from Fellowship Of The Minds:
Do you own a rifle? Do you have a scope to go with it, like the ATN X-Sight 4K Rifle Scope?
If you do, the U.S. government may soon know who you are, your phone number and other personal information.
Obsidian 4, made by American Technologies Network Corp, is an application that connects via Wifi your smart phone or tablet to theATN X-Sight 4K or ThOR 4 rifle scope. This connection enables you to watch a live video stream of your hunt on your smart phone or tablet, as well as review the images and videos stored on your scope’s microSD card.
Thomas Brewster reports for Forbes that on Sept. 5, 2019, the Department of Justice (DOJ) filed an application for a court order asking Google and Apple to hand over the personal information — names, phone numbers and other identifying data — of at least 100,000 users of the Obsidian 4 app, i.e., rifle-owners.
If the court signs off on the order, Apple and Google will be told to hand over the names, phone numbers and IP addresses (which could be used to determine the location of the user) of anyone who downloaded the scope app from August 1, 2017 to the current date. The government also wants to know when users were operating the app.
According to the Google Play page for Obsidian 4, it has more than 10,000 downloads. Apple doesn’t provide download numbers, which means the actual number of Obsidian 4 users far exceeds 10,000.
Forbes calls this “an unprecedented move” because never before has the U.S. government demanded personal data of users of a single app from Apple and Google, or asked the Silicon Valley giants for information on so many thousands of people in one go.
According to the DOJ court order, which is supposed to be sealed and hidden from public view but Forbes obtained a copy, the ostensible reason for this unprecedented request is because the Immigration and Customs Enforcement (ICE) department wants the information as part of a broad investigation into possible breaches of weapons export regulations, including illegal exports of ATN’s scope. Finding out where the Obsidian 4 app is in use will likely indicate where the hardware has been shipped. In the words of the court order: “the information requested herein will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted.”
But privacy activists warn that if the court approves the demand, and Apple and Google decide to hand over the information, it could include data on not just users abroad who might be engaged in illegal shipments of the gun scope, but also on thousands of people who have nothing to do with the crimes being investigated:
- Edin Omanovic of Privacy International’s State Surveillance program said it would set a dangerous precedent and scoop up “huge amounts of innocent people’s personal data. Such orders need to be based on suspicion and be particularized—this is neither.”
- Tor Ekeland, a privacy lawyer, said the order amounted to a “fishing expedition” and that there’s a long history of that kind of behavior from the U.S. government. Ekeland warned that the government could apply this demand to other types of app, such as dating or health apps.: “The danger is the government will go on this fishing expedition, and they’ll see information unrelated to what they weren’t looking for and go after someone for something else. There’s a more profound issue here with the government able to vacuum up a vast amount of data on people they have no reason to suspect have committed any crime. They don’t have any probable cause to investigate, but they’re getting access to data on them.”
- Jake Williams, a former NSA analyst and now a cybersecurity consultant at Rendition Infosec, said: “The idea that this data will only be used for pursuing ITAR violations is almost laughable. Google and Apple should definitely fight these requests as they represent a very slippery slope. This type of bulk data grab is seriously concerning for a number of reasons, not the least of which is that the download of an application does not automatically imply the ‘intended use’ of the application. The idea that Google could be compelled to turn over, in secret, all of my identifiers and session data in its possession because I downloaded an application for research is such a broad overreach it’s ridiculous.”