Access Denied! Why You Should Care about Net Neutrality

This article was originally featured on the Truman National Security Project’s Doctrine Blog on April 26, 2017.

If you get frustrated when it takes longer than normal for a site to load or appreciate the freedom to visit the site of your choosing without impediment, you should be watching what happens with net neutrality.

But what is net neutrality? Often referred to as “Open Internet,” net neutrality is the underlying principle of the Internet that internet service providers (ISPs) provide open and consistent access to any application or content that rides over their networks. This prevents ISPs that provide broadband and telecom service, like AT&T and Comcast, from also providing preferential treatment to companies willing and able to pay more for faster speeds. After all, if ISPs aren’t required to maintain consistent connectivity, consumers will likely limit their searches and consumption to sites that load easily.

Net neutrality additionally prevents the ISPs from blocking content of their choosing, which becomes important in that such blocking can put limits on free speech and press. The Internet is often a platform for marginalized voices. Small businesses, people of color, citizens of oppressive regimes, and activists can use the Internet to amplify their otherwise discreet and often silenced messages. Without net neutrality, ISPs could block unpopular speech and prevent dissident voices from speaking freely online. Without net neutrality, we may not know of many of the injustices perpetuated around the world or in our own back yard! On another note, less politically harmful but equally as disruptive, you may not be able to find the business or product you’re looking for or watch the movie of your choosing without an additional fee. Equally alarming, limited access to information and content can also impede competition, therefore potentially manipulating the market.

No matter your economic status, political beliefs, racial identity, sexual orientation, or ISP, you deserve to have the same access to any website you choose to visit. However, FCC Chairman Ajit Pai has a draft plan, which he has not presented publicly, that will reportedly severely weaken net neutrality rules for all. Instead of clear rules that require ISPs to treat all data the same, Pai is proposing a voluntary system where providers promise in writing they will not block web pages or slow down traffic. Theoretically, under his plan, as long as ISPs commit to protecting net neutrality in their terms of service, the FCC can eliminate its rules defaulting to the Federal Trade Commission (FTC) to punish ISPs that do not comply with their net neutrality promises.

This may sound “ok” on the surface, but ISPs would only be bound by net neutrality requirements to the extent they promise to follow them — no standardization or mandatory level of protection. This type of voluntary system leaves too much room for “creativity” on how to make money by manipulating internet traffic or how to silence unwelcomed perspectives. Importantly, this construct would require changes to FTC Act, leaves unclear how consumers would know whether content is being blocked in order to file a claim, and requires claims be tied to consumer harm. Additionally, there isn’t enough competition among telecom and broadband providers to demand compliance. Not to mention, there is little to stop ISPs from removing net neutrality clauses from their terms of service in the future.

Essentially, the greatest attribute of the Internet is its freedom, and the ability to search without restriction or limit is fundamental to such freedom. Rolling back current consumer and competition protections stands in direct opposition to maintaining a free and open internet.

In 2014, citizens and businesses successfully cried out for protection from manipulation of service speeds and paid prioritization. Then FCC Chairman Wheeler released rules, “the Open Internet Order,” one year later. Earlier this month, current FCC Chairman Pai discussed plans for net neutrality with the Internet Association — a lobbying group representing Facebook, Google, Twitter, and other large tech companies — and the organization took to the media to underscore their support for these rules. Internet Association members have made clear they are prepared to fight against any dilution of net neutrality rules. Hopefully, this strong show of support for strong net neutrality will cause Chairman Pai to reimagine his plan.

On the heels of President Trump signing the Congressional resolution to overturn Internet privacy rules — the first sign of an agenda to roll back FCC protections implemented in recent years — Pai’s inclination toward a voluntary framework is a call to vigilance, if not a call to action, for those invested in and enjoying net neutrality.

This week, members of Congress have answered the call by requesting Pai to reveal his net neutrality plans. Democracy and a stable economy demand access to information. Every citizen and business who values the freedom to search the Internet without restrictions and receive all content consistently should lend their voice to preserving net neutrality rules.

View at Medium.com

Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to thedigitalcounselor@gmail.com. I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

The Future of the Internet of Things: Utopia or Disaster?

Guest post by Mr. Leon Silver.

