Technology, Thoughts & Trinkets

Touring the digital through type

Update to the SIGINT Summaries

As part of my ongoing research into the Edward Snowden documents, I have found and added an additional two documents to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment (CSE) documents, along with summary, publication, and original source information. CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.

Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD), and Government Communications Security Bureau (GCSB).

All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page.

These documents came to light as I examined the activities that took place between the NSA and New Zealand signals intelligence agencies. The first, “NSA Intelligence Relationship with New Zealand” notes that Canada is a member of the SIGINT Seniors Pacific group as well as SIGINT Seniors Europe. The second, “SIGINT Development Forum (SDF) Minutes”, notes how CSE and GCSB define shaping as “industry engagement and collection bending” as well as CSEC had considered audit analysts’ accounts similar to the NSA, though the prospect of such auditing had rearisen as a discussion point.

NSA Intelligence Relationship with New Zealand

Summary: This document summarizes the status of the NSA’s relationship with New Zealand Government Communications Security Bureau (GCSB). The GCSB has been forced to expend more of its resources on compliance auditing following recommendations after it exceeded its authority in assisting domestic law enforcement, but continues to be focused on government and five eyes priorities and encouraged to pursue technical interoperability with NSA and other FVEY nations.

The NSA provides GCSB with “raw traffic, processing, and reporting on targets of mutual interest, in addition to technical advice and equipment loans.” The GCSB primarily provides the NSA with access to communications which would otherwise remain inaccessible. These communications include: China, Japanese/North Korean/Vietnamese/South American diplomatic communications, South Pacific Island nations, Pakistan, India, Iran, and Antartica, as well as French police and nuclear testing activities in New Caledonia.

Of note, GCSB is a member of SIGINT Seniors Pacific (SSPAC) (includes Australia, Canada, France, India, Korea, New Zealand, Singapore, Thailand, United Kingdom, and United States) as well as SIGINT Seniors Europe (SSEUR) (includes Australia, Belgium, Canada, Denmark, France, Germany, Italy, Netherlands, New Zealand, Norway, Spain, Sweden, United Kingdom, and United States).

Document Published: March 11, 2015
Document Dated: April 2013
Document Length: 3 pages
Associated Article: Snowden revelations: NZ’s spy reach stretches across globe
Download Document: NSA Intelligence Relationship with New Zealand
Classification: TOP SECRET//SI//REL TO USA, FVEY
Authoring Agency: NSA
Codenames: None

SIGINT Development Forum (SDF) Minutes

Summary: This document summarizes the state of signals development amongst the Five Eyes (FVEY). It first outline the core imperatives for the group, including: ensuring that the top technologies are being identified for use and linked with the capability they bring; that NSA shaping (targeting routers) improves (while noting that for CSE and GCSB shaping involves “industry engagement and collection bending”); improving on pattern of life collection and analysis; improving on IP address geolocation that covers Internet, radio frequency, and GSM realms; analyzing how convergence of communications systems and technologies impacts SIGINT operations.

Privacy issues were seen as being on the groups’ radar, on the basis that the “Oversight & Compliance team at NSA was under-resourced and overburdened.” Neither GCSB or DSD were able to sponsor or audit analysts’ accounts similar to the NSA, and CSEC indicated it had considered funding audit billets; while dismissed at the time, the prospect has re-arisen. At the time the non-NSA FVEYs were considering how to implement ‘super-user’ accounts, where specific staff will run queries for counterparts who are not directly authorized to run queries on selective databases.

GCSB, in particular, was developing its first network analyst team in October 2009 and was meant to prove the utility of network analysis so as to get additional staff for later supporting STATEROOM and Computer Network Exploitation tasks. Further, GCSB was to continue its work in the South Pacific region, as well as expanding cable access efforts and capabilities during a 1 month push.  There was also a problem where 20% of GCSB’s analytic workforce lacked access to DSD’s XKEYSCORE, which was a problem given that GCSB provided NSA with raw data. The reason for needing external tools to access data is GCSB staff are prohibited from accessing New Zealand data.

Document Published: March 11, 2015
Document Dated: June 8-9, 2009
Document Length: 3 pages
Associated Article: Snowden revelations: NZ’s spy reach stretches across globe
Download Document: SIGINT Development Forum (SDF) Minutes
Classification: TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
Authoring Agency: NSA
Codenames: STATEROOM, XKEYSCORE

The (In)effectiveness of Voluntarily Produced Transparency Reports

Payphones by Christopher Parsons (All Rights Reserved)

I have a paper on telecommunications transparency reports which has been accepted for publication in Business and Society for later this year.

Centrally, the paper finds that companies will not necessarily produce easily comparable reports in relatively calm political waters and that, even should reports become comparable, they may conceal as much as they reveal. Using a model for evaluating transparency reporting used by Fung, Graham, and Weil in their 2007 book, Full Disclosure: The Perils and Promises of Transparency, I find that the reports issued by telecommunications companies are somewhat effective because they have led to changes in corporate behaviour and stakeholder interest, but have have been largely ineffective in prodding governments to behave more accountably. Moreover, reports issued by Canadian companies routinely omit how companies themselves are involved in facilitating government surveillance efforts when not legally required to do so. In effect, transparency reporting — even if comparable across industry partners — risks treating the symptom — the secrecy of surveillance — without getting to the cause — how surveillance is facilitated by firms themselves.

A pre-copyedