Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Links Quotations

Police surveillance scandal: Quebec tightens rules for monitoring journalists

From the Montreal Gazette:

Mark Bantey, a specialist in media law (who is also the Montreal Gazette’s lawyer), said he was stunned by the scope of the warrant involved in the Lagacé case. He said it seems the police were more worried about who was leaking information to the press than the actual crime.

“It sure looks like they (the police) have gone overboard because they’re not out there investigating a crime, but trying to determine who in the police department is leaking information to the press. You can’t use search warrants to get that sort of information,” Bantey said in an interview Tuesday. “There’s an obligation to exhaust all other possible sources of information before targeting the media.”

As for Couillard’s new directive about obtaining search warrants, he called it a first step that was unlikely to bring an immediate change to police practices. A better solution might be to adopt new legislation — a shield law — that protects media sources, he said.

Legislation to protect journalists from police surveillance is a good idea…until you ask a question of ‘who constitutes a journalist’?

Categories
Links

“Stephen Colbert” from Fresh Air by NPR on iTunes

This was a really interesting interview with Colbert. His views on Catholicism, daily content creation linked with current events, and attitudes towards trust and working with teams make it particularly worth the listen.

Categories
Links Writing

Canada’s spy agency illegally kept data for a decade, court rules

To be clear, the judge’s ruling:

  1. Found that CSIS had deliberately been misleading/lying to the court for a decade concerning the agency’s permanent retention of metadata;
  2. Raised the prospect of contempt of court proceedings against CSIS and its attorneys at the Department of Justice;
  3. Approved changes to unknown warrants (we’re not allowed, as members of the public, to know the warranting powers of CSIS it seems);
  4. Did not require CSIS to delete or stop using the metadata it had illegally collected, on grounds that doing so could raise jurisdictional issues. Translation: the information has been shared, or mixed with, foreign agencies’ metadata already and thus prevents the court from easily crafting a judgment around its use;
  5. CSIS did not believe that it was required to be fully transparent with the federal court that issues CSIS’ warrants on grounds that the court was ‘not an oversight body’;
  6. CSIS had internally, with Department of Justice guidance, secretly reinterpreted laws to cloak its actions in the guise of lawfulness (internally) while deliberately hiding such interpretations and the implications thereof from the court.

Canada has a national security consultation going on, and part of it raises the question of ‘does Canada have sufficient oversight and accountability for its national security operations?’ If you care about these issues, go and spend some time sending a message to the government.

Categories
Links

How Canada’s Anti-Cyberbullying Law Is Being Used to Spy on Journalists

From Motherboard:

According to Citizen Lab researcher Christopher Parsons, these same powers that target journalists can be used against non-journalists under C-13. And the only reason we know about the aforementioned cases is that the press has a platform to speak out.

“This is an area where transparency and accountability are essential,” Parsons said in an interview. “We’ve given piles and piles of new powers to law enforcement and security agencies alike. What’s happened to this journalist shows we desperately need to know how the government uses its powers to ensure they’re not abused in any way.”

“I expect that the use of these particular powers will become more common as the police get more used to using it and more savvy in using them,” Parsons said.

These were powers that were ultimately sold to the public (and passed into law) as needed to ‘child pornography’. And now they’re being used to snoop on journalists to figure out who their sources are, without being mandated to report on the regularity at which the powers are used to the efficacy of such uses. For some reason, this process doesn’t inspire a lot of confidence in me.

Categories
Links

Donald Trump’s companies destroyed or hid documents in defiance of court orders

Newsweek:

Trump’s use of deception and untruthful affidavits, as well as the hiding or improper destruction of documents, dates back to at least 1973, when the Republican nominee, his father and their real estate company battled the federal government over civil charges that they refused to rent apartments to African-Americans. The Trump strategy was simple: deny, impede and delay, while destroying documents the court had ordered them to hand over.

Shortly after the government filed its case in October, Trump attacked: He falsely declared to reporters that the feds had no evidence he and his father discriminated against minorities, but instead were attempting to force them to lease to welfare recipients who couldn’t pay their rent.

The debates about who had hidden the most, and the significance of such hiding, continues unabated in the American election…

Categories
Links

Why DDoS attacks matter for journalists

Two reasons that journalists should be concerned about DDoS attacks:

First, while the use of common household devices to execute the attacks against Krebs and Dyn was novel, the hackers got control of those devices using one of the oldest and easiest methods out there: bad passwords, a vulnerability most journalists share.

The second reason journalists should attend to these attacks is that strategic use of both DDoS attacks (for example, recent attacks on Newsweek and the BBC) and DNS manipulation are common tools for censorship. This is in part because they are cheap, easy (the software credited with Friday’s attack was posted openly just a few weeks ago), and highly effective in preventing some or all internet users from accessing the content they target.

We’re at the edge of a particularly bad security chasm we’re just about to fall into (if we haven’t already!). The question is whether we can actually avoid the fall or whether the best we can do right now is lessen the hurt on the way down.

