Policy wonk. Torontonian. Photographer. Not necessarily in that order.
Mass surveillance program defended by Conservatives:
There is nothing in the documents that indicate CSE is intentionally targeting Canadian citizens. But Christopher Parsons, with Citizens’ Lab, said the sheer size of the program makes it unlikely Canadians’ data weren’t caught in the drag net.
“The scope at which they are processing data means it is highly likely that Canadian information is — they would use the term ‘incidentally’ — being collected,” Parsons said.
Canada Agency Monitors File-Sharing, Reports Say :
Some Internet privacy experts said they were concerned that the program captures and examines a vast amount of online activity that had no connection to terrorism or extremists.
“It means that these agencies have an immense amount of information,” said Christopher Parsons, an electronic surveillance researcher at Citizen Lab, part of the University of Toronto’s Munk School of Global Affairs. “That raises the prospect that at some point laws could be changed to make it available to other branches of the government.”
The program also suggests that Canada plays a larger role in electronic surveillance than previously thought, he added.
NOTE: This also ran in the print version of the New York Times for January 29, 2015, on page A13, with the headline: Canada Agency Monitors File-Sharing, Reports Say
This episode of The Current discuses the Communications Security Establish’s LEVITATION program. The interview is with Dave Seglins, the lead CBC reporter on this story, and Anna Maria. The discussion is intermixed with comments from experts, including myself.
Presto bringing big ideas – and maybe free coffee – to TTC riders:
Privacy concerns
While few can argue with the prospect of a less-cramped streetcar, one Toronto-based privacy advocate has some concerns about the TTC tracking his trips.
“The use of aggregate rider data can be really helpful in terms of figuring out how to improve transit,” said Christopher Parsons, a post-doctoral fellow at the University of Toronto’s Citizen Lab.
“But the question is what minimal amount of data is necessary to collect for that planning, and is there a way to authenticate Presto cards that maximally protects individuals’ privacy?”
A spokesperson for Metrolinx told Metro that riders have the option of using Presto cards even if they haven’t registered any of their personal information.
That’s good, Parsons said, but it may not be enough.
“If you’re looking at large datasets, you can start picking out individuals based on just one or two other data points,” he said.
Ultimately, any technology like Presto involves some measure of surveillance, and Parsons says he believes it will be up to riders to decide whether the benefits of the card outweigh any concerns.
“That’s a choice Torontonians will have to make,” he said.
Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show:
Where is all this data coming from?
Rather than monitor each file sharing company individually, the documents hint at a “special source” known only by the codename ATOMIC BANJO, which is responsible for the collection of “HTTP metadata” from 102 known file sharing sites (Sendspace, Rapidshare, and the now-defunct Megaupload are the only three identified by name).
“‘Special Source’ typically refers to access to corporate data stores, or corporate data flows, so ISPs or data centers or something like that. Trans-atlantic cables,” said Christopher Parsons, a postdoctoral fellow at the Citizen Lab, which studies surveillance and other digital policy issues within the University of Toronto’s Munk School of Global Affairs. “Access is predicated on either contractual term or a monetary payment or something of that nature. Which is to say that someone or some individuals within the special source organizations are aware of what’s going on.”
…
As for CSE, a document released by German newspaper Der Spiegel earlier this month describes a “cyber threat detection platform” called EONBLUE. According to the document, EONBLUE had been under development for over eight years as of November 2010—the date the document was published—and is made up of over 200 sensors deployed across the globe using “collection programs including SPECIALSOURCE.”
What makes EONBLUE significant, said Parsons, is that we now know “Canada has sites around the world. And based on previous documents around special source operations, we quite often see large volumes of data being accessed. So it’s possible that EONBLUE is similarly used to access large quantities of data.”
One of EONBLUE’s capabilities is the collection of metadata. It is not clear whether the metadata collected from ATOMIC BANJO is related to the metadata produced by EONBLUE.
“It’s certainly possible, but there’s no definitive evidence, that would indicate a direct correlation,” Parsons said.
I’ve added three new items to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment documents, along with summary, publication, and original source information (CSE).1 CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.
Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD),2 and Government Communications Security Bureau (GCSB)).
All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page.
Telecommunications companies across Canada have begun to release transparency reports to explain what data the companies collect, what data they retain and for how long, and to whom that data is, or has been, disclosed to. This article evaluates the extent to which Canadian telecommunications companies’ transparency reports respond to a set of public policy goals, namely: of contextualizing information about government surveillance actions, of legitimizing the corporate disclosure of data about government-mandated surveillance actions, and of deflecting or responding to telecommunications subscribers’ concerns about how their data is shared between companies and the government. In effect, have the reports been effective in achieving the aforementioned goals or have they just having the effect of generating press attention?
After discussing the importance of transparency reports generally, and the specificities of the Canadian reports released in 2014, I argue that companies must standardize their reports across the industry and must also publish their lawful intercept handbooks for the reports to be more effective. Ultimately, citizens will only understand the full significance of the data published in telecommunications companies’ transparency when the current data contained in transparency reports is be contextualized by the amount of data that each type of request can provide to government agencies and the corporate policies dictating the terms under which such requests are made and complied with.
Download Telecommunications Transparency in Canada 1.4 (Public Draft) (Alternate SSRN link)
We understand that cellphone searches are sometimes necessary to obtain important evidence. But the same is true of searching your home. The most invasive searches tend to be the most useful, precisely because of their invasiveness. The U.S. Supreme Court recently recognized this in a unanimous decision requiring a warrant for cellphone searches. As a society, we’ve decided that police need a warrant to search your home, barring exceptional circumstances. But the underlying assumption – that our homes, not our phones, contain our most private information – is increasingly untrue. Should police search our homes, we would not be alone among our generation were our first thought: “Oh god – is my phone there?”
Anisah Hassan and Josh Stark, “Phones are more private than houses – so shouldn’t be easier to search”
So…did GCHQ et al intercept and decrypt BBM messages, or were they just handed over?
Our relationship with Facebook, Google and Amazon isn’t symmetrical. We have no power to define the relationship and have zero say in how things work. If this is how commercial companies treat humanity, what can we expect from governments that are increasingly normative in what they expect from their citizens? Our governments have been taken hostage by the same logic of productivity that commercial companies use. With the inescapable number of cameras and other sensors in the public space they will soon have the means to enforce absolute compliance. I am therefore not a strong believer in the ‘sousveillance’ and ‘coveillance’ discourse. I think we need to solve this problem in another way.
Hans de Zwart, “Ai Weiwei Is Living In Our Future: Living under permanent surveillance and what that means for our freedom”
Excited Pixels