Listening In: The Navy Is Tracking Ocean Sounds Collected by Scientists:
A network of Internet-connected undersea microphones is picking up more than whale songs.
This is one of the coolest surveillance/national security/academic research-related news article I’ve read in a long time. Highly recommended!
Canada Spies on Israel’s Enemies:
A new report in The Intercept revealed that CSEC, Canada’s NSA, spies on Israel’s enemies. But what does that entail? And is it within CSEC’s mandate to do so?
…
I reached out to Chris Parsons, a prominent cybersecurity and surveillance researcher from Toronto’s Citizen Lab, to discuss CSEC’s role in Israel’s military offensives. He told me there are “at least two ways” that CSEC would be involved in helping out Israel. One of which would be to provide INSU with a tracking program, or specific databases, to help spy on targets and persons of interest, which would have been developed by CSEC. As we learned from the free airport WiFi presentation, which was more about tracking targets as they log into various WiFi access points around the world than it was about surveilling airport travelers in particular, CSEC does have these capabilities in their wheelhouse.
Parsons went on to say that CSEC could also assist Israel by “providing some sort of expertise with how to use databases that are shared out to the Israeli intelligence community.” Simply put, Canada may be giving the Israelis tech support for the spying systems we’re giving them. In terms of whether or not this kind of assistance is within CSEC’s mandate, Parsons told me: “As you’re aware, the Canadian government has identified Hamas as a terrorist organization and as such, it would make sense for CSEC to be engaged in the monitoring of their locations and their electronic systems that Hamas is believed to be using. So in that sense, it should fit within CSEC’s mandated intelligence-gathering.”
But even with Hamas on a designated terror list, the complexities surrounding our Canadian surveillance agency spying on Palestinian targets opens up major issues of privacy; specifically when you consider how a target is selected, and how sure government powers need to be before a person is added to a list of terrorists. As Parsons told me, there is the “very serious question of how exactly individuals are identified as valid targets or not… How many individuals are swept up into the monitoring?”
The NSA’s Utah data centre, as taken by the EFF.
Canadians are lax on privacy, Senate committee hears:
Bill S-220 would create parliamentary committee to oversee intelligence and security efforts
The fact that a former director of CSEC is asserting that it’s Canadians’ own fault that their privacy is being infringed upon is hopefully just rhetoric and not reflective of his real beliefs. As he must know, there are enormous pressures that individuals face to use contemporary communications services and never be cognizant of the full ramifications about the use of those services.
Such pressures have little to nothing to do with social media: just consider the leaking of information from mobile and desktop systems that follows from just leaving the device on or using it for the most basic functionalities. In the drive to make corporate consumer surveillance ‘transparent’ consumers have become grossly disadvantaged; learning and understanding how systems work, today, requires an immense effort. Such an effort should not be demanded to log into email or social media accounts, or fully grasp why a targeted ad has been displayed.
Of course, Mr. Adams knows this. He understands that privacy has not been designed into services and that, once alerted to gross and pervasive failures, informed people are routinely astounded, shocked, and angry. Most of the Internet uses the equivalent of Pintos and the NSA, CSEC, and other five eyes partners know exactly where the gas tanks are. They’re just reluctant to tell the rest of us and then blame us when we learn we’ve been rolling around the Internet-equivalent of privacy deathtraps.
A Three Front Legal Campaign: CSEC, Metadata and Civil Liberties:
There are now three lawsuits in Canadian courts related to the Communications Security Establishment Canada’s intercept of metadata. These are:
- BC Civil Liberties Association’s action for a declaration in BC Superior Courtalleging that CSEC’s intercept activities violate sections 8 and 2 of the Charter.
- BCCLA’s class action in Federal Court, brought “in order for those persons whose private communications and/or metadata have been intercepted to have access to remedies under s.24 of the Charter once the issues of the unconstitutionality of the impugned provisions, Authorizations and Directives are resolved in the [BC Supreme Court] Declaratory Action”.
