78 comments

[ 3.3 ms ] story [ 134 ms ] thread
(comment deleted)
Apple probably won’t comply with this request from the government, but I bet that Google will.
Google does not give away its data on people anymore readily than Apple does.
You mean, Unless Google gets paid for it.
Can you please tell me when has google ever sold or readily given up personal data?
(comment deleted)
About a couple million times a second, to each of about 2000 companies that do realtime bidding, just now.
There's a distinction between selling targeted ads based on personal data, and selling personal data, eh?
(comment deleted)
That is more a sound bite meme than anything factual. They can only sell the root data once to people who likely have no idea how to use it for advertising and would rapidly lead to very bad looking headlines the first time a stalker used it.

Meanwhile they can use it to sell ads indefinitely.

Even less so. Google canned their project dragonfly, which was to share user data with the Chinese government, while Apple quietly handed over the iCloud encryption keys for all their users.
Google was the first company and for years the only one that published transparency reports on government requests and how many were rejected vs accepted, as well as publishing a detailed look at how requests are handled.

This chart shows Apple complies with the government more than any of the other companies, at least for 2015.

https://www.theatlas.com/charts/NyA7HZeog

This chart says the exact opposite: https://www.theatlas.com/charts/3eDG1I42R

(Anyone can make a chart on that site and with no sources they are both equally useless)

>Data-yielding requests, Jan to June 2015
Both charts actually claim to be Jan to June 2015. The parent was demonstrating that he could make a chart claiming an identical timeframe and claim as the grandparent's, but with contrary data.
You are very naïve
This is so illegal it’s basically blatant gimme for the tech companies to have cool PR by sticking their finger up to the man. This story has come up twice a year for the past five years.
Perhaps the government wouldn't get such a bad name for this stuff if they just registered as an advertising company and started paying FAANG for data like they were a college based research company.
I just assume that already goes on. I find the amount of money going into advertising quite amazing. What part of that is just government(s) collecting data?
I still don't get why those company's executives aren't charged under the Computer Fraud And Abuse Act... I mean, they've clearly violated TOS and accessing the data in bad faith.

-- edit

To the downvote... we're talking about companies that slurped up data (illegally) from social networks, then sold both the data and services based on this data.

Sure, they can throw the book at someone copying research papers, but a corporation that acts in bad faith invading the privacy of hundreds of millions gets a pass?

Attorney here! What act, specifically, do you believe is illegal, and what laws make it so?
(comment deleted)
You make a good point. The article is light on specifics so it's hard to determine how they made the request. It says "court order" which, as you know, could mean a number of things.

That said, no court should be approving any demand for this data. It's 100% fishing.

Search without probable cause.
Is it? They are asking to search Apple and Google, not individuals. Maybe they have a reason not to limit the data to people outside the country - like finding out who is actually shipping the scopes to restricted countries.

If people are concerned, maybe they need to download and install apps some other way.

> They are asking to search Apple and Google, not individuals.

They are asking Apple and Google to tell them what individuals have on their phones. They are in a very practical and concrete sense searching the phones of individuals.

> If people are concerned, maybe they need to download and install apps some other way.

For an iPhone? Spell that method out for me, I am keen to learn.

Welcome to the cloud. They're asking for information stored on servers that you don't control or own. Pretty sure the same thing applies to a lot of cloud storage email. If the FBI wants all of your email and you have a Gmail account, are they going to subpoena it from you or from Google?

That's where part of the difference between cloud storage like Dropbox and spideroak show up.

I'd say lack of probable cause, and the process being essentially a fishing expedition. Last I checked, there had to be clear evidence linking a particular individual to a potential criminal act before a warrant could be issued.

I.e. it's fine for the government to phrase the warrant "give us all info with regards to users/downloaders with GeoIP's outside the United States" as the being in possession of the product outside the country at least correlates with the possibility of being an ITAR violator. Even then it is sketchy, because that would be a separate charge technically, because they are only the receiver, not the exporter necessarily.

On the other hand, demanding all the info to cross reference with an internal licensing database seems an egregious overstep, and an exploitation of an overly broad warrant. It sets a very bad precedent in terms of allowable conduct.

> Last I checked, there had to be clear evidence linking a particular individual to a potential criminal act before a warrant could be issued.

(This is not legal advice. Consult a licensed attorney in your jurisdiction.)

Not so. The Federal Rules of Criminal Procedure apply here, particularly Rule 41.

https://www.law.cornell.edu/rules/frcrmp/rule_41

See particularly section (c):

(c) Persons or Property Subject to Search or Seizure. A warrant may be issued for any of the following:

(1) evidence of a crime;

(2) contraband, fruits of crime, or other items illegally possessed;

(3) property designed for use, intended for use, or used in committing a crime; or

(4) a person to be arrested or a person who is unlawfully restrained.

