Tag: Metadata

Categories
Links Writing

Privacy and Gang Affiliations

Photo by Brent Humphreys
Photo by Brent Humphreys

From the Huffington Post:

Four speakers recounted the ways that their lives have been negatively impacted by the FBI’s designation of Juggalos as a gang.

New Mexico resident Crystal Guerrero said that she lost custody of two children because she went to one Insane Clown Posse show. Laura King of Fredericksburg, Virginia, recounted how she was permanently placed on a gang registry while she was on probation for a DUI offense because she had a tattoo of the hatchet man symbol. Jessica Bonometti was fired from her job as a probation officer in Woodbridge, Virginia, because she liked some Insane Clown Posse-related photographs on Facebook.

Fans of the Insane Clown Posse have been identified as gang members since the FBI designated them as a loosely organized hybrid gang. That designation means that routine things that fans do, such as like images of the band or wear band-related clothes, can lead to profound life consequences. It also raises questions about what kinds of information entertainment providers, like Spotify, Apple Music, and Google’s Play Store can disclose to government agencies upon request. Where those companies have information that a subscriber ‘likes’ an ICP track, would disclosing it lead to serious life impediments as individuals try to cross a border, get a government job, or work with children? What policies are in place to prevent governments from fishing for ICP fans, based on likes?

Though it might seem absurd that liking a particular song could harm your life prospects, the possibility that this could happen reveals how metadata — in this case, information of a persons preferences linked to audio or video content — can be more important than the content itself. Viewing a music video or listening to an album may not be sufficient to reveal a person’s ‘affiliations’ but the positive act of liking the video or album is enough to classify someone as a ‘member’ of the ICP ‘organization’.

What happens when someone liked a video or song or album years ago? How can an agency confirm that the person who owns the account was the person who indicated support for the content? And what recourse do people have when the actions of the far past rise up to detrimentally affect them?

While the former head of the NSA bluntly said that his agency used metadata as part of the equation to kill people abroad, less is said about how law enforcement organizations might use metadata to detrimentally impact the lives of persons living within the continental United States. It’s high time that more attention is paid to domestic authorities’ use of metadata and the domestic consequences of its analysis given how it can be used to ruin people’s life chances.

Categories
Links

Canada’™s metadata collection worries critics

…Justice Canada says the proposed legal shield against liability offers nothing new. “This protection already existed under the jurisprudence,” said spokeswoman Carole Saindon in an e-mail responding to Globe questions. She added that the “language in the bill is not a substantive change.”

Privacy advocates are not reassured by any of this.

The “unaccountability is absolutely unacceptable,” blogged Chris Parsons, a researcher for the University of Toronto Citizen Lab on Thursday. “And it’s made worse by the fact that the currently proposed lawful-access legislation, C–13, would indemnify [Internet Service Providers] for sharing even more information with state authorities while not requiring these authorities to report on how often, and to what extent, they ‘request’ such information.”

Needless to say, I fundamentally disagree with Justice Canada’s position that they sufficiently account for federal agencies’ surveillance programs. And if the liability shield that is being introduced in C-13 isn’t needed and the language not a substantive change then the government should be happy to remove it when the lawful access bill goes to committee.

Source: Canada’™s metadata collection worries critics

Categories
Quotations

Sensitive personal information revealed in smartphone metadata, study finds

The ability to draw similarly revealing information about Canadians’ lives is just as possible, said Christopher Parsons, a post-doctoral fellow specializing in privacy and surveillance issues at the Citizen Lab at Toronto’s Munk School of Global Affairs.

The debate over the secret interception of digital, transactional records from smartphones and mobile devices, including their locations, numbers called, duration and Internet sites browsed, extends beyond the claimed security intelligence needs of the CSE and the massive, bulk metadata collection practised by the NSA.

Parsons believes some Canadian telecommunications companies could use metadata to deliver advertising and sell consumer intelligence to marketers. “Canadian companies do recognize this kind of data as a place to make money,” he said. “There is clear value in it.”

Sensitive personal information revealed in smartphone metadata, study finds
Categories
Quotations

2014.3.13

The term “identifiers” is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.

