
Feds Demand Apple and Google Hand over Names of 10k Users of a Gun Scope App - spking
https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-order-apple-and-google-to-hand-over-names-of-10000-users-of-a-gun-scope-app/#3dababa26135
======
post_break
My friend has one of these scopes. It lets you shoot in the dark since it uses
IR for night vision. You can connect a phone to it, I was able to watch him
shooting through my phone sitting next to him. It's really cool technology. We
use it for hog hunting at night.

~~~
LyndsySimon
I have a couple of ATN's older scopes. My favorite is a 4x Gen 2 that I picked
up at a pawn shop for $200 a couple of years ago. It's amazing for what it is.

I have it mounted on a single-shot .22 rifle, which is somewhat absurd - the
rifle is tiny and the scope weighs easily as much as the gun.

My daughters raise rabbits, and although I certainly don't live in an urban
area (I have safe lanes of fire) I do have neighbors* on each side and don't
want to be waking them up at 3am with gunfire when a raccoon or coyote tries
to kill our rabbits. .22 "CB" rounds are about as powerful as a high-end
pellet gun and quieter to boot.

There's an inexpensive IR IPcam pointed at the rabbit hutches and I get
notifications on my phone when it detects movement. That combination has saved
me a good deal in terms of rabbits and heartbreak - having to go clean up the
remains of a rabbit that your five-year-old thought of as a family pet is not
a fun experience at all. :(

* My neighbors are aware of and tolerant of my shooting at night. It's not at all uncommon where I live, but this _is_ HN, and many people here don't share this part of my lifestyle. I'm adding this note lest someone not familiar with it thinks I'm sneaking around a residential neighborhood in the middle of the night with night vision unbeknownst to others here. They've called me more than once when they have had issues with animals getting into their trash and such. I use humane traps in those cases and release the animals on some property my family owns much further away from civilization.

~~~
dsfyu404ed
Now you just need to train a NN to recognize raccoons. ;)

Also, it's kind of sad the level of "don't worry, I'm safe and responsible"
disclaiming you need to do around here for this type of thing.

------
driverdan
Everyone should download the app in protest to ensure there's a lot of noise
in the data.

Android:
[https://play.google.com/store/apps/details?id=com.atn.obsidi...](https://play.google.com/store/apps/details?id=com.atn.obsidian4K&hl=en_US)

iOS: [https://apps.apple.com/us/app/atn-
obsidian-4/id1337731256](https://apps.apple.com/us/app/atn-
obsidian-4/id1337731256)

Downloading an app should never be considered reasonable suspicion or probable
cause.

~~~
VikingCoder
> Downloading an app should never be considered reasonable suspicion or
> probable cause.

Really?

1) You want to buy something illegal from me, I send you a play store link to
an app that costs $800 and is a picture of a cat. You buy the app, I send you
the illegal thing. If the feds find this out, and Alice and Bob and Carol also
bought the app, don't you think that's probable cause?

2) Someone eventually figures out that an app seemed to have one purpose, but
is covertly child porn.

3) An app is found to be a private communication mechanism for a terrorist
cell.

Can you not imagine scenarios like this?

~~~
nwallin
> 1) You want to buy something illegal from me, I send you a play store link
> to an app that costs $800 and is a picture of a cat. You buy the app, I send
> you the illegal thing. If the feds find this out, and Alice and Bob and
> Carol also bought the app, don't you think that's probable cause?

You're skipping the part where the feds have demonstrated that the seller of
an $800 cat picture is distributing illegal goods. _That_ piece of evidence is
the probably cause for getting the list of cat picture purchasers. The cost of
the cat picture itself, without evidence of a crime, is not probably cause.

In this case, ICE does not have evidence of anyone committing a crime, or at
least if they do they're not sharing it.

> 2) Someone eventually figures out that an app seemed to have one purpose,
> but is covertly child porn.

You mean, if you get past the first 400 pipes in flappy bird, and hit the
401st pipe, it shows child porn? Certainly throw the app maker in jail.

You mean, if you hit the 401st pipe and it brings up an interface to exchange
child porn with other users? Certainly get a warrant for the data exchanged
over that channel.

You mean, the app is Firefox for Android and it allows you to browse to
childporn.example.com? No, that does not give you probably cause to get a list
of all users of that app.

None of these possible interpretations of your comment (if I missed your
actual meaning, please explain) apply to the app in question. The app does not
appear to be in and of itself illegal, nor does it appear to facilitate
criminal activity.

> 3) An app is found to be a private communication mechanism for a terrorist
> cell.

No. That's every email/chat app in the app market. Every single one of them.