- Canadian Civil Liberties Association (CCLA)’s application for a declaration in Ontario Superior Courtthat sections 7 and 8 of the Charter are violated by those provisions in the FederalPersonal Information and Protection of Electronic Documents Act(PIPEDA) that permit government agencies (including, it is alleged, CSEC) to obtain personal information from Canadian telecommunications companies with prior judicial authorization.
These cases overlap. The BCCLA class action is intended to be derivative of its BC Superior Court declaratory action. The CCLA case seems likely to engage the question of a person’s reasonable expectation of privacy of metadata in the possession of third party telecommunications providers. That question must inevitably also arise in the BCCLA declaratory action.
If you track surveillance and national security issues in North America you know that litigation of these issues has been ongoing and active in the United States. An oft-heard critique of Canada has been ‘where is the litigation?’ As Craig Forcese notes, there are a series of important actions ongoing in Canada that may significantly affect how our signal intelligence agency conducts its business on behalf of Canadians.
On June 17, 2014 I’ll be debating John Adams, the former Chief of the Communications Security Establishment Canada (CSEC). It should be a lively back and forth!
Op-Ed: The circular, peculiar state of CSEC oversight (Includes interview):
Communications Security Establishment Canada (CSEC) is insulated from meaningful oversight. This article explains how the agency avoids scrutiny, and what you can do to encourage change.
One of the better articles in recent past on CSEC. Highly recommended.
Canada Bought $50 Million Worth of ‘Secure’ Phone Systems from the NSA:
Technically, the Canadian Prime Minister shouldn’t have to worry about being snooped on. Declassified information on the so-called Five Eyes partnership—an intelligence-sharing agreement between America, Canada, the United Kingdom, Australia, and New Zealand—supposedly forbids the five friendly governments from snooping on each other. But we don’t know what caveats exist in that agreement, because it’s kept top secret. We do know, however, that the NSA was operating in Toronto during the G8 and G20—and that CSE knew about it. That sort of cooperation, Parsons says, is to be expected by the Five Eyes partners.
“There is of course a concern that in the Five Eyes agreement there is an proviso that members of the Five Eyes network can engage in surveillance on other partners if it’s in their sovereign interest,” Parsons said.
It’s certainly interesting (and newsworthy) that Canada is buying cryptographically-secure systems from the NSA, though not necessarily surprising: the NSA is recognized as a leader in this technical space and has economies of scale that could reduce the cost of the equipment. These isn’t, however, any indication whether CSEC examines or tests the devices for backdoors. Presuming that the math hasn’t been compromised, and the phones and faxes aren’t being compromised by our close ally, then there are presumably (relatively) few worries with the Canadian procurement strategy and lots of benefits.
Given how many web sites were vulnerable to the Heartbleed bug, Parsons says there is likely to be a great deal of reflection on how it could have been identified sooner. Some cryptographers have estimated it may have existed for years before it was discovered last week.
This past weekend, Bloomberg News published a story alleging the U.S. National Security Agency (NSA) knew about the Heartbleed vulnerability for two years and that it may have been using it to access personal data.
The NSA denies the charge, but Parsons says it raises serious questions about the Five Eyes, the surveillance partnership between Canada, the U.S., Great Britain, Australia and New Zealand, which collaborates to detect threats such as Heartbleed.
“This is supposed to be the sort of thing that they’re supposed to find and ideally report,” says Parsons.
“I think over the coming months, we need to figure out if they knew and if they didn’t, why didn’t they, because this is what we pay them to do. And if they did know, then why weren’t they protecting us?”
Canadian spy agency head John Forster fielded questions from MPs, and says organization’s focus is foreign intelligence collection, not domestic
Takeaway from the article? CSEC boss “can’t really disclose” what kinds of access it could have to data flowing through Bell, Rogers and Telus.
Excited Pixels