Tag: Media

Categories
Links

Ottawa’s ‘secret network’ in question following alleged hack

Ottawa’s ‘secret network’ in question following alleged hack:

OTTAWA — The integrity of a federal “secret network” launched last year at a cost of millions to taxpayers is in question following an alleged hack this week that resulted in highly sensitive information becoming public.

It is possible, of course, to maintain the integrity of a network regardless of the number of people authorized for access, said Christopher Parsons, a fellow with the Citizen Lab at the Munk School of Global Affairs.

It’s just difficult, he said.

“The goal with these secured networks is to keep classified material in the classified space,” Parsons said in an interview. “If that firewall is maintained between classified and unclassified material, the number of people doesn’t immediately cause a problem.”

The potential for problems arises, however, when a weak link presents itself —and the more people brought in, the higher the chance a weak link will show up, Parsons explained, speaking broadly of classification and secure-network issues.

“It’s just the fact of the matter that the more people you have on any of these networks, the higher the chance someone accidentally moves a document where they weren’t supposed to, or intentionally moves a document somewhere they weren’t supposed to, or, in a worst case scenario, there’s an insider threat,” he said.

Based on the bit of information available at this point on this week’s incident, which comes mostly from Anonymous, it’s difficult to say whether the document was made available through a leak or a hack, Parsons said before offering five hypotheses making their way around:

The first is that some individuals found a way to remove redactions on a previously released document. Secondly, it’s feasible someone within Treasury Board accidentally shared the file through a program, innocuously moving it from the classified to unclassified network. The third possibility is similar, only the move from a secure to un-secure environment was intentional.

Another option still is that an employee’s laptop or device was infected with malware.

“Or, it could be, legitimately, the individuals calling themselves Anonymous this time successfully penetrated some element of the Treasury Board’s network,” Parsons said.

“Some of the government’s Crown Jewels lie in the Treasury Board’s networks. Having unauthorized parties within them would be a serious breach of not just cyber security, but national security … If one party is doing it, there’s no reason to think another party, like a foreign government isn’t doing the same thing.”

 

Categories
Links

Pakistan Is Ordering Telecom Companies to Ban BlackBerry Encrypted Messaging

Pakistan Is Ordering Telecom Companies to Ban BlackBerry Encrypted Messaging:

The government of Pakistan is “requesting” that three telecom companies stop providing BlackBerry’s encrypted messaging services to customers, according to documents obtained by civil rights group Bytes for All Pakistan.

“This demonstrates, at a policy level, that a very large government is willing to ban communications if they can’t gain access to it,“ said Chris Parsons, a post-doctoral fellow at digital rights group Citizen Lab.”Maybe it’s just Pakistan, and nobody else will do it, but it’s certainly a strong change to, ‘If we can’t backdoor it, then we will ban it,’” he added.

 

Categories
Links

The Case for Encryption | CJFE

The Case for Encryption:

Forgive me for sounding a little paranoid, but I’ve had the rainbows ripped from my eyes. Last fall, I signed up to work on a CBC investigation into Canada’s electronic spying programs, relying on the CBC’s exclusive access to the Edward Snowden/NSA leaks. It has been shocking to learn the capabilities of our intelligence agencies. But it has also been a surprising crash course in new technology, privacy and vital questions facing the future of journalism.

But surveillance risks go beyond reporters covering foreign conflicts, terrorism or spies, notes Christopher Parsons of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, who has helped the CBC dissect the Canadian Snowden documents. “Sports reporters might be less interesting to signals intelligence organizations but might still be very interesting to other sporting organizations, criminal betting organizations and so forth.”

“Malware and spyware infect computers across Canada on a regular basis; what do you do when your work computer, holding audio or text files pursuant to a sensitive story, has been compromised?” asks Parsons. “Do you want to notify sources? Do you want to have an ‘air gapped’ computer, which is disconnected from the Internet, where you store source materials, and another computer or device for writing your stories?”

These are awkward questions. No news organization wants to publicly admit its electronic communications are vulnerable. Frankly, I’ve never had a single conversation with the CBC’s IT people about whether we’ve been hacked or compromised, let alone been told what we do specifically to protect sensitive information. And it’s vital, because so much of our email and work these days lives in the cloud.

Categories
Links

Rampant telecom surveillance conducted with little transparency, oversight

Rampant telecom surveillance conducted with little transparency, oversight:

Canadian telecommunications providers have been handing over vast amounts of customer information to law enforcement and government departments and agencies with little transparency or oversight, a new report says.

“We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly,” says the report released by Citizen Lab today that examines how Canadian telecommunications data is monitored, collected and analyzed by groups such as police, intelligence and government agencies.

The report also criticizes the government’s “irresponsibility surrounding accountability” with respect to telecommunications surveillance. It warns that that could endanger the development of Canada’s digital economy and breed cynicism among citizens.

