Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters).
In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.
In a statement given to Reuters, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.
"In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."
According to the report, Wyden's letter said a "tip" was the source of the information about the surveillance. A source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications. The data is said to have been used to attempt to tie anonymous users of messaging apps to specific Apple or Google accounts.
Reuters' source would not identify which governments were making the data requests but described them as "democracies allied to the United States." They did not know how long the requests had been going on for.
Apple advises developers not to include sensitive data in notifications and to encrypt any data before adding it to a notification payload. However, this requires action on the developers' part. Likewise, metadata (like which apps are sending notifications and how often) is not encrypted, potentially giving anyone with access to the information insight into users' app usage.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
When governments force companies, private citizens, to keep secrets from the public, you know you're on the road to communism or worse.
There is a reason we have a court system with judicial oversight. The reason is to allow the subject...er suspect, a reasonable defense on government overreach.
When the citizens of a country are required to be complicit, yet must also remain quiet about their actions in support of government, that itself is a crime against the people.
Kudos to the whistle blower. Hopefully there will be some congressional hearings on this behavior.
Added Note: I have no issue with a hidden warrant. That is a tool used for criminal investigation. My problem is prohibiting companies from acknowledging what is being asked of them, even without disclosing whom the suspect(s) may be.
Furthermore, the worse crime, in this case, is blanket surveillance without evidence a crime was committed. In the US, the constitution prohibits such arbitrary abuse of law enforcement. Our judicial system allows for criminal investigation, the key word being criminal, as in a crime has been committed and therefore government must investigate the crime and prosecute the offenders. It prohibits personal investigation where the government investigates an individual, often for less than ethical reasons (such a political opponent of the investigator or investigating agency) looking to find, or, more often, looking to charge someone of anything that they can convince the public was a crime.
That said, it sounds like it's time for Apple to require push notifications to be encrypted, or they don't pass them along.