Link

RCMP is overstating Canada’s ‘surveillance lag’ | Toronto Star

From a piece that I wrote with Tamir Israel for the Toronto Star:

The RCMP has been lobbying the government behind the scenes for increased surveillance powers on the faulty premise that their investigative powers are lagging behind those foreign police services.

The centrepiece of the RCMP’s pitch is captured in an infographic that purports to show foreign governments are legislating powers that are more responsive to investigative challenges posed by the digital world. On the basis of this comparison, the RCMP appears to have convinced the federal government to transform a process intended to curb the excesses of Bill C-51 into one dominated by proposals for additional surveillance powers.

The RCMP’s lobbying effort misleadingly leaves an impression that Canadian law enforcement efforts are being confounded by digital activities.

An Op-ed that I published with a colleague of mine, Tamir Israel, earlier this week that calls out the RCMP for deliberately misleading the public with regards to government agencies’ existing surveillance powers and capabilities.

Link

Hackers and Law Enforcement Could Hijack Wi-Fi Connections to Track Cellphones

From The Intercept:

But if the operator is O’Hanlon and not Verizon — that identity is compromised. “The IMSI is revealed during this interchange, during the early stages of the conversation. It’s not encrypted,” he says.

This type of activity is called passive monitoring, because it doesn’t require a specific active attack or malware. It only works in some cases, however.

O’Hanlon also developed a couple active attacks that would get the job done, one involving masquerading as the operator’s endpoint where the Wi-Fi call is being directed, and another using a man-in-the-middle attack to intercept it.

Apple is the only company that has taken steps to mitigate the privacy and security risk, he says — they added additional security protocols when he brought up the issue over the summer. It was addressed in iOS 10, though there are still ways to get around the protections. But the problem is less with the companies and more with the way the connections were set up in the first place.

Yet another time that Apple has dedicated engineering resources to better protect their customers whereas their major competitor has declined to do so. And this wasn’t even an Apple or Google problem, per se, but a protocol level issue.

Link

Privacy experts fear Donald Trump accessing global surveillance network

Thomas Drake, an NSA whistleblower who predated Snowden, offered an equally bleak assessment. He said: “The electronic infrastructure is fully in place – and ex post facto legalised by Congress and executive orders – and ripe for further abuse under an autocratic, power-obsessed president. History is just not kind here. Trump leans quite autocratic. The temptations to use secret NSA surveillance powers, some still not fully revealed, will present themselves to him as sirens.”

Bush and Cheney functionally authorized the NSA to undertake unlawful operations and actively sought to hinder authorizing courts from understanding what was going on. At the same time, that administration established black sites and novel detention rules for persons kidnapped by the CIA from around the world.

Obama and Biden developed legal theories that were accompanied by authorizing legislation to make the NSA’s previously unlawful activities lawful. The Obama presidency also failed to close Gitmo or convince the American public that torture should be forbidden or that criminal (as opposed to military) courts are the appropriate ways of dealing with suspected terror suspects. And thoughout the NSA deliberately misled and lied to its authorizing court, the CIA deliberately withheld documents from investigators and spied on those working for the intelligence oversight committees, and the FBI continued to conceal its own surveillance operations as best it could.

There are a lot of things to be worried about when it comes to the United States’ current trajectory. But one of the more significant items to note is that the most sophisticated and best financed surveillance and policing infrastructure in the world is going to be working at the behest of an entirely unproven, misogynistic, racist, and bigoted president.

It’s cause to be very, very nervous for the next few years.

Link

Police surveillance scandal: Quebec tightens rules for monitoring journalists

From the Montreal Gazette:

Mark Bantey, a specialist in media law (who is also the Montreal Gazette’s lawyer), said he was stunned by the scope of the warrant involved in the Lagacé case. He said it seems the police were more worried about who was leaking information to the press than the actual crime.

“It sure looks like they (the police) have gone overboard because they’re not out there investigating a crime, but trying to determine who in the police department is leaking information to the press. You can’t use search warrants to get that sort of information,” Bantey said in an interview Tuesday. “There’s an obligation to exhaust all other possible sources of information before targeting the media.”

As for Couillard’s new directive about obtaining search warrants, he called it a first step that was unlikely to bring an immediate change to police practices. A better solution might be to adopt new legislation — a shield law — that protects media sources, he said.

Legislation to protect journalists from police surveillance is a good idea…until you ask a question of ‘who constitutes a journalist’?

Link

Canada’s spy agency illegally kept data for a decade, court rules

To be clear, the judge’s ruling:

  1. Found that CSIS had deliberately been misleading/lying to the court for a decade concerning the agency’s permanent retention of metadata;
  2. Raised the prospect of contempt of court proceedings against CSIS and its attorneys at the Department of Justice;
  3. Approved changes to unknown warrants (we’re not allowed, as members of the public, to know the warranting powers of CSIS it seems);
  4. Did not require CSIS to delete or stop using the metadata it had illegally collected, on grounds that doing so could raise jurisdictional issues. Translation: the information has been shared, or mixed with, foreign agencies’ metadata already and thus prevents the court from easily crafting a judgment around its use;
  5. CSIS did not believe that it was required to be fully transparent with the federal court that issues CSIS’ warrants on grounds that the court was ‘not an oversight body’;
  6. CSIS had internally, with Department of Justice guidance, secretly reinterpreted laws to cloak its actions in the guise of lawfulness (internally) while deliberately hiding such interpretations and the implications thereof from the court.

Canada has a national security consultation going on, and part of it raises the question of ‘does Canada have sufficient oversight and accountability for its national security operations?’ If you care about these issues, go and spend some time sending a message to the government.

Link

Alibaba’s Jack Ma Urges China to Use Data to Combat Crime

Bloomberg reporting on Alibaba’s Jack Ma:

In his speech, Ma stuck mainly to the issue of crime prevention. In Alibaba’s hometown of Hangzhou alone, the number of surveillance cameras may already surpass that of New York’s, Ma said. Humans can’t handle the sheer amount of data amassed, which is where artificial intelligence comes in, he added.

“The future legal and security system cannot be separated from the internet and big data,” Ma said.

In North America, we’re trialling automated bail systems, where the amount set and likelihood of receiving bail is predicated on big data algorithms. While it’s important to look abroad and see what foreign countries are doing we mustn’t forget what is being done here in the process.

Link

Turkey coup plotters’ use of ‘amateur’ app helped unveil their network

The Guardian:

A senior Turkish official said Turkish intelligence cracked the app earlier this year and was able to use it to trace tens of thousands of members of a religious movement the government blames for last month’s failed coup.

Members of the group stopped using the app several months ago after realising it had been compromised, but it still made it easier to swiftly purge tens of thousands of teachers, police, soldiers and justice officials in the wake of the coup.

Starting in May 2015, Turkey’s intelligence agency was able to identify close to 40,000 undercover Gülenist operatives, including 600 ranking military personnel, by mapping connections between ByLock users, the Turkish official said.

However, the Turkish official said that while ByLock helped the intelligence agency identify Gülen’s wider network, it was not used for planning the coup itself. Once Gülen network members realised ByLock had been compromised they stopped using it, the official said.

But intelligence services are policing agencies are still ‘Going Dark’…