“Access to our private communications is incredibly sensitive,” said Christopher Parsons, lead author of the study and a postdoctoral researcher at Citizen Lab, which conducts research on information technology in the context of human rights and global security.

The report, funded by the Canadian Internet Registration Authority, showed Canadians recognize this and are very concerned.

But despite that, evidence suggests governments and law enforcement have been demanding millions of subscriber records from telecom firms in recent years.

“It raises real questions about the appropriateness of the powers or perhaps the appropriateness of the mandates or aggressiveness of the agencies that currently look to keep Canadians safe,” Parsons said.

Outdated laws

He noted there’s no way to know what the requests were about, how many there were or whether any one person’s data was requested, as Canadian law doesn’t require police to record or report any of that information.

Outdated laws require government departments and agencies to report telecommunications interceptions, but not access to stored communications such as emails and text messages, nor “non-sensitive” information such as records of calls dialed and received.

The Canada Border Services Agency is one of the few government departments that tracks such requests. In 2012 and 2013, it made 18,849 requests for telecommunications information. None were interceptions, the study found.

“That really indicates that the interception reports, while they’re very rigorous, they’re such a limited data set that they really don’t explain to parliamentarians or the public the extent or kind of surveillance that are commonplace in Canada today,” Parsons said.

A Supreme Court decision last year has forced police to start getting a warrant before requesting subscriber information from telecoms. While that has slashed the number of police requests for data, Parsons warns that new legislation that is currently before the Senate could make it easy for telecom data to be shared among police and government agencies.

New bill a concern

Bill C-51 would allow, for example, the Canada Revenue Agency to request information about a telecom customer related to a tax issue, then pass it on to the CBSA, RCMP or CSIS to probe something only marginally related, Parsons said.

Meanwhile, oversight bodies such as the privacy commissioner of Canada have no way to share information with other oversight bodies, such as the Security Intelligence Review Committee, which oversees CSIS.

And while the privacy commssioner can go to court to force private companies to comply with Canadian privacy laws, it can’t do that with government departments or agencies under the Privacy Act, Parsons said.

Another concern cited in the report is that governments and telecommunications companies have spent the past decade or so negotiating behind closed doors about technology to allow interceptions and the types of interceptions that should be mandated into law.

“I think that’s incredibly inappropriate,” Parsons said. Such interceptions are “something that we just need to do in contemporary law and order environment, but doesn’t have to take place in secretive back rooms.” He believes discussions about it should involve the public.

The report offers a long list of recommendations for corporations and government as to how they can become more transparent and accountable about telecommunications surveillance.

For example, Parsons hopes that Canadian telecommunications companies, which have just started releasing transparency reports about requests for customer data, will begin to issue more standardized and detailed reports as they do in the U.S.

He added, “I think we’re absolutely behind.”

Categories
Links

Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other | VICE News

Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other:

Highly classified documents obtained by VICE News offer new insights into how Canada’s two-headed spy apparatus works to blend its intelligence, skirt court oversight of its spying powers, and intercept communications inside the country’s borders.

Christopher Parsons, postdoctoral fellow at the Munk School, says there is long-standing ambiguity over when CSE can and cannot spy on its own citizens. And it’s worrying.

“Generally, we have questions about how meaningful, or not meaningful, Mandate C actually is,” he told VICE News.

Craig Forcese, law professor at the University of Ottawa and one of Canada’s foremost experts on security policy, says Mandate C is a tunnel through the barrier stopping CSE’s from snooping on Canadians.

“If CSE is providing assistance to CSIS under Mandate C, then CSE is clothed with the same legal authority CSIS has,” Forcese says. “So it can act as CSIS’s technological appendix, including in conducting domestic surveillance.”

University of Ottawa Professor Wesley Wark, a specialist in intelligence and national security, says there is need for a review body that can actually investigate how Mandate C is used, “in a way typically that the current CSE Commissioner has not, I don’t think, very fully.”

“The Ministry returned the letter requesting further details to address concerns raised by the Minister’s Office in relation to CSIS authority to enter into subsequent arrangements without further approval from the Minister each time,” reads a summary of changes requested to the documents.

It’s unclear if the minister’s change was actually made.

“If the minister put a stop to that, he should be congratulated,” says Parsons. The simple fact that the agencies were trying to bestow themselves that power is “more than a little bit concerning,” he says.

It’s long been speculated that signals intelligence has been the basis for many warrants and criminal charges, but that the fingerprints of CSE’s involvement were scrubbed before the application to the court was made.

“There’s a real question whether it’s CSE or CSIS in the driver’s seat,” says Parsons.

