Earlier this week the Intelligence Commissioner (IC) appeared at the Standing Senate Committee on National Security, Defence and Veterans Affairs on Bill C-26, along with federal Privacy Commissioner. The bill is intended to enhance the cybersecurity requirements that critical infrastructure providers must adopt.
The IC’s remarks are now public. He made four very notable comments in his opening remarks:
The IC warned that the proposed amendments to the Telecom Act would allow the minister to essentially compel the production of any information in support of orders. This information could include personal information – which under broad exceptions, could then be widely disclosed.
Part 2 allows for the regulators to carry out the equivalent of unwarranted searches – where again, personal information could be collected.
The CSE will play a vital role and will be the holder of this information, in a technological form or otherwise, which will contain elements for which we have a reasonable expectation of privacy.
In light of the invasive nature of the Bill, he asserted that it is important that meaningful safeguards be part of the legislation so that Canadians have confidence in the cybersecurity system.
His responses to comments at committee — not yet available through Hansard — made even more clear that he believed that amendments are needed to integrate appropriate oversight and accountability measures into the legislation. The IC’s comments, combined with those of the federal Privacy Commissioner of Canada and civil society representatives, constitute a clear warning to senators about the potential implications of the legislation.
While at Committee, Commissioner Dufresne recognized the value of making explicit the OPC’s oversight role concerning the legislation. He, also, reaffirmed the importance of requiring any collection, use, or disclosure of personal information to be both necessary and proportionate. And should the Standing Committee decline to adopt this amendment they were advised to, at a minimum, include a requirement that data only be retained for as long as necessary. Government institutions should also be required to undertake privacy impact assessments and consult with the OPC.
Finally, in cases of cyber incidents that may result in a material breach, his office should be notified; this could entail the OPC being notified by the Communications Security Establishment based on a real risk of significant harm standard. Information sharing agreements should also be put in place that provide minimum privacy safeguards while also strengthening governance and accountability processes.
Should other Canadian jurisdictions propose their own cybersecurity legislation to protect critical infrastructure and regulated bodies it will be interesting to monitor for the consistency in the amendments called for by Canada’s privacy regulators.
When people are at risk, law enforcement agencies can often move quickly to obtain certain information from online service providers. In the United States this can involve issuing Emergency Data Requests (EDRs) absent a court order.1
While the full extent of the threat remains unknown, of Verizon’s total 127,000 requests for data in Q2 of 2023, 36,000 were EDRs. And Kodex, a company that is often the intermediary between law enforcement and online providers, found that over the past year it had suspended 4,000 law enforcement users and approximately 30% of EDRs did not pass secondary verification. Taken together this may indicate a concerning cyber policy issue that may seriously endanger affected individuals.
These are just some of the broader policy and cybersecurity challenges that are key to keep in mind, both as new laws are passed and as new cybersecurity requirements are contemplated. It is imperative that lawful government capabilities are not transformed into significant and powerful tools for criminals and adversaries alike.
There are similar kinds of provisions in the Canadian Criminal Code. ↩︎
Apple has quietly introduced an enhanced security feature in iOS 18.1. If you haven’t authenticated to your device recently — the past few days — the device will automatically revert from the After First Unlock (AFU) state to the Before First Unlock (BFU) state, with the effect of better protecting user information.1
Users may experience this new functionality by sometimes needing to enter their credentials prior to unlocking their device if they haven’t used it recently. The effect is that stolen or lost devices will be returned to a higher state of security and impede unauthorized parties from gaining access to the data that users have stored on their devices.
There is a secondary effect, however, insofar as these protections in iOS 18.1 may impede some mobile device forensics practices when automatically returning seized devices to a higher state of security (i.e., BFU) after a few days. This can reduce the volume of user information that is available to state agencies or other parties with the resources to forensically analyze devices.
While this activity may raise concerns that lawful government investigations may be impaired it is worth recalling that Apple is responsible for protecting devices from around the world. Numerous governments, commercial organizations, and criminal groups are amongst those using mobile device forensics practices, and iOS devices in the hands of a Canadian university student are functionally same as iOS devices used by fortune 50 executives. The result is that all users receive an equivalent high level of security, and all data is strongly safeguarded regardless of a user’s economic, political, or socio-cultural situation.
Each week is seemingly accompanied by news of some perimeter security appliance being successfully exploited by adversaries. Sophos has produced a report — covered by Wired — which outlines their 5-year efforts to identify and combat such adversaries. It’s a wild read both in terms of the range of activities undertaken by Sophos and for making clearer to the public the range of intelligence activities that private organizations undertake as part of their cybersecurity operations.
Some of the major revelations, and activities undertaken, by Sophos include:
A broader group of China-based researchers developed hacking techniques and supplied them to Chinese government APTs.