Leon Silver, National Practice Group leader of Gordon & Rees’ Retail & Hospitality Practice Group and a privacy law expert, hosted a seminar on Privacy and The Internet of Things on June 25 at the State Bar of Arizona annual convention at the Arizona Biltmore. He provided this recap of the discussion.

Throughout the many articles and blog posts on the topic of the Internet of Things (IoT), I’ve noticed a recurring theme. Everyone is talking about the fact that no one is talking about the privacy implications of ubiquitous connectivity and data mining through the IoT. This summer I had the opportunity to lead a panel discussion at the Arizona State Bar convention to further the conversation about privacy and security on the Internet of Things.

The panel included K Royal, Privacy Counsel at CellTrust, Inc., an attorney and compliance professional with over 20 years of experience in the legal and health-related fields; Dan Christensen, Global Group Counsel of IT, Privacy & Security at Intel Corporation; and David Bodney, partner at Ballard Spahr, LLP, a litigator focusing on media and constitutional law.

I kicked things off by posing the question of the day: “Will the Internet of Things result in a utopian future, or a dystopian future?”

I then asked the audience not to shut off in our back pockets, but to grab their phones, turn them on and make use of them to actively share the information being discussed. My intention? To spark more of the very conversations the seminar was seeking to have.

We were honored to have guest speaker Frank Jones, vice president of the Internet of Things Group and general manager of the Operations and Group Marketing Division at Intel Corporation, share his insight with the group. Mr. Jones provided an overview of the vast scope and rapid progress being made on the IoT. He explained that in today’s world, we create as much electronic data every two days as we did from the dawn of civilization up until 2003.

The IoT will help solve challenges around the globe, he explained, by driving growth and helping to solve critical problems such as illiteracy and water supply. According to Mr. Jones, this movement is already in process and actually began with the introduction of the smartphone.

Intel is committed to making this a positive movement, he said. “The core value and base of IoT will be security,” said Mr. Jones. “Without security as the foundation, nothing is possible.”

In order for IoT to progress, “cooperation across the industry is necessary.” Mr. Jones said companies that are otherwise competitors will have to join forces and create a uniform platform to make way for IoT because this is something that can’t be done alone. With security as the foundation and an established industry-wide standard, adopting IoT to generate global solutions will be a reality.

In his words, IoT is about connecting the unconnected and unleashing data to enable unprecedented transformations. IoT will touch everyone on Earth.

So how much connectivity can we bear to have in our personal life?

As ideal and exciting as IoT seems to be, the panel, the audience and I were all too aware of the dangers and risks associated with this new era of technology.

I asked if the one layer of security that manufacturers build into systems is enough to protect us. Mr. Christensen replied, “No it’s not. One layer at the base is not enough.” He explained that IoT is like turning a house with only one, easily secured window, into a glass house. Massive vulnerability will be created, resulting in a lack of control. Repurposing of information will be an issue, the quality of user consent will be crippled, and jurisdiction creep will become a serious issue. How will security policies/laws change from country to country? These are just a few of various concerns raised by Mr. Christensen.

When asked who would own our personal information in this IoT era, Mr. Bodney said this would depend on the agreement. Very much like today, “If you want to participate, you are consenting.” It is unknown, however, how the law will treat this issue when data is collected without consent and in the gray areas of a person’s reasonable expectation of privacy. The commercial and private use of drones, for example, has raised far more questions than have been answered.

Ms. Royal questioned whether you could own private personal data when each country defines “private personal data” differently. In the U.S., federal rights to privacy are for customers of certain industries (education, health, financial). Other countries, however, ascribe privacy rights on the basis of being an individual, rather than being a consumer. While most agree that health data and financial information are sensitive, nations differ as to the scope. Israel, for example defines personality as sensitive information. Australia includes membership in a professional organization as sensitive, whereas here in the U.S., you can buy a list containing that information. Some countries define arrests as sensitive (not just convictions), whereas the U.S. considers that public information.

So what can be done to protect personal data? Ms. Royal informed the audience that there are companies that specialize in keeping information private. She suggested that consumers read through privacy policies, find “off” switches, and disconnect devices when not in use, install security updates, opt out of Wi-Fi connectivity on devices if it isn’t important to them, and accept the fact that devices collect data or stop using them altogether.

