Tag: SIGINT

Categories
Aside Links

Covernames Versus Code / Strategy Versus Tactics

From the New York Times:

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

While the revelation of code facilitates a more immediate kind of repurposing and attack, I think that the Shadow Brokers have tended to reveal tactical information versus the strategic information released by Snowden. Few have done the requisite work to actually pull together the comprehensive narratives that emerge in the Snowden documents and, instead, have focused on specific programs or tools. Those few of us who have comprehensively analyzed his documents, however, now possess insights into strategic thinking, decision making, and resource allocation of the Five Eyes intelligence agencies. The long term value of such information is just as, if not more, valuable than code drops.

Categories
Links Writing

Why We Need to Reevaluate How We Share Intelligence Data With Allies

Last week, Canadians learned that their foreign signals intelligence agency, the Communications Security Establishment (CSE), had improperly shared information with their American, Australian, British, and New Zealand counterparts (collectively referred to as the “Five Eyes”). The exposure was unintentional: Techniques that CSE had developed to de-identify metadata with Canadians’ personal information failed to keep Canadians anonymous when juxtaposed with allies’ re-identification capabilities. Canadians recognize the hazards of such exposures given that lax information-sharing protocols with US agencies which previously contributed to the mistaken rendition and subsequent torture of a Canadian citizen in 2002. 

Tamir Israel (of CIPPIC) and I wrote and article for Just Security following these revelations. We focused on the organization’s efforts, and failure, to suppress Canadians’ identity information that is collected as part of CSE’s ongoing intelligence activities and the broader implications of erroneous information sharing. Specifically, we focus on how such sharing can have dire life consequences for those who are inappropriately targeted as a result by Western allies and how such sharing has led to the torture of a Canadian citizen. We conclude by arguing that the collection and sharing of such information raises questions regarding the ongoing viability of the agency’s old-fashioned mandates that bifurcate Canadian and non-Canadian persons’ data in light of the integrated nature of contemporary communications systems and data exchanges with foreign partners.

Read the Article

Categories
Links Writing

Marking 70 years of eavesdropping in Canada

Bill Robinson at Open Canada:

Another new factor is the presence of Canadians in CSE’s hunting grounds. CSE was unable to assist during the FLQ crisis in 1970—it had no capability to monitor Canadians. In the post-2001 era, that is no longer true: the Internet traffic of Canadians mixes with that of everybody else, and CSE encounters it even when it is trying not to. When operating under judicial warrants obtained by CSIS or the RCMP, it deliberately goes after Canadian communications. CSE also passes on information about Canadians collected by its Five Eyes partners.

A special watchdog—the CSE Commissioner—was established in 1996 to monitor the legality of CSE’s activities. Over the years, Commissioners have often reported weaknesses in the measures the agency takes to protect Canadian privacy, but only once, last year, has a Commissioner declared CSE in non-compliance with the law.

Whether CSE’s watchdog is an adequate safeguard for the privacy of Canadians is a matter of continuing debate. One thing, however, is clear: As CSE enters its 71st year, the days when its gaze faced exclusively outward are gone for good.

Bill Robinson has done a terrific job providing a historical overview of Canada’s equivalent of the National Security Agency (NSA). His knowledge of the Communications Security Establishment (CSE) is immense.

Canadians now live in a country wherein this secretive institution, the CSE, is capable of massively monitoring our domestic as well as foreign communications. And, in fact, a constitutional challenge is before the courts that is intended to restrain CSE’s domestic surveillance. But before that case is decided CSE will analyze, share, and act on our domestic communications infrastructure without genuine public accountability. As an intelligence, as opposed to policing, organization its methods, techniques, and activities are almost entirely hidden from the public and its political representatives, as well as from most of Canada’s legal profession. A democracy can easily wilt when basic freedoms of speech and association are infringed upon and, in the case of CSE, such freedoms might be impacted without the speakers or those engaging with one another online ever realizing that their basic rights were being inhibited. Such possibilities raise existential threats to democratic governance and need to be alleviated as much as possible if our democracy is to be maintained, fostered, and enhanced.

Categories
Links

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Partnership between NSA and telecoms pose both security and privacy risk, experts say:

Speculation remains as to whether the programs still exist, but as Cohn said: “The story that [these documents] tell is [the NSA is] just grabbing more, and more, and more, and more. Nothing in this six-year span is of them getting anything less. [So our] best guess is that trajectory continued.”

Christopher Parsons, postdoctoral fellow, Citizen Lab at the Munk School of Global Affairs, seconded Cohn’s thoughts and expressed surprise that no documents have indicated any change in programs.