------
willis936
This is so illegal it’s basically blatant gimme for the tech companies to have
cool PR by sticking their finger up to the man. This story has come up twice a
year for the past five years.

~~~
otterley
Attorney here! What act, specifically, do you believe is illegal, and what
laws make it so?

~~~
salawat
I'd say lack of probable cause, and the process being essentially a fishing
expedition. Last I checked, there had to be clear evidence linking a
particular individual to a potential criminal act before a warrant could be
issued.

I.e. it's fine for the government to phrase the warrant "give us all info with
regards to users/downloaders with GeoIP's outside the United States" as the
being in possession of the product outside the country at least correlates
with the possibility of being an ITAR violator. Even then it is sketchy,
because that would be a separate charge technically, because they are only the
receiver, not the exporter necessarily.

On the other hand, demanding all the info to cross reference with an internal
licensing database seems an egregious overstep, and an exploitation of an
overly broad warrant. It sets a very bad precedent in terms of allowable
conduct.

~~~
otterley
> Last I checked, there had to be clear evidence linking a particular
> individual to a potential criminal act before a warrant could be issued.

(This is not legal advice. Consult a licensed attorney in your jurisdiction.)

Not so. The Federal Rules of Criminal Procedure apply here, particularly Rule
41.

[https://www.law.cornell.edu/rules/frcrmp/rule_41](https://www.law.cornell.edu/rules/frcrmp/rule_41)

See particularly section (c):

(c) Persons or Property Subject to Search or Seizure. A warrant may be issued
for any of the following:

(1) evidence of a crime;

(2) contraband, fruits of crime, or other items illegally possessed;

(3) property designed for use, intended for use, or used in committing a
crime; or

(4) a person to be arrested or a person who is unlawfully restrained.

\--

Nor does an individual need to be identified. "John Does" are commonly
enumerated as defendants in criminal indictments, and warrants can be used as
a means to locate them.

The bar for what constitutes "probable cause" is also quite low. Even
anonymous tips can give rise to PC. See, e.g., Illinois v. Gates, 462 U.S. 213
(1983).
[https://supreme.justia.com/cases/federal/us/462/213/](https://supreme.justia.com/cases/federal/us/462/213/)

~~~
salawat
Again, I'd argue that

(1) Evidence of a crime

means "We have reason to expect John Doe of Whereveristan has committed an
ITAR violation. We believe He did so through his Android device. We need the
information associated with his account... So on and so forth."

That is tightly constrained, states the desired information to be turned over,
the subject (individual) of the warrant, and the alleged reason why it is
necessary.

"We want all users account information containing entry XYZ because maybe,
possibly, some subset of that corpus of individuals may have committed a
crime" does not meet that standard.

By allowing this type of fishing expedition it completely upends the notion of
presumed innocence, and encourages broad, sweeping warrants to be considered
an acceptable investigative technique. Something that has been continually
rebuked over the last century, and has only started to crumble since the
introduction of Third Party Doctrine.

>Nor does an individual need to be identified. "John Does" are commonly
enumerated as defendants in criminal indictments, and warrants can be used as
a means to locate them.

Huh. I knew of the John Doe practice, but I didn't realize it was used to
conduct legal proceedings in absentia the individual in hopes of eventually
finding an individual that "fits" the allegation.

Not sure how to feel about that.

Thanks for the input though! Today I learned!

EDIT: On further reflection, I suppose it shouldn't surprise me. Obviously
there has to be a legal construct to enable the legal system to move forward
and react to ongoing criminal developments in the case where the perpetrator
is highly effective in covering their tracks, and law enforcement has to piece
things together from the effects of the crime until such time as enough
coincidence occurs to narrow the list of suspects to a particular individual.

------
CoolGuySteve
How long until we get a cheap $5 app that acts like this computer controlled
rifle: [https://arstechnica.com/gadgets/2013/03/bullseye-
from-1000-y...](https://arstechnica.com/gadgets/2013/03/bullseye-
from-1000-yards-shooting-the-17000-linux-powered-rifle/)

Seems easy enough to throw together some OpenCV calls that estimate distance,
gravity drop, jitter, and then download a local weather report for
pressure/wind. After which you can draw a reticle that highlights when/where
to fire, similar to those HUD trackers in combat flight simulators.

------
trhway
>Google and Apple should definitely fight these requests as they represent a
very slippery slope.

It is kind of strange that the stopping (or not) of such a blatant
unconstitutional action affecting fundamental rights of so many people
(especially if the action succeeds and gets established as precedent) depends
only on goodwill/caprice of a couple of for-profit corporate entities.