Categories
Links

How one rent-a-botnet army of cameras, DVRs caused Internet chaos

Ars Technica:

But even in the midst of the Dyn attack, some of the Mirai-infected devices were being used to attack another target—the infrastructure of a gaming company, according to Allison Nixon, the director of security research at security company Flashpoint. That idea matches up with what others who had some insight into the attack have told Ars confidentially—that it was also pointed at Sony’s PlayStation Network, which uses Dyn as a name service provider.

For now, it’s not clear that the attacks on Dyn and the PlayStation Network were connected. And with a criminal investigation underway, a Dyn spokesperson declined to confirm or deny that Sony was also a target. “We are continuing to work closely with the law enforcement community to determine the root cause of the events that occurred during the DDoS attacks last Friday,” Adam Coughlin, Dyn’s director of corporate communications, told Ars. “Since this is an ongoing investigation, we cannot speculate on these events.”

Regardless of the reasons behind it, the attack on Dyn further demonstrates the potential disruptive power of the millions of poorly protected IoT devices. These items can be easily turned into a platform for attacking anything from individual websites to core parts of the Internet’s infrastructure. And Mirai has demonstrated that it doesn’t take “zero-day” bugs to make it happen; attackers only need poorly implemented security on devices that can’t be easily fixed.

This is definitely one of the best writeups of the DDoS attacks launched againgst Dyn last week, which led to the downtime of major Internet properties. If you want to understand some of the security-related issues associated with the Internet of Things as well as challenges of attributing attacks to different attack infrastructures and intents, this is worth your time.

Categories
Links

Android phones rooted by “most serious” Linux escalation bug ever

Ars Technica:

Just as Dirty Cow has allowed untrusted users or attackers with only limited access to a Linux server to dramatically elevate their control, the flaw can allow shady app developers to evade Android defenses that cordon off apps from other apps and from core OS functions. The reliability of Dirty Cow exploits and the ubiquity of the underlying flaw makes it an ideal malicious root trigger, especially against newer devices running the most recent versions of Android.

“I would be surprised if someone hasn’t already done that this past weekend,” Manouchehri said.

Another week, another extremely serious Android vulnerability that will remain unpatched for the majority of consumers until they throw out their current Android phone and purchase another one (though even that new one might lack the patches!). I wonder what serious vulnerability will come through next week?

Categories
Links

Alibaba’s Jack Ma Urges China to Use Data to Combat Crime

Bloomberg reporting on Alibaba’s Jack Ma:

In his speech, Ma stuck mainly to the issue of crime prevention. In Alibaba’s hometown of Hangzhou alone, the number of surveillance cameras may already surpass that of New York’s, Ma said. Humans can’t handle the sheer amount of data amassed, which is where artificial intelligence comes in, he added.

“The future legal and security system cannot be separated from the internet and big data,” Ma said.

In North America, we’re trialling automated bail systems, where the amount set and likelihood of receiving bail is predicated on big data algorithms. While it’s important to look abroad and see what foreign countries are doing we mustn’t forget what is being done here in the process.

Categories
Aside Links

Imagine if Donald Trump Controlled the NSA

Wired:

And exactly what could a President Trump do with the NSA? First, Hennessey says, there’s the question of what he could undo: He could, for instance, rescind the executive actions of President Obama aimed at reforming the NSA after Snowden’s revelations. Presidential Policy Directive 28, for example, issued in 2014, was designed to ensure that the NSA’s signals intelligence branch wouldn’t use its powers to promote American business interests or suppress political dissent abroad, and that it would minimize its invasion of the privacy of not just Americans but also non-Americans whenever possible. Trump could also defang or coopt the executive branch’s Privacy and Civil Liberties Oversight Board, which opposed and helped to end the NSA’s mass collection of Americans’ cell phone records last year.

More fundamentally, Hennessey and other former NSA staffers worry that Trump could redefine the priorities of the NSA’s foreign intelligence mission. He could, for instance, refocus American spying efforts to take the agency’s eyes off Russia and instead target that country’s adversaries, like Georgia, Ukraine, or even the European Union. Given Trump’s murky financial ties to Russia, it’s still not clear how he would approach its authoritarian government if he were to take power. “Trump has indicated he has unusual views about Vladimir Putin as an individual and Russian activity around the world that’s very problematic for the security interests of the US,” Hennessey says. “We shouldn’t underestimate the importance of the intelligence community’s high level priorities and the ability of the president to shift them.”

Despite what people believe, the NSA is significantly restrained in some of its activities as compared to its compatriots. As an example, there is still no evidence that the NSA conducts economic espionage for the purpose of enhancing specific American business’ interests. The United States does conduct economic espionage for trading and global threat assessments, but not to share the collected information with domestic businesses. A Trump presidency could change that and, in the course, truly blend best-of-class government surveillance with nationalist economic policies. While that might sound appealing to Americans it could also initiate a full-scale trade war…and one where the people of the world would likely come out far poorer.