Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Aside

In Memoriam of John L. Young of Cryptome

John L. Young, founder of Cryptome, has died.

John’s work at Cryptome was inspirational for much of the work that I did during my doctorate and time at the Citizen Lab. His unwavering commitment to transparency and efforts to hold the powerful accountable was an early and important light, showing how digital archives could be used to promote real change.

While we never met, his commitment to transparency and accountability will live on with me and many others.

You can learn about the history of Cryptome on Wikipedia.

Categories
Links

Google to Provide Enhanced Security for Android

It’s positive to see Google providing enhanced security controls for its Android user base, including journalists, human rights defenders, politicians, and c-suite executives. These controls are designed to reduce some of the attack surface available to adversaries.

Some of the protections include:

  • The inability to connect to 2G networks, which lack encryption protections preventing over-the-air monitoring of voice and text-messaging communications
  • No automatic connections to insecure Wi-Fi networks, such as those using WEP or no encryption at all
  • The enabling of the Memory Tagging Extension, a relatively new form of memory management that’s designed to provide an extra layer of protection against use-after-free exploits and other memory-corruption attacks
  • Automatically locking when offline for extended periods
  • Automatically powering down a device when locked for prolonged periods to make user data unreadable without a fresh unlock
  • Intrusion logging that writes system events to a fortified region of the phone for use in detecting and diagnosing successful or attempted hacks
  • JavaScript protections that shut down Android’s JavaScript optimizer, a feature that can be abused in certain types of exploits

You can read more on Google’s blog post announcing the new controls.

Categories
Links Writing

Implications for Canada of an Anti-Liberal Democratic USA

Any number of commentators have raised concerns over whether the USA could become an illiberal state and the knock on effects. A recent piece by Dr. Benjamin Goldsmith briefly discussed a few forms of such a reformed state apparatus, but more interestingly (to me) is his postulation of the potentially broader global effects:

  • The dominant ideology of great powers will be nationalism.  
  • International politics will resemble the realist vision of great powers balancing power, carving out spheres of influence.  
  • It will make sense for the illiberal great powers to cooperate in some way to thwart liberalism – a sort of new ‘Holy Alliance’ type system could emerge.  
  • The existing institutional infrastructure of international relations will move towards a state-centric bias, away from a human-rights, liberal bias.   
  • International economic interdependence, although curtailed since the days of high “globalisation,” will continue to play an important role in tempering great-power behaviour.  
  • Democracy will be under greater pressure globally, with no great power backing and perhaps active US encouragement of far-right illiberal parties in established and new democracies.  
  • Mass Politics and soft power will still matter, but the post-truth aspect of public opinion in foreign policy will be greater.  

For a middle state like Canada, this kind of transformation would fundamentally challenge how it has been able to operate for the past 80 years. This would follow from the effects of this international reordering and due to our proximity to a superpower state that has broadly adopted or accepted an anti-liberal democratic political culture.

Concerning the first, what does this international reordering mean for Canada when nationalism reigns supreme after decades of developing economic and cultural integrations with the USA? What might it mean to be under a ‘sphere of influence’ with an autocratic or illiberal country? How would Canada appease Americans who pushed our leaders to support other authoritarian governments, or else? Absent the same commitments (and resources) to advocate for democratic values and human rights (while recognizing America’s own missteps in those areas) what does it mean for Canada’s own potential foreign policy commitments? And in an era of rising adoptions of generative AI technologies that can be used to produce and spread illiberal or anti-democratic rhetoric, and without the USA to regulate such uses of these technologies, what does this mean for detecting truth and falsity in international discourse?

In aggregate, these are the sorts of questions that Canadians should be considering and is part of why our leaders are warning of the implications of the changing American political culture.

When it comes to our proximity to a growing anti-liberal democratic political cultural, we are already seeing some of those principles and rhetoric taking hold in Canada. As more of this language (and ideology) seeps into Canadian discourse there is a growing chance that Canada’s own democratic norms might be perverted with extended exposure and following American pressures to compel alterations in our democratic institutions.

The shifts in the USA were not entirely unexpected. And the implications have been previously theorized. An anti-liberal democratic political culture will not necessarily take hold amongstAmericans and their political institutions. But the implications and potential global effects of such a change are before us, today, and it’s important to carefully consider potential consequences. Middle states, such as Canada, that possess liberal democratic cultures must urgently prepare ways to plot through what may be a very chaotic and disturbing next few decades.

Categories
Solved

Solved: HDCP Error After Updating Apple TV 4K to TVOS 18.4.1

I recently updated my Apple TV 4K to tvOS 18.4.1. After this, I received HDCP errors when trying to view content from steaming services (e.g., Disney , Amazon Prime, Crave).

These post outlines how I solved this problem.

