Tag: Canada

Categories
Links

The RCMP Is Trying to Sneak Facial and Tattoo Recognition Into Canada

The RCMP Is Trying to Sneak Facial and Tattoo Recognition Into Canada:

“That the RCMP is looking at purchasing this kind of capability is in line with what the FBI and other [law enforcement agencies] around the world are doing,” said Christopher Parsons, a postdoctoral fellow at Toronto-based surveillance research hub Citizen Lab.

A previously published RCMP document notes that all of the new system’s scanners for fingerprints and facial images “must have undergone testing by the FBI and be listed on the FBI Certified Products List.”

“However,” Parsons continued, “in all of those jurisdictions there are significant privacy concerns, concerns about the general efficacy of the technology, concerns about whether too much data is collected in the first place, and concerns linked to the risks associated with information sharing between departments.”

The FBI’s biometric database, called the Next Generation Identification (NGI), has been widely criticized by civil rights groups such as the Electronic Frontier Foundation and the American Civil Liberties Union due to the potential for abuse by officers. As numerous incidents in the UK and US have shown, police are sometimes unable to resist the urge to dip into a database of personal information to settle their own very personal scores.

There may be an additional privacy risk in Canada, Parsons wrote, thanks to recent legislation that made it even easier for federal agencies to share information. A January 2016 email sent to S/Sgt. Michael Leben, manager of RCMP latent fingerprint operations in Ottawa, states that the force’s new AFIS system is part of a joint venture with Canada Border Services Agency to identify people entering Canada.

The RCMP has a bid out where companies would have to be able to add-on facial recognition capabilities to the primary fingerprint-biometric system. And the RCMP currently lacks the authority to engage in such facial and bodily recognition. But that’s not stopping it from planning for the future…

Categories
Aside Links

Canada has a rape kit problem | VICE News

This piece is excellent if incredibly depressing: for funding reasons (or, more cynically, failure of predominant male politicians to raise this issue on the political agenda…) women who are assaulted are often unable to access rape kits. These kits are used to collect evidence for potential criminal investigations pertaining to the assault.

But the end of the (very long, and detailed) article ends with an important reminder for readers who have gotten to the end:

Rape kits, ultimately, are only a small piece of a bigger problem with the justice system, says Hilla Kerner, a front-line worker at Vancouver’s Rape Relief Shelter.

She said rape kits are only helpful in cases that the attacker denies any sexual contact and DNA evidence can contradict that claim. It’s rare that this is a line of defense, she said—but when it is, the evidence gathered with a rape kit is vital.

Basically, if the accused’s DNA is found on the complainant’s body, it removes the line of defence of: ‘I don’t know her, I’ve never seen her before.’

“We shouldn’t fool ourselves that a rape kit is the solution to getting more cases through the criminal justice system,” Kerner said. “There is a need for urgent reform in the criminal justice system, and rape kits are just one element of the whole transformation that needs to happen.”

In other words, though we need to improve access to forensic services, we shouldn’t imagine that such access alone will alleviate the incredibly hostile approach the criminal justic system takes towards the victims of rape and sexual assault.

Categories
Links

An Internet Censorship Company Tried to Sue the Researchers Who Exposed Them

An Internet Censorship Company Tried to Sue the Researchers Who Exposed Them:

Netsweeper is a small Canadian company with a disarmingly boring name and an office nestled among the squat buildings of Waterloo, Ontario. But its services—namely, online censorship—are offered in countries as far-flung as Bahrain and Yemen.

In 2015, University of Toronto-based research hub Citizen Lab reported that Netsweeper was providing Yemeni rebels with censorship technology. In response, Citizen Lab director Ron Deibert revealed in a blog post on Tuesday, Netsweeper sued the university and Deibert for defamation. Netsweeper discontinued its lawsuit in its entirety in April.

 

Categories
Links

Document reveals hidden squabble between spies and diplomats

Following the passage of Canada’s Bill C-51 which, amongst other things, was intended to heighten information sharing amongst federal agencies, CSIS apparently expected to receive more information from Canadian diplomats abroad. Government Affairs Canada (GAC), however, has largely refused to share information with the security intelligence on grounds that CSIS’ actions could lead to the abuse of Canadians or those with whom Canada has a significant relationship. Moreover, the current Liberal government’s assertions it will be modifying C-51 has meant that GAC is unwilling to significantly share information until further clarity is provided with regards to the legislation.

Articles like this are helpful in reminding people that government is composed of competing institutions. And these institutions tend to focus on their own interests, first, which can promote significant conflict between the different parts of government. The reporting also showcases that even after bad legislation is passed that there are a host of ways in which authorizing legislation may be stopped or inhibited.

Categories
Links

Feds considering warrantless access to internet subscriber info: police chiefs

Feds considering warrantless access to internet subscriber info: police chiefs:

OTTAWA – A new administrative scheme that would allow police to obtain basic information about Internet subscribers without a warrant is one option being considered by federal officials following a landmark Supreme Court ruling that curbed access to such data, Canadian police chiefs say.

A researcher who has long pressed for more transparency around police access to subscriber data said Monday that law-enforcement agencies have yet to make the case for warrantless access – especially since companies can make information available quickly in a genuine emergency.

