It’s no secret that a culture of secrecy exists at Apple, but even so, Apple leaks are quite frequent. Tim Cook pledged that the company would double down on security in 2012, and a new report reveals that Apple is already getting results. Ironically, however, the revelations come from an internal briefing at Apple that took place earlier this month. That briefing was probably supposed to be kept secret, but it leaked out anyway.
Stopping Leakers – Keeping Confidential at Apple is the title of the briefing, and it was obtained by a blog called The Outline. It’s an hour-long presentation in which Apple’s Global Security team members explain how they work around the world to prevent leaks coming from Apple’s campus as well as from the company’s its extensive supply chain.
The people enforcing secrecy and investigating leaks come from intelligence backgrounds, which sounds like the kind of education you need to catch leakers. David Rice, head of Apple’s Global Security for more than six years now, worked at the NSA as a Global Network Vulnerability Analyst for four years. Before that, he was a Special Duty Cryptologist in the U.S. Navy.
Other members of the team come from the FBI, the US Secret Service, and the US military. These are the anti-leak employees who work around the clock to prevent unreleased Apple devices from making the news. Apple even embeds security officers with teams that need to maintain secrecy, and has internal procedures in place to deal with leaks that may occur between employees working on secret programs and employees who don’t have clearance.
The report reveals that the security team was able to address some of its supply chain leak problems, and that it discovered leakers on its own campus.
In China, for example, Apple has put in place a screening procedure that rivals the TSA. “Their peak volume is 1.8 million a day. Ours, for just 40 factories in China, is 2.7 million a day,” Rice said during the briefing.
“In aggregate, we do about 221 million transits a year. For comparison, 223 million is the top level volume for the top 25 theme parks in the world,” he added. “So this is just one big theme park. People coming in, coming out, there’s billions of parts flying around at any given instance. So you marry up a bunch of parts moving around plus a lot of people moving around and it’s no wonder that we don’t leak even more.”
Rice revealed that financial incentives are what convince workers to smuggle parts out of factories. These parts quickly end up in the media, as they are sold on the black market. In 2013, Apple had to buy back 30,000 iPhone 5c enclosures to prevent them from reaching the news. In 2014, Apple had 387 enclosures stolen, and the number dropped to 57 in 2015, 50 of which were stolen on the night of a product announcement. In 2016, Rice says the company produced 65 million housings, and only four were stolen.
The briefing also detailed two cases of leaks that originated from Apple’s campus. The leakers were caught last year. To get one of them, the security team spent three years investigating the matter. One of the leakers started talking to a journalist over Twitter, the report notes, while the other had a preexisting friendship with a reporter.
Only a few weeks ago, John Gruber wrote on his blog that well-known Apple leaker Mark Gurman did not get that many scoops this year ahead of WWDC 2017. That’s something Rice is apparently proud of, although a connection between Gurman and the leakers that were caught was not made.
What the briefing doesn’t appear to address is controlled leaks. After all, the Apple leaks keep on coming in spite of the Global Security team’s work. That either means they’ve yet to catch all the leakers, or some of these leaks are orchestrated by Apple’s PR team.