As American telcoms operators take up the practice of publishing transparency reports showing how many law-enforcement requests they receive, Canadian activists are wondering why Canada’s telcoms sector hasn’t followed suit.
Source: Citizen Lab calls on Canada’s telcos to publish transparency report
More coverage of our letters to Canadian telecommunications service providers concerning how, when, under what conditions, and how often they disclose information to government agencies.
Source: Reveal extent of government data surveillance, campaign asks telecom companies
Prominent privacy and digital-security researchers send open letter to Bell, Rogers, Telus, Shaw and a dozen other companies
Nice coverage by the Globe and Mail
Source: Telecom firms being asked what data they are giving to police, intelligence agencies
Today, Canadian scholars and civil liberties organizations have asked Canada’s telecommunications companies to explain how they disclose information to government authorities.
A project that’s been in the works, now, for 1.5 years is finally really starting! Exciting times!
Source: Towards Transparency in Canadian Telecommunications – The Citizen Lab
Mr. Cope, I am Canadian. Like virtually every other Canadian I know, I rely on my mobile phone in my personal life and for my livelihood on a daily basis. The “critical situation” I face comes every month, when I open my wireless bill wondering whether I’ll be able to afford to pay it. Your company, along with Canada’s other major wireless providers, have had 30 years to address this situation. But you’ve failed. Posting huge profits and paying dividends year after year might satisfy your shareholders, but individual Canadians and their families are being hung out to dry. It’s time for a change. Faced with a choice between an American company fighting to gain a foothold in a hostile market or a Canadian one who takes my hard earned money for granted, I’ll pick the lesser of two evils. And if you don’t know which that is by now, I’ll happily send you a copy of my monthly phone bill.
AT&T’s recent patent to detect and act on network-based copyright infringement raises significant red flags for network neutrality advocates. However, we need to look beyond the most obvious (and nefarious!) red flags: when examining corporate surveillance prospects we need to reflect on the full range of reasons behind the practice. Only in taking this broader, and often more nuanced, view are we likely to come closer to the truth of what is actually going on, and why. And, if we don’t get closer to the specific truth of the situation, at least we can better understand the battleground and likely terms of the conflict.
Worries about spectrum scarcity have prompted telecommunications providers to provide their subscribers with femotocells, which are small and low-powered cellular base stations. Often, these stations are linked into subscribers’ existing 802.11 wireless or wired networks, and are used to relieve stress placed upon commercial cellular towers whilst simultaneously expanding cellular coverage. Questions have recently been raised about the security of those low-powered stations:
Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked.
…
They said that with a little more work, they could have weaponized it for stealth attacks by packaging all equipment needed for a surveillance operation into a backpack that could be dropped near a target they wanted to monitor.
While Verizon has issued a patch for its femtocells, there isn’t any reason why additional vulnerabilities won’t be found. By placing the stations in the hands of end-users, as opposed to retaining control over commercially deployed cellular towers, third-party security researchers and attackers can persistenty test the cells until flaws are found. The consequence of this deployment strategy is that attackers will continue to find vulnerabilities to (further) weaken the security associated with cellular communications. Unfortunately, countering attackers will significantly depend on security researchers finding the same exploit(s) and reporting it/them to the affected companies. The likelihood of security researchers and attackers finding and exploiting the same flaws diminishes as more and more vulnerabilities are found in these devices.
In countries such as Canada, for researchers to conduct their research they must often first receive permission from the companies selling the femtocells: if there are any ‘digital locks’ around the technology, then researchers cannot legally investigate the code without prior corporate approval. Such restrictions don’t mean that researchers won’t conduct research, but do mean that researchers’ discoveries will go unreported and thus unpatched. As a result, consumers will largely remain reliant on the companies responsible for the security deficits in the first place to identify and correct those deficits, but absent public pressure that results from researchers disclosing vulnerabilities.
In light of the high economic costs of such identification and patching processes, I’m less than confident that femtocell providers are going to be investing oodles of cash just to potentially as opposed to necessarily identify and fix vulnerabilities. The net effect is that, at least in Canada, telecommunications providers can be assured that the public will remain relatively unconcerned about the security of providers’ products: security perceptions will be managed by preventing consumers from learning about prospective harms associated with telecommunications equipment. I guess this is just another area of research where Canadians will have to point to the US and say, “The same thing is likely happening here. But we’ll never know for sure.”
Peter Nowak recently had a good post concerning the nature of mobile pricing in Canada. You really should go read it all. However, there was one key piece that he noted, towards the end, that deserves to be highlighted. Specifically:
It was only a few short years ago when Bell and Telus were getting pummeled by Rogers, thanks to that company’s chosen technology. Rogers, like most of the carriers in the world, went with GSM network technology while Bell and Telus opted for CDMA instead. Without getting technical, GSM won, and Apple put the exclamation point on the battle in 2007 in the form of the iPhone. Unable to offer the latest and greatest devices, including that quintessential and hotly desired device, Bell and Telus moved quickly to upgrade to the next greatest and latest 4G technology. Rogers followed suit. The same is happening in the United States, with Sprint and Verizon – both former CDMA users – both spending heavily on LTE.