Background and Context

I am using a TCL 55R635-CA, to which I have connected the Apple TV 4K and a Sonos Arc (with an attached Sonos Sub Mini).

When I updated my Apple TV 4K to tvOS 18.4.1, I received a prompt on my TCL 55R635-CA that I had to rename the Sonos Arc that is plugged into the TCL’s eARC HDMI port. I didn’t think anything of it and selected a new icon, but otherwise made no changes to the configuration of the TCL audio settings. I had never received this kind of prompt, before, when updated the Apple TV 4K.

YouTube content played without any errors. However, when I tried to steam content over Disney , Amazon Prime, or Crave I received HDCP errors. The error messages indicated that I might be trying to copy protected content (I was not doing this). Solutions proposed were to reseat HDMI cables to ensure a good connection, test different HDMI inputs to confirm they all worked, or replace the HDMI cable in case it had become damaged.

Failed Solutions

  1. I tried to reseat HDMI cables. This did not resolve the error messages I was receiving.
  2. I rebooted the Apple TV. This did not resolve the error messages I was receiving.
  3. I reset the Apple TV back to factory settings, and reinstalled streaming services. This did not resolve the error messages I was receiving.
  4. I pulled the plug — to fully depower — the Apple TV. This did not resolve the error messages I was receiving.
  5. I pressed the power button on the TCL remote, to turn off the television, and turned off the Apple TV. This did not resolve the error messages I was receiving.

Solution to Apple TV 4K HDCP Errors

My Apple TV 4K and Sonos Arc are plugged into a TCL 55R635-CA. When you turn off the television using the remote you do not actually turn off the television and, instead, just put the television into standby mode.

To resolve my HDCP errors when using my Apple TV 4K, I pulled the power plug for the television. I left the TCL 55R635-CA fully depowered for approximately 3 minutes. I then plugged the TV back in and turned it on.

Once the television turned back on, and switched over to the Apple TV 4K input, the errors had been resolved. The problem, the whole time, was with the TCL television and fully depowering the television resolve the HDCP errors.

Categories
Photography

“Humanity”

Yonge & Gloucester, Toronto, 2025

Each month or so, the Photowalk podcast has been choosing a single term to inspire photographers to consider when making images. The March term was “humanity”, and my submission follows.

Yonge & Gloucester, Toronto, 2025

Text for entry:

The image can be read as speaking to the stature of man, and the forces that rise above him spiritually and physically, while living a life of being downtrodden and isolated. In a well-populated urban capital our subject is left alone with himself, save for weather damaged urban art that gestures to imagined better times and the eyes of his transitory documentarian in front of him.

He notices neither. 

Categories
Links Writing

Categorizing Contemporary Attacks on Strong Encryption

Matt Burgess at Wired has a good summary article on the current (and always ongoing) debate concerning the availability of strong encryption.

In short, he sees three ‘classes’ of argument which are aimed at preventing individuals from protecting their communications (and their personal information) with robust encryption.

  1. Governments or law enforcement agencies are asking for backdoors to be built into encrypted platforms to gain “lawful access” to content. This is best exemplified by recent efforts by the United Kingdom to prevent residents from using Apple’s Advanced Data Protection.
  2. An increase in proposals related to a technology known as “client-side scanning.” Perhaps the best known effort is an ongoing European proposal to monitor all users’ communications for child sexual abuse material, notwithstanding the broader implications of integrating a configurable detector (and censor) on all individuals’ devices.
  3. The threat of potential bans or blocks for encrypted services. We see this in Russia, concerning Signal and legal action against WhatsApp in India.

In this broader context it’s worth recognizing that alleged Chinese compromises of key American lawful interception systems led the US government to recommend that all Americans use strongly encrypted communications in light of network compromises. If strong encryption is banned then there is a risk that there will be no respite from such network intrusions while, also, likely creating an entirely new domain of cyber threats.

Categories
Links Writing

An Initial Assessment of CLOUD Agreements

The United States has bilateral CLOUD Act agreements with the United Kingdom and Australia, and Canada continues to also negotiate an agreement with the United States.1 CLOUD agreements are meant to alleviate some of the challenges attributed to the MLAT process, namely that MLATs can be ponderous with the result being that investigators have difficulties obtaining information from communication providers in a manner deemed timely.

Investigators must conform with their domestic legal requirements and, with CLOUD agreements in place, can serve orders directly on bilateral partners’ communications and electronic service providers. Orders cannot target the domestic residents of a targeted country (i.e., the UK government could not target a US resident or person, and vice versa). Demands also cannot interfere with fundamental rights, such as freedom of speech. 2

A recent report from Lawfare unpacks the November 2024 report that was produced to explain how the UK and USA governments actually used the powers under their bilateral agreement. It showcases that, so far, the UK government has used this substantially to facilitate wiretap requests, with the UK issuing,

… 20,142 requests to U.S. service providers under the agreement. Over 99.8 percent of those (20,105) were issued under the Investigatory Powers Act, and were for the most part wiretap orders, and fewer than 0.2 percent were overseas production orders for stored communications data (37).

