Surveillance through Push Notifications

The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant.

The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

But the practice was not widely understood until December, when Sen. Ron Wyden (D-Ore.), in a letter to Attorney General Merrick Garland, said an investigation had revealed that the Justice Department had prohibited Apple and Google from discussing the technique.

[…]

Unlike normal app notifications, push alerts, as their name suggests, have the power to jolt a phone awake—a feature that makes them useful for the urgent pings of everyday use. Many apps offer push-alert functionality because it gives users a fast, battery-saving way to stay updated, and few users think twice before turning them on.

But to send that notification, Apple and Google require the apps to first create a token that tells the company how to find a user’s device. Those tokens are then saved on Apple’s and Google’s servers, out of the users’ reach.

The article discusses their use by the FBI, primarily in child sexual abuse cases. But we all know how the story goes:

“This is how any new surveillance method starts out: The government says we’re only going to use this in the most extreme cases, to stop terrorists and child predators, and everyone can get behind that,” said Cooper Quintin, a technologist at the advocacy group Electronic Frontier Foundation.

“But these things always end up rolling downhill. Maybe a state attorney general one day decides, hey, maybe I can use this to catch people having an abortion,” Quintin added. “Even if you trust the U.S. right now to use this, you might not trust a new administration to use it in a way you deem ethical.”

Tags: , , , ,

Posted on March 6, 2024 at 7:06 AM20 Comments

Comments

Erdem Memisyazici March 6, 2024 8:22 AM

In every decade there has been a group of undesirables. Do it or the Germans will get you, then the Russians will get you, then the Black Panthers, now it’s child predators and the terrorists. It always reads to me like, “Need more power, can’t articulate why, so ‘booooooo!'”

Clive Robinson March 6, 2024 9:41 AM

@ ALL,

“But these things always end up rolling downhill.

The important things to renember,

1, All technology is agnostic to use.
2, The use is decided by a directing mind.
3, It is the observers that decide if that use is good or bad.

Now remember that for what is now seen as an increasing percentage of the population is those who have one or more mental deficiencies that as far as we know are incurable, and may be heritable as well as caused by repeated insults to the brain (see CTE).

These deficiencies are the underlying cause for the “Dark Pentad” sociopathic behaviours. Untill recently it was mistakenly believed to be “male criminal traits” only effecting around 1% of the population. That is very far from true, they are found about equally in men and women and in reality represent somewhere between 15-25% of the population.

If you want a very simplistic mathematical model look up game theory around the likes of “Hawks and Doves”.

Roughly the behaviours of authoritarians and authoritarian followers are split. Whilst the former are well studied the latter are very much less so. Importantly the behaviours of men “appear” to present differently than women. This is actually due to the fact the studies were mostly flawed as they were carried out on convicts in male prisons (which is not exactly representative of the general population).

Unfortunately both authoritarians and authoritarian followers are attracted to power and control structures such as those found in the organisational structures of Governments and the Guard Labour the Governments put in place.

So this “rolling downhill” effect of abusing powers against the civilian society is very much built into politics thus legislation and implementation of legislation and regulation.

I’ve given references before especially the work of Bob Altemeyer who sadly died just a month ago,

https://en.m.wikipedia.org/wiki/Bob_Altemeyer

He provided some of his work for free on his web pages,

https://theauthoritarians.org/options-for-downloading-authoritarian-nightmare/

His work on authoritarian followers forms part of the research materials for some research I’m doing about the behaviours of senior management running technology organisations where the actual work is carried out by those that tend to fall into the high functioning autism classification.

Likewise research papers on the dark Pentad that just a few years back pre C19 was known as the Dark Triad. It too is an area that is under researched but is now getting a larger spotlight turned on it. I would say that people who want to understand what goes on in the higher levels of the “computing stack” with regards security or lack there of, should really get to know the material.

Hey March 6, 2024 10:46 AM

Countermeasure – if you are sensitive about the use/abuse of these push notification techniques then stop using Android and Apple phone app for communicating. Might need to review the security of using web-based communication tools on a secure OS such Tails https://tails.net/

Anonymous March 6, 2024 11:14 AM

The US really needs to implement human rights and equality law at all levels from the constitution on down. It stops a lot of problems happening before they begin.