Network investment in both Canada and the United States does not reflect the competitiveness of either market, but rather phone makers’ decisions on technologies. Carriers are simply being pulled along for the ride.
One thing I may indeed have been wrong about in the past is how high prices were mainly the result of the lack of foreign competition in Canada, which wasn’t legally allowed until last year. The poor technological choices made by a number of carriers can’t be discounted as a factor. The industry is now waving the billions they’re having to spend to correct those mistakes in the faces of consumers and government, with prices – be they as they are – the necessary rationalization.
A key aspect of Nowak’s argument towards the end is that network investment was driven not so much by carrier-driven decisions but by the decision of a device manufacturer: Apple. I’d not really considered how Apple’s decision to ‘cut out’ a group of telecom companies from offering the iPhone could have been/was significantly responsible for massive re-engineering and investment in compatible networking technologies (i.e. GSM). Obviously such changes to the network infrastructure came at a significant fiscal cost.
It would be interesting to take Nowak’s point and then build on it to better understand how Canadian three year contracts might have alleviated the ‘hurt’ experienced by Canadian mobile providers. Specifically, we could ask the following:
Based around these questions we could establish a working hypothesis that churn was lower in Canada than the US. If this hypothesis bore out when tested we could try to ascertain why it bore out:
In effect the bad bets of American and Canadian carriers on CDMA offers an interesting comparative case from which we can draw inferences about the effects of the much-loathed three year cellular phone contracts in Canada. It would be awesome to see the numbers crunched to evaluate the effects of those contracts, especially before and after Bell/TELUS look launched their HSPA+ network(s). From there, I’m sure some interesting thoughts on the CRTC’s wireless code of conduct (which includes effectively mandating two year contracts) could follow: if a device as disruptive as the iPhone appears on the market, what would it do to the Canadian telecommunications market?
The report finds plenty of blame to go around. The ultimate cause of the fiasco, it says, was the fact the grant implementers did not conduct a capacity or use study before spending $24 million. They also used a “legally unauthorized purchasing process” to buy the routers, which resulted in only modest competition for the bid. Finally, Cisco is accused of knowingly selling the state larger routers than it needed and of showing a “wanton indifference to the interests of the public.”
Getting any of the money back seems unlikely at this point, but the legislative auditor does have one solid recommendation to make. The State Purchasing division should determine whether Cisco’s actions in this matter fall afoul of section 5A-3-33d of the West Virginia Code, and whether the company should be barred from bidding on future projects.
Cisco tells Ars “the criticism of the State is misplaced and fails to recognize the forward-looking nature of their vision. The positive impact of broadband infrastructure on education, job creation, and economic development is well established, and we are committed to working with the State to realize these benefits for the people of West Virginia now and into the future.”
As for that $5+ million the state could have saved—it would have paid for 104 additional miles of fiber.
Nate Anderson, “Why a one-room West Virginia library runs a $20,000 Cisco router: Cisco, West Virginia wasted $5M on enterprise-class routers”
Attacks on the Press: A Moving Target – Committee to Protect Journalists:
While not every journalist is an international war correspondent, every journalist’s cellphone is untrustworthy. Mobile phones, and in particular Internet-enabled smartphones, are used by reporters around the world to gather and transmit news. But mobile phones also make journalists easier to locate and intimidate, and confidential sources easier to uncover. Cellular systems can pinpoint individual users within a few meters, and cellphone providers record months, even years, of individual movements and calls. Western cellphone companies like TeliaSonera and France Telecom have been accused by investigative journalists in their home countries of complicity in tracking reporters, while mobile spying tools built for law enforcement in Western countries have, according to computer security researchers working with human rights activists, been exported for use against journalists working under repressive regimes in Ethiopia, Bahrain, and elsewhere.
“Reporters need to understand that mobile communications are inherently insecure and expose you to risks that are not easy to detect or overcome,” says Katrin Verclas of the National Democratic Institute. Activists such as Verclas have been working on sites like SaferMobile, which give basic advice for journalists to protect themselves. CPJ recently published a security guide that addresses the use of satellite phones and digital mobile technologies. But repressive governments don’t need to keep up with all the tricks of mobile computing; they can merely set aside budget and strip away privacy laws to get all the power they need. Unless regulators, technology companies, and media personnel step up their own defenses of press freedom, the cellphone will become journalists’ most treacherous tool.
Network surveillance is a very real problem that journalists and, by extension, their sources have to account for. The problem is that many of the security tools that are used to protect confidential communications are awkward to use, provide to sources, and use correctly without network censors detecting the communication. Worst is when journalists simply externalize risk, putting sources at risk in the service of ‘getting the story’ in order to ‘spread the word.’ Such externalization is unfortunately common and generates fear and distrust in journalists.
Excited Pixels