This story is absolutely appalling. In summary, a Canadian judge had pictures of her posted to the Internet without her consent and the result may be that she loses her job despite having done nothing wrong herself. She’s eminently qualified for her job and the fact that she has been subject to sexual harassment/violence should absolutely not disqualify her from her current position. It would be a travesty of justice if, after being victimized, she were to lose her job on the basis of having been victimized.
Author: Christopher Parsons
Policy wonk. Torontonian. Photographer. Not necessarily in that order.
Probably the best award speech I’ve heard in years; how often is the advertising industry held captive by a speaker who proceeds to tell them they traffic in meaninglessness and lies?
Categories
A New Work Reality?
Putting a face to the reality of Ontario’s labour market.
Categories
Nicky Hager’s house raided by police
Nicky Hager’s house raided by police:
While working on the book, Mr Hager said he was prepared for a raid-type situation, but did not believe the police would conduct one on his property.
This is exactly the kind of thing that political reporters shouldn’t have to prepare and defend against is democratic states. But more and more are because of overzealous state secrecy laws combined with bullying policing tactics.
Mississauga man pleads guilty in international Xbox hacking ring:
Prosecutors said the small group of gaming enthusiasts called itself the Xbox Underground.
“These were extremely sophisticated hackers. Don’t be fooled by their ages,” Assistant U.S. Attorney Ed McAndrew said after Tuesday’s court hearing. McAndrew told reporters the other members of the group looked to Pokora as a leader.
…
Chris Parsons, a post-doctoral fellow at the University of Toronto’s Citizen Lab and expert in Internet security, told the Star the technique used by the group, known as “SQL injection,” is one of the most common attacks used.
“I’m not saying that these individuals are more or less sophisticated, but you really do not have to be terribly clever to run SQL injections,” said Parsons, who has no involvement in the case.
The technique at its most simple involves tricking a database used by the organization into thinking that the hacker has the power to run administrator-level commands.
…
Parsons says the value of intellectual property and material like the group was after is difficult to gauge. He said they could sell it, or trade it online.
“Certainly some information would be more valuable than others. There might be a large variation for how much you might pay for a prototype Xbox One, versus information about how the U.S. military trains its apache helicopter pilots,” said Parsons. “It would vary substantially in terms of what the information is and the completeness of it.”
There’s no indication in the court documents that the group attempted to sell military information.
Mapping The Canadian Government’s Telecommunications Surveillance:
What:
Canadian federal government agencies, like many government agencies around the world, often request user data from telecommunications agencies for the purpose of surveillance. With few regulations in place that force governments or corporations to explain how Canadians’ telecommunications information is accessed or processed, the Citizen Lab along with its’ partners, worked over the course of a year to compile and disseminate lawfully accessible data that showed how often, for what reasons, and on what legal grounds telecommunications companies in Canada provided their subscribers’ data to state agencies.
The Electronic Frontier Foundation has a series of Counter-Surveillance Success Stories and my work over the past year’s been recognized in the stories. It’s really exceptional the excellent work that people are doing all around the world – you should check them all out!
Access, Partners Recognize Heroes, Villains on Human Rights and Communications Surveillance
Transparency
Summary: States should be transparent about the use and scope of Communications Surveillance laws, regulations, activities, powers, or authorities.
Hero: Doctor Christopher Parsons
Doctor Parsons has actively pushed Canada’s leading Telecommunications Services Providers to disclose how, why, and how often they provide subscriber information to state agencies. Based on their responses, Dr. Parsons offered comprehensive recommendations on how companies could improve public transparency.
Villain: Secretary Jeremy Heywood
Under the authority of UK Prime Minister David Cameron, Mr. Heywood ordered the Guardian to destroy documents regarding surveillance activities of the NSA and GCHQ. The hard drives were “pulverized” in the basement of the newspaper’s London offices. Notably, the Guardian has stated that all documents related to its reporting on these matters are stored in other offices.
