Comment by bmelton
2 years ago
In what way would ignoring a viable SIGINT source be incompetent?
Just thinking about only my push notifications yesterday and they revealed that I am clearly a developer or technologist (push notifications from Git/AWS/etc), who got a haircut (time and location were revealed in the message, but I'm sure government-level agencies could have tracked which SportClips location the appointment belonged to), that I am interested in generative AI, and working out.
Another day might have yielded far more interesting facts, but those bits added to a record of my interests and habits can become quite powerful over time.
> Just thinking about only my push notifications yesterday
See, the gist in the letter is this sentence:
"As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information."
Do you really think that a foreign government is interested in push notifications when issuing a demand to disclose data from a phone?
Push notifications can leak information from secure or encrypted apps. Its easier to get around E2E encryption than breaking the encryption itself
It seems silly to imagine they'd ask for anything less than everything they could get.
More information means more ways to hone in on whatever allegation you're trying to prove. If it's investigative, then it gives more of a picture of what's happening.
I used to imagine EZPass data as innocuous, but now it's used routinely in criminal trials to show that a defendant was at a given place at a given time. Divorce attorneys also request it, as it can be used to illustrate patterns.