Apple product security team briefing shows 99% drop in stolen iPhone cases from 2014 to 2016

A new report sheds some light on Apple’s anti-leak department, with employees for the Global Security Team coming from the NSA, FBI, Secret Service, and U.S. military supervising an operation that deals with more people per day in the production lines in China than the TSA does in airports.

The report, published by The Outline on Tuesday, gives a recount of an Apple briefing held by Apple’s product security team, and given to employees. It reportedly leads with Apple Chief Executive Tim Cook’s remarks about “doubling down” on security, with other employees talking about personal impacts after they hear about product leaks.

“This has become a big deal for Tim,” Apple’s vice president of iPod, iPhone and iOS product marketing Greg Joswiak said in the video. “Matter of fact, it should be important to literally everybody at Apple that we can’t tolerate this any longer.”
The report about Apple’s anti-leak efforts was made possible by the same kind of leaks that the department is supposed to prevent.
Employees in the group named are David Rice and Lee Freedman. Rice was a cryptologist for the U.S. Navy, and then spent time with the NSA. Freedman was not only a assistant U.S. attorney in Brooklyn, but also worked as the chief of computer hacking crimes at the U.S. attorney’s office.

Dealing with the supply chain

“[The TSA’s] peak volume is 1.8 million a day. Ours, for just 40 factories in China, is 2.7 million a day,” says Rice. “In aggregate, we do about 221 million transits a year. For comparison, 223 million is the top level volume for the top 25 theme parks in the world.”

Rice describes the fight with leaks in China from the supply chain as “trench warfare non-stop.” The security manager noted that bus stops outside the plant have solicitations for factory workers, offering “top dollar” for Apple components destined for unreleased products.

“There’s a whole slew of folks that can be tempted because what happens if I offer you, say, three months’ salary?’,” added Rice. “In some cases we’ve seen up to a year’s worth of salary being rewarded for stealing product out of the factory.”

Keeping a lid on it

Rice notes that the iPhone 5c in 2013 saw particularly bad leaks. Apple purchased 19,000 enclosures off the Huaqiangbei market before the announcement of the phone. Apple then purchased 11,000 more between the announcement, and the shipment of the product.

“In 2014 we had 387 enclosures stolen. In 2015 we had 57 enclosures stolen, 50 of which were stolen on the night of announce, which was so painful.” added Rice, noting that in 2016, Rice says the company produced 65 million enclosures, with only four stolen. “So it’s about a one in 16 million loss ratio, which is unheard of in the industry.”

Damage control

After a product is leaked, Freedman leads the investigations. Detailed in the presentation were two employees at Apple headquarters, both providing information to bloggers.

“We oftentimes get people who are really excited about our products and they end up finding something to share and they will go out and say, Hey, guess what we did,'” said Freedman. “Or somebody will ask them a question and instead of just saying, I can’t talk about it,’ they will say too much.”

An employee question and answer session talked about what employees were free to discuss in an insecure fashion, as well as Apple’s “red zones” areas in the headquarters where employees shouldn’t discuss what they’re working on.

“Our role at NPS was created because someone spent three weeks not telling us a prototype was in a bar somewhere,” Rice said, talking about the iPhone 4 prototype that ended up in Gizmodo‘s hands. “The crime was in the coverup.”

Cook’s point of view

Apple CEO Tim Cook believes that any leak could potentially hurt Apple’s bottom line, no matter how small the product. In 2012, Cook spoke to Kara Swisher and Walt Mossberg, and emphasized that the company was going to take product security and secrecy very seriously.

“We’re going to double down on secrecy,” Cook said. “I’m very serious about this. Double down.”

More recently, in May, Cook claimed that iPhone sales problems could be traced to more rapid leaks posted not just on Apple specialty sites, but on mainstream media.

Cook noted that “earlier and much more frequent reports about future iPhones” are having an impact on iPhone sales, Cook said in response to an analyst question during the quarterly earnings conference call. He did not elaborate on his statement.

It is unclear how accurate Cook’s statement about “iPhone 8” rumors impacting sales are. At worst, it seems that deferred purchases for a new model impact the present, but amplify the future for a net-zero effect.

Who watches the watchers?

During the meeting, the investigative team said that the company doesn’t have a “Big Brother” culture. It doesn’t read employee emails, or stalk employees to see who they talk to. However, the presentation does discuss employees “blowing cover,” building a personal “relationship monitor” to regulate conversations, and where employees should draw boundaries in their personal lives —all concepts very similar to briefings that AppleInsider employees have seen during prior military service.

The report by The Outline was gleaned from an internal briefing that was recorded by persons unknown. In essence, the report about Apple’s anti-leak efforts was made possible by the same kind of leaks that the department is supposed to prevent.