Tag: Canada

Categories
Links

Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet

Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet:

One key part of the HACIENDA infrastructure, however, is a Canadian program called LANDMARK, which looks for “ORBS” (Operational Relay Box) that were recently defined by Colin Freeze in the Globe and Mail as “computers [the Five Eyes spy agencies] compromise in third-party countries.” I spoke to Chris Parsons from the Citizen Lab, who explained that these ORBs are quite possibly the property of innocent citizens, and not exclusively intelligence targets:

“CSEC seemingly regards unsecured devices (their ‘ORBs’) as valid intelligence targets in order to launch deniable attacks and reconnaissance practices. We don’t know whether there is some effort to ascertain civilian vs non-civilian intermediary computers to take over, but the slides suggest that civilians and their equipment can be targeted.”

“CSEC operates using the same techniques as organized crime and foreign intelligence services… CSEC uses these techniques for nation-state aims, similar reconnoissance techniques are used by criminals, academics, and interested internet sleuths. The tools of reconnaissance and offence are depressingly affordable, whereas secure code is expensive and hard to come by.”

Categories
Links

Poor record of fed requests to telecom companies for Canadians’ data

Poor record of fed requests to telecom companies for Canadians’ data:

Many law-enforcement agencies do not track requests for private information, making the system vulnerable to abuse

“Many departments say they don’t have the information and say they don’t keep track of these things,” said NDP MP Charmaine Borg, whose questions led to the release of response documents. “… And if that is the case, that brings up to me a huge problem. How are we supposed to ensure there are no abuses, and that government agencies are making these requests within very extreme circumstances, when they don’t even keep track of when they’re making them?”

Christopher Parsons, a postdoctoral fellow at the Citizen Lab of the University of Toronto’s Munk School of Global Affairs, said non-federal agencies, such as police forces, are also seeking data. “Even if we got good numbers from all the federal government, there is a huge, huge part of the surveillance iceberg that’s yet to be seen,” he said.

It’s important to keep in mind that much of the attention concerning government surveillance has been about how federal agencies access telecommunications data, and how proposed lawful access legislation would extend and expand such access. While this attention is deserved there is an entirely different set of actors that have yet to be examined in any sustained way: provincial agencies and municipal organizations.

Categories
Links

Canadian ISPs Won’t Tell You Much About Your Own Data

Canadian ISPs Won’t Tell You Much About Your Own Data:

Ever wondered how long your telecom provider retains your user data? Or if law enforcement has requested your records?

This “Access My Info” tool was launched in June, and now, responses have started to trickle back in.

“We’re starting to be able to compare and contrast some of the larger company’s responses,” Parsons said.

Using either Parsons’ form letter, or the AMI tool, subscribers can request that their telecom providers clarify the types of data they collect, tell them how long they retain such data, provide copies of relevant records, and whether their information has been disclosed to law enforcement or government agencies. But perhaps unsurprisingly, policies and practices tend to differ from one provider to the next.

“I think that the letters from TekSavvy are comprehensive. They’re not trying to play games,” Parsons said, referring to the responses sent out by one of Canada’s smaller  internet service providers. “They’re actually taking seriously the questions that individuals are making and not trying to blow them off. That stands in variance with, I would say, almost every other member of the industry.”

Parsons said that in other responses, “the detail that is present, or is more often the case, absent, is really quite breathtaking. The only thing I have from Bell is a one page sheet that’s almost worse than useless. It almost doesn’t respond to the customer’s question.”

Parsons told me that discerning how long certain types of data are retained has proven particularly hard, for example.

“Retention schedules matter. How long you store data should not be a top secret corporate secret, because it’s about citizens,” said Parsons. ”Here we’re talking about basic, basic, basic privacy information. How long do you store information about me? None of these companies aside from TekSavvy have tried to comprehensively respond to that question.“

This is a detailed piece by Matt Braga, and one that I’d highly recommend if you’re interested what the Telecom Transparency Project has (and hasn’t) learned about Canadian telecommunications companies’ data retention schedules.

Categories
Links

Listening In: The Navy Is Tracking Ocean Sounds Collected by Scientists

Listening In: The Navy Is Tracking Ocean Sounds Collected by Scientists:

A network of Internet-connected undersea microphones is picking up more than whale songs.

This is one of the coolest surveillance/national security/academic research-related news article I’ve read in a long time. Highly recommended!

Categories
Links

Canada Spies on Israel’s Enemies

Canada Spies on Israel’s Enemies:

A new report in The Intercept revealed that CSEC, Canada’s NSA, spies on Israel’s enemies. But what does that entail? And is it within CSEC’s mandate to do so?

