Someone Gets Serious About Leaks

Unfortunately, it isn’t the federal government. It’s Apple, Inc.:

A recording of an internal briefing at Apple earlier this month obtained by The Outline sheds new light on how far the most valuable company in the world will go to prevent leaks about new products.

The briefing, titled “Stopping Leakers – Keeping Confidential at Apple,” was led by Director of Global Security David Rice, Director of Worldwide Investigations Lee Freedman, and Jenny Hubbert, who works on the Global Security communications and training team.

According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously worked at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.

It must be refreshing for them to have gone to a place where people really care about stopping leaks. I wonder what the ex-FBI guys thought about the Bureau’s former Director proudly proclaiming himself to be a leaker.

“When I see a leak in the press, for me, it’s gut-wrenching,” an Apple employee says in the first video. “It really makes me sick to my stomach.” Another employee adds, “When you leak this information, you’re letting all of us down. It’s our company, the reputation of the company, the hard work of the different teams that work on this stuff.”

This is the attitude we need to see in the federal bureaucracy.

“This has become a big deal for Tim,” Greg Joswiak, Apple’s Vice President of iPod, iPhone and iOS product marketing, says in one of the videos. “Matter of fact, it should be important to literally everybody at Apple that we can’t tolerate this any longer.” …

To make sure of it, Apple has built an infrastructure and a team “to come after these leakers,” Joswiak says, and “they’re being quite effective.”

Apple has a Worldwide Investigations team:

She then introduces David Rice to talk about the “New Product Security” team, a part of the larger Global Security team that Rice says “is really a secrecy group, we’re a little bit misnamed.” Rice worked at the NSA as a Global Network Vulnerability Analyst for four years, and before that was a Special Duty Cryptologist in the U.S. Navy. He’s directed the Global Security team at Apple for more than six years, according to his LinkedIn page. Hubbert also introduces Lee Freedman, who previously worked as the Chief of Computer Hacking Crimes at the U.S. Attorney’s Office and as an Assistant U.S. Attorney in Brooklyn, according to LinkedIn. He joined Apple to lead Worldwide Investigations in 2011.

If Apple can do it, is there any reason why the federal government can’t? Apple’s task is actually far more vast:

Rice compares Apple’s work of screening factory employees to that of the TSA. “Their peak volume is 1.8 million a day. Ours, for just 40 factories in China, is 2.7 million a day.” That number surges to 3 million when Apple ramps up production, he adds, and all of these people need to be checked every time they enter and exit the factory.

“In aggregate, we do about 221 million transits a year. For comparison, 223 million is the top level volume for the top 25 theme parks in the world,” Rice says.

In contrast, the leakers currently bedeviling the federal government come from a handful of current and former “senior government officials,” all or nearly all in the intelligence agencies or the FBI. There can’t be more than a few hundred suspects.

The Global Security team in China has been “busting their ass” to solve the problem of leaks stemming from Apple’s factories, Rice says, describing the efforts as “trench warfare non-stop.”

Do you think anyone in Washington is conducting trench warfare against leakers? I don’t either.

Workers will stash parts in bathrooms, clench them between their toes, throw them over fences, and flush them down the toilet for retrieval in the sewer, Rice says. “We had 8,000 enclosures stolen a long time ago by women putting it in the underwire of their bra,” he says.

Washington leakers rarely go to such extremes, yet they never seem to get caught.

Apple works tirelessly to identify leakers. They never give up:

Apple embeds members of a team within Global Security, called Secrecy Program Management, on some product teams to help employees keep secrets, he explains. But when sensitive information does get out, Lee Freedman’s investigations team steps in to figure out what happened and who is responsible.

“These investigations go on a long time,” Freedman tells the employees. For example, one investigation that led to a leaker on an Apple campus took three years. “We don’t take a defeatist mentality and say, ‘Oh well, it’s going to leak anyway.’”

Chinese leakers generally do it for the money, while American leakers are more likely to have connections to journalists:

Hubbert prompts him to talk about two major leakers who were caught the previous year, one who worked at Apple’s online store “for a couple years” and one who worked on iTunes for “about six years.”
Both these leakers were “providing information to bloggers,” Rice says. One of the leakers started talking to a journalist over Twitter, Freedman says, while the other had a preexisting friendship with a reporter.

There is no reason why the federal government, with its vast resources and a far smaller pool of suspects, can’t catch leakers at least as effectively as Apple can. And the stakes are much higher: national security vs. the shape of the next iPhone. It seems that at some level below that of the president, the will to stop the leaks is missing.