Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Links

Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet

Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet:

One key part of the HACIENDA infrastructure, however, is a Canadian program called LANDMARK, which looks for “ORBS” (Operational Relay Box) that were recently defined by Colin Freeze in the Globe and Mail as “computers [the Five Eyes spy agencies] compromise in third-party countries.” I spoke to Chris Parsons from the Citizen Lab, who explained that these ORBs are quite possibly the property of innocent citizens, and not exclusively intelligence targets:

“CSEC seemingly regards unsecured devices (their ‘ORBs’) as valid intelligence targets in order to launch deniable attacks and reconnaissance practices. We don’t know whether there is some effort to ascertain civilian vs non-civilian intermediary computers to take over, but the slides suggest that civilians and their equipment can be targeted.”

“CSEC operates using the same techniques as organized crime and foreign intelligence services… CSEC uses these techniques for nation-state aims, similar reconnoissance techniques are used by criminals, academics, and interested internet sleuths. The tools of reconnaissance and offence are depressingly affordable, whereas secure code is expensive and hard to come by.”

Categories
Links

Poor record of fed requests to telecom companies for Canadians’ data

Poor record of fed requests to telecom companies for Canadians’ data:

Many law-enforcement agencies do not track requests for private information, making the system vulnerable to abuse

“Many departments say they don’t have the information and say they don’t keep track of these things,” said NDP MP Charmaine Borg, whose questions led to the release of response documents. “… And if that is the case, that brings up to me a huge problem. How are we supposed to ensure there are no abuses, and that government agencies are making these requests within very extreme circumstances, when they don’t even keep track of when they’re making them?”

Christopher Parsons, a postdoctoral fellow at the Citizen Lab of the University of Toronto’s Munk School of Global Affairs, said non-federal agencies, such as police forces, are also seeking data. “Even if we got good numbers from all the federal government, there is a huge, huge part of the surveillance iceberg that’s yet to be seen,” he said.

It’s important to keep in mind that much of the attention concerning government surveillance has been about how federal agencies access telecommunications data, and how proposed lawful access legislation would extend and expand such access. While this attention is deserved there is an entirely different set of actors that have yet to be examined in any sustained way: provincial agencies and municipal organizations.

Categories
Links

Canadian ISPs Won’t Tell You Much About Your Own Data

Canadian ISPs Won’t Tell You Much About Your Own Data:

Ever wondered how long your telecom provider retains your user data? Or if law enforcement has requested your records?

This “Access My Info” tool was launched in June, and now, responses have started to trickle back in.

“We’re starting to be able to compare and contrast some of the larger company’s responses,” Parsons said.

Using either Parsons’ form letter, or the AMI tool, subscribers can request that their telecom providers clarify the types of data they collect, tell them how long they retain such data, provide copies of relevant records, and whether their information has been disclosed to law enforcement or government agencies. But perhaps unsurprisingly, policies and practices tend to differ from one provider to the next.

“I think that the letters from TekSavvy are comprehensive. They’re not trying to play games,” Parsons said, referring to the responses sent out by one of Canada’s smaller  internet service providers. “They’re actually taking seriously the questions that individuals are making and not trying to blow them off. That stands in variance with, I would say, almost every other member of the industry.”

Parsons said that in other responses, “the detail that is present, or is more often the case, absent, is really quite breathtaking. The only thing I have from Bell is a one page sheet that’s almost worse than useless. It almost doesn’t respond to the customer’s question.”

Parsons told me that discerning how long certain types of data are retained has proven particularly hard, for example.

“Retention schedules matter. How long you store data should not be a top secret corporate secret, because it’s about citizens,” said Parsons. ”Here we’re talking about basic, basic, basic privacy information. How long do you store information about me? None of these companies aside from TekSavvy have tried to comprehensively respond to that question.“

This is a detailed piece by Matt Braga, and one that I’d highly recommend if you’re interested what the Telecom Transparency Project has (and hasn’t) learned about Canadian telecommunications companies’ data retention schedules.

Categories
Links

Telus joins transparency push by sharing demands for customer info

Telus joins transparency push by sharing demands for customer info :

Christopher Parsons, a research fellow with Citizen Lab, which is part of the University of Toronto’s Munk School of Global Affairs, says he commends Telus for following through on a commitment to release a report this summer and for its call for industry standards on such disclosures.

“The trick is, however, that we’re still missing Bell Canada, which is the largest telecommunications provider in the country,” he said. “Clearly, there’s an industry movement in Canada and all across North America toward these transparency reports and Bell Canada needs to be on board.”

Mr. Parsons says any industry standard around reporting should also include disclosure about how long the companies retain customer information.

TELUS is to be congratulated for following through on their promise to release a transparency, report, as well as for committing to publishing future reports. At this point, two of the largest telecom in Canada (Rogers and TELUS) along with a leading independent telecom (TekSavvy) have released transparency reports: where’s Bell and all the smaller companies?

Categories
Links Writing

Stop trying to sell me wrist-worn smartphones

Stop trying to sell me wrist-worn smartphones :

Everyone seems to be going down the same route of trying to shrink smart technology to the size of a watch instead of working to smarten up the watches we already have. It’s approaching the problem from the wrong direction, which might explain why the solutions we’ve seen so far have all been inadequate in some way or another. Mostly it’s about the size. Today’s smartwatches contain the best miniaturized technology available, but remain too large — even if they do try to patch over it with fine leather strapspolished metal designs, and gorgeous AMOLED screens.

It absolutely baffles me who, exactly, smart watches are being designed for. The notion that something would be buzzing on my wrist (in my own, very anecdotal case) hundreds of times a day as I receive email, retweets, LinkedIn invites, text messages, hangouts messages, and so forth is absolutely absurd. That’s noise that I want to avoid or minimize, not enhance and maximize.