--

Nor does an individual need to be identified. "John Does" are commonly enumerated as defendants in criminal indictments, and warrants can be used as a means to locate them.

The bar for what constitutes "probable cause" is also quite low. Even anonymous tips can give rise to PC. See, e.g., Illinois v. Gates, 462 U.S. 213 (1983). https://supreme.justia.com/cases/federal/us/462/213/

Again, I'd argue that

(1) Evidence of a crime

means "We have reason to expect John Doe of Whereveristan has committed an ITAR violation. We believe He did so through his Android device. We need the information associated with his account... So on and so forth."

That is tightly constrained, states the desired information to be turned over, the subject (individual) of the warrant, and the alleged reason why it is necessary.

"We want all users account information containing entry XYZ because maybe, possibly, some subset of that corpus of individuals may have committed a crime" does not meet that standard.

By allowing this type of fishing expedition it completely upends the notion of presumed innocence, and encourages broad, sweeping warrants to be considered an acceptable investigative technique. Something that has been continually rebuked over the last century, and has only started to crumble since the introduction of Third Party Doctrine.

>Nor does an individual need to be identified. "John Does" are commonly enumerated as defendants in criminal indictments, and warrants can be used as a means to locate them.

Huh. I knew of the John Doe practice, but I didn't realize it was used to conduct legal proceedings in absentia the individual in hopes of eventually finding an individual that "fits" the allegation.

Not sure how to feel about that.

Thanks for the input though! Today I learned!

EDIT: On further reflection, I suppose it shouldn't surprise me. Obviously there has to be a legal construct to enable the legal system to move forward and react to ongoing criminal developments in the case where the perpetrator is highly effective in covering their tracks, and law enforcement has to piece things together from the effects of the crime until such time as enough coincidence occurs to narrow the list of suspects to a particular individual.

The 14th amendment. The judicial system has consistently ruled that the government cannot make lists of potential criminals without due process.
The 14th Amendment doesn't speak to how warrants are issued; that's the 4th amendment. (Please don't recite the text of the amendment to me - the governing law is what matters.)

We haven't seen the affidavit provided to the court in pursuit of the warrant. Without it, we simply cannot conclude why the warrant was issued, only that it was issued.

I worked once for a Federal district court. If the judge who issued this warrant was anything like my judge, they would question the affiant (usually an FBI Agent or other LE officer) to make sure they were on solid ground. My judge was definitely not a pushover. In several cases, the affiants had identified a particular individual and were requesting the warrant to locate evidence of who might be the co-conspirators.

Yet the article says: "Though the order is unprecedented in America" I thought to myself. How do we know if these are 'secret' orders from the court. The companies are already under the spotlight and don't want to piss off the gov any more.

This sealing is outrageous and it steals our democracy. The very definition of Kangaroo Court.

The fact that they messed up on the sealing is what is scary. How many times has this already happened and the public has no idea.

Welcome to our new third world court system. For an ITAR violation no less.

&tldr; the scopes are controlled under ITAR and have been found to end up in locations outside of where it should be under ITAR. They are looking to locate scopes where they shouldn't legally be.

Given Apple and Google have location data on people (or at least Google does) the information for those using the App outside of the US or in ITAR restricted places could have been requested. Instead they went for all records. I hope this nuance isn't lost.

I wonder if they are doing this under a pen register.

Where can I find a good primer on the powers of the feds with regard to ITAR enforcement? Have there been any law review articles discussing the powers relating to the contemporary systems like this with two parts and disable-able software (the scope is at least much less useful if you don't have the app)?
The scope works perfectly without the app. Have used one. I believe apps don't fall under ITAR.
> I believe apps don't fall under ITAR.

Looks like they do.

The scopes this app works for are digital scopes, and don't use traditional intensifier tubes. I'm not sure enough of the technical specs to know if the night vision component meets the ITAR requirements, but the ballistic calculator certainly does: https://www.atncorp.com/x-sight2-hd-day-night-rifle-scope-3-...

Find what I believe to be the relevant ITAR sections that would classify the app as a "munition" below this line:

-------------------

Category XII:

(c) Imaging systems or end items, as follows:

[...]

(c)(2) Weapon sights (i.e., with a reticle) or aiming or imaging systems (e.g., clip-on), specially designed to mount to a weapon or to withstand weapon shock or recoil, with or without an integrated viewer or display, and also incorporating or specially designed to incorporate any of the following:

[...]

(c)(2)(iii) Ballistic computing electronics for adjusting the aim point display; or

[...]