I reached out to Chris Parsons, a prominent cybersecurity and surveillance researcher from Toronto’s Citizen Lab, to discuss CSEC’s role in Israel’s military offensives. He told me there are “at least two ways” that CSEC would be involved in helping out Israel. One of which would be to provide INSU with a tracking program, or specific databases, to help spy on targets and persons of interest, which would have been developed by CSEC. As we learned from the free airport WiFi presentation, which was more about tracking targets as they log into various WiFi access points around the world than it was about surveilling airport travelers in particular, CSEC does have these capabilities in their wheelhouse.

Parsons went on to say that CSEC could also assist Israel by “providing some sort of expertise with how to use databases that are shared out to the Israeli intelligence community.” Simply put, Canada may be giving the Israelis tech support for the spying systems we’re giving them. In terms of whether or not this kind of assistance is within CSEC’s mandate, Parsons told me: “As you’re aware, the Canadian government has identified Hamas as a terrorist organization and as such, it would make sense for CSEC to be engaged in the monitoring of their locations and their electronic systems that Hamas is believed to be using. So in that sense, it should fit within CSEC’s mandated intelligence-gathering.”

But even with Hamas on a designated terror list, the complexities surrounding our Canadian surveillance agency spying on Palestinian targets opens up major issues of privacy; specifically when you consider how a target is selected, and how sure government powers need to be before a person is added to a list of terrorists. As Parsons told me, there is the “very serious question of how exactly individuals are identified as valid targets or not… How many individuals are swept up into the monitoring?”

Categories
Aside Humour

DPI? I’m Into That

An old image (from the time of the last federal election) but certainly one that brings a smile to my face each time I see it.

Categories
Aside

What Does This Mean?

We received this from Rogers Communication recently, and were both left asking: Has Rogers opted us into the service, but we have the option to register, or have they not? And, if not, then what is the opt-out for?

Categories
Links

Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother

Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother:

Starting out in the basement of the Munk School of Global Affairs with a handful of students in the Spring of 2001, Deibert’s Citizen Lab now operates out of a third-story office on Bloor Street, on the northwest edge of the University of Toronto campus. But like the agencies its members often criticize, Citizen Lab has collaborators operating everywhere, supplying information about how state power is being exercised in cyberspace.

Deibert doesn’t mind the comparison. In fact, much of his inspiration for the Lab came from working inside the Canadian Department of Foreign Affairs in the mid-‘90s, where he studied the use of satellite reconnaissance for arms control verification. The working group he was part of conceptualized a kind of “earth monitoring system” to enforce bans on nuclear testing—a worldwide system of satellites, underwater fences, and seismic stations designed to hold entire nations to account.

Still, when it comes to what a “people’s intelligence agency” might look like, it’s hard to find a better template than the one created by Citizen Lab. And its hacker ethos is reflected in those it calls its allies.

One of the better descriptions of some of what we do, on a daily and ongoing basis, at the Citizen Lab.

Categories
Links Writing

The Little-Known Loophole Obscuring Facebook and Google’s Transparency Reports

The Little-Known Loophole Obscuring Facebook and Google’s Transparency Reports:

The number of user data requests to Internet giants from foreign governments, are being lost in a legal loophole.

For some time I’ve been asking corporate executives how they do, or don’t, account for legal requests served by Canadian authorities on American social networking companies. And the obscurity has been noted in work I’ve previously published on this topic. In an admittedly selfish way, it’s terrific to see a Canadian reporter look into this issue further only to learn that the transparency numbers provided by Google et. al. do not fully account for non-US authorities’ requests for data.

Hopefully we’ll see other journalists, in countries the US has Mutual Legal Assistance Treaties (MLATs) with, file similar requests to better break down how many requests their domestic law enforcement agencies are issuing to the American companies responsible for storing and transiting so much of our personal data. While Google and other companies should be congratulated for their work it’s apparent that corporate transparency isn’t enough: we need better government accountability and corporate transparency to properly understand how, why, and how often authorities request (and receive) access to privately held telecommunications data.

Categories
Links

Telecoms move in right direction on privacy: Editorial

Telecoms move in right direction on privacy: 

Telus and Rogers won rare pats on the back for their decision to stop routinely handing out basic customer information to police and security agencies without seeing a warrant first.

It’s important to note that, while warrants will be required for police, they won’t necessarily be required for any agencies that already enjoy statutory authority to request information from telecommunications companies. So security agencies will continue to access data, often without warrant, despite what the Star has written.