 

Categories
Links

CSIS can’t keep up with ‘daily’ state-sponsored cyber attacks | Toronto Star

CSIS can’t keep up with ‘daily’ state-sponsored cyber attacks:

OTTAWA—Canada’s spies admit they can’t keep up with daily cyber attacks from state-sponsored hackers, according to an internal report obtained by the Star.

Christopher Parsons at University of Toronto’s Citizen Lab said the documents point to a larger conflict that’s largely been taking place behind the scenes — the militarization of the Internet.

“Canada is hardly alone as the target — or originator — of state-sponsored hacking,” Parsons said.

As countries, including Canada, continue to develop both offensive and defensive Internet capabilities, he said it’s become urgent to come to an international consensus of what counts as legitimate targets in the Internet age.

“The internet has become militarized behind the backs of most citizens, and I think that if we’re not going to roll back that militarization entirely … at the very least principled agreements about what are legitimate and illegitimate modes of militarization have to be established,” Parsons said.

 

Categories
Links

New Mass Surveillance Laws Come to Canada, France, and the United Kingdom, as the NSA May Have Its Wings Clipped | VICE News

New Mass Surveillance Laws Come to Canada, France, and the United Kingdom, as the NSA May Have Its Wings Clipped:

Canada’s Anti-Terrorism Act is just one step away from becoming law, with its controversial information-sharing and secret police powers still intact. France’s cyber-snooping bill is facing broad political support. And the United Kingdom’s nanny state law has been in effect for months, despite protestations of a coalition of anti-spying activists.

Christopher Parsons, postdoctoral fellow at the University of Toronto’s Citizen Lab, said that while neutering the Patriot Act might impede how Americans’ data gets scooped up, nobody should expect these changes will do much to kneecap the NSA’s mass spying regime.

“I think they can do it anyway,” Parsons told VICE News, pointing to Executive Order 12333 — the directive issued by Ronald Reagan that first permitted the NSA to spy on foreign soil.

“In an era of cloud computing, there is a strong argument to be made that even after that section of the Patriot Act goes away, where and when Americans’ data flows across international boundaries, it can be collected anyway,” he said.

And while the NSA’s ability to collect data within the United States might be “slightly diminished,” other American agencies with mandates to surveil domestic threats could simply take over.

Parsons says the emerging relationship between Washington and its Five Eyes partners – Canada, the United Kingdom, Australia and New Zealand — is evolving into something much more advanced.

“All the various signals intelligence agencies have become increasingly sophisticated in, not just their ability to collect data, but also their ability to share data with one another,” Parsons said.

 

Categories
Links

Lack of public Wi-Fi in Toronto raises privacy concerns: experts

Lack of public Wi-Fi in Toronto raises privacy concerns: experts:

The lack of public Wi-Fi in Toronto means those in need of wireless Internet must trade their privacy for connectivity, experts say.

Privacy concerns aside, Christopher Parsons with the Citizen Lab at U of T said leaving Wi-Fi in the hands of businesses limits access. While a public Wi-Fi system would be open to all, not everyone can afford the price of admission – implied or otherwise – at places like Starbucks.

“For some people, stepping in and getting a latte for five dollars is fine, but for other people that five-dollar latte is an incredible extravagance. They may not feel comfortable in that situation, or they may not feel welcome.”

Categories
Links Quotations

What’s worse than a cookie? A ‘perma-cookie’

What’s worse than a cookie? A ‘perma-cookie’:

Last fall, Verizon in the U.S. was found to be using the headers to cash in on the mobile advertising market and deliver targeted ads to customers.

It was later revealed that other advertisers, unaffiliated with Verizon’s own advertising program, were taking advantage of the headers to then track and target cellphone users for ads, even if customers had opted out.

Privacy experts also worry about the potential for governments and criminals to hijack the data.

Christopher Parsons, the managing director of a telecom transparency project run out of the Citizen Lab at the University of Toronto, says that national security services and agencies “already track Canadians, Americans and citizens of other nations using unencrypted identifying information and there’s no reason to believe they wouldn’t use perma-cookies for similar tracking purposes.”

 

Categories
Links

FBI watched as hacker dumped Bell Canada passwords online

FBI watched as hacker dumped Bell Canada passwords online:

When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

Christopher Parsons, a postdoctoral fellow who studies state access to telecommunication data at the Citizen Lab at the Munk School of Global Affairs in Toronto, said it made “good tactical sense” that the FBI used confidential informants and an undercover server to build their case.

It was the fact they did nothing to stop the crime before it occurred that makes this case unusual, Parsons said.

“In this case it sounds like the FBI had that ability, had that option to prevent these things from happening, perhaps with a weaker case, but instead they opted to endanger innocents in order to build a stronger case,” said Parsons. “The problem there is there is no indication Bell had been notified. This wasn’t dummy data that was released — this was live, real customer data.”