Tag: Canada

Categories
Links

Canada Agency Monitors File-Sharing, Reports Say

Canada Agency Monitors File-Sharing, Reports Say :

Some Internet privacy experts said they were concerned that the program captures and examines a vast amount of online activity that had no connection to terrorism or extremists.

“It means that these agencies have an immense amount of information,” said Christopher Parsons, an electronic surveillance researcher at Citizen Lab, part of the University of Toronto’s Munk School of Global Affairs. “That raises the prospect that at some point laws could be changed to make it available to other branches of the government.”

The program also suggests that Canada plays a larger role in electronic surveillance than previously thought, he added.

NOTE: This also ran in the print version of the New York Times for January 29, 2015, on page A13, with the headline: Canada Agency Monitors File-Sharing, Reports Say

Categories
Links

Canada’s electronic spy agency takes the lead on internet surveillance

This episode of The Current discuses the Communications Security Establish’s LEVITATION program. The interview is with Dave Seglins, the lead CBC reporter on this story, and Anna Maria. The discussion is intermixed with comments from experts, including myself.

Categories
Links

Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show

Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show:

Where is all this data coming from?

Rather than monitor each file sharing company individually, the documents hint at a “special source” known only by the codename ATOMIC BANJO, which is responsible for the collection of “HTTP metadata” from 102 known file sharing sites (Sendspace, Rapidshare, and the now-defunct Megaupload are the only three identified by name).

“‘Special Source’ typically refers to access to corporate data stores, or corporate data flows, so ISPs or data centers or something like that. Trans-atlantic cables,” said Christopher Parsons, a postdoctoral fellow at the Citizen Lab, which studies surveillance and other digital policy issues within the University of Toronto’s Munk School of Global Affairs. “Access is predicated on either contractual term or a monetary payment or something of that nature. Which is to say that someone or some individuals within the special source organizations are aware of what’s going on.”

As for CSE, a document released by Ge​rman newspaper Der Spiegel earlier this month describes a “cyber threat detection platform” called EONBLUE. According to the document, EONBLUE had been under development for over eight years as of November 2010—the date the document was published—and is made up of over 200 sensors deployed across the globe using “collection programs including S​PECIALSOURCE.”

What makes EONBLUE significant, said Parsons, is that we now know “Canada has sites around the world. And based on previous documents around special source operations, we quite often see large volumes of data being accessed. So it’s possible that EONBLUE is similarly used to access large quantities of data.”

One of EONBLUE’s capabilities is the collection of metadata. It is not clear whether the metadata collected from ATOMIC BANJO is related to the metadata produced by EONBLUE.

“It’s certainly possible, but there’s no definitive evidence, that would indicate a direct correlation,” Parsons said.

 

Categories
Links Writing

New Additions to the Canadian SIGINT Summaries

I’ve added three new items to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment documents, along with summary, publication, and original source information (CSE).1 CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.

Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD),2 and Government Communications Security Bureau (GCSB)).

All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page.

Categories
Links Writing

Draft Paper: Do Transparency Reports Matter for Public Policy?

Telecommunications companies across Canada have begun to release transparency reports to explain what data the companies collect, what data they retain and for how long, and to whom that data is, or has been, disclosed to. This article evaluates the extent to which Canadian telecommunications companies’ transparency reports respond to a set of public policy goals, namely: of contextualizing information about government surveillance actions, of legitimizing the corporate disclosure of data about government-mandated surveillance actions, and of deflecting or responding to telecommunications subscribers’ concerns about how their data is shared between companies and the government. In effect, have the reports been effective in achieving the aforementioned goals or have they just having the effect of generating press attention?

After discussing the importance of transparency reports generally, and the specificities of the Canadian reports released in 2014, I argue that companies must standardize their reports across the industry and must also publish their lawful intercept handbooks for the reports to be more effective. Ultimately, citizens will only understand the full significance of the data published in telecommunications companies’ transparency when the current data contained in transparency reports is be contextualized by the amount of data that each type of request can provide to government agencies and the corporate policies dictating the terms under which such requests are made and complied with.

