As part of an investigation into potential weapons export violations, the U.S. Department of Justice is demanding both Apple and Google furnish user information for a rifle scope monitoring and control app, a move that could impact well over 10 thousand people.
Detailed in an application for a court order filed on Thursday, the DOJ seeks names, phone numbers, IP addresses and other personal data of iOS and Android users who downloaded the Obsidian 4 app, reports Forbes.
The app, developed by American Technologies Network Corp, enables owners to connect to and control rifle scopes manufactured by the same company, specifically models in the ATN X-Sight 4K and ThOR 4 product lines. With Obsidian 4, users can connect to a compatible scope via Wi-Fi and stream live video, review images and movies stored on the scope's microSD card and adjust hardware settings.
As noted by Forbes, the app has been downloaded over 10,000 times on the Google Play store. Usage figures for iOS are unknown, as Apple does not disclose iOS App Store numbers.
If successful, the order would net the government an enormous amount of private user information in one fell swoop, including data of consumers who are not participating in illegal activity. According to the report, the proposed order is unprecedented in its scale, at least compared to similar requests that have been made public.
The DOJ is issuing the order to assist in an Immigration and Customs Enforcement investigation of illegal exports of ATN scopes. According to the filing, which has since been sealed, investigators hope to use app user data to determine where the hardware was shipped, including to countries that lack proper International Traffic in Arms Regulation licenses.
ATN is not under investigation, meaning a third party is responsible the illegal export activity.
"This pattern of unlawful, attempted exports of this rifle scope in combination with the manner in which the ATN Obsidian 4 application is paired with this scope manufactured by Company A supports the conclusion that the information requested herein will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted," the order reads.
As the broad request trawls for information, it would inevitably rope in private citizens not connected to the investigation. Privacy advocates and experts in the sector caution that granting the DOJ such authority would set a dangerous precedent.
"The idea that this data will only be used for pursuing ITAR violations is almost laughable," said former NSA analyst turned cybersecurity consultant Jake Williams. "Google and Apple should definitely fight these requests as they represent a very slippery slope. This type of bulk data grab is seriously concerning for a number of reasons, not the least of which is that the download of an application does not automatically imply the intended use' of the application. For instance, researchers often bulk download applications looking for interesting vulnerabilities."