Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

2012.11.14

Post author By Christopher Parsons
Post date November 14, 2012

But first and foremost, Canada must get its own house in order. Thailand wasn’t the only country requesting that Google remove content; Ottawa did as well. What is most notable, and troubling, about Canada’s takedown requests is that an increasing number were not accompanied by a court order, but rather fell into Google’s category of “other” requests from the “executive, police, etc”.

This demonstrates that the government increasingly is bypassing formal and lawful processes in their attempts to get the compliance of private sector companies in their Internet censorship activities. Meanwhile, the government continues to resurrect Bill C30, despite widespread condemnation. The proposed electronic surveillance law would give the government unprecedented access to Canadians’ private online information without the requirement of a warrant.

If the Canadian government fails to respect freedom of expression, the right to privacy, and the rule of law in our own country, how can it expect other countries to do so in theirs?
Kieran Bergmann, “Throttling free speech, at home and abroad”

Tags Asia, Canada, Censorship, Civil Rights, Freedom, Privacy, Quotation, Surveillance

Writing

On Publicness and the Academy

Post author By Christopher Parsons
Post date November 13, 2012

Alex Reid has written a short piece about his position concerning the question: if and academic speaks in public, is it right for members of the audience to record/write/talk about what was said?

While I can’t say that I agree with one of the positions he assumes – that as an academic you should exclusively be publishing close-to-complete work (i.e. drafts or early works in progress you don’t want talked about need not apply!) – it’s worth the read, especially in the context that many academics are loathe to have ‘early’ work broadcast beyond tightly controlled confines and populations.

Alex has a great punchline, emphasizing how academics are for the first time really, widely, seeing their work being public and thus critiqued/engaged with. It’s scary for a lot of people but it’s definitely the new reality of academe. The post is well worth the few minutes it’ll take you to read!

Tags Academia, Ethics, Publicity, Publishing

Links Writing

Social Media Used to Target Advocate/Journalist

Post author By Christopher Parsons
Post date November 12, 2012

While it comes as no surprise that police monitored Facebook during last year’s Occupy protests, in the case of Occupy Miami an advocate/journalist was specifically targeted after his Facebook profile was subjected to police surveillance. An email produced in the court case revealed:

the police had been monitoring Miller’s Facebook page and had sent out a notice warning officers in charge of evicting the Occupy Miami protestors that Miller was planning to cover the process.

Significantly, the police tried to destroy evidence showing that they had unlawfully targeted the advocate, footage that (after having been forensically recovered) revealed that the charges laid against the advocate were blatantly false. That authorities conduct such surveillance – often without the targets of surveillance knowing that they have been targeted or, when targeted, why – matters for the general population because lawfully exercising one’s rights increasingly leads to citizens being punished for doing so. Moreover, when the surveillance is accompanied by deliberate attempts to undermine citizens’ capacities to respond to unlawful detentions and false charges, we have a very, very real problem that can affect any citizen.

We know from academic research conducted by scholars such as Jeffrey Monaghan and Kevin Walby that Canadian authorities use broad catch-all caricatures during major events to identify ‘problem populations.’ We also know that many of the suspects that are identified during such events are identically labeled regardless of actually belonging in the caricature population. The capacity to ‘effectively’ sort in a way resembling fact or reality is marginal at best. Consequently, we can’t just say that the case of Occupy surveillance is an ‘American thing’: Canadian authorities do the same thing to Canadian citizens of all ages, be they high school or university students, employed middle-aged citizens, or the elderly. These are surveillance and sorting processes that are widely adopted with relatively poor regulation or oversight. These processes speak to the significant expansion of what constitutes general policing as well as speaking to the state-born risks of citizens even in ‘safe’ countries using social media in an unreflective manner.

Tags Advocacy, Facebook, Journalists, Police, Privacy, Security, Surveillance

Aside Humour

IP Geek Humour

Post author By Christopher Parsons
Post date November 10, 2012

mebuell:

IP geek humour at its best.

Tags Humor, Internet, IPv3, IPv4, IPv6

Quotations

2012.11.9

Post author By Christopher Parsons
Post date November 9, 2012

People in Azerbaijan live in fear. We fear for our lives, we fear for our jobs, we fear for the lives and jobs of our fathers and mothers, brothers and sisters, we fear for our friends. We fear every time when someone close to us dares to disagree with you. We also pay a high price when we dare not to fear.

Before 2009 I had criticized you mostly online. Then I was attacked in the centre of Baku. I was arrested and later sentenced in a show trial on fake charges of hooliganism. My father died while I was in jail, his health was deteriorating since the day of my arrest. I could not be there when he was placed in hospital and I was not there the day I lost him. Some of my relatives and friends lost their jobs. They were told that they are too close to “the enemy of the state”. Now, many people I knew are afraid to communicate with me online and offline and I can understand them.

In our interconnected world, civil society, states and businesses from across the world must work together to thrive in our global information society. This is the meaning and the spirit of this Internet Governance Forum. Internet governance can’t properly serve sustainable human, economic and social development without freedom of expression, the rule of law and efficient democratic governance.
Emin Milli, writing as Azerbaijan hosts the Internet Governance Forum

Tags Azerbaijan, Censorship, Freedom, Internet, Politics, Surveillance

Aside Writing

Ubuntu’s Privacy FUBAR

Post author By Christopher Parsons
Post date November 8, 2012

The EFF has a particularly good accounting of how the most recent changes to Ubuntu are intensely problematic from a privacy perspective. Specifically, performing local searches will (and does) leak information to third-parties such as Facebook and Amazon. Though not explicitly mentioned, remember that in many jurisdictions if you ‘give up’ or ‘abandon’ information to third-parties then you often lose considerable (legal) privacy protections. As such, Ubuntu’s decision to leak data to third-parties whenever users perform local searches on their computer could have significant implications for Ubuntu users’ legal protections concerning personal search information. If Microsoft or Apple did something similar then there would almost certainly be complaints filed to federal bodies: will similar reactions emerge from the Linux and Ubuntu communities?

