For the second time in a year, Apple has issued a warning to “leaking” employees, only for the warning to leak to the public. Taking the form of a news story-like internal memo, the warning comes nearly six years after Apple CEO Tim Cook claimed that Apple would “double down on secrecy on products,” only to see major leaks continue each year.
The dark new memo sharply contrasts with the company’s typically sunny public face, describing Apple’s efforts to catch and fire leakers who have “betrayed” the company’s trust. After warning employees that they’re “getting played” by outsiders looking for information, the memo threatens leakers with the loss of jobs, the possibility of arrests or fines, and “extreme difficulty finding employment elsewhere.” It notes that Apple caught 29 leakers in 2017, including employees, contractors, and partners in its supply chain.
Though Apple frames the issue as one of internal security, the core is its inability to fully control the narrative about its products, which it has questionably claimed might reduce sales when the products actually arrive. “We want the chance to tell our customers why the product is great,” Greg Joswiak, vice president of product marketing, says in the memo, “and not have that done poorly by someone else.”
But thanks to its massive product unveilings and marketing machine, Apple has more of an opportunity to pitch directly to customers than most vendors — and frequent leaks certainly haven’t stopped it from becoming the world’s largest company. If anything, intriguing tidbits on upcoming products have helped maintain a persistent buzz about Apple despite extended lulls in official communications. And the company is known to have quietly leaked information through its own “unofficial” methods, whenever it deems them worthwhile.
In June, a similar warning to employees leaked in the form of an audio recording obtained by The Outline. Described as coming from a private briefing that “was the first of many Apple is planning to host for employees,” the recording included a “keep [your] mouth shut” video, behind-the-scenes details from investigations, and Apple internal investigators spotlighting their military and legal credentials. While the company blamed factory leaks for a “trench warfare non-stop” war to protect secrets in Asia, it said that 2016 “had been the first year that Apple [campuses] leaked more than the supply chain.”
But Apple was rapidly clamping down on leakers inside and outside the company, the 2017 briefing said, and had reduced the number of annually stolen product casings from 387 in 2014 to 4 in 2016. During an employee Q&A, the company’s director of global security was described as “gleefully” recounting how a blogger threw shade at Bloomberg’s star Apple reporter Mark Gurman for not leaking major details on the HomePod speaker, saying “yeah, you got nothing.”
Following the leak to The Outline, Bloomberg — and others — had a marquee year. After almost every major detail on the iPhone X, iPhone 8, and iPhone 8 Plus leaked, as did Apple’s 2018 plans for both iOS and macOS, as well as details about the company’s upcoming Apple Watch and iPad revisions.
Not surprisingly, Gurman was also first to report on the leak of the memo, which is reprinted in full below.
Last month, Apple caught and fired the employee responsible for leaking details from an internal, confidential meeting about Apple’s software roadmap. Hundreds of software engineers were in attendance, and thousands more within the organization received details of its proceedings. One person betrayed their trust.
The employee who leaked the meeting to a reporter later told Apple investigators that he did it because he thought he wouldn’t be discovered. But people who leak — whether they’re Apple employees, contractors or suppliers — do get caught and they’re getting caught faster than ever.
In many cases, leakers don’t set out to leak. Instead, people who work for Apple are often targeted by press, analysts and bloggers who befriend them on professional and social networks like LinkedIn, Twitter and Facebook and begin to pry for information. While it may seem flattering to be approached, it’s important to remember that you’re getting played. The success of these outsiders is measured by obtaining Apple’s secrets from you and making them public. A scoop about an unreleased Apple product can generate massive traffic for a publication and financially benefit the blogger or reporter who broke it. But the Apple employee who leaks has everything to lose.
The impact of a leak goes far beyond the people who work on a project.
Leaking Apple’s work undermines everyone at Apple and the years they’ve invested in creating Apple products. “Thousands of people work tirelessly for months to deliver each major software release,” says UIKit lead Josh Shaffer, whose team’s work was part of the iOS 11 leak last fall. “Seeing it leak is devastating for all of us.”
The impact of a leak goes beyond the people who work on a particular project — it’s felt throughout the company. Leaked information about a new product can negatively impact sales of the current model; give rival companies more time to begin on a competitive response; and lead to fewer sales of that new product when it arrives. “We want the chance to tell our customers why the product is great, and not have that done poorly by someone else,” says Greg Joswiak of Product Marketing.
Investments by Apple have had an enormous impact on the company’s ability to identify and catch leakers. Just before last September’s special event, an employee leaked a link to the gold master of iOS 11 to the press, again believing he wouldn’t be caught. The unreleased OS detailed soon-to-be-announced software and hardware including iPhone X. Within days, the leaker was identified through an internal investigation and fired. Global Security’s digital forensics also helped catch several employees who were feeding confidential details about new products including iPhone X, iPad Pro and AirPods to a blogger at 9to5Mac.
Last year Apple caught 29 leakers.
Leakers in the supply chain are getting caught, too. Global Security has worked hand-in-hand with suppliers to prevent theft of Apple’s intellectual property as well as to identify individuals who try to exceed their access. They’ve also partnered with suppliers to identify vulnerabilities — both physical and technological — and ensure their security levels meet or exceed Apple’s expectations. These programs have nearly eliminated the theft of prototypes and products from factories, caught leakers and prevented many others from leaking in the first place.
Leakers do not simply lose their jobs at Apple. In some cases, they face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes. In 2017, Apple caught 29 leakers. 12 of those were arrested. Among those were Apple employees, contractors and some partners in Apple’s supply chain. These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere. “The potential criminal consequences of leaking are real,” says Tom Moyer of Global Security, “and that can become part of your personal and professional identity forever.”
While they carry serious consequences, leaks are completely avoidable. They are the result of a decision by someone who may not have considered the impact of their actions. “Everyone comes to Apple to do the best work of their lives — work that matters and contributes to what all 135,000 people in this company are doing together,” says Joswiak. “The best way to honor those contributions is by not leaking.”
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here