Apple has long had a reputation for being the most buttoned-up tech firm around. Its internal security team is notoriously paranoid, and most of the leaks that we hear about come from supply-chain sources, rather than Cupertino.
But that doesn’t mean that Apple is impervious to leakers, and the last 12 months have been a little worse than usual. We had almost all the specs on the iPhone X before it launched, and new software features or products are routinely spilled to the press before Apple can officially launch them. To try and stem the rising tide, Apple sent a memo to its employees, warning them to stop leaking internal information, or face criminal charges. As we’d expect, the memo was promptly leaked to Bloomberg.
Bloomberg posted the memo in its entirety at the bottom of the article, and the tone of the memo is equal parts advisory and subtly threatening. “In many cases, leakers don’t set out to leak. Instead, people who work for Apple are often targeted by press, analysts and bloggers who befriend them on professional and social networks like LinkedIn, Twitter and Facebook and begin to pry for information,” the memo says. “While it may seem flattering to be approached, it’s important to remember that you’re getting played.”
The memo goes on to explain the work that Global Security, Apple’s internal division focused on containing leaks, does to keep company information safe. According to a Global Security presentation leaked to The Outline last year, the department employs an undisclosed number of investigators who previously worked “at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.” The memo describes in detail some of the department’s success in the last year:
Investments by Apple have had an enormous impact on the company’s ability to identify and catch leakers. Just before last September’s special event, an employee leaked a link to the gold master of iOS 11 to the press, again believing he wouldn’t be caught. The unreleased OS detailed soon-to-be-announced software and hardware including iPhone X. Within days, the leaker was identified through an internal investigation and fired. Global Security’s digital forensics also helped catch several employees who were feeding confidential details about new products including iPhone X, iPad Pro and AirPods to a blogger at 9to5Mac.
Last year Apple caught 29 leakers.
Leakers in the supply chain are getting caught, too. Global Security has worked hand-in-hand with suppliers to prevent theft of Apple’s intellectual property as well as to identify individuals who try to exceed their access. They’ve also partnered with suppliers to identify vulnerabilities — both physical and technological — and ensure their security levels meet or exceed Apple’s expectations. These programs have nearly eliminated the theft of prototypes and products from factories, caught leakers and prevented many others from leaking in the first place.
The memo rounds out with a cautionary warning about the dangers of leaking. “Leakers do not simply lose their jobs at Apple. In some cases, they face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes,” the memo says. “In 2017, Apple caught 29 leakers. 12 of those were arrested. Among those were Apple employees, contractors and some partners in Apple’s supply chain. These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere.”
The overarching message of the memo is that “leaks are completely avoidable,” but anyone who does leak to the press on purpose can expect to be found by Apple’s well-resourced security department and prosecuted to the fullest possible extent. The irony in all of this, though, is that the worst leak in Apple’s history wasn’t on purpose, but rather the result of an employee accidentally leaving a prototype iPhone 4 at a bar.