Link

Le Canada scrute environ 400 000 courriels des Canadiens chaque jour

Le Canada scrute environ 400 000 courriels des Canadiens chaque jour:

Chris Parsons, un expert de la sécurité sur Internet basé à Toronto affirme qu’il y a des raisons légitimes pour l’Agence de surveiller les communications des Canadiens avec leur gouvernement.

« Mais vous devriez être en mesure de communiquer avec votre gouvernement sans la crainte que ce que vous dites… pourrait revenir vous hanter de manière inattendue », dit Parsons.

« Lorsque nous recueillons des volumes énormes d’information, ce n’est pas seulement utilisé pour suivre les méchants. Cela se retrouve dans des banques de données pendant des années ou des mois à la fois et cela peut être utilisé à n’importe quel moment dans l’avenir « .

 

Link

Canadian Spies Collect Domestic Emails in Secret Security Sweep

Canadian Spies Collect Domestic Emails in Secret Security Sweep:

Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.”

Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.”

In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.”

First time (I think…) that I’ve been quoted in The Intercept.

Link

CSE monitors millions of Canadian emails to government

CSE monitors millions of Canadian emails to government:

The program to protect government servers from hackers, criminals and enemy states is raising questions about the breadth of the collection, the length of retention and how the information could be shared with police and spy partners in other countries.

Chris Parsons, an internet security expert who viewed the document, said there are legitimate purposes for the agency to monitor your communications with the government.

“But you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways,” says Parsons, a postdoctoral fellow at Citizen Lab, a unit at the University of Toronto’s Munk School of Global Affairs.

“When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.”

Link

How Canadian Spies Infiltrated the Internet’s Core to Watch What You Do Online

How Canadian Spies Infiltrated the Internet’s Core to Watch What You Do Online:

While the locations of EONBLUE sites are not disclosed in the documents, one slide makes reference to the internet’s “core” and describes EONBLUE’s ability to “scale to backbone internet speeds”—implying possible access to telecom operators, data centers, undersea cables and other infrastructure providers worldwide.

Such access would mean that much, if not all of the data, travelling through a location tapped by CSE could be subject to surveillance. Though the agency maintains it cannot legally track Canadians at home or abroad it is hard to fathom how such data could be exempt.

As of November 2010, when the document was dated, EONBLUE had already been under development for ove> r eight years. However, it isn’t clear from the slides for how long EONBLUE has been used, or whether it is still in use today.

“We haven’t seen very much to date that hasn’t been suspected or known about, but it’s the scale and breadth of this activity that is so staggering on a daily basis,” said Christopher Parsons, a postdoctoral fellow at the ​Citizen Lab, an interdisciplinary research group that studies global surveillance issues at the University of Toronto’s Munk School of Global Affairs.

“It’s designed for mass tracking, mass surveillance, on a global level,” Parsons said. ​

 

Link

Mass surveillance program defended by Conservatives

Mass surveillance program defended by Conservatives:

There is nothing in the documents that indicate CSE is intentionally targeting Canadian citizens. But Christopher Parsons, with Citizens’ Lab, said the sheer size of the program makes it unlikely Canadians’ data weren’t caught in the drag net.

“The scope at which they are processing data means it is highly likely that Canadian information is — they would use the term ‘incidentally’ — being collected,” Parsons said.

 

Link

Canada Agency Monitors File-Sharing, Reports Say

Canada Agency Monitors File-Sharing, Reports Say :

Some Internet privacy experts said they were concerned that the program captures and examines a vast amount of online activity that had no connection to terrorism or extremists.

“It means that these agencies have an immense amount of information,” said Christopher Parsons, an electronic surveillance researcher at Citizen Lab, part of the University of Toronto’s Munk School of Global Affairs. “That raises the prospect that at some point laws could be changed to make it available to other branches of the government.”

The program also suggests that Canada plays a larger role in electronic surveillance than previously thought, he added.

NOTE: This also ran in the print version of the New York Times for January 29, 2015, on page A13, with the headline: Canada Agency Monitors File-Sharing, Reports Say

Link

Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show

Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show:

Where is all this data coming from?

Rather than monitor each file sharing company individually, the documents hint at a “special source” known only by the codename ATOMIC BANJO, which is responsible for the collection of “HTTP metadata” from 102 known file sharing sites (Sendspace, Rapidshare, and the now-defunct Megaupload are the only three identified by name).

“‘Special Source’ typically refers to access to corporate data stores, or corporate data flows, so ISPs or data centers or something like that. Trans-atlantic cables,” said Christopher Parsons, a postdoctoral fellow at the Citizen Lab, which studies surveillance and other digital policy issues within the University of Toronto’s Munk School of Global Affairs. “Access is predicated on either contractual term or a monetary payment or something of that nature. Which is to say that someone or some individuals within the special source organizations are aware of what’s going on.”

As for CSE, a document released by Ge​rman newspaper Der Spiegel earlier this month describes a “cyber threat detection platform” called EONBLUE. According to the document, EONBLUE had been under development for over eight years as of November 2010—the date the document was published—and is made up of over 200 sensors deployed across the globe using “collection programs including S​PECIALSOURCE.”

What makes EONBLUE significant, said Parsons, is that we now know “Canada has sites around the world. And based on previous documents around special source operations, we quite often see large volumes of data being accessed. So it’s possible that EONBLUE is similarly used to access large quantities of data.”

One of EONBLUE’s capabilities is the collection of metadata. It is not clear whether the metadata collected from ATOMIC BANJO is related to the metadata produced by EONBLUE.

“It’s certainly possible, but there’s no definitive evidence, that would indicate a direct correlation,” Parsons said.