Tag: Canada

Categories
Writing

How Not To Defend Your Signals Intelligence Agency

Many Canadians, at this point, will have heard that our foreign signals intelligence agency has reportedly been spying in Brasil. Specifically, the Communications Security Establishment Canada (CSEC) has been accused of using “email and phone metadata to map internal communications within Brazil’s Mines and Energy Ministry through a software program called Olympia.” This has created quite a stir and forced the federal government of Canada to defend itself, and CSEC’s actions.

However, at a technology conference the head of CSEC tried to pacify Canadians by stating that there was already appropriate oversight of the agency’s actions. Referring to the independent commissioner overseeing CSEC, John Foster said, the commissioner “and his office have full access to every record, every system and every staff member to ensure that we follow Canadian laws and respect Canadians’ privacy.”

Foster is playing a game with Canadians. And it’s not a very good one. Given the CSEC reputedly engages in more ‘transactions’ each day than all of the banks in Canada combined, and given the relative size of the commissioner’s staff (usually a dozen or less) compared to CSEC’s staff (roughly 2,000), and the blurriness of the law guiding CSEC’s actions, I really can’t imagine how Canadians could possibly be reassured from Foster’s statements. No, what is clear is that rather than wanting to have a meaningful discussion – perhaps acknowledging deficiencies in oversight, the need to mediate CSEC’s actions so they align with Canada’s foreign policy positions, or something along those lines – he has purely said that Canadians should be satisfied with how things are today.

If Mr. Foster wants to be taken seriously then perhaps as a first, very small, bit of ‘goodwill’ he will disclose how exactly CSEC respects Canadians’ privacy: information on how this is ensured was redacted in documents from CSEC (see page 23). Providing the plaintext would be one first, good, step towards actually – instead of rhetorically – assuaging concerns Canadians might have over how signals intelligence is conducted in Canada.

Categories
Links Quotations

Mr. Cope, I am Canadian. Like virtually every other Canadian I know, I rely on my mobile phone in my personal life and for my livelihood on a daily basis. The “critical situation” I face comes every month, when I open my wireless bill wondering whether I’ll be able to afford to pay it. Your company, along with Canada’s other major wireless providers, have had 30 years to address this situation. But you’ve failed. Posting huge profits and paying dividends year after year might satisfy your shareholders, but individual Canadians and their families are being hung out to dry. It’s time for a change. Faced with a choice between an American company fighting to gain a foothold in a hostile market or a Canadian one who takes my hard earned money for granted, I’ll pick the lesser of two evils. And if you don’t know which that is by now, I’ll happily send you a copy of my monthly phone bill.

Ben’s letter is awesome. You should really go read all of it.
Categories
Links

How Stephen Harper is rewriting history

Starting with a $25-million museum overhaul, the Conservatives want to change the way Canadians perceive their past

A good article on the relationship between changing what and how museums present as Canadian history, and contemporary Canadian identity.

Categories
Writing

A Brief Comment on ‘Metadata’

We live in environments that are pervasively penetrated by digital systems. We carry personalized tracking devices with us everywhere (i.e. mobile phones) that have increasingly sophisticated sensors embedded in them. We rely on Internet-based systems for travel, work, and play. Even our ‘landline’ communications are pervasively turned into digital code when we call a friend or family member.

Every one of the previously mentioned transactions generates ‘non-content’ data: when and who we call, and for how long; which cellular towers we pass by; what (semi-)unique IP addresses are provided to websites we visit, and so forth. These identifiers can be used to trace our movements, practices, and who we communicate with: they are often far more revealing about ourselves than the pure content of our communications.

It’s with the reality of the surveillance potentials of metadata that we need to reorient how to talk about such ‘non-content’ data. It has become depressingly common to see elected officials and other authorities state that “it’s just metadata” as well as “we only use it for appropriate purposes.”

To the first statement, metadata can reveal incredibly sensitive infomation about individuals and about their community/communities. The collection and processing of such information therefore warrants a similar degree of care and concern as the processing of clearly personal information.

