the current system has "clear weaknesses", Senator Ron Wyden said in a statement following the hack.

A review of the myriad ways tech companies share consumer data with law enforcement agencies reveals that it's often fairly straightforward for such bodies to get their hands on consumer data. "[Your data is] pretty much all available to the government in one form or another," said Jennifer Lynch, the surveillance litigation director at the digital rights group the Electronic Frontier Foundation.

"One of the real challenges with technology these days is that it is next to impossible to figure out exactly all the data that companies are collecting on us and to exert any kind of control over what happens to that data," added Lynch.

An emergency legal request, like the one the hackers forged, for instance, doesn't require a subpoena or warrant, unlike many other legal requests. It's supposed to be reserved for exceptional situations: Apple considers legal requests an "emergency" if "it relates to circumstance(s) involving imminent and serious threat(s) to: 1) the life/safety of individual(s); 2) the security of a State; 3) the security of critical infrastructure/installation". But, as the hackers have shown, it can be easily exploited.

Apple and Meta did not respond to a request for comment.