“This is how any new surveillance method starts out: The government says we’re only going to use this in the most extreme cases, to stop terrorists and child predators, and everyone can get behind that,” said Cooper Quintin, a technologist at the advocacy group Electronic Frontier Foundation.

In the US the KOSA act is worrying a lot of civil liberties types. It could be used to censor age appropriate *** (modesty filter) and relationship material, or LGBT teaching and medical information and self-help material.

In at least one state far right aligned politicians are attempting to define transgender people existing in public as “pornography”, and attempting to push through law which will render any teacher teaching or supporting LGBT material liable for a criminal conviction and jail and going on the *** (modesty filter) offenders register.

Nobody disagrees with child protection. The problem is protection from whom? Poor human rights law at constitutional levels allow religious nuts and possessive parents who treat their children like property free reign to psychologically abuse or in some cases meet the legal threshold for torture or genocide.

There are some US states aiming for or have implemented capture/contain law against parents of transgender children.

Access to abortion is heading down a similar path. One wingnut in one state is even making a move to ban contraception.

Zakarth March 6, 2024 12:57 PM

@ Clive

Pardon my interruption and feel free to ignore– but is there a way to safely contact you or vice versa?

If you feel more comfortable, you can reach out to me on Twitter @Zakarth. I’m doing some research on hacking activity in the UK during the eighties and you seem to have some contemporaneous knowledge from the time period.

lurker March 6, 2024 1:06 PM

The fancy tech of Push Tokens is not the key to this story, it’s the human use of flexi-law. WaPo reports

A foreign law enforcement officer got TeleGuard to hand over a small string of code …

and

An FBI agent then got Google to quickly hand over a list of email addresses …

echo March 6, 2024 1:08 PM

@Clive

I note you are slowly updating your model. What you are saying is partially technically correct and a touch problematic.

I find a broader multi-domain approach is better and it must anticipate none criminal behaviour.

  • Male dominated institutions have resulted in medical misogyny where medical studies historically almost exclusively used men as a model because it was simpler and cheaper.
  • Equality is creating a situation where more women are present in governance and the workplace and society.
  • Both of these factors will evolve culture, and practice, and implementations.

Before everything went stupid when the Brexit referendum was announced governance was a key priority of the Equality and Human Rights Commission. It’s known that like attracts like and this reduced diversity of boards which also had an impact on policies and practice, and broader business environment and culture. In theory it would help mitigate this:

These deficiencies are the underlying cause for the “Dark Pentad” sociopathic behaviours. Untill recently it was mistakenly believed to be “male criminal traits” only effecting around 1% of the population. That is very far from true, they are found about equally in men and women and in reality represent somewhere between 15-25% of the population.

If you want a very simplistic mathematical model look up game theory around the likes of “Hawks and Doves”.

Roughly the behaviours of authoritarians and authoritarian followers are split. Whilst the former are well studied the latter are very much less so. Importantly the behaviours of men “appear” to present differently than women. This is actually due to the fact the studies were mostly flawed as they were carried out on convicts in male prisons (which is not exactly representative of the general population).

I ran slam bang into a similar none psycho none criminal scenario yesterday in a meeting by people who on paper should know better. It was a situation I was aware of before it developed and it developed fairly predictably. I wasn’t aware of all the facts beforehand but am now. It’s almost a case study in what not to do. Still, an interesting if unpleasant exercise.

  • The behaviours of men and women are different although they both sit on a similar underlying model. Outcomes can be but are not necessarily the same.

  • It’s a neuro-psycho-social stack of two overlapping bellcurves with different weighting. Both bellcurves have perception blindspots. Both men and women can view the same scene and perceive different things. It’s a bit more complicated then that because the perception can effect the bias. There is also hidden data which effects the dynamic and not just that. Processing of revealed data can be effected by perception and bias.

  • All of the above can be effected by a preloaded state of mind.

This was actually a background subject matter with various bodies who failed to come up to professional and published standards. Ugh that was a headache. I need to decompress and make up my mind whether I want to write up a report. I’ve got three key recommendations. It’s really annoying because the standards are there. Of course Madame is coming out smelling of roses.