The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.

James Ball and Spencer Ackerman, “NSA loophole allows warrantless search for US citizens’ emails and phone calls

Perhaps foolishly, but I find it amusing that metadata is being used to evaluate how/when other metadata identifiers were being used to track the world’s populations…

Categories
Links Quotations

2014.2.14

Christopher Parsons, a postdoctoral fellow at the Citizen Lab, told The Varsity that “Metadata at this point, is as or more invasive in its collection and analysis than the content of a communication. Any suggestion that because its metadata, it’s any less invasive, just isn’t true.”

“If you were to monitor the metadata coming out of my phone for a day, it would be a lot more revealing than any actual content. This would include things like where I was, when I made the phone calls, how long they were, who I made them to, and who those people talked to,” said Parsons. Using this information, Parsons said, intelligence agencies can determine movement patterns, browsing tendencies, shopping and lifestyle habits, all without figuring out specifically what was said in the conversation.

The Citizen Lab’s campaign for government surveillance oversight has been at the heart of the debate on consumer telecommunications and Internet privacy. Last week, they issued an open letter to several Canadian phone and Internet service providers (ISPs). The letter asked them to publicize the extent of customer information divulged to law enforcement and other intelligence agencies. When contacted by The Varsity for further comments on the Citizen Lab’s campaign, Jennifer Kett, Senior Manager at Rogers Media Relations said they were currently reviewing the request. She added: “We take the privacy and security of our customers’ personal information very seriously. We require a properly executed warrant to disclose customer information to law enforcement or any other body. If we believe that a request is overreaching we will take steps to challenge it.” Kett declined to provide further details when asked, saying that the review of the Citizen Lab’s request was pending. Bell Canada did not respond to multiple contact attempts.

Amitpal Singh, “U of T academics at forefront of online privacy battle
Categories
Links

New Snowden docs show Canadian spies tracked thousands of travelers

Christopher Parsons, a fellow at the Citizen Lab at the University of Toronto, a group that helped review the documents, added that while using corporate analytics may have been one possible attack vector, there could have been another.

“There’s a series of different kinds of identifiers—that’s not entirely clear from the documents,” he told Ars.

“It’s also theoretically possible that [CSEC] may be tapping into other identifiers. There’s going to be some global database that they’re pulling from. Whether it’s going to be cookies or another identifier. My thought would be [if not cookies] that if they’re looking for particular chat user names or e-mail that is also sent in clear or sent in clear often enough. One of [the] pieces about this [is] that it seems to indicate that it’s the act of logging on. It’s not clear that you have to make some particular action, it’s that the device[s] are likely to be sending out this kind of information upstream. It is possible that it’s your username every time you hit the mail server.”

He also noted that in Canada, the two major ISPs—Bell and Rogers—provide, by default, e-mail accounts on Microsoft and Yahoo, respectively.

So, he speculated, if CSEC was going to use such an e-mail username for instance, “that ISP is going to have a litany of personal information about a Canadian target, billing and everything else that they hold, whereas the cookie information may not provide [all that information.]”

Both Parsons and Weaver also added that the use of Tor, VPNs, and anti-tracking software (such as browser plugins like Disconnect or Ghostery) may help to somewhat thwart this type of tracking.

Source: New Snowden docs show Canadian spies tracked thousands of travelers

Categories
Quotations

2013.10.8

It is hardly surprising that supporters of bulk collection fervently believe it is critical to national security. No psychologically well-balanced person could permit herself to support a program that compromises the privacy of tens of millions of Americans, costs billions of dollars, and imposes direct and articulable harm to cyber security by undermining the security of commercial products and public standards without holding such a belief truly and honestly.

But the honest faith of insiders that their bureaucratic mission is true and critical is no substitute for credible evidence. A dozen years of experience has produced many public overstatements and much hype from insiders, but nothing to support the proposition that the program works at all, much less that its marginal contribution is significant enough to justify its enormous costs in money, freedom, and destabilization of internet security. No rational cost-benefit analysis could justify such a leap of faith.