By way of contrast, the “United States made 63 requests to U.K. providers between Oct. 3, 2022, and Oct. 15, 2024. All but one request was for stored information.” Challenges in getting UK providers to respond to US CLOUD Act requests, and American complaints about this, may cause the UK government to “amend the data protection law to remove any doubt about the legality of honoring CLOUD Act requests.”

It will be interesting to further assess how CLOUD Acts operate, in practice, at a time when there is public analysis of how the USA-Australia agreement has been put into effect.

  1. In Canada, the Canadian Bar Association noted in November 2024 that new enabling legislation may be required, including reforms of privacy legislation to authorize providers’ disclosure of information to American investigators. ↩︎
  2. Debates continue about whether protections built into these agreements are sufficient. ↩︎
Categories
Links

Privacy, Dignity, and Autonomy in the Workplace

Reporting by Sophie Charara unpacks the potentials of contemporary workplace monitoring technologies. Of course, concerns about employee privacy and the overzealous surveillance of employees are not new. What is changing are the ways that contemporary technologies can be used, sometimes for potentially positive uses (e.g., making it easier to determine if meeting rooms are actually available for booking or ensuring that highly-trafficked areas of the office receive special cleaning) and sometimes for concerning uses (e.g., monitoring where employees gather in the workplace, tracking them in near-real time through the work environment, or monitoring communications patterns).

Ultimately, Charara’s work can help inform ongoing discussions about what safeguards and protections should be considered in the workplace, so that employees’ privacy is appropriately protected. It can, also, showcase practices that we may want to bar before ever coming into mainstream practice to protect the privacy, dignity, and autonomy of people in the workplace.

Categories
Writing

Details from the DNI’s Annual VEP Report

For a long time external observers wondered how many vulnerabilities were retained vs disclosed by FVEY SIGINT agencies. Following years of policy advocacy there is some small visibility into this by way of Section 6270 of Public Law 116-92. This law requires the U.S. Director of National Intelligence (DNI) to disclose certain annual data about the vulnerabilities disclosed and retained by US government agencies.

The Fiscal Year 2023 VEP Annual Report Unclassified Appendix reveals “the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the [VEP] was 39. Of those disclosed, 29 of them were initial submissions, and 10 of them were reconsiderations that originated in prior years.”1

There can be many reasons to reassess vulnerability equities. Some include:

  1. Utility of given vulnerabilities decrease either due to changes in the environment or research showing a vulnerability would not (or would no longer) have desired effect(s) or possess desired operational characteristics.
  2. Adversaries have identified the vulnerabilities themselves, or through 4th party collection, and disclosure is a defensive action to protect US or allied assets.
  3. Independent researchers / organizations are pursuing lines of research that would likely result in finding the vulnerabilities.
  4. By disclosing the vulnerabilities the U.S. agencies hope or expect adversaries to develop similar attacks on still-vulnerable systems, with the effect of masking future U.S. actions on similarly vulnerable systems.
  5. Organizations responsible for the affected software (e.g., open source projects) are now perceived as competent / resourced to remediate vulnerabilities.
  6. The effects of vulnerabilities are identified as having greater possible effects than initially perceived which rebalances disclosure equities.
  7. Orders from the President in securing certain systems result in a rebalancing of equities regarding holding the vulnerabilities in question.
  8. Newly discovered vulnerabilities are seen as more effective in mission tasks, thus deprecating the need for the vulnerabilities which were previously retained.
  9. Disclosure of vulnerabilities may enable adversaries to better target one another and thus enable new (deniable) 4th party collection opportunities.
  10. Vulnerabilities were in fact long used by adversaries (and not the U.S. / FVEY) and this disclosure burns some of their infrastructure or operational capacity.
  11. Vulnerabilities are associated with long-terminated programs and the release has no effect of current, recent, or deprecated activities.

This is just a very small subset of possible reasons to disclose previously-withheld vulnerabilities. While we don’t have a strong sense of how many vulnerabilities are retained each year, we do at least have a sense that rebalancing of equities year-over-year(s) is occurring. Though without a sense of scale the disclosed information is of middling value, at best.

  1. A locally stored version of the document is also available. ↩︎
Categories
Quotations

The Trouble of Defining Privacy

Privacy is not something that can be counted, divided, or “traded.” It is not a substance or collection of data points. It’s just a word that we clumsily use to stand in for a wide array of values and practices that influence how we manage our reputations in various context.

— Siva Vaidhyanathan. (2011). The Googlization of Everything (And Why We Should Worry). Page 87