I wonder shouldn't be there a system/process where any person whose data is to
be handed over would get a chance to challenge it in court (at least like for
example it was in the good old times of the movie industry going after alleged
pirates)

~~~
ummonk
I wonder whether this might violate GDPR if the companies just voluntarily
handed the data over and it included Europeans.

~~~
bilbo0s
Just from a purely legal perspective, I'm not sure Apple and Google are even
supposed to have that data? The company that sells the app, assuming they
collected the information, technically was not supposed to share anything with
Apple or Google. (Or rather, they were only supposed to share under certain
very specific conditions.)

So I can't really tell what the Feds are asking for in particular? But
assuming they are asking for information specific to the app, I'm not sure
that Apple or Google were supposed to be snooping that information under GDPR?
And I'm very sure that the app maker was not supposed to be collecting it in
any kind of a way that shared it with Google or Apple. (Certainly not sharing
it outright.)

~~~
derefr
Apple/Google presumably know who _purchased_ the app, through their respective
app stores.

~~~
LyndsySimon
FWIW, it's free.

~~~
derefr
Free downloads are still tracked as "purchases" through app stores. You end up
with the app in your "purchase history", etc. This allows the app store to
give the app's vendor some simple, useful analytics, like showing how
placement in the store influences these "purchases."

------
mfer
&tldr; the scopes are controlled under ITAR and have been found to end up in
locations outside of where it should be under ITAR. They are looking to locate
scopes where they shouldn't legally be.

Given Apple and Google have location data on people (or at least Google does)
the information for those using the App outside of the US or in ITAR
restricted places could have been requested. Instead they went for all
records. I hope this nuance isn't lost.

I wonder if they are doing this under a pen register.

~~~
wcunning
Where can I find a good primer on the powers of the feds with regard to ITAR
enforcement? Have there been any law review articles discussing the powers
relating to the contemporary systems like this with two parts and disable-able
software (the scope is at least much less useful if you don't have the app)?

~~~
post_break
The scope works perfectly without the app. Have used one. I believe apps don't
fall under ITAR.

~~~
LyndsySimon
> I believe apps don't fall under ITAR.

Looks like they do.

The scopes this app works for are digital scopes, and don't use traditional
intensifier tubes. I'm not sure enough of the technical specs to know if the
night vision component meets the ITAR requirements, but the ballistic
calculator certainly does: [https://www.atncorp.com/x-sight2-hd-day-night-
rifle-scope-3-...](https://www.atncorp.com/x-sight2-hd-day-night-rifle-
scope-3-14x)

Find what I believe to be the relevant ITAR sections that would classify the
app as a "munition" below this line:

\-------------------

Category XII:

(c) Imaging systems or end items, as follows:

[...]

(c)(2) Weapon sights (i.e., with a reticle) or aiming or imaging systems
(e.g., clip-on), specially designed to mount to a weapon or to withstand
weapon shock or recoil, with or without an integrated viewer or display, and
also incorporating or specially designed to incorporate any of the following:

[...]

(c)(2)(iii) Ballistic computing electronics for adjusting the aim point
display; or

[...]

(x) Commodities, software, and technology subject to the EAR (see §120.42 of
this subchapter) used in or with defense articles controlled in this category.

------
PhasmaFelis
I was curious what the actual justification for the data grab is. The article
buries it halfway down, but tl;dr the feds think that some of the scopes have
been illegally exported (by parties unknown) in violation of arms-trafficking
laws, and they think that learning where they're being used will help them
track down the exporters. "Reports online" (for all they're worth) claim that
the Taliban got some of them.

------
zelon88
Isn't it also in breach of ITAR to be providing the infrastructure to service
these illegally exported scopes?

Is it a self hosted connection or more third party (like TeamViewer)?

~~~
brokenmachine
They'd have to be wifi to a tethered phone, wouldn't they? Otherwise the
latency would be ridiculous.

------
Apocryphon
This doesn't even sound like an effective way to combat terrorism!

------
scarface74
Why isn’t the NRA all over this?

~~~
krapp
Why would they be?

This seems to me to be an obvious breach of privacy and broad overreach of
investigative authority, but it isn't really a Second Amendment issue. The
right to keep and bear arms doesn't extend to rifle scopes, and nothing about
this threatens gun rights per se.

~~~
scarface74
The same NRA that’s fighting tooth and nail to make silencers easier to buy?

The NRA has always been paranoid about the government collecting information
on gun owners to the point where they pushed for laws not allowing doctors to
ask about gun ownership.

------
Karunamon
Is it possible to dig up the actual court filing here?

------
laythea
I'm not familiar with the intricacies here, so maybe someone can help me out,
but if it is the case that using the app in certain geo-locations is illegal,
then why have Apple allowed its download and use. Surely, Apple has the
responsibility here?

