Google & Apple pushed to reveal gun scope app users’ names to feds

US Immigration and Customs Enforcement (ICE) is looking into illegal exports of a gun scope, and its investigation includes going after Apple and Google to get them to hand over the names of who’s using an associated gun-scope app.

The Department of Justice (DOJ) on Thursday filed a court order demanding that the two companies turn over data on some 10,000 users of Obsidian 4: an app from American Technologies Network Corp. (ATN) that connects the scope to smartphones or tablets via Wi-Fi so that gun owners can watch a live video stream of their hunt and calibrate their smart scope.

Apple doesn’t release app download numbers, but Google Play says that the app’s been downloaded over 10,000 times. How many of those installs are from actual users is another question, though, given how many recent reviews say that they’re only downloading in protest of the government demanding that Google and Apple hand over a list of the app’s users.

The court order was supposed to be sealed, but Forbes got hold of it before it was hidden from public view.

If the DOJ gets a court to sign off on the demand, Apple and Google will be told to hand over the names of anyone who downloaded the scope app from 1 August 2017 to the present; their telephone numbers and IP addresses, which can be used to determine where the users are located; and session data, such as when users were operating the app.

ATN itself isn’t under investigation in connection to the alleged illegal exports. The court order reportedly describes an intercepted shipment of the company’s scopes, in violation of the International Traffic in Arms Regulation (ITAR). The shipments didn’t hold the required import licenses when they were reportedly found in Hong Kong, Canada and the Netherlands.

According to the court order, the data it’s demanding will help ICE find app users thought to be in violation of the laws. From the document:

This pattern of unlawful, attempted exports of this rifle scope in combination with the manner in which the ATN Obsidian 4 application is paired with this scope manufactured by Company A supports the conclusion that the information requested herein will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted.

Fishing expedition

Privacy experts, such as Tor Ekeland, a privacy-focused lawyer, told Forbes called it a fishing expedition that could ensnare data on thousands of innocents, and then use that information to “go after someone for something else”.

It’s also likely that the government could issue the same type of broad demand to go after user data from other types of apps, such as dating or health apps. Ekeland said:

There’s a more profound issue here with the government able to vacuum up a vast amount of data on people they have no reason to suspect have committed any crime. They don’t have any probable cause to investigate, but they’re getting access to data on them.

Jake Williams, a former NSA analyst and now a cybersecurity consultant at Rendition Infosec, told Forbes that if the request is granted, it could have a “serious chilling effect on how people use the Google and Android app stores.”

The idea that Google could be compelled to turn over, in secret, all of my identifiers and session data in its possession because I downloaded an application for research is such a broad overreach it’s ridiculous.