Model failure points:

Aggression conceals behaviour.
None comformancy can create aggression-manipulation loops.
Multiple victims can exist.

This requires:

De-escalatory fact finding.
Clearer category definitions.
Don’t cause a dialogue process break by confusing immediate wants with outcomes.

It’s interesting see how fluffy things get at the ground level and how personalities and emotions and points of view can utterly collapse standards. I have some old data which was very predictive of behaviour. I have a suspicion its related to gang behaviour which has had a persist and worrying increase along with increased participation of young women. Of course, the Met is misogynistic from top to bottom which doesn’t help.

I don’t have any bigger conclusions but I’m giving the new paper a bit of squint. I don’t doubt the broader indication. There’s just something which doesn’t fit right with me. As I have previously indicated the precursors get my attention more. Without saying little boys are made of slugs and snails and girls are made of all things nice, which is sexist, I would be and am very careful of latching onto this paper because of it’s misogynistic undertones and convenient lack of context and history.

Winter March 6, 2024 1:09 PM

@Anonymous

The US really needs to implement human rights and equality law at all levels from the constitution on down.

The EU has made the universal declaration of human rights the law of the Union.

It is my understanding that the US does not grant legal rights to humans, but only to citizens. And even those get not all these rights. I think US citizens do not want humans to have rights as this interferes with their desire to perform human sacrifice and extra judicial executions.[1]

[1] Note Trump want PotUS to have legal immunity so he can murder his opponents with impunity when he ever gets back in power. I am not sure SCotUS realizes that this immunity would mean PotUS could also kill judges he does not like and then replace them with people he does like.[2]

[2] This is how his admired friend Putin the Poisoner of Underwear did solidify his power.

JonKnowsNothing March 6, 2024 5:06 PM

@ Winter, @Anonymous, All

re:
* US citizens do not want humans to have rights as this interferes with their desire to perform human sacrifice and extra judicial executions.

  • PotUS legal immunity so he can murder his opponents with impunity

The USA does not respect US Citizenship if LEAs determine they wish to kill someone. This is done both inside the USA, and outside the USA for US Citizens staying in other countries. In neither case will Citizenship stop a bullet or a bomb.

POTUS has immunity during the 4yr period of office. This provides POTUS the ability to have lethal orders and conduct war-like operations, without any internal disruptions.

The immunity flows down from the Commander in Chief (aka POTUS) to our military, deployed in many countries and some in active combat situations. Soldiers lose their immunity if they over-step a hazy line about who they kill under POTUS’ orders. Military are Point N Shoot departments with No Thinking Allowed motto.

DT is immune to most challenges of war crimes and such. This being the acknowledged political rule exchanged between world leaders. We don’t normally prosecute government leaders; we may depose them and jail them but not that often, unless there’s an excellent PR facet.

What DT wants, is immunity after office for actions done after the 4yr period of granted protection.

1)
* The Biden administration is reported to have made more than 100 weapons sales to Israel, including thousands of bombs, since the start of the war in Gaza, but the deliveries escaped congressional oversight because each transaction was under the dollar amount requiring approval.

  • between 2017 and 2019, the Trump administration had made 4,221 below-threshold arms transfers to Saudi Arabia and the United Arab Emirates, worth an estimated total of $11.2bn.

These actions are perfectly legal for POTUS Biden and POTUS Trump; they are immune from prosecution for them.

If after office, they arranged to kill people in ISR, GAZA, UKR, RU they would have a problem legally.

If DT is successful at having full immunity for life for ex-POTUS after office, then such killings would be protected actions.

===
1)
HAIL Warning

ht tps://w ww.t heguardian.com/us-news/2024/mar/06/israel-weapons-sales-loophole

  • The Arms Export Control Act makes significant exceptions for arms sales to close allies with sales below defined ceilings.

Works like the $5,000 deposit reporting threshold at US Banks.

Andy March 6, 2024 5:39 PM

I have de-Googled my phone last year due to this. You can too. There are plenty of options but you need a compatible phone. GrapheneOS (my fav), Lineage OS, Calyx OS are just a few. Also see github.com/tycrek/degoogle for more links to degoogling. As for Apple, I have no interest in their overpriced, locked down, “innovative” yet buggy garbage.

lurker March 6, 2024 6:19 PM

@Andy, All

I wonder how they do this in one of Apple’s biggest markets. It seems the banning of Huawei based on suspicion they might do some form of tracking like this, has backfired.