Even if Americans aren’t exactly concerned about their data, per se, Parsons reminded that beyond losing its citizens’ trust, the U.S. government loses diplomatic credibility through these leaked documents. The government can’t argue for a free and open internet if it monitors foreigners and its own citizens, he said.

“If you use the internet, and the data goes through the U.S., the government is spying on it,” he said.

Categories
Links

New Mass Surveillance Laws Come to Canada, France, and the United Kingdom, as the NSA May Have Its Wings Clipped | VICE News

New Mass Surveillance Laws Come to Canada, France, and the United Kingdom, as the NSA May Have Its Wings Clipped:

Canada’s Anti-Terrorism Act is just one step away from becoming law, with its controversial information-sharing and secret police powers still intact. France’s cyber-snooping bill is facing broad political support. And the United Kingdom’s nanny state law has been in effect for months, despite protestations of a coalition of anti-spying activists.

Christopher Parsons, postdoctoral fellow at the University of Toronto’s Citizen Lab, said that while neutering the Patriot Act might impede how Americans’ data gets scooped up, nobody should expect these changes will do much to kneecap the NSA’s mass spying regime.

“I think they can do it anyway,” Parsons told VICE News, pointing to Executive Order 12333 — the directive issued by Ronald Reagan that first permitted the NSA to spy on foreign soil.

“In an era of cloud computing, there is a strong argument to be made that even after that section of the Patriot Act goes away, where and when Americans’ data flows across international boundaries, it can be collected anyway,” he said.

And while the NSA’s ability to collect data within the United States might be “slightly diminished,” other American agencies with mandates to surveil domestic threats could simply take over.

Parsons says the emerging relationship between Washington and its Five Eyes partners – Canada, the United Kingdom, Australia and New Zealand — is evolving into something much more advanced.

“All the various signals intelligence agencies have become increasingly sophisticated in, not just their ability to collect data, but also their ability to share data with one another,” Parsons said.

 

Categories
Links Writing

Christopher Parsons: Canada has a spy problem

I published a comment piece with the National Post today that quickly summarizes the importance and harms of Canada’s signals intelligence activities, especially as it pertains to persons living in Canada.

The key takeaway is:

Canadians are routinely accused of having sleepwalked into a surveillance nation. We haven’t. Instead, the federal government of Canada has secretly deployed mass-surveillance technologies focused on domestic and foreign communications alike and, even when caught red-handed, the government refuses to have a reasonable conversation about the appropriateness or legality of such technologies. Canadians deserve better from their government. More oversight and accountability is needed at a minimum, and cannot be dismissed as “red tape” given the magnitude of the surveillance operations conducted upon the population of Canada by its own government.

You can read the whole piece over at the National Post.

Categories
Links

Documents Reveal Canada’€™s Secret Hacking Tactics – The Intercept

Documents Reveal Canada’€™s Secret Hacking Tactics – The Intercept:

Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents.

Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?”

 

Categories
Links

From hacking to attacking, a look at Canada’s cyberwarfare tools

Recently CSE documents outline the range of activities CSE engages in. The CBC has worked with experts, including myself, to explain some of the more controversial or opaque techniques discussed.

Categories
Links

Communication Security Establishment’s cyberwarfare toolbox revealed

Communication Security Establishment’s cyberwarfare toolbox revealed :

Top-secret documents obtained by the CBC show Canada’s electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations, says Christopher Parsons, a post-doctoral fellow at the Citizen Lab, one of the groups CBC News asked to help decipher the CSE documents. QUANTUM is mentioned in the list of CSE cyber capabilities.

Publicizing details of QUANTUM’s attack techniques fuelled debate south of the border about the project’s constitutionality, says Parsons, who feels a debate is needed here in Canada as well.

“Our network has been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” says Parsons.

“With Bill C-51, we’re seeing increased powers being provided to CSIS, and that could mean that they would be able to more readily use or exploit the latent domestic capabilities that CSE has built up,” says Parsons.

Categories
Links

Leaked documents reveal Canada’s cyber warfare tools

Leaked documents reveal Canada’s cyber warfare tools :

Implanting malware on computer networks, disabling enemy computer systems, disrupting and grabbing control of an adversary’s infrastructure.

It all sounds so un-Canadian, but these are among the cyber warfare tools developed by the country’s Communications Security Establishment (CSE), according to documents obtained by the Canadian Broadcasting Communications. The CSE is Canada’s electronic spy agency.

The documents indicate that Canada’s computer networks have “been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” said Christopher Parsons, surveillance expert with Citizen Lab, an international research group at the University of Toronto’s Munk School of Global Affairs.