Categories
Quotations

2014.2.12

Shaping ideas is, of course, easier said than done. Bombarding people with ads only works to a degree. No one likes being told what to think. We grow resistant to methods of persuasion that we see through—just think of ads of yesteryear, and of how corny they feel. They worked in their day, but we’re alert to them now. Besides, blanket coverage isn’t easy to achieve in today’s fragmented media landscape. How many channels can one company advertise on? And we now fast-forward through television commercials, anyway. Even if it were possible to catch us through mass media, messages that work for one person often fail to convince others.

Big-data surveillance is dangerous exactly because it provides solutions to these problems. Individually tailored, subtle messages are less likely to produce a cynical reaction. Especially so if the data collection that makes these messages possible is unseen. That’s why it’s not only the NSA that goes to great lengths to keep its surveillance hidden. Most Internet firms also try to monitor us surreptitiously. Their user agreements, which we all must “sign” before using their services, are full of small-font legalese. We roll our eyes and hand over our rights with a click. Likewise, political campaigns do not let citizens know what data they have on them, nor how they use that data. Commercial databases sometimes allow you to access your own records. But they make it difficult, and since you don’t have much right to control what they do with your data, it’s often pointless.

This is why the state-of-the-art method for shaping ideas is not to coerce overtly but to seduce covertly, from a foundation of knowledge. These methods don’t produce a crude ad—they create an environment that nudges you imperceptibly. Last year, an article in Adweek noted that women feel less attractive on Mondays, and that this might be the best time to advertise make-up to them. “Women also listed feeling lonely, fat and depressed as sources of beauty vulnerability,” the article added. So why stop with Mondays? Big data analytics can identify exactly which women feel lonely or fat or depressed. Why not focus on them? And why stop at using known “beauty vulnerabilities”? It’s only a short jump from identifying vulnerabilities to figuring out how to create them. The actual selling of the make-up may be the tip of the iceberg.

Zeynep Tufekci, “What tear gas taught me about Twitter and the NSA: It’s time to rethink our nightmares about surveillance
Categories
Links Quotations

U of T steps into Internet privacy conversation

In the post-Snowden era of Internet privacy, Parsons and others are continuing the often difficult and unpopular work of pulling back the veil of government surveillance. Students across the country, continent, and indeed, the world, are aware of the new status quo, but may not have considered the full privacy implications of increased access to information online. It is, unfortunately, easy to ignore the droning of television anchors or the frequently updated headlines of news sources as they appear on Facebook and Twitter, especially when the medium lends itself to distraction. The irony, of course, is that as these stories appear, they are swiftly buried under an infinite stream of online information.

From the editorial board at The Varsity, U of T’s student newspaper.

Categories
Quotations

2014.2.11

Each Five Eyes partner collects information over a specific area of the globe in accordance with their national priorities, but their collection and analysis activities are orchestrated to the point that they essentially act as one. Precise assignments are not publicly known, but research indicates that Australia monitors South and East Asia emissions. New Zealand covers the South Pacific and Southeast Asia. The UK devotes attention to Europe and Western Russia, while the US monitors the Caribbean, China, Russia, the Middle East and Africa.

As it did during the Cold War, Canada’s arctic territory provides considerable sigint advantage. Canadian Forces Station Alert, on the northern tip of Ellesmere Island, Nunavut, was originally an arctic weather station, but began sigint duty by eavesdropping on northern regions of the Soviet Union in 1958. Alert remains active today, collecting information from the interior of Russia and China.20 Other Canadian sigint assets reach into Latin America and out into the North Atlantic and North Pacific Oceans.

James Cox, “Canada and the Five Eyes Intelligence Community(.pdf)”
Categories
Links

Media sometimes try, fail to keep NSA’s secrets

LONDON (AP) — News organizations publishing leaked National Security Agency documents have inadvertently disclosed the names of at least six intelligence officers.

The Canadian Broadcasting Corporation’s nightly news program, “The National,” revealed the names of three NSA employees when its cameras panned across NSA documents during voice-overs.

“They were scrolling through it and I thought, ‘Hold on, that’s an unredacted, classified document,’” said Christopher Parsons, who noticed the mistake. “It was kind of nuts. I couldn’t believe that they were so cavalierly showing it on national television.”

Parsons, a privacy expert at the University of Toronto’s Munk School of Global Affairs, was able to read the employees’ names by pausing, rewinding and replaying the video.

Source: Media sometimes try, fail to keep NSA’s secrets

Categories
Aside

Tumblr and Security PR

staff:

You can now take extra precaution against hackers and snoops by enabling SSL security on your Tumblr Dashboard. Just head over to your Account Settings and flip the switch.

“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.

That this isn’t enabled by default shows that Tumblr is interested in the PR of offering security rather than giving enough of a damn to automatically enable SSL across the entire user-space.

Categories
Links

Alleged Wi-Fi tracking is out of Canadians’ control: privacy experts

New allegations that CSEC tracked the gadgets of travellers using Wi-Fi have some questioning their privacy – but experts say there’s little Canadians can do about it.

Last week I was interviewed by Global News about the revelations CSEC was collecting metadata emitted from wireless stations in Canada. This is the result.

Source: Alleged Wi-Fi tracking is out of Canadians’ control: privacy experts

Categories
Links

With CSEC monitoring people in airports, how much spying is done on Canadians?

We offer up volumes of private information about ourselves online and just assume we’re untouchable. But the latest revelations about

I had a chance to speak with The Current today about privacy, spying, and CSEC. It was really great to hear from the Interim Privacy Commissioner of Canada and Jacquelyn Burkell on these topics as well.

Source: With CSEC monitoring people in airports, how much spying is done on Canadians?

Categories
Links

Citizen Lab calls for government surveillance oversight

U of T post-doctoral fellow writes letter asking for detailed answers on consumer data sharing

Another article, this time in the UoT student newspaper, about the letters we sent to Canadian ISPs.

Source: Citizen Lab calls for government surveillance oversight

Categories
Aside

New Mug

Spoils of my on-air interview this morning!

Categories
Links

New Snowden docs show Canadian spies tracked thousands of travelers

Christopher Parsons, a fellow at the Citizen Lab at the University of Toronto, a group that helped review the documents, added that while using corporate analytics may have been one possible attack vector, there could have been another.

“There’s a series of different kinds of identifiers—that’s not entirely clear from the documents,” he told Ars.

“It’s also theoretically possible that [CSEC] may be tapping into other identifiers. There’s going to be some global database that they’re pulling from. Whether it’s going to be cookies or another identifier. My thought would be [if not cookies] that if they’re looking for particular chat user names or e-mail that is also sent in clear or sent in clear often enough. One of [the] pieces about this [is] that it seems to indicate that it’s the act of logging on. It’s not clear that you have to make some particular action, it’s that the device[s] are likely to be sending out this kind of information upstream. It is possible that it’s your username every time you hit the mail server.”

He also noted that in Canada, the two major ISPs—Bell and Rogers—provide, by default, e-mail accounts on Microsoft and Yahoo, respectively.

So, he speculated, if CSEC was going to use such an e-mail username for instance, “that ISP is going to have a litany of personal information about a Canadian target, billing and everything else that they hold, whereas the cookie information may not provide [all that information.]”

Both Parsons and Weaver also added that the use of Tor, VPNs, and anti-tracking software (such as browser plugins like Disconnect or Ghostery) may help to somewhat thwart this type of tracking.

Source: New Snowden docs show Canadian spies tracked thousands of travelers