‘https://www.bbc.com/news/business-68486928

vas pup March 6, 2024 6:38 PM

Hochul to dispatch 750 National Guard troops to NYC subways following spate of violence
https://www.yahoo.com/news/hochul-dispatch-750-national-guard-154100840.html

“Hochul said another of her five initiatives is her support for the MTA’s plan to install surveillance cameras inside conductor and train-operator cabs, a direct response to the slashing of MTA conductor Alton Scott, who narrowly survived a random assault last week when he stuck his head out of his cab as his train stopped at a Brooklyn subway station.

Transport Workers Union Local 100 has long opposed putting cameras in conductor and operator cabs, citing privacy concerns. The MTA said last week it will install the cameras anyway.”

So, Democrats could also do proper security decisions but for common folks its better to do such decision sooner than later.

Good example to follow other Governors e.g. California, Illinois, you name it.

vas pup March 6, 2024 6:55 PM

Georgia bill would punish cities and counties that break law against ‘sanctuary’ for immigrants
https://www.yahoo.com/news/georgia-bill-punish-cities-counties-223549583.html

“ATLANTA (AP) — Some Georgia senators want to punish cities and counties that they say are illegally harboring immigrants who are in the country without permission by cutting off most state aid to the local government and removing elected officials from office.

The Senate Public Safety Committee voted 4-1 on Wednesday to rewrite House Bill 301, with supporters saying the move is needed to enforce a 2009 state law that outlaws so-called sanctuary cities and counties.”

Looks like as new election coming more reasonable actions coming out legislators.

Very good and right move.

Clive Robinson March 7, 2024 9:37 AM

@ Zakarth,

“I’m doing some research on hacking activity in the UK during the eighties and you seem to have some contemporaneous knowledge from the time period.”

I’ve probably already said what you need to know for academic or journalistic research. Yes there is other information that has leaked out over in Kew if you want to go look it up.

But be aware as I’ve indicted in the past “Mad Maggie” Thatcher wanted me dragged through the courts and probably jailed because I apparently in her eyes put a damper on her “Get rich quick” scheme by selling off assets that were not hers to sell.

I only found out not so long ago that it was directly from her “office” that the orders came. Though I was suspicious at the time by what others like Len Stewart and Vernon Quaintance had indirectly warned me of and how my then employer warned me how to protect myself.

As I’ve indicated I shortly there after I warned Robert and Steve as did the secretary of Dave Babski (of Micronet 800 on Prestel / EMAP) who pointed out her boss was effectively evil and in no way could be trusted. But Robert and Steve decided that they were not in danger… Which history shows was clearly not the case.

We now know Mad Maggie was very happy to abuse every rule, regulation or legislation to get her way, including misusing not just The Metropolitan Police but the various UK security services.

More evidence of which has recently come out,

https://www.theguardian.com/commentisfree/2024/mar/07/mi5-miners-strike-national-archives-security-service-government

I think it’s also clear that her followers that are currently the UK political incumbents are very much not just following in her mad footsteps, but trying to cut new passage on the insanely sinister side of the path. As can be seen with the likes of the treatment of Julian Assange and Craig Murray and worse. They appear to be determined to prove that “Might is Right” is the way of at best criminal corruption at the highest levels.

‘https://www.craigmurray.org.uk/archives/2024/02/assange-final-appeal-day-2-your-man-in-the-public-gallery/

Whilst the lunatics are most definitely running the asylum I think it probably best to keep well clear.

Especially as X now marks Hellon Rusk’s data grab by now insisting on verified logins and the like.

Clive Robinson March 7, 2024 10:06 AM

@ Zakarth,

Minor error in my above.

It should be “Babsky” not “Bapski”

(Dave Babski is actually a football lines-man refere so my apologies to him and anyone else who shares his name)

EMAP is short for “East Midlands Allied Press”. A publishing” group that back then had quite a lot of expertise at pushing glossy hobbyist magazines and were very keen to get into “Electronic Publishing” even if only to the very select few who could afford a very high end television that had a modem as well as CeeFax chip set, and quite expensive subscription.