The biggest threat, Mr. Christensen explained, remains organized crime. “Organized crime is still the biggest problem area.” These are the groups that try to get into bank accounts — hacktivists and malicious insiders.

The audience wanted to know if there would be a group to lobby for the protection of privacy as the IoT movement takes off, and if so, what group they should be keeping an eye on. Ms. Royal said there has been a Consumer Privacy Bill of Rights push more than once, but unfortunately, it has never fully materialized.

In response to the question whether we can expect Congress to provide legal protection to children, Mr. Bodney stated that because the pace of technology is so rapid, Congress has a tough time keeping up. By the time Congress gets around to adopting these new laws and policies, said Mr. Bodney, technology will have surpassed any legislation. Regardless, young people have a different sense of privacy than older generations, he added. “They grew up in this environment and are far more comfortable in it.” Ms. Royal added that younger generations are often referred to as “digital natives” and older generations are considered “digital immigrants.”

Mr. Christensen believes manufacturers should cater to the consumers that value privacy. He mentioned consumers must be aware, however, of the risks they take every time they get a hold of new devices. For example, as soon as customers open a new Intel device, the first thing they see when they open the box is a note that informs customers that by turning on the device, they are agreeing to Intel’s terms and conditions, including their privacy policy.

If you value your privacy, Ms. Royal suggests looking for companies that feel the same way. “Maybe one day there will be a list of companies that value privacy.”

As the seminar came to a close, I asked each panel member the same question I had asked earlier. Will the Internet of Things result in a utopian future, or a dystopian future? Each panel member responded with an optimistic, “Utopian,” although some were more “cautiously optimistic” than others.

I urge that not only lawyers, but everyone, pay attention to our personal privacy and what is being done with our personal data.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters.

Internet Law & Security Updates

So much is happening online that it can be hard to keep up. I have compiled some of the most recent events in Social Media, Internet law & Cybersecurity. Know how these changes affect your privacy and other rights. If you have any questions leave them in the comments!

Social Media

Comments on social media considered and Facebook “Likes” enjoy federal protection. On August 25, the National Labor Relations Board found in Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Sanzone, Case No. 34-CA-012915, and Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Spinella, Case No. 34-CA-012926, that an employer had violated federal labor law by terminating an employee who had “liked” a former co-worker’s negative comment about the employer posted on Facebook.  The Board also ruled that the employer violated the National Labor Relations Act (the “Act”) by firing another employee for posting an expletive-laced comment about the employer in response to the former co-worker’s comment, and it found that the employer’s “Internet/Blogging” policy banning “inappropriate discussions” regarding the company unlawfully chilled employees’ exercise of their right to engage in protected, concerted activity under the Act.

BYOD

Reimburse employees for wireless service. A recent California ruling that requires companies to reimburse employees for wireless serviceAlthough the case raised more questions than it answered about what level of reimbursement is required, it seems clear that companies will bear a larger portion of the cost of BYOD programs than they had previously borne.

Security 
According to the New York Times, when one adds the compromised records in Target, PF Chang’s, Neiman Marcus, Sally Beauty, Michaels, UPS and others, the number of affected customers amounts to more than one-third of the U.S. population.

Home Depot the latest victim of security breach. Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. Krebs’ reporting is here. This latest incident raises yet another round of concerns about the malware known as “Backoff” and the potential widespread effect on retailers. Home Depot has been hit with a class action lawsuit stemming from a suspected data breach at the home improvement retailer 

Using your cellphone’s gps to stay ahead of fraudsters. In a new effort to use technology to foil credit-card fraud, a company called BillGuard is testing a system that would monitor the precise whereabouts of mobile devices to detect possible payment issues. The tech firm is tracking mobile-phone locations in an attempt to stay one step ahead of fraudsters. Because smartphones are almost always near their owners, the technology would register and flag those occasions when a phone is not near the owner’s credit card. The technology would only be used with the consumer’s consent.

Healthcare.gov Server Hacked.The Department of Health and Human Services disclosed on Sept. 4 that malware had been uploaded on the Obamacare test server back in July. HHS officials say the malware was designed to launch a distributed-denial-of-service attack against other websites when activated and not designed to exfiltrate personally identifiable information. No consumer data was exposed in the incident, officials say (see HealthCare.Gov Server Hacked).