(x) Commodities, software, and technology subject to the EAR (see §120.42 of this subchapter) used in or with defense articles controlled in this category.

They certainly do, c.f. encryption questions during App Store upload.
I'd like to point out that ITAR has had a negative impact on the tech world and privacy rights in the past as well.

ITAR is the law that restricts the export of encryption, and is what Phil Zimmermann was dealing with during the PGP fiasco.

ITAR is also the law that Defense Distributed and similar organizations/individuals are dealing with in distributing 3D models of firearms.

>Google and Apple should definitely fight these requests as they represent a very slippery slope.

It is kind of strange that the stopping (or not) of such a blatant unconstitutional action affecting fundamental rights of so many people (especially if the action succeeds and gets established as precedent) depends only on goodwill/caprice of a couple of for-profit corporate entities.

I wonder shouldn't be there a system/process where any person whose data is to be handed over would get a chance to challenge it in court (at least like for example it was in the good old times of the movie industry going after alleged pirates)

I wonder whether this might violate GDPR if the companies just voluntarily handed the data over and it included Europeans.
Just from a purely legal perspective, I'm not sure Apple and Google are even supposed to have that data? The company that sells the app, assuming they collected the information, technically was not supposed to share anything with Apple or Google. (Or rather, they were only supposed to share under certain very specific conditions.)

So I can't really tell what the Feds are asking for in particular? But assuming they are asking for information specific to the app, I'm not sure that Apple or Google were supposed to be snooping that information under GDPR? And I'm very sure that the app maker was not supposed to be collecting it in any kind of a way that shared it with Google or Apple. (Certainly not sharing it outright.)

Apple/Google presumably know who purchased the app, through their respective app stores.
FWIW, it's free.
Free downloads are still tracked as "purchases" through app stores. You end up with the app in your "purchase history", etc. This allows the app store to give the app's vendor some simple, useful analytics, like showing how placement in the store influences these "purchases."
I was curious what the actual justification for the data grab is. The article buries it halfway down, but tl;dr the feds think that some of the scopes have been illegally exported (by parties unknown) in violation of arms-trafficking laws, and they think that learning where they're being used will help them track down the exporters. "Reports online" (for all they're worth) claim that the Taliban got some of them.
My friend has one of these scopes. It lets you shoot in the dark since it uses IR for night vision. You can connect a phone to it, I was able to watch him shooting through my phone sitting next to him. It's really cool technology. We use it for hog hunting at night.
I have a couple of ATN's older scopes. My favorite is a 4x Gen 2 that I picked up at a pawn shop for $200 a couple of years ago. It's amazing for what it is.

I have it mounted on a single-shot .22 rifle, which is somewhat absurd - the rifle is tiny and the scope weighs easily as much as the gun.

My daughters raise rabbits, and although I certainly don't live in an urban area (I have safe lanes of fire) I do have neighbors* on each side and don't want to be waking them up at 3am with gunfire when a raccoon or coyote tries to kill our rabbits. .22 "CB" rounds are about as powerful as a high-end pellet gun and quieter to boot.

There's an inexpensive IR IPcam pointed at the rabbit hutches and I get notifications on my phone when it detects movement. That combination has saved me a good deal in terms of rabbits and heartbreak - having to go clean up the remains of a rabbit that your five-year-old thought of as a family pet is not a fun experience at all. :(

* My neighbors are aware of and tolerant of my shooting at night. It's not at all uncommon where I live, but this is HN, and many people here don't share this part of my lifestyle. I'm adding this note lest someone not familiar with it thinks I'm sneaking around a residential neighborhood in the middle of the night with night vision unbeknownst to others here. They've called me more than once when they have had issues with animals getting into their trash and such. I use humane traps in those cases and release the animals on some property my family owns much further away from civilization.

Now you just need to train a NN to recognize raccoons. ;)

Also, it's kind of sad the level of "don't worry, I'm safe and responsible" disclaiming you need to do around here for this type of thing.

Have you thought about getting a pet raccoon instead? /s
(comment deleted)
Can you use it on an Oculus quest?
Everyone should download the app in protest to ensure there's a lot of noise in the data.

Android: https://play.google.com/store/apps/details?id=com.atn.obsidi...

iOS: https://apps.apple.com/us/app/atn-obsidian-4/id1337731256

Downloading an app should never be considered reasonable suspicion or probable cause.

If you live in the US, does it help? It seems like they're looking for people outside the US using the technology.
They're not looking for anyone. They're looking for evidence that the scope manufacturer illegally exported to countries that they weren't allowed to, and tracking app downloads is certainly a way to do that.
> Downloading an app should never be considered reasonable suspicion or probable cause.

Really?