BT had chosen for Prestel the same display system that CeeFax and Oracle used based on an idea that originated from Philips in Endhoven.

Not just because it had available chip sets but because it was believe it or not a “Recognised Standard” from the amalgamation of the BBC and IBA standards…

Therefore you might find looking up it’s history of interest.

Zakarth March 7, 2024 1:22 PM

@ Clive,

“I’ve probably already said what you need to know for academic or journalistic research. Yes there is other information that has leaked out over in Kew if you want to go look it up.”

It’s partially because of this I wanted to bounce a few things off of you. I’m trying to validate some speculation I have regarding BT’s setup in the 80s. I’m not deliberately trying to be cagey, but I don’t want to misrepresent anyone or the facts involved inadvertently in a public place. There were a few things in prior anecdotes you mentioned in my research though that implied that you might have some insider knowledge.

I wasn’t aware of the indictment thought, that’s awful. I did speak to Robert briefly in the search for answers though. Re: X duly noted, I’m open to suggestion though.

ResearcherZero March 7, 2024 4:53 PM

Maybe men need a push. AI may be better at picking up on social cues. An assistant for men.

“culture that prioritised the reputation of the education system over the safety of children”

‘https://www.abc.net.au/news/2024-03-07/what-beumaris-inquiry-into-child-sex-abuse-means-for-survivors/103555150

Plutarch was an astute observer. Yet men have a long and prominent history of missing social cues, accompanied by an equally long record of ineptitude.

“He’s just friendly. I think he is just misunderstood. Sex addiction is a real thing.” These excuses are rooted in a failure to self evaluate and a failure to listen. The Saviles, Brands, Weinsteins and “Jake The Pegs” certainly dropped some hints. Women picked up on their behaviour very early on.

‘https://classicalwisdom.com/people/historians/how-well-do-you-listen-plutarch-and-his-letter-on-listening/

Women are better at mentalising and picking up on subtle behavioral cues of others than men.

‘https://neurosciencenews.com/women-behavioral-cues-17764/

Socrates proposed that all human activities are conducted by reason or, as the ancient philosophers usually said, by the soul.

For Socrates, that means that we can only act well, even in our own interest, when we have the knowledge of how to act well.
https://wisdomcenter.uchicago.edu/news/wisdom-news/what-did-socrates-plato-and-aristotle-think-about-wisdom

“females are better tuned to the lack of emotional content in body actions”

‘https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3111255/

ResearcherZero March 7, 2024 9:00 PM

@Andy

A nice clean and simple interface, with real OS control. No app connections without permission.

It’s not that hard either to remove google from phone and you have the ability to add a firewall and disable a lot of annoying rubbish that uses CPU, battery and data. Earlier updates, and a long list of configurations and features that you actually have a choice to remove or add.

No frustrating features from google is as refreshing as no microsoft for desk/laptop.
And things actually work off the bat, right from the get go.

Hey will you swipe my pass for me so it looks like I’m attending?

“Ping” This guy is not where he is supposed to be again.

‘https://arstechnica.com/tech-policy/2024/03/former-google-engineer-arrested-for-alleged-theft-of-ai-trade-secrets-for-chinese-firms/

Cellular jamming: How the Orlan-10 manufacturer imports parts bypassing sanctions.

“How exactly STC ultimately obtains Western parts from unwitting companies like EXFO and Aimtec involves a murky supply chain that exploits the use of front companies and distributors Russian-allied countries to shield the sale of what appears, on the surface, to be the peaceful purchase of tech products.”

‘https://www.cbc.ca/news/russian-arms-makers-sanctions-1.7127727

Some of the largest suppliers have a history of evading sanctions and providing military equipment to foreign governments.
https://www.rusi.org/explore-our-research/publications/special-resources/orlan-complex-tracking-supply-chains-russias-most-successful-uav

PoliceCasualty March 13, 2024 8:11 AM

Personally this won’t get more than a half-hearted groan out of me. The most rare types of criminals can be always translated to “the average Joe”. As we all know, everyone is suspected of anything, until proven otherwise.

“In dubio pro reo” is dead.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.