Apple plans to add safeguards to help address security vulnerabilities exploited by celebrity-photo hackers. The proposed changes include alerting users – using both e-mails and push notifications to devices – every time someone:

  • Changes an account password;
  • Uses a new device to log into an account;
  • Restores an iCloud backup to a new device.

After receiving a related alert, the user can immediately change their account password, or file a report of a suspected security breach with Apple. The company has yet to detail how exactly it will respond to those reports.

Privacy

Magazines in Michigan cannot share your personal information. The Michigan’s Video Rental Privacy Act limits the ability of companies to disclose information regarding customers’ video rental activities. In a case filed by a consumer who alleged that a magazine company had improperly disclosed her personal information, along with information about the magazines to which she subscribed, the U.S. District Court for the Eastern District of Michigan recently held that the law does in fact apply to magazines. The court noted that the statute is directed to companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings,” and that magazines constitute “other written materials.”

SCOTUS rules that police need a warrant to search cell phones

As we become more reliant on our devices, they collect more data on us, much of which is extremely private. Access to this data has been a point of contention for some time. The Supreme Court’s decision to hear Riley v. California presented an opportunity to draw clear boundary for police in the area of personal privacy.   Privacy groups have been advocating for requirements on how and when cell phone data can be accessed and used by the government since that decision. On June 25, 2014,the Supreme Court announced a win for personal privacy by deciding that a warrantless search of a suspect’s cellphone data incident to arrest is unconstitutional.

Case Highlights

  • “Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life.’”
  • The Court observed that modern phones are mini-computers that perform multiple functions and hold immense amount of personal data, and were themselves inconceivable when the Court had originally permitted police to search individuals incident to arrest.
  • The Court acknowledged that searching a cell phone can potentially expose more information to the government than a search of an individual’s house, given the amount of data typical phones can store. The fact “that technology now allows an individual to carry such information in his hand does not make the information any less worthy of . . . protection.”
  • The Court makes clear that “Privacy comes at a cost,” and that the warrant requirement is “an important working part of our machinery of government” that must be respected.
  • The Exception: Although the Court dismissed all of the arguments that were presented for justification of a warrantless search they did say that in “exigent” circumstances like prevention of a terrorist plot or finding a missing child, that police are able to proceed without a warrant. However, after such a warrantless seizure, a court would still have to “examine whether an emergency justified a warrantless search in each particular case.”

Bottom line

From now on, your phone should not be searched just because you have been arrested. Officers must have a warrant to search your phone, aside from a narrow exception.

What’s Next

This case will play a major role in the already contentious debate surrounding personal privacy. It will be interesting to hear how this changes the application of Fourth Amendment protections to searches and seizures of all computers.

Internet Updates June 2014

There is so much going on in the Internet space that I have compiled some of the most interesting happenings of June. They all link to more info. Please read, enjoy and let me know if you want me to expand on anything!

Are threats made on social media protected free speech, or potentially criminal actsThe U.S. Supreme Court has agreed to examine the constitutionality of a federal law making it a crime to transmit communications containing “any threat to injure the person of another.” In this case, the “threats” were in a series of Facebook postings.

Be careful what you post on Facebook, you might get a ticket for it… A woman in a Chicago suburb received a $50 ticket in the mail alleging that she had used a dog park without a permit. The ticket was based entirely on a Facebook posting that the woman had made, and the police immediately rescinded it, saying  that they do not monitor social media in search of potential lawbreakers.

It might be a crime to friend your boss if you live in Arkansas! Arkansas legislators are considering changing a 2013 law after Facebook informs them that the law may have inadvertently made it a crime for a boss and an employee to become Facebook friends.

Snapchat may have competition. According to the Los Angeles Times, Facebook prematurely released, then withdrew, a new mobile app called Slingshot that is intended to compete with Snapchat and permit users to send each other photo and video messages.

Is Twitter in trouble? Twitter’s leadership was thrown into disarray on June 12 after Ali Rowghani resigned suddenly as the company’s chief operating officer amid a dispute with Chief Executive Dick Costolo. Twitter’s stock has fallen about 42 percent this year as concerns have arisen that the company is not signing up enough new users.