Source: http://www.theguardian.com/commentisfree/2013/oct/08/nsa-bulk-metadata-surveillance-intelligence
Categories
Writing

A Brief Comment on ‘Metadata’

We live in environments that are pervasively penetrated by digital systems. We carry personalized tracking devices with us everywhere (i.e. mobile phones) that have increasingly sophisticated sensors embedded in them. We rely on Internet-based systems for travel, work, and play. Even our ‘landline’ communications are pervasively turned into digital code when we call a friend or family member.

Every one of the previously mentioned transactions generates ‘non-content’ data: when and who we call, and for how long; which cellular towers we pass by; what (semi-)unique IP addresses are provided to websites we visit, and so forth. These identifiers can be used to trace our movements, practices, and who we communicate with: they are often far more revealing about ourselves than the pure content of our communications.

It’s with the reality of the surveillance potentials of metadata that we need to reorient how to talk about such ‘non-content’ data. It has become depressingly common to see elected officials and other authorities state that “it’s just metadata” as well as “we only use it for appropriate purposes.”

To the first statement, metadata can reveal incredibly sensitive infomation about individuals and about their community/communities. The collection and processing of such information therefore warrants a similar degree of care and concern as the processing of clearly personal information.

To the second statement, clarity around collection and use of metadata is needed. Moreover, data cannot be massively collected and ‘appropriate purposes’ just applied to how the data is subsequently parsed. The very collection of data itself needs to be targeted, justified, and enjoy significant oversight – arguably more oversight that ‘just’ the content of communications.

In a recent paper on metadata, Ontario Information and Privacy Commissioner Ann Cavoukian wrote:

we urge governments to adopt a proactive approach to securing the rights affected by intrusive surveillance programs. To protect privacy and liberty, any power to seize communications metadata must come with strong safeguards directly embedded into programs and technologies, that are clearly expressed in the governing legal framework. The purpose, scope, and duration of data collection must be strictly controlled. More robust judicial oversight, parliamentary or congressional controls, and systems capable of providing for effective public accountability should be brought to bear. The need for operational secrecy must not stand in the way of public accountability. Our essential need for privacy and the preservation of our freedoms are at stake.[1]

Commissioner Cavoukian is decidely correct that data collection, use, and intent must be carefully controlled. However, I would go a step further than the Commissioner has in her call for additional parliamentary oversight and control. In Canada, and unlike the United States and United Kingdom, there is not a committee of parliamentarians with security clearances to oversee how our intelligence and security authorities operate. Presently, the Canadian system predominantly enjoys only Cabinet-level political oversight: we need a broader set of eyes, and eyes that are not mindful of the ruling government’s optics, to evaluate the appropriateness of what our intelligence and security services are up to. So, in excess of Commissioner Cavoukian’s comments, we actually need to modify parliament such that oversight is even possible.

Reasonable people can disagree on the value and desire for national security and foreign intelligence services. Such disagreements should happen more prominently amongst parliamentarians and the public. However, there should be no disagreement that, in order to represent the public, at least some members of our legislative assemblies must know the extent of the government’s security and intelligence powers, capabilities, and practices.

Canada is a democracy and, as such, it is imperative that we establish a committee of parliamentarians to oversee how our security and spy agencies are collecting, using, and retaining the metadata and content associated with our communications. The actions that these agencies engage in are too significant to leave to Cabinet oversight alone.

  1. Ann Cavoukian. (2013). “A Primer on Metadata: Separating Fact from Fiction.” Office of the Information and Privacy Commissioner of Ontario. Available at: http://www.privacybydesign.ca/content/uploads/2013/07/Metadata.pdf. Pp. 10. Emphasis added.  ↩
Categories
Aside Quotations

2013.6.7

Privacy advocates have long warned that allowing the government to collect and store unlimited “metadata” is a highly invasive form of surveillance of citizens’ communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication. Such metadata is what the US government has long attempted to obtain in order to discover an individual’s network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

Glenn Greenwald (via azspot)

Anyone trying to convince people “it’s only metadata” should be discounted as a fool or a government shill. Or perhaps as being both.