To the second statement, clarity around collection and use of metadata is needed. Moreover, data cannot be massively collected and ‘appropriate purposes’ just applied to how the data is subsequently parsed. The very collection of data itself needs to be targeted, justified, and enjoy significant oversight – arguably more oversight that ‘just’ the content of communications.

In a recent paper on metadata, Ontario Information and Privacy Commissioner Ann Cavoukian wrote:

we urge governments to adopt a proactive approach to securing the rights affected by intrusive surveillance programs. To protect privacy and liberty, any power to seize communications metadata must come with strong safeguards directly embedded into programs and technologies, that are clearly expressed in the governing legal framework. The purpose, scope, and duration of data collection must be strictly controlled. More robust judicial oversight, parliamentary or congressional controls, and systems capable of providing for effective public accountability should be brought to bear. The need for operational secrecy must not stand in the way of public accountability. Our essential need for privacy and the preservation of our freedoms are at stake.[1]

Commissioner Cavoukian is decidely correct that data collection, use, and intent must be carefully controlled. However, I would go a step further than the Commissioner has in her call for additional parliamentary oversight and control. In Canada, and unlike the United States and United Kingdom, there is not a committee of parliamentarians with security clearances to oversee how our intelligence and security authorities operate. Presently, the Canadian system predominantly enjoys only Cabinet-level political oversight: we need a broader set of eyes, and eyes that are not mindful of the ruling government’s optics, to evaluate the appropriateness of what our intelligence and security services are up to. So, in excess of Commissioner Cavoukian’s comments, we actually need to modify parliament such that oversight is even possible.

Reasonable people can disagree on the value and desire for national security and foreign intelligence services. Such disagreements should happen more prominently amongst parliamentarians and the public. However, there should be no disagreement that, in order to represent the public, at least some members of our legislative assemblies must know the extent of the government’s security and intelligence powers, capabilities, and practices.

Canada is a democracy and, as such, it is imperative that we establish a committee of parliamentarians to oversee how our security and spy agencies are collecting, using, and retaining the metadata and content associated with our communications. The actions that these agencies engage in are too significant to leave to Cabinet oversight alone.

  1. Ann Cavoukian. (2013). “A Primer on Metadata: Separating Fact from Fiction.” Office of the Information and Privacy Commissioner of Ontario. Available at: http://www.privacybydesign.ca/content/uploads/2013/07/Metadata.pdf. Pp. 10. Emphasis added.  ↩
Categories
Links Writing

Drawing Comparative Inferences from Canadian and American Network Investment

Peter Nowak recently had a good post concerning the nature of mobile pricing in Canada. You really should go read it all. However, there was one key piece that he noted, towards the end, that deserves to be highlighted. Specifically:

It was only a few short years ago when Bell and Telus were getting pummeled by Rogers, thanks to that company’s chosen technology. Rogers, like most of the carriers in the world, went with GSM network technology while Bell and Telus opted for CDMA instead. Without getting technical, GSM won, and Apple put the exclamation point on the battle in 2007 in the form of the iPhone. Unable to offer the latest and greatest devices, including that quintessential and hotly desired device, Bell and Telus moved quickly to upgrade to the next greatest and latest 4G technology. Rogers followed suit. The same is happening in the United States, with Sprint and Verizon – both former CDMA users – both spending heavily on LTE.

Network investment in both Canada and the United States does not reflect the competitiveness of either market, but rather phone makers’ decisions on technologies. Carriers are simply being pulled along for the ride.

One thing I may indeed have been wrong about in the past is how high prices were mainly the result of the lack of foreign competition in Canada, which wasn’t legally allowed until last year. The poor technological choices made by a number of carriers can’t be discounted as a factor. The industry is now waving the billions they’re having to spend to correct those mistakes in the faces of consumers and government, with prices – be they as they are – the necessary rationalization.