Should you make social media rules for your marriage? More and more couples are sitting down with their lawyers before marriage to discuss a social media clause in their prenuptial agreement – covering what they can and cannot say or post about each other. These agreements appear to be enforceable in court if they are specific enough.

The CIA is on Twitter! The CIA has entered the realm of social media, setting up a Twitter presence and a Facebook account. There one can find, among other things, reflections on intelligence history and fun facts from the CIA World Factbook.

Can’t ask for personal social media account logins in Louisiana! 
On May 23, Louisiana became the latest state to enact a law prohibiting employers and public and private educational institutions from requiring applicants, employees, and students to provide access to their personal online accounts.

Every company would be well advised scrutinize their marketing practices on an ongoing basis to ensure that they do not inadvertently expose the company to risks under the Lanham Act. Two US Supreme Court cases decided this term could result in a substantial increase in the number of Lanham Act claims brought under that statute alleging “unfair competition” resulting from product labeling and marketing practices that are alleged to be false or misleading.

  • Lexmark International, Inc. v. Static Control Components, Inc., No. 12-873, slip op. (March 25, 2014), in which the Supreme Court broadly construed the Lanham Act to permit lawsuits by all companies alleging injuries that were proximately caused by false or misleading advertising or promotion, even if the plaintiff was not a direct competitor of the defendant and suffered only “collateral damage.”
  • Pom Wonderful LLC v. Coca-Cola Co., No. 12–761, slip op.  (June 12, 2014), the Court’s second Lanham Act case of the term,  in which it eliminated a potential safe harbor from Lanham Act claims for companies in regulated industries who complied fully with applicable regulations regarding the labeling and marketing of their products.

Interested in being social anonymously? It is harder than you think… Recently a variety of “private” media platforms have emerged. For years, social media platforms have facilitated (or even, in many cases, required) us to use our real identities, with the aim of building friendships and networks in the online world. But these new social media apps (such as “Secret,” “Whisper,” “Yik Yak”) are designed specifically to enable users to share posts anonymously.

“Anonymous” doesn’t necessarily mean anonymous. Even if users are not required to provide any form of contact details to use an anonymous app, the app is very likely to collect certain information that will help identify the user (e.g., the unique digital ID of the user’s phone, location information, etc.). Therefore, it could be be fairly easy to trace a user if required (e.g., by subpoena/court order). Indeed Secret’s Terms of Service state, “We may share information about you … in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, regulation or legal process.”

For more updates visit: http://www.sociallyawareblog.com

Will Congress Limit NSA Data Collection?

Do you know when and how the government can access your telephone records? Do you care? Do you worry about your personal privacy? Well, there is major legislation on the horizon that will affect how and when your data is collected and retained.

Image courtesy of cuteomatic.com
Image courtesy of cuteomatic.com

On May 22, 2014, the United States House of Representatives passed bill H.R. 3361, the USA Freedom Act, aimed at limiting the federal government’s ability to collect bulk phone records and also increasing transparency. This bill, supported by the President, received bipartisan support. It restricts the data collected from communications companies by the NSA and other intelligence agencies. One of the goals is to minimize the retention and dissemination of non-public data. The House’s approach to data retention is to have telecoms store the data, to be made available to the government, by request. The bill has no mandated retention period. Finally, the bill also extends certain provisions of the USA Patriot Act, scheduled to expire in 2015.

What will the Senate do? It has been almost a month since they’ve received the bill and it has not yet passed.  Senate Intelligence Committee chair Dianne Feinstein (D-Calif.) said that she wanted to find a way to get the USA Freedom Act (H.R. 3361) passed, though she would prefer that the government, rather than telecom companies, retain the responsibility for storing and analyzing data.

The European Court of Justice recently determined that their data retention law, which is similar to the House’s bill, violates the fundamental rights of citizens. How should this determination play into the U.S.’s data retention law? If its a violation of the fundamental rights–namely privacy–for European citizens, does it violate the fundamental rights of US citizens? How do you want any data collected by your telecom company stored and accessed?  The expiration of portions of the US Patriot Act, as well as the call for data retention, and surveillance reform in the wake of the Snowden leaks raise a lot of questions. Now is the time for the US government to pass legislation that both protects the privacy of citizens and aids in protecting national security.

