Exclusive: Feds Order Apple And Google To Hand Over Names Of 10,000+ Users Of A Gun Scope App

[steven36]

Own a rifle? Got a scope to go with it? The government might soon know who you are, where you live and how to reach you.

 

That’s because Apple and Google have been ordered by the U.S. government to hand over names, phone numbers and other identifying data of at least 10,000 users of a single gun scope app, Forbes has discovered. It's an unprecedented move: never before has a case been disclosed in which American investigators demanded personal data of users of a single app from Apple and Google. And never has an order been made public where the feds have asked the Silicon Valley giants for info on so many thousands of people in one go.

 

According to a court order filed by the Department of Justice (DOJ) on 5 September, investigators want information on users of Obsidian 4, a tool used to control rifle scopes made by night vision specialist American Technologies Network Corp. The app allows gun owners to get a live stream, take video and calibrate their gun scope from an Android or iPhone device. According to the Google Play page for Obsidian 4, it has more than 10,000 downloads. Apple doesn't provide download numbers, so it's unclear how many iPhone owners have been swept up in this latest government data grab.

 

If Apple and Google decide to hand over the information, it could include data on thousands of innocent people who have nothing to do with the crimes being investigated, privacy activists warned. Edin Omanovic, lead on Privacy International's State Surveillance programme, said the order would set a dangerous precedent and scoop up “huge amounts of innocent people’s personal data.” 

 

“Such orders need to be based on suspicion and be particularized - this is neither,” Omanovic added

 

Neither Apple nor Google had responded to a request for comment at the time of publication. ATN, the scope maker, also hadn't responded.

 

Why the data grab?

 

The Immigration and Customs Enforcement (ICE) department is seeking information as part of a broad investigation into possible breaches of weapons export regulations. It's looking into illegal exports of ATN's scope, though the company itself isn't under investigation, according to the order. As part of that, investigators are looking for a quick way to find out where the app is in use, as that will likely indicate where the hardware has been shipped. ICE has repeatedly intercepted illegal shipments of the scope, which is controlled under the International Traffic in Arms Regulation (ITAR), according to the government court filing. They included shipments to Canada, the Netherlands and Hong Kong where the necessary licenses hadn't been obtained.

 

"This pattern of unlawful, attempted exports of this rifle scope in combination with the manner in which the ATN Obsidian 4 application is paired with this scope manufactured by Company A supports the conclusion that the information requested herein will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted," the government order reads. (The order was supposed to have been sealed, but Forbes obtained it before the document was hidden from public view).

 

It's unclear just whom ICE is investigating. No public charges have been filed related to the company or resellers of its weapons tools. Reports online have claimed ATN scopes were being used by the Taliban.

 

Apple and Google have been told to hand over not just the names of anyone who downloaded the scope app from August 1 2017 to the current date, but their telephone numbers and IP addresses too, which could be used to determine the location of the user. The government also wants to know when users were operating the app.

 

Innocents ensnared

 

The request is undeniably broad and would likely include all users of the app within America, not just users abroad who might indicate illegal shipments of the gun appendage. Tor Ekeland, a privacy focused lawyer, said it amounted to a "fishing expedition." (The DOJ hadn’t responded to a request for comment at the time of publication).

 

"The danger is the government will go on this fishing expedition and they'll see information unrelated to what they weren't looking for adn go after someone for something else," Ekeland said. He said there's a long history of that kind of behavior from the U.S. government. And he warned that the government could apply this demand to other types of app, such as dating or health apps.

 

"There's a more profound issue here with the government able to vacuum up a vast amount of data on people they have no reason to suspect have committed any crime. They don't have any probable cause to investigate but they're getting access to data on them," Ekeland added. 

 

Even those who've worked in government surveillance were stunned by the order. "The idea that this data will only be used for pursuing ITAR violations is almost laughable," warned Jake Williams, a former NSA analyst and now a cybersecurity consultant at Rendition Infosec.

 

"Google and Apple should definitely fight these requests as they represent a very slippery slope. This type of bulk data grab is seriously concerning for a number of reasons, not the least of which is that the download of an application does not automatically imply the 'intended use' of the application. For instance, researchers often bulk download applications looking for interesting vulnerabilities."

 

He said that if the request was granted it may also have a "serious chilling effect on how people use the Google and Android app stores." "The idea that Google could be compelled to turn over, in secret, all of my identifiers and session data in its possession because I downloaded an application for research is such a broad overreach it's ridiculous."

 

Source

[straycat19]

Just another reason to share apps and not download them from the official store.  Better yet if you use a false name and vpn when you setup your account.

[steven36]

1 hour ago, straycat19 said:

Better yet if you use a false name and vpn when you setup your account.

It does no good to use a vpn on a smartphone  because they already have your phone number and location data  you cant use Android with Google services without them knowing your info   . They can do a drag net and pinpoint your exact location even . VPNs only protect  you on phones as long as Google don't give them info. Same with using Windows unless you put a vpn behind you router  as soon as you boot up Microsoft  has your IP  and machine id .  Stuff like this why i pirate  apps on Windows and  use Linux 98% of the time,I  dont use smart phones  and just have a burner dumb phone .  I would buy  a  Pinephone once they are shipping with an OS but  i'm not going waste my money  on mobile internet were they cap your speeds .

 

You can't use Google , Facebook or Microsoft  services  with a vpn unless you give them your phone number .  I made up a Microsoft  Account  with a To Do App for Linux  behind a vpn . it worked one time then the next time I  tried it they wanted my phone number . I have a Google Account i made without a phone number and fake info witch is not easy to make without them asking for a number , unless your on a smartphone were they already have your number . (it's locked to a certain ip range on my vpn) if i try to use any other ips they want a phone number...

 

So, i hardly use it Google dont have nothing to offer me that i need to sign into them  that i can't get better alternatives too somewhere else  , all there stuff  is full of ads and they sell your user data. Brave Browser  caught Google selling user data and turned the evidence over to Ireland  govt watch dogs, Facebook will do you the same way if you try to sign up with a vpn they will want your phone number because i tried it before.

 

I use to use Gmail and Yahoo messenger  all the time and when i started using a vpn  in 2012 it started locking me out . You use to could just answer some questions and get back in , it was so annoying i stop using there services    But now they want a phone number instead  that's on desktop . Om Smartphone none of that matters because they have your info  from day one when you use your phone . Facebook use to let  you make up a burner account  years ago with a vpn and use a vpn but now they want a phone number  as well if you use a vpn. So i have no Facebook  account since like 2012  

 

All of Big Techs services you have to give up your privacy in the name of there security . Hackers and propagandist ruined it, and schools in Germany ban Microsoft cloud because of the cloud act .So there the same as the rest of them. Microsoft lost in court against the DOJ  it dont matter if your data is stored the EU they still hane to hand it over all of Big tech USA do it's the law .The cloud act and it violates EU privacy laws.  So i use stuff  from the EU instead ,   .