Download Telecommunications Transparency in Canada 1.4 (Public Draft) (Alternate SSRN link)

Categories
Quotations

2015.1.6

We understand that cellphone searches are sometimes necessary to obtain important evidence. But the same is true of searching your home. The most invasive searches tend to be the most useful, precisely because of their invasiveness. The U.S. Supreme Court recently recognized this in a unanimous decision requiring a warrant for cellphone searches. As a society, we’ve decided that police need a warrant to search your home, barring exceptional circumstances. But the underlying assumption – that our homes, not our phones, contain our most private information – is increasingly untrue. Should police search our homes, we would not be alone among our generation were our first thought: “Oh god – is my phone there?”

Anisah Hassan and Josh Stark, “Phones are more private than houses – so shouldn’t be easier to search
Categories
Links Writing

The Canadian SIGINT Summaries | Technology, Thoughts & Trinkets

The Canadian SIGINT Summaries | Technology, Thoughts & Trinkets :

Journalists with access to leaked documents have reported on the partnerships and activities undertaken by Canada’s foreign signals intelligence (SIGINT) agency, the Communications Security Establishment (CSE), since October 2013. As a result of their stories we know that the Canadian government hosts collection facilities in its diplomatic outposts for American SIGINT operations, has co-ordinated with the NSA to monitor for threats to international summits that took place in Canada, and shares a cooperative relationship with the National Security Agency (NSA) to protect North America from foreign threats. CSE, itself, was found to be conducting signals intelligence and development operations against the Brazilian government, running experiments using domestically collected metadata to track Canadians’ devices, and automating both the discovery of vulnerable computer devices on the Internet for later exploitation and identifying network administrators’ Internet traffic.

The aforementioned revelations are just a sample of what Canadians have learned as journalists have reported on documents leaked to them by Edward Snowden and other whistleblowers. But it has been challenging for even experts to keep track of the Canadian discoveries amongst the tidal wave of information concerning American and British SIGINT agencies. I have created and published a resource to help researchers and members of the public alike track mentions of CSE in documents that have been reported on by professional journalists.

Curious what has been revealed about Canada’s signals intelligence agency since Edward Snowden’s revelations began in summer 2013? Then check out The Canadian SIGINT Summaries. They’ll be updated as more information is available!

Categories
Links

Privacy issues could not be ignored in 2014 (video)

This links to the full video interview I gave to Postmedia about privacy issues in 2014. On the whole I’m actually pretty optimistic about things: we know more than in the past about the extents to which governments engage in surveillance. The organizations and individuals who subsequently act on this knowledge are more capable, today, than they were even two years ago. And the political class is increasingly aware that privacy and transparency issues are becoming more and more important to their constituents.

Now, does this optimism mean that things will necessarily improve dramatically in 2015? Of course not. But momentum continues to build and more and more individuals and organizations are taking privacy issues seriously. And that’s cause for some celebration as far as I’m concerned.

Categories
Links

Privacy issues could not be ignored in 2014 (Transcript Summary)

Privacy issues could not be ignored in 2014 (Transcript Summary):

Telecom and online security expert Christopher Parsons, post-doctoral fellow at the University of Toronto’s Citizen Lab and director of the Telecom Transparency Project, reviews how Canadians’ shifted in 2014 and what to expect in the new year.

Categories
Links

Canada asks app stores to mandate privacy policies

Canada asks app stores to mandate privacy policies:

“Developers are asking for information they have no real business accessing,” said Christopher Parsons, a post-doctoral fellow at the University of Toronto’s Citizen Lab. “If a flashlight app is asking to read your SMS messages, that’s a step too far.”

According to Parsons, many app developers participate in a “grey market” of personal information.

“The value is not in selling apps,” he said. “The value is in collecting information about individuals and then turning around and selling it to third parties.”

Requiring developers to include privacy plans alongside their apps “is a step in the right direction,” Parsons said, but many policies are written in “boilerplate legalese,” meaning even if they’re available, many consumers won’t be able to interpret them.

“What commissioners could do is say that if you’re going to develop a privacy policy… you should be providing a simple, accessible version of what you’re doing,” he said.

However, making privacy policies mandatory could allow agencies like the privacy commissioner’s office to better target companies who violate their own terms of service.

“What it means is that when and if a company says something in its privacy policy that’s not true, there’s an actionable legal case against them,” Parsons said.