I own one, very nice, watch that I wear on special circumstances. It’s beautiful and is powered by kinetic motions. It’s light enough that it doesn’t annoy the hell out of me, but heavy enough that it’s comfortable on my wrist. And, in all cases, it doesn’t beep, buzz, or otherwise interfere with my daily life.

To my mind, the ‘rationale’ for smart watches is really predicated on the absurd sizes that smartphones are reaching. With phones increasingly being sold with 5 inch, or larger, screens the devices are eyesores whenever they’re pulled out and their screens examined.

That’s a very, very bad rationale to build a product on and (to my mind) indicates the failure of smartphone design. And the solution that failure isn’t smart watches but more humane-sized phones.

Categories
Quotations

2014.9.4

And then there’s the sheer randomness of it all. Some services you can’t access for no apparent reason, others are so slow that you can’t figure out if they’re blocked or just snail-paced. And as I experience this, I wish some of our politicians and media people, those who see net neutrality as the enemy, I wish they’d come here and experience what a radical version of non-neutrality is. Again, I have a VPN service to overcome most of this (at the cost of speed) but most people don’t and/or can’t afford one.

Don’t get me wrong, I’m not suggesting that not enshrining net neutrality is the equivalent of doing what the Chinese (or Iranian, or Indian) government does. But I look at the UK’s blocking mechanisms supposed to protect children but really targeting just about any kind of site for arcane reasons that no one can figure out, and I think that what I have here is an extreme version of the same thing.

Benoit Felton, “Behind the Great Firewall
Categories
Quotations

2014.9.2

The Great Celebrity Naked Photo Leak of 2014 – or perhaps we should call it The Great Celebrity Naked Photo Leak of August 2014, given that this happens so often that there won’t be only one this year – is meant to remind women of their place. Don’t get too high and mighty, ladies. Don’t step out of line. Don’t do anything to upset or disappoint men who feel entitled to your time, bodies, affection or attention. Your bared body can always be used as a weapon against you. You bared body can always be used to shame and humiliate you. Your bared body is at once desired and loathed.

Roxane Gay, “The Great Naked Celebrity Leak of 2014 Is Just the Beginning
Categories
Links

Listening In: The Navy Is Tracking Ocean Sounds Collected by Scientists

Listening In: The Navy Is Tracking Ocean Sounds Collected by Scientists:

A network of Internet-connected undersea microphones is picking up more than whale songs.

This is one of the coolest surveillance/national security/academic research-related news article I’ve read in a long time. Highly recommended!

Categories
Aside Links

From The Unsealed ‘Jewel v. NSA’ Transcript: The DOJ Has Nothing But Contempt For American Citizens

From The Unsealed ‘Jewel v. NSA’ Transcript: The DOJ Has Nothing But Contempt For American Citizens:

Hey, I’m sorry the leaks have made it harder for these agencies to do whatever the hell they want, but they are all part of a government that’s supposed to be accountable to the citizens picking up the check. But when faced with unhappy citizens and their diminished rights, all the DOJ’s lawyers can say is that the public doesn’t know shit and has no right to question the government’s activities.

The government has somehow managed to come to a conclusion others reached weeks ago – there’s more than one leaker out there. GOOD. Burn it down. In the DOJ’s hands, the government isn’t by or for the people. It’sdespite the people. The DOJ can’t be trusted to protect the balance between privacy and security. As it sees it, what the public doesn’t know will likely hurt it, and it’s damned if it’s going to allow citizens to seek redress for their grievances.

While I don’t agree with the whole ‘burn-the-DOJ-down’ mentality, that this is an increasingly mainstream opinion regarding key US government institutions is deeply problematic. Such attitudes are indicative of a population no longer seeing itself reflected in its government which is, in turn, a recipe for social conflicts.

Categories
Links

Canada Spies on Israel’s Enemies

Canada Spies on Israel’s Enemies:

A new report in The Intercept revealed that CSEC, Canada’s NSA, spies on Israel’s enemies. But what does that entail? And is it within CSEC’s mandate to do so?

I reached out to Chris Parsons, a prominent cybersecurity and surveillance researcher from Toronto’s Citizen Lab, to discuss CSEC’s role in Israel’s military offensives. He told me there are “at least two ways” that CSEC would be involved in helping out Israel. One of which would be to provide INSU with a tracking program, or specific databases, to help spy on targets and persons of interest, which would have been developed by CSEC. As we learned from the free airport WiFi presentation, which was more about tracking targets as they log into various WiFi access points around the world than it was about surveilling airport travelers in particular, CSEC does have these capabilities in their wheelhouse.

Parsons went on to say that CSEC could also assist Israel by “providing some sort of expertise with how to use databases that are shared out to the Israeli intelligence community.” Simply put, Canada may be giving the Israelis tech support for the spying systems we’re giving them. In terms of whether or not this kind of assistance is within CSEC’s mandate, Parsons told me: “As you’re aware, the Canadian government has identified Hamas as a terrorist organization and as such, it would make sense for CSEC to be engaged in the monitoring of their locations and their electronic systems that Hamas is believed to be using. So in that sense, it should fit within CSEC’s mandated intelligence-gathering.”

But even with Hamas on a designated terror list, the complexities surrounding our Canadian surveillance agency spying on Palestinian targets opens up major issues of privacy; specifically when you consider how a target is selected, and how sure government powers need to be before a person is added to a list of terrorists. As Parsons told me, there is the “very serious question of how exactly individuals are identified as valid targets or not… How many individuals are swept up into the monitoring?”