“We’re not at a point where it’s clear the police have a legitimate concern,” said Christopher Parsons, a postdoctoral fellow with the Citizen Lab at Toronto’s Munk School of Global Affairs.

In June last year, the Supreme Court ruled police need judicial authorization to obtain subscriber data linked to online activities. The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.

The court judgment came amid swelling public concern about authorities quietly gaining access to customer information with little evident scrutiny or oversight.

Parsons wants police to release more statistical information about their requests. “They actually have to make the argument with data, so we can have an evidence-based policy discussion.”

He would also like to see civil society groups and others included in the discussions about possible legislative change.

 

Categories
Links

Ottawa’s ‘secret network’ in question following alleged hack

Ottawa’s ‘secret network’ in question following alleged hack:

OTTAWA — The integrity of a federal “secret network” launched last year at a cost of millions to taxpayers is in question following an alleged hack this week that resulted in highly sensitive information becoming public.

It is possible, of course, to maintain the integrity of a network regardless of the number of people authorized for access, said Christopher Parsons, a fellow with the Citizen Lab at the Munk School of Global Affairs.

It’s just difficult, he said.

“The goal with these secured networks is to keep classified material in the classified space,” Parsons said in an interview. “If that firewall is maintained between classified and unclassified material, the number of people doesn’t immediately cause a problem.”

The potential for problems arises, however, when a weak link presents itself —and the more people brought in, the higher the chance a weak link will show up, Parsons explained, speaking broadly of classification and secure-network issues.

“It’s just the fact of the matter that the more people you have on any of these networks, the higher the chance someone accidentally moves a document where they weren’t supposed to, or intentionally moves a document somewhere they weren’t supposed to, or, in a worst case scenario, there’s an insider threat,” he said.

Based on the bit of information available at this point on this week’s incident, which comes mostly from Anonymous, it’s difficult to say whether the document was made available through a leak or a hack, Parsons said before offering five hypotheses making their way around:

The first is that some individuals found a way to remove redactions on a previously released document. Secondly, it’s feasible someone within Treasury Board accidentally shared the file through a program, innocuously moving it from the classified to unclassified network. The third possibility is similar, only the move from a secure to un-secure environment was intentional.

Another option still is that an employee’s laptop or device was infected with malware.

“Or, it could be, legitimately, the individuals calling themselves Anonymous this time successfully penetrated some element of the Treasury Board’s network,” Parsons said.

“Some of the government’s Crown Jewels lie in the Treasury Board’s networks. Having unauthorized parties within them would be a serious breach of not just cyber security, but national security … If one party is doing it, there’s no reason to think another party, like a foreign government isn’t doing the same thing.”

 

Categories
Links

The Case for Encryption | CJFE

The Case for Encryption:

Forgive me for sounding a little paranoid, but I’ve had the rainbows ripped from my eyes. Last fall, I signed up to work on a CBC investigation into Canada’s electronic spying programs, relying on the CBC’s exclusive access to the Edward Snowden/NSA leaks. It has been shocking to learn the capabilities of our intelligence agencies. But it has also been a surprising crash course in new technology, privacy and vital questions facing the future of journalism.

But surveillance risks go beyond reporters covering foreign conflicts, terrorism or spies, notes Christopher Parsons of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, who has helped the CBC dissect the Canadian Snowden documents. “Sports reporters might be less interesting to signals intelligence organizations but might still be very interesting to other sporting organizations, criminal betting organizations and so forth.”

“Malware and spyware infect computers across Canada on a regular basis; what do you do when your work computer, holding audio or text files pursuant to a sensitive story, has been compromised?” asks Parsons. “Do you want to notify sources? Do you want to have an ‘air gapped’ computer, which is disconnected from the Internet, where you store source materials, and another computer or device for writing your stories?”

These are awkward questions. No news organization wants to publicly admit its electronic communications are vulnerable. Frankly, I’ve never had a single conversation with the CBC’s IT people about whether we’ve been hacked or compromised, let alone been told what we do specifically to protect sensitive information. And it’s vital, because so much of our email and work these days lives in the cloud.

Categories
Links

Rampant telecom surveillance conducted with little transparency, oversight

Rampant telecom surveillance conducted with little transparency, oversight:

Canadian telecommunications providers have been handing over vast amounts of customer information to law enforcement and government departments and agencies with little transparency or oversight, a new report says.

“We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly,” says the report released by Citizen Lab today that examines how Canadian telecommunications data is monitored, collected and analyzed by groups such as police, intelligence and government agencies.

The report also criticizes the government’s “irresponsibility surrounding accountability” with respect to telecommunications surveillance. It warns that that could endanger the development of Canada’s digital economy and breed cynicism among citizens.

“Access to our private communications is incredibly sensitive,” said Christopher Parsons, lead author of the study and a postdoctoral researcher at Citizen Lab, which conducts research on information technology in the context of human rights and global security.

The report, funded by the Canadian Internet Registration Authority, showed Canadians recognize this and are very concerned.

But despite that, evidence suggests governments and law enforcement have been demanding millions of subscriber records from telecom firms in recent years.