Tags EFF, FUBAR, Linux, Operating System, Privacy, Ubuntu

Writing

Skype Discloses Subscriber Info to Private Investigators

Post author By Christopher Parsons
Post date November 7, 2012

In a not-particularly-surprising move, Skype handed over a 16 year old’s subscriber information to a firm hired by Paypal. No warrant was required, as the information was provided to a private party, and that party subsequently gave it to police. In essence, a very large telecommunications service provider (TSP) made available personally identifiable information that, ultimately, led to an arrest without authorities having to convince a judge that they had legitimate grounds to get that information from the TSP.

At a talk I recently attended, a retired Assistant RCMP Commissioner emphasized time and time again that Canadians need to be more worried about corporations like Skype, Google, and Facebook than they do the federal or provincial governments. He correctly, I believe, spoke to the social harms that these companies can and do cause to individuals who both subscribe and do not subscribe to the companies’ service offerings.

Non-controversially, we know that many large companies can take actions that are harmful to individuals, as can states themselves. What is less recognized, however, is that there are more and more cases where private intermediaries are acting as one or two degrees of separation between public institutions and large private data stores. Such ‘intermediary protection’ often lets states access and use personal data that they otherwise cannot access without considerable difficulty. Worse, where authorities refuse to bring intermediary-provided data to court it can be challenging for accused persons to argue that an investigation was predicated on inappropriate access to their personal data. More time has to be spent considering the role of these data intermediaries and thinking through how to prevent the disclosure of personal data to state authorities in the absence of judicial oversight. Failure to tackle this problem will simply lead to more and more inappropriate access to corporate data by authorities, and critically to access without adequate or necessary judicial oversight.

Tags Paypal, Personal Information, Police, Privacy, Security, Skype

Writing

Could Email Undermine the 2012 American Election?

Post author By Christopher Parsons
Post date November 6, 2012

In the aftermath of Hurricane Sandy, some of the polling stations that would have been used by Americans to cast ballots are gone. Moreover, some citizens in New Jersey are unlikely to either find their new polling station or take the time to find a station and vote. Quite simply, they’re rebuilding their lives: presidential politics aren’t necessarily centre of mind at the moment.

In the wake of the disaster, New Jersey will let some voters cast their ballots by fax and email. One American expert has identified a range of possible attack vectors that could be used to compromise people’s votes. He’s quoted as saying,

Those are just some of the more obvious and potentially catastrophic ways a direct security failure could affect this election … The email voting scheme has so many ways it can fail or that doubt can be cast on the integrity of the results, that if a race somewhere in New Jersey is decided by email ballots, it seems almost guaranteed that we’re going to have a bunch of mini-2000-in-Floridas all over the state.

In addition to basic security concerns around voting, it’s critical to understand that voting by email (effectively) removes secrecy provisions. Messages will not have to be encrypted, meaning that if employees cast their ballots at work then their employer(s) could ascertain how their employees are voting. This is an incredibly serious issue.

In the best of worlds, the New Jersey elections won’t rely or depend on the emailed votes to determine a winner. This said, even if the votes don’t change the local results – if individuals win seats by sufficient margins that the emailed ‘ballots’ wouldn’t affect who won – the national vote could the endangered if the New Jersey voting system is connected to the national system. The risk, here, is that if an attacker could compromise the New Jersey voting infrastructure (perhaps by sending an infected attachment to an email message) then the rest of the infrastructure could also be compromised. Such an attack, were it to occur, could compromise not just the New Jersey results but, potentially, races across the United States.

While it’s evident why the government decided to let people vote by email – to ensure that Americans could cast their ballot despite the horrific natural disaster – these good intentions could result in very, very bad results. Worse, it could encourage trust and confidence in online voting systems more generally, systems that simply cannot be adequately secured (for more as to why, see this and this). While paper ballets are infuriating for many they remain an ideal means of confidently expressing voting intentions. While alternate approaches certainly need to be considered to let people vote, especially in times of crisis, voting by email is not an idea that should have been contemplated, let alone adopted, as a solution to the Sandy-related voting problems.

Tags Cyber Security, Email, Internet, Secrecy, United States, Voting

Aside Links

Bit9 on Android

Post author By Christopher Parsons
Post date November 5, 2012

Bit9 has released a report that outlines a host of fairly serious concerns around Android devices and app permissions. To be upfront: Android isn’t special in this regard, as if you have a Blackberry, iPhone, or Windows Phone Device you’ll also find a pile of apps that have very, very strange permission requests (e.g. can a wallpaper application access your GPS and contact book?). The video (above) is a quick overview of some findings; the executive summary can be found here and the full report here (.pdf).

Tags Android, Apps, Geolocation, Google, Security

Aside Humour

Reasons I Install Microsoft Silverlight

Post author By Christopher Parsons
Post date November 4, 2012

parislemon:

laughingsquid:

Reasons I install Microsoft Silverlight

Perfect. If Flash deserves to die, Silverlight deserves to be buried alive.