A key aspect of Nowak’s argument towards the end is that network investment was driven not so much by carrier-driven decisions but by the decision of a device manufacturer: Apple. I’d not really considered how Apple’s decision to ‘cut out’ a group of telecom companies from offering the iPhone could have been/was significantly responsible for massive re-engineering and investment in compatible networking technologies (i.e. GSM). Obviously such changes to the network infrastructure came at a significant fiscal cost.

It would be interesting to take Nowak’s point and then build on it to better understand how Canadian three year contracts might have alleviated the ‘hurt’ experienced by Canadian mobile providers. Specifically, we could ask the following:

  • what was the churn that Bell and TELUS experienced as a result of not being able to provide the iPhone?
  • was churn in Canada comparable to the CDMA providers in the United States?

Based around these questions we could establish a working hypothesis that churn was lower in Canada than the US. If this hypothesis bore out when tested we could try to ascertain why it bore out:

  • were Canadians happier with Bell and TELUS than their American counterparts?
  • were Canadians unable to choose their preferred economic options at a rate comparable to American customers because of the longer contracts associated with the Canadian carriers?
  • Other?

In effect the bad bets of American and Canadian carriers on CDMA offers an interesting comparative case from which we can draw inferences about the effects of the much-loathed three year cellular phone contracts in Canada. It would be awesome to see the numbers crunched to evaluate the effects of those contracts, especially before and after Bell/TELUS look launched their HSPA+ network(s). From there, I’m sure some interesting thoughts on the CRTC’s wireless code of conduct (which includes effectively mandating two year contracts) could follow: if a device as disruptive as the iPhone appears on the market, what would it do to the Canadian telecommunications market?

Categories
Links Writing

How to Dispel the Confusion Around iMessage Security | Technology, Thoughts & Trinkets

There’s a lot of confusion about the actual versus rhetorical security integrated with Apple’s iMessage product. I’ve tried to suggest, in the linked article, how Canadians can use our federal privacy laws to figure out whether Apple is, or the company’s critics are, right about the company’s security posture.

Categories
Quotations

2013.7.9

Canadian carriers detect over 125 million attacks per hour on Canadians, comprising 80,000 new zero-day exploits identified every day. The vast majority of attacks are undetectable by traditional security software/hardware.

From “The Canadian Cyber Security Situation in 2011
Categories
Quotations

2013.7.8

This week, court documents filed by the RCMP pertaining to their investigation of Mr. Duffy were disclosed. They show that the Conservative Party of Canada was initially prepared to use taxpayer-subsidized party funds to repay the debt that Mr. Duffy owed because of improperly claimed Senate expenses. It balked, however, when it learned that the amount was $90,000, not $32,000.

The Conservative government of Canada: tough on crime over $32,000; anything above $32,000, you’re on your own – or not, since the documents confirm that Stephen Harper’s then-chief of staff, Nigel Wright, did, as reported, step in and give Mr. Duffy a personal cheque for $90,000.

Tabitha Southey, “Duffy the empire slayer: How the PMO created a big, big problem”
Categories
Quotations

2013.7.7

An Ipsos Reid survey on federal politics, released on Wednesday, titled At the Midpoint, shows the public’s ambivalence. Among the more curious findings is one that suggests that Canadians believe that there is an inverse proportion between competence and honesty. Of the three major parties, the Conservatives are held to be the most competent and the least honest; with the NDP, it is the other way around. As usual the Liberals are somewhere in-between. On the face of it, greater competence is likely to attract the voters, but if the Conservatives drift on in their current direction, a desire for a change may yet prevail.

Editorial, “The Tory turning-point ahead of the next election
Categories
Links

Brent Rathgeber Quits Tory Caucus Over ‘Lack Of Commitment To Transparency’

Wow. The Tories better hope that this is really the extent to the rebellion (i.e. backbenchers’ awareness of how their power has been given away to the whip) and not the beginning of real caucuses that are willing to oppose the government.