1) You want to buy something illegal from me, I send you a play store link to an app that costs $800 and is a picture of a cat. You buy the app, I send you the illegal thing. If the feds find this out, and Alice and Bob and Carol also bought the app, don't you think that's probable cause?

2) Someone eventually figures out that an app seemed to have one purpose, but is covertly child porn.

3) An app is found to be a private communication mechanism for a terrorist cell.

Can you not imagine scenarios like this?

I think the parent meant that downloading an app in and of itself should not be PC. I agree. Almost everything you mention are extenuating circumstances, and give a clear reason why downloading that specific app would put you under suspicion.

> 3) An app is found to be a private communication mechanism for a terrorist cell.

This, however, is nonsense. GMail has been used extensively for that purpose, both to send regular old email, and to create drafts on shared accounts so that the messages never route over the network. Do you think downloading GMail is suspicious?

> 1) You want to buy something illegal from me, I send you a play store link to an app that costs $800 and is a picture of a cat. You buy the app, I send you the illegal thing. If the feds find this out, and Alice and Bob and Carol also bought the app, don't you think that's probable cause?

You're skipping the part where the feds have demonstrated that the seller of an $800 cat picture is distributing illegal goods. That piece of evidence is the probably cause for getting the list of cat picture purchasers. The cost of the cat picture itself, without evidence of a crime, is not probably cause.

In this case, ICE does not have evidence of anyone committing a crime, or at least if they do they're not sharing it.

> 2) Someone eventually figures out that an app seemed to have one purpose, but is covertly child porn.

You mean, if you get past the first 400 pipes in flappy bird, and hit the 401st pipe, it shows child porn? Certainly throw the app maker in jail.

You mean, if you hit the 401st pipe and it brings up an interface to exchange child porn with other users? Certainly get a warrant for the data exchanged over that channel.

You mean, the app is Firefox for Android and it allows you to browse to childporn.example.com? No, that does not give you probably cause to get a list of all users of that app.

None of these possible interpretations of your comment (if I missed your actual meaning, please explain) apply to the app in question. The app does not appear to be in and of itself illegal, nor does it appear to facilitate criminal activity.

> 3) An app is found to be a private communication mechanism for a terrorist cell.

No. That's every email/chat app in the app market. Every single one of them.

>Everyone should download the app in protest to ensure there's a lot of noise in the data.

Surely they can filter out the noise because there's flood of people downloading them after news broke out?

In other words, a simple filtering by date range?
If you had read the article, you would realize that the users of the app aren't under suspicion.

The feds want to know where the app was downloaded, because they're trying to figure out all the countries that the scope manufacturer illegally exported their scopes.

The app only works with a specific scope.

Let's let the feds do their job and investigate this company for the crime they committed.

From the article:

> the company itself isn’t under investigation, according to the order

Not sure what your point is.

They're looking for exporters. If/when they find any, it seems likely they'll look closely at how the exporters obtained the products. This may or may not lead to the manufacturer.

Parent is building off of a clearly mistaken assumption in their post. And there was no need for them to be rude about it, either.

My point was just to clear up a fact that seemed significant to me in the thread. The fact actually stuck out to me when I originally read the article.

IANAL so I can’t comment on the different implications of pursuit of a stated suspect vs a dragnet with no known suspect.

I'm not familiar with the intricacies here, so maybe someone can help me out, but if it is the case that using the app in certain geo-locations is illegal, then why have Apple allowed its download and use. Surely, Apple has the responsibility here?
How long until we get a cheap $5 app that acts like this computer controlled rifle: https://arstechnica.com/gadgets/2013/03/bullseye-from-1000-y...

Seems easy enough to throw together some OpenCV calls that estimate distance, gravity drop, jitter, and then download a local weather report for pressure/wind. After which you can draw a reticle that highlights when/where to fire, similar to those HUD trackers in combat flight simulators.

Why isn’t the NRA all over this?
Why would they be?

This seems to me to be an obvious breach of privacy and broad overreach of investigative authority, but it isn't really a Second Amendment issue. The right to keep and bear arms doesn't extend to rifle scopes, and nothing about this threatens gun rights per se.

The same NRA that’s fighting tooth and nail to make silencers easier to buy?

The NRA has always been paranoid about the government collecting information on gun owners to the point where they pushed for laws not allowing doctors to ask about gun ownership.

Is it possible to dig up the actual court filing here?
Isn't it also in breach of ITAR to be providing the infrastructure to service these illegally exported scopes?

Is it a self hosted connection or more third party (like TeamViewer)?

They'd have to be wifi to a tethered phone, wouldn't they? Otherwise the latency would be ridiculous.
This doesn't even sound like an effective way to combat terrorism!