Historically the exploitation of Sophos appliances was being carried out using 0-days but, in recent assessments, APTs are using N-days to target end-of-life equipment.
Sophos included code in one of its hotfixes to obtain additional information from consumer devices and expose more information about adversaries to the company.
Sophos went to far as to deploy, “its own spy implants to the Sophos devices in Chengdu they were testing on—essentially hacking the hackers, albeit only through code added to a few installations of its own products the hackers had obtained.”
Targets of Chinese APTs were often located throughout Asia, and most recently included “another country’s nuclear energy regulatory agency, then a military facility in the same country and the airport of the country’s capital city, as well as other hacking incidents that targeted Tibetan exiles.”
Sophos found that the adversaries had built a bootkit which is designed to infect low-level code. The company is asserting this may be the first time a firewall bootkit has ever been seen. They have no intelligence that it has ever been deployed in the wild.
It’s uncommon for the details of how private companies have developed their defensive strategies over a longer period of time to be made public, and so this is helpful for broadening the space for discussion. Sophos’ activities are, also, significant on the basis that the private company implanted its own systems to develop intelligence concerning its Chinese adversaries.
There has been extensive normative and legal discussion on the risks linked with “hacking back” and Sophos’ actions are another step towards normalizing such behaviour, albeit under the auspice of a company targeting its own equipment. I personally don’t think that Sophos’ defence that they were targeting their own equipment meaningfully isolates the broader implications of their actions. Perimeter appliances are extensively deployed and their decision may both normalize such behaviours broadly by private firms for their own ends and, also, further open the doors to some governments pressuring private firms to deploy implants on behalf of said governments. Neither of these trajectories are likely to end well.
These activities are occurring despite OpenAI’s warnings that Whisper should not be used in high-risk domains.
The article reports that a “machine learning engineer said he initially discovered hallucinations in about half of the over 100 hours of Whisper transcriptions he analyzed. A third developer said he found hallucinations in nearly every one of the 26,000 transcripts he created with Whisper. The problems persist even in well-recorded, short audio samples. A recent study by computer scientists uncovered 187 hallucinations in more than 13,000 clear audio snippets they examined.”
Transcription errors can be very serious. Research by Prof. Koenecke and Prof. Sloane of the University of Virgina found:
… that nearly 40% of the hallucinations were harmful or concerning because the speaker could be misinterpreted or misrepresented.
In an example they uncovered, a speaker said, “He, the boy, was going to, I’m not sure exactly, take the umbrella.”
But the transcription software added: “He took a big piece of a cross, a teeny, small piece … I’m sure he didn’t have a terror knife so he killed a number of people.”
A speaker in another recording described “two other girls and one lady.” Whisper invented extra commentary on race, adding “two other girls and one lady, um, which were Black.”
In a third transcription, Whisper invented a non-existent medication called “hyperactivated antibiotics.”
While, in some cases, voice data is deleted for privacy reasons this can impede physicians (or other medical personnel) from double checking the accuracy of transcription. While some may be caught, easily and quickly, more subtle errors or mistakes may be less likely to be caught.
One area where work stills needs to be done is to assess the relative accuracy of the AI scribes versus that of physicians. While there may be errors introduced by automated transcription what is the error rate of physicians? Also, what is the difference in quality of care between one whom is self-transcribing during a meeting vs reviewing transcriptions after the interaction? These are central questions that should play a significant role in assessments of when and how these technologies are deployed.
Since 2006 Toronto has hosted Nuit Blanche, where selected artists are invited to set up art installations from sundown at 7pm until sunrise at 7am the following day. For the past decade or so I’ve tried to get out and enjoy the exhibits. I usually try to walking from 1am until 7am when the installations are taken down.
This year many of the installations took place around Toronto’s downtown waterfront. This had the effect of clustering people in a common part of the city and enhancing the sense of togetherness associated with the art exhibits; in past years I often felt like I alone was still out at 7am but not this year!
Bay & Queens Quay, Toronto, 2024
Each year there are food stall and trucks, and this year was no exception. Even at 1 in the morning there were crowds who were looking to have a quick bite to carry them through the evening. I’d just arrived and had yet to feel the bite of hunger or thirst.
Lower Sherbourne & Queens Quay, Toronto, 2024
One of the exhibits this year included a series of skeletal shacks. They stood above us and we looked at what may happen when civilization degrades and this is what we remain left with.
Great Lakes Waterfront & Queen Quay, Toronto, 2024
Of course walking around this late at night meant there were often strong contrasts between shadow and light. I’ve visited this area of Toronto regularly over the past decade and captured people huddled in the same spot, but never with such dynamic contrast between the lit structure and the rest of the environment. I liked how the subjects were huddled away from the darkness that was just beyond the lit structure. Isn’t this the nature of humans: huddling in the light while the darkness is kept at bay?.
