In what way would ignoring a viable SIGINT source be incompetent?
Just thinking about only my push notifications yesterday and they revealed that I am clearly a developer or technologist (push notifications from Git/AWS/etc), who got a haircut (time and location were revealed in the message, but I'm sure government-level agencies could have tracked which SportClips location the appointment belonged to), that I am interested in generative AI, and working out.
Another day might have yielded far more interesting facts, but those bits added to a record of my interests and habits can become quite powerful over time.
> Just thinking about only my push notifications yesterday
See, the gist in the letter is this sentence:
"As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information."
Do you really think that a foreign government is interested in push notifications when issuing a demand to disclose data from a phone?
It seems silly to imagine they'd ask for anything less than everything they could get.
More information means more ways to hone in on whatever allegation you're trying to prove. If it's investigative, then it gives more of a picture of what's happening.
I used to imagine EZPass data as innocuous, but now it's used routinely in criminal trials to show that a defendant was at a given place at a given time. Divorce attorneys also request it, as it can be used to illustrate patterns.
It would indicate that they're lonely and looking for a partner. If you were looking to turn them into an intelligence asset, you could have an officer approach and seduce them.
If it's Grindr instead of Tinder, or if they're married, you have a blackmailing angle. In a lot of countries it would be very effective.
Suppose you use an anonymous app for messaging. The government sees the conversation ("good day to you") but doesn't know who is on one side (perhaps both).
So they ask Apple "who exactly sent or received on their phone a push notification for 'good day to you'?" Or perhaps "who sent or received push notifications from secure messaging app around 8:24:39.124 pm, 8:26:12.322, etc.?"
Apple tells them, and now they know the identity of the "anonymous" recipient. Replace "good day to you" with any text disliked by any format or current or future government.
In what way would ignoring a viable SIGINT source be incompetent?
Just thinking about only my push notifications yesterday and they revealed that I am clearly a developer or technologist (push notifications from Git/AWS/etc), who got a haircut (time and location were revealed in the message, but I'm sure government-level agencies could have tracked which SportClips location the appointment belonged to), that I am interested in generative AI, and working out.
Another day might have yielded far more interesting facts, but those bits added to a record of my interests and habits can become quite powerful over time.
> Just thinking about only my push notifications yesterday
See, the gist in the letter is this sentence:
"As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information."
Do you really think that a foreign government is interested in push notifications when issuing a demand to disclose data from a phone?
Push notifications can leak information from secure or encrypted apps. Its easier to get around E2E encryption than breaking the encryption itself
It seems silly to imagine they'd ask for anything less than everything they could get.
More information means more ways to hone in on whatever allegation you're trying to prove. If it's investigative, then it gives more of a picture of what's happening.
I used to imagine EZPass data as innocuous, but now it's used routinely in criminal trials to show that a defendant was at a given place at a given time. Divorce attorneys also request it, as it can be used to illustrate patterns.
I see that there is a lot of signal coming over my push notifications ... how would using this signal make spies incompetent?
> I see that there is a lot of signal
What signals are you talking about? Someone tends to respond to Tinder's notifications at 6 PM on weekends, and such useless data?
It would indicate that they're lonely and looking for a partner. If you were looking to turn them into an intelligence asset, you could have an officer approach and seduce them.
If it's Grindr instead of Tinder, or if they're married, you have a blackmailing angle. In a lot of countries it would be very effective.
6 replies →
Suppose you use an anonymous app for messaging. The government sees the conversation ("good day to you") but doesn't know who is on one side (perhaps both).
So they ask Apple "who exactly sent or received on their phone a push notification for 'good day to you'?" Or perhaps "who sent or received push notifications from secure messaging app around 8:24:39.124 pm, 8:26:12.322, etc.?"
Apple tells them, and now they know the identity of the "anonymous" recipient. Replace "good day to you" with any text disliked by any format or current or future government.
1 reply →