Get involved in this debate!

For more information about this issue and how the European Court of Justice’s decision factor’s in the debate, read the article I published,  “Does Personal Privacy Matter? Developments in EU and US Data Retention Law” in the American Bar Association’s Information Security & Privacy News.

Make Sure to Change Your Privacy Settings on Facebook…Again!

Tired of changing your privacy settings on Facebook? Well… Sorry!  You need to do it again…  If you do not want Facebook to track your browsing both on and off their site and track the apps you use, change your settings!

argyllfreepress.com
argyllfreepress.com
Today, Facebook announced that it would begin targeting advertisements to users based on the websites they visit and apps that they use. In a blog post, the company explained that users can opt out of the web browser-based tracking through an online ad industry program and can also opt out of the app-based tracking through their smartphones’ privacy controls.

If you have to see ads while using Facebook, they might as well cater to your specific needs and likes, right? It’s seemingly harmless and most people do not have anything to hide. However, this kind of customization is a double edge sword. On one side you have the benefit of a tailored experience while on the other hand your private searching is being consumed by entities like Facebook. A more specific and more troubling concern is that children as young as 13 will be monitored… Are your teens thinking about the ramifications of having Facebook watch their every movement? Congress is promising to monitor the implications of this new advertising system and so should you. Your privacy and the privacy of your family is important! 

Privacy is the price of convenience. Decide which one matters to you most.

How Much of Your Data can Apple Hand to Law Enforcement?

We are all aware (or at least we should be) that our telecom providers are handing over our data to the police when necessary. Well have you ever wondered just how much and what it takes to get that data? iphone-privacy-2011-04-06-1302104043Apple posted their new guidelines describing what data the company can provide to law enforcement and the processes for requesting that data.

The document breaks it down into two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices.  I have outlined the kinds of data and how they can be obtained in a chart below.

Essentially anything you’ve backed up to or stored on iCloud is available for Apple to provide to law enforcement, including connection logs and IP addresses you’ve used. Additionally a lot of the data associated with your Apple ID is available as well. Therefore, any information you’re providing Apple is available for them to pass along. This is something to consider when deciding if or what to back up on iCloud.  You may want to avoid backing up sensitive company data or private information on iCloud. Some information cannot be avoided, such as anything associated with your Apple ID.

Can they access data on my iOS device???

Yes. Apple can bypass security passcodes on our iOS devices to extract “certain categories of active data,” though it apparently cannot bypass that protection entirely. If provided with a valid search warrant, Apple can hand over SMS messages, pictures and videos, contacts, audio recordings, and your phone’s call history, but it can’t access e-mails, calendar entries, or information from third-party applications. Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage.

Will I know if this is happening?

Maybe. The guidelines state that Apple will “notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself.” Apple will also avoid notifying users if the company “believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment,” though this is entirely up to Apple and not to the law enforcement agencies involved. These notification requirement will help prevent random and unfounded searches.

What is missing?

The policies and capabilities surrounding iCloud Keychain, iMessages and FaceTime calls are unclear and disputed. Apple claims iMessage & Facetime are encrypted but there is some speculation otherwise.

Is this unusual?

No, other tech companies have similar policies. For example, Google provides a similar “Transparency Report” outlining the types of data available to law enforcement. The notification policy is new and several other tech giants, including Facebook and Microsoft, have already indicated that they plan to expand their policies on notifying customers whose data has been requested by law enforcement

 

Where is the Data? Type of Data Means to Obtain Data Restrictions
Information stored on Apple Servers Data Associated with your Apple ID contact inormation obtainable with a subpoena or greater legal process
customer service records
transaction history both in store & online
iTunes gift card information
Data Associated with your iCloud Account connection logs & IP address used Any iCloud information that the user deletes cannot be accessed.
60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses” e-mail logs require a court order or search warrant
any e-mail messages that the user has not deleted requires a search warrant
any other information that can be backed up to iCloud – As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups
Information stored locally on iOS devices SMS messages requires a search warrant – Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage. Cannot access e-mails, calendar entries, or information from third-party applications
pictures and videos
contacts
audio recordings
phone’s call history