Dockside & Knapp, Toronto, 2024
Each year there are some exhibits that are at least slightly interactive. Every person who attended a particular film screening was first asked to pick up a custom hanger and think about it during the performance. It wasn’t self-apparent how this hanger necessarily mapped to film.
Queens Quay & Freeland, Toronto, 2024
This was the only colour image I made through the night. The exhibit projected videos of people’s homes on a condo wall and, beside it, the artist had set up a tent to represent how many of Toronto’s least fortunate must live their nights. This was one of the more poignant exhibits I saw through the evening.
Queens Quay & York, Toronto, 2024
A set of screens were set up in Love Park and rotated the images in them through the night. The eyes that regularly cropped up were eerie at that time of the early morning.
Great Lakes Waterfront & Harbour, Toronto, 2024
Continuing the theme of eyes, this separate video display regularly had an image of an eyeball looking into the audience. When it isolated the older woman I knew I had to hold onto the moment.
Spadina & Queens Quay, Toronto, 2024
One of the marque exhibits of the year were glowing fish that were placed in the harbour. Here, I’ve captured their luminescent being alongside one of the tall ships that is always docked; the effect is spectral, to my eye, with the fish racing towards the ghost-boat.
Bathurst & Queens Quay, Toronto, 2024
Hosting a project that raised the issue of disability inside a basketball court forced audiences to confront the ableism that permeates our lives, and especially contemporary sport. The exhibit forced audiences to acknowledge that disabled athletes have led the way in more accessible design that is now the norm for all athletes, disabled or not. By this time it was about 5am and the crowds were dying down, though spectators and attendees to the festival were still around in smaller numbers.
Richmond & Spadina, Toronto, 2024
This was the last exhibit that I documented and left with an image I was satisfied with. The artists were lowering a multi-coloured spider web that had been elevated above the attendees, when a sole last participant walked through the exhibit despite the efforts to tear it down by sundown. The subject is reaper-like in their image and spoke to the end of the exhibit, and the end of Nuit Blanche for 2024.
Queen & Chestnut, Toronto, 2024
On my way to breakfast I captured this image of Toronto’s City Hall as the sun was just starting to rise. All was quiet, including the parking garages, though the city had begun coming back to life once I got home an hour or so later to crawl into bed before a short nap ahead of afternoon activities.
As part of my ongoing efforts to get more comfortable sharing my photographs with a wider audience I started to participate in photographic competitions last year. While I didn’t receive any awards the very act of submitting my work was the personal award that I took away.
This year, for the first time, I’m submitted to a contest with a small fee. I appreciate that many photographers take issue with the “pay to compete” models but this is normal, and I enjoy a level of disposable income that means I can afford to submit to a few contests a year. This post includes the images that I submitted to the Eyeshot 2024 competition, the descriptions I included with the images, and an artist’s statement.
Submitted Images
All of my images are part of a broader documentary project that traces how built environments that I inhabit develop and transform through the seasons, and across the years that I have been photographing my surroundings. As befits this objective, all of my images are titled by their rough location (based on major street intersections), geographic region or city, and the year made.
Great Lakes Waterfront Trail, Toronto, 2024
Toronto is home to a vast waterfront trail which was renovated in 2024 to include a large splash and mist park. On a swelteringly hot day I passed by after it had recently been re-opened and was delighted to see the silhouettes of people — mostly children — playing in the mist, while the looming under-construction condo towers of downtown Toronto provided a sense of youthfulness and activity to the cityscape itself. This photograph captures the youthful energy of Toronto as manifest in its residents and built infrastructures while simultaneously possessing a kind of timelessness as a result of capturing the moment in black and white.
Cumberland & Bellair, Toronto, 2024
One of Toronto’s most posh shopping areas is Yorkville, where the affluent come out to spend and be seen. I like how this monochromatic photograph results in the two women looking like they could have come from 40 or 60 years ago, while the reflection in the window reveals some of the built infrastructure surrounding them. It speaks to a timelessness that is specifically located to being within a large urban environment.
Yonge & Dundas, Toronto, 2024
The Saint Patrick’s Day parade is a major event in Toronto. I’ve been photographing it for years and always march in it to make images of the crowds. I like how the woman in this photograph is almost posing in her winter jacket — it gives her a sense of elegance and self-importance — while, above her, the sign suggests that she is happy we’ve ranked her #1. But in addition to her, the man who is looking on in the right-hand side of the frame adds a degree of electricity to the image with his dourness contrasting with the woman’s own more-positive energy.
Gerrard & Galt, Toronto, 2024
When was this photograph taken? 2024 or 1964? The use of black and white has the effect of confusing the viewer as to when the photograph was made. This is accentuated by the sign in the photograph being from another generation. Adding power to the image are the two figures who are wandering through the early January snow, with the young woman looking down and over to the city’s garbage, and the little boy looking up past the trash to the graffiti on the wall. This speaks to the hopes and ambitions of youth and the practicality of maturity, while they are both literally passing by the abandoned garbage of the day.