It remains amazing – and an absolute honour – to be listed as a hero alongside Edward Snowden, Navi Pillay (former UN High Commissioner), Sen. Ron Wyden, Dilma Rousseff, amongst a host of others.
Also: I guess I have something to talk about next time I run into a member of the British Cabinet?
Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet:
One key part of the HACIENDA infrastructure, however, is a Canadian program called LANDMARK, which looks for “ORBS” (Operational Relay Box) that were recently defined by Colin Freeze in the Globe and Mail as “computers [the Five Eyes spy agencies] compromise in third-party countries.” I spoke to Chris Parsons from the Citizen Lab, who explained that these ORBs are quite possibly the property of innocent citizens, and not exclusively intelligence targets:
“CSEC seemingly regards unsecured devices (their ‘ORBs’) as valid intelligence targets in order to launch deniable attacks and reconnaissance practices. We don’t know whether there is some effort to ascertain civilian vs non-civilian intermediary computers to take over, but the slides suggest that civilians and their equipment can be targeted.”
…
“CSEC operates using the same techniques as organized crime and foreign intelligence services… CSEC uses these techniques for nation-state aims, similar reconnoissance techniques are used by criminals, academics, and interested internet sleuths. The tools of reconnaissance and offence are depressingly affordable, whereas secure code is expensive and hard to come by.”
Poor record of fed requests to telecom companies for Canadians’ data:
Many law-enforcement agencies do not track requests for private information, making the system vulnerable to abuse
…
“Many departments say they don’t have the information and say they don’t keep track of these things,” said NDP MP Charmaine Borg, whose questions led to the release of response documents. “… And if that is the case, that brings up to me a huge problem. How are we supposed to ensure there are no abuses, and that government agencies are making these requests within very extreme circumstances, when they don’t even keep track of when they’re making them?”
…
Christopher Parsons, a postdoctoral fellow at the Citizen Lab of the University of Toronto’s Munk School of Global Affairs, said non-federal agencies, such as police forces, are also seeking data. “Even if we got good numbers from all the federal government, there is a huge, huge part of the surveillance iceberg that’s yet to be seen,” he said.
It’s important to keep in mind that much of the attention concerning government surveillance has been about how federal agencies access telecommunications data, and how proposed lawful access legislation would extend and expand such access. While this attention is deserved there is an entirely different set of actors that have yet to be examined in any sustained way: provincial agencies and municipal organizations.
Canadian ISPs Won’t Tell You Much About Your Own Data:
Ever wondered how long your telecom provider retains your user data? Or if law enforcement has requested your records?
…
This “Access My Info” tool was launched in June, and now, responses have started to trickle back in.
“We’re starting to be able to compare and contrast some of the larger company’s responses,” Parsons said.
Using either Parsons’ form letter, or the AMI tool, subscribers can request that their telecom providers clarify the types of data they collect, tell them how long they retain such data, provide copies of relevant records, and whether their information has been disclosed to law enforcement or government agencies. But perhaps unsurprisingly, policies and practices tend to differ from one provider to the next.
“I think that the letters from TekSavvy are comprehensive. They’re not trying to play games,” Parsons said, referring to the responses sent out by one of Canada’s smaller internet service providers. “They’re actually taking seriously the questions that individuals are making and not trying to blow them off. That stands in variance with, I would say, almost every other member of the industry.”
Parsons said that in other responses, “the detail that is present, or is more often the case, absent, is really quite breathtaking. The only thing I have from Bell is a one page sheet that’s almost worse than useless. It almost doesn’t respond to the customer’s question.”
Parsons told me that discerning how long certain types of data are retained has proven particularly hard, for example.
“Retention schedules matter. How long you store data should not be a top secret corporate secret, because it’s about citizens,” said Parsons. ”Here we’re talking about basic, basic, basic privacy information. How long do you store information about me? None of these companies aside from TekSavvy have tried to comprehensively respond to that question.“
This is a detailed piece by Matt Braga, and one that I’d highly recommend if you’re interested what the Telecom Transparency Project has (and hasn’t) learned about Canadian telecommunications companies’ data retention schedules.
Excited Pixels 