“It raises real questions about the appropriateness of the powers or perhaps the appropriateness of the mandates or aggressiveness of the agencies that currently look to keep Canadians safe,” Parsons said.

Outdated laws

He noted there’s no way to know what the requests were about, how many there were or whether any one person’s data was requested, as Canadian law doesn’t require police to record or report any of that information.

Outdated laws require government departments and agencies to report telecommunications interceptions, but not access to stored communications such as emails and text messages, nor “non-sensitive” information such as records of calls dialed and received.

The Canada Border Services Agency is one of the few government departments that tracks such requests. In 2012 and 2013, it made 18,849 requests for telecommunications information. None were interceptions, the study found.

“That really indicates that the interception reports, while they’re very rigorous, they’re such a limited data set that they really don’t explain to parliamentarians or the public the extent or kind of surveillance that are commonplace in Canada today,” Parsons said.

A Supreme Court decision last year has forced police to start getting a warrant before requesting subscriber information from telecoms. While that has slashed the number of police requests for data, Parsons warns that new legislation that is currently before the Senate could make it easy for telecom data to be shared among police and government agencies.

New bill a concern

Bill C-51 would allow, for example, the Canada Revenue Agency to request information about a telecom customer related to a tax issue, then pass it on to the CBSA, RCMP or CSIS to probe something only marginally related, Parsons said.

Meanwhile, oversight bodies such as the privacy commissioner of Canada have no way to share information with other oversight bodies, such as the Security Intelligence Review Committee, which oversees CSIS.

And while the privacy commssioner can go to court to force private companies to comply with Canadian privacy laws, it can’t do that with government departments or agencies under the Privacy Act, Parsons said.

Another concern cited in the report is that governments and telecommunications companies have spent the past decade or so negotiating behind closed doors about technology to allow interceptions and the types of interceptions that should be mandated into law.

“I think that’s incredibly inappropriate,” Parsons said. Such interceptions are “something that we just need to do in contemporary law and order environment, but doesn’t have to take place in secretive back rooms.” He believes discussions about it should involve the public.

The report offers a long list of recommendations for corporations and government as to how they can become more transparent and accountable about telecommunications surveillance.

For example, Parsons hopes that Canadian telecommunications companies, which have just started releasing transparency reports about requests for customer data, will begin to issue more standardized and detailed reports as they do in the U.S.

He added, “I think we’re absolutely behind.”

Categories
Links

Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other | VICE News

Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other:

Highly classified documents obtained by VICE News offer new insights into how Canada’s two-headed spy apparatus works to blend its intelligence, skirt court oversight of its spying powers, and intercept communications inside the country’s borders.

Christopher Parsons, postdoctoral fellow at the Munk School, says there is long-standing ambiguity over when CSE can and cannot spy on its own citizens. And it’s worrying.

“Generally, we have questions about how meaningful, or not meaningful, Mandate C actually is,” he told VICE News.

Craig Forcese, law professor at the University of Ottawa and one of Canada’s foremost experts on security policy, says Mandate C is a tunnel through the barrier stopping CSE’s from snooping on Canadians.

“If CSE is providing assistance to CSIS under Mandate C, then CSE is clothed with the same legal authority CSIS has,” Forcese says. “So it can act as CSIS’s technological appendix, including in conducting domestic surveillance.”

University of Ottawa Professor Wesley Wark, a specialist in intelligence and national security, says there is need for a review body that can actually investigate how Mandate C is used, “in a way typically that the current CSE Commissioner has not, I don’t think, very fully.”

“The Ministry returned the letter requesting further details to address concerns raised by the Minister’s Office in relation to CSIS authority to enter into subsequent arrangements without further approval from the Minister each time,” reads a summary of changes requested to the documents.

It’s unclear if the minister’s change was actually made.

“If the minister put a stop to that, he should be congratulated,” says Parsons. The simple fact that the agencies were trying to bestow themselves that power is “more than a little bit concerning,” he says.

It’s long been speculated that signals intelligence has been the basis for many warrants and criminal charges, but that the fingerprints of CSE’s involvement were scrubbed before the application to the court was made.

“There’s a real question whether it’s CSE or CSIS in the driver’s seat,” says Parsons.

 

Categories
Links

CSIS can’t keep up with ‘daily’ state-sponsored cyber attacks | Toronto Star

CSIS can’t keep up with ‘daily’ state-sponsored cyber attacks:

OTTAWA—Canada’s spies admit they can’t keep up with daily cyber attacks from state-sponsored hackers, according to an internal report obtained by the Star.

Christopher Parsons at University of Toronto’s Citizen Lab said the documents point to a larger conflict that’s largely been taking place behind the scenes — the militarization of the Internet.

“Canada is hardly alone as the target — or originator — of state-sponsored hacking,” Parsons said.

As countries, including Canada, continue to develop both offensive and defensive Internet capabilities, he said it’s become urgent to come to an international consensus of what counts as legitimate targets in the Internet age.

“The internet has become militarized behind the backs of most citizens, and I think that if we’re not going to roll back that militarization entirely … at the very least principled agreements about what are legitimate and illegitimate modes of militarization have to be established,” Parsons said.