Queen & Peter, Toronto, 2023
This photograph is only made possible because of the advertising-heavy urban landscapes in which we live. Taken in downtown Toronto, this photograph juxtaposes a question about one’s life with an idealised (and unrealistic) advertised imagination of excitement, along with a man contemplating his possible future. Him exiting the frame leaves us to wonder whether he will do something to change his life or if, instead, he will continue to live the same life that he always has. We are already left with some sense of his trajectory, however: his walking out to the left of the frame imposes on us a question of whether his movements will take him back to something he once enjoyed in life, or if his retreat through that side of the frame instead symbolises a staidness. Regardless, he will not be moving forward into the future — into the right of the frame — to see some change to his life.
Nathan Phillips Square, Toronto, 2023
Yonge and Dundas Square is Toronto’s imagined equivalent to Times Square. In this photograph we see it at peak energy: the two women hiding under a transparent umbrella are huddling together with somewhat shocked looks on their faces, while behind them a woman is running from something out of scene and a giant in white strolls behind them. Photographs like this capture the dynamism of our urban landscapes while, simultaneously, not explaining what is specifically occurring. Instead the viewer is merely left with an ever-growing cascade of questions: Why are the women drinking out of a pineapple in the rain? Why are they shocked? Who is chasing the woman in the background? Why is there a tall white giant wandering around? What is going on with the squatting man in the advertisement? These questions draw the viewer in and invite them to create their own stories of what was before, and followed, the 1/320s that this frame holds together.
Artist’s Statement
I’m an amateur Toronto-based documentary and street photographer, and have been making images for over a decade. I make monochromatic photographs that focus on little moments that happen on the streets and which document the ebb and flow of the city over the course of years and decades. My work often deliberately plays with the temporality of photographs and calls into question when images were made, and invites the viewer to ask what specifically happened immediately prior to and following the pressing of the shutter button.
In 2023, Andrea Bianco wrote a lovely long-form meditation on the difference in practice between excellent smart phone cameras (i.e., iPhone 11 Pro) and excellent compact cameras (i.e., Ricoh GR 2). I appreciated that it wasn’t a “smartphones bad and dedicated cameras good” (or the vice versa) kind of assessment. He, instead, considered the utility and capabilities of both classes of cameras. He often noted how phone cameras were best consumed on smaller screens but that their limitations became more apparent when viewed on larger screens.
His post reminded me of some longer-term considerations I’ve had for the past year about the screens on which we assess the images that we make.
Cherry & Polson, Toronto, 2024
Our camera’s screen size, or viewfinder resolution, has an effect on how we compose images. We may try to squeeze in (or exclude) content based on what we can see. However, the screen on which we edit images also affects how we perceive and present the images we have captured.
Editing on smaller screens, such as those used with phones, can lead to presenting images differently than when editing on a larger tablet or computer monitor screen. A figure that is apparent on a 12” or 24” display and is poignant to the photo editing process may functionally be a near-invisible dot on a 6” phone screen.
Eireann Quay & Queens Quay, Toronto, 2024
How we see when editing images, then, will often affect the images which are produced using dedicated cameras by merit of photographers often editing them on larger tablet or laptop screens. By editing on these larger screens we will often make very different editorial or cropping decisions based (in part) on the sheer size of the screen we are reviewing and editing photographs on. The size of the screen (and its quality) affects how we read and interpret our own photographs.
Queen & Bay, Toronto, 2019
The effects of screen size then expand, further, when we consider what screens we use to view other photographers’ work, and correspondingly lead to very different perceptions of work that photographers are digitally displaying. If a photographer edits all their work on a display of 11” or greater, should we not view it with the same size screen to truly read what they are communicating? And, by way of contrast, if a photographer’s photos are all edited on a smartphone then should we view them primarily at the size of a phone? And either way, shouldn’t we view other photographers’ work at peak screen brightness?
Of course we will all use a variety of different screens, of different sizes and luminosity and quality, to look at one another’s work. But because we are both unaware of one another’s editing and viewing defaults it is imperative to think carefully when looking at photographers’ works and ask ourselves: “Do I have the same equipment as they do, to approximate an attempt to see the photograph and scene as they intended for it to be viewed?”
Note: Updated to correctly refer to Andrea’s gender. Apologies!
I’ve been reading Minimalissimo for at least a decade now and have significantly honed my sense of design and style from the work they’ve curated through the years. As of today, however, the website is shifting into archival mode and no new content will be published.
It’s not the first long-term website closing that has hurt — arguably it is Ming Thein’s that still lingers the worse, followed by Andrew Kim’s Minimally Minimal— but at least the archives of Minimalissimo will remain to reflect on in the coming months and years.
Excited Pixels 