In a chilling revelation that feels all too familiar, Apple has confirmed that governments are using push notifications for the surveillance of users — an imposition on personal freedoms and a glaring example of state overreach.
This unsettling news was disclosed in response to Senator Ron Wyden’s urgent communication to the Department of Justice. Wyden highlighted that foreign officials have been pressuring technology companies for data to track smartphones via apps that send notifications.
These apps, he noted, put tech companies in a pivotal role to assist in governmental monitoring of app usage.
Senator Wyden urged the Department of Justice to alter or revoke any existing policies that restrict public discourse on the surveillance of push notifications.
In a reaction to this, Apple stated to Reuters that Wyden’s letter presented them with an opportunity to divulge more information about government monitoring of push notifications. The tech giant clarified, “In this case, the federal government prohibited us from sharing any information. Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
The letter from Wyden reportedly stemmed from a “tip” about this surveillance activity. An informed source confirmed that both foreign and US agencies have been requesting metadata related to notifications from Apple and Google. This metadata has been allegedly used to link anonymous messaging app users to specific accounts on these platforms.
While the source, speaking to Reuters, did not specify which governments were involved, they characterized them as “democracies allied to the United States” and were uncertain about the duration of these requests.
“In this case, the federal government prohibited us from sharing any information,” Apple said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
Apple, meanwhile, has advised app developers to refrain from including sensitive data in notifications and to encrypt any data before it is incorporated into a notification payload.
However, this relies on the developers’ initiative. Importantly, metadata such as the frequency and origin of notifications remains unencrypted, potentially offering insights into users’ app activities to those who can access this data.
The news, which is hardly unexpected yet nonetheless deeply troubling, underscores the precarious path we seem to be treading, one that veers ominously towards policies that infringe on civil liberties.
The key cog in a functioning democracy, our judicial system, and its informed oversight exists precisely to prevent such oversteps. It endows a suspected individual with the crucial right to mount a robust defense against unwarranted infiltration by the state government. Alarmingly, the situation at hand eerily mirrors scenarios where private entities and individuals are strong-armed into being active partners in such covert operations, all the while being legally bound to cryptic silence.
Got it, notifications off. Makes the phone less annoying anyway.
Or couldn’t the notifications for an app be made vague enough to have no surveillance value? E.g. “(wire) check for msgs”, as opposed to “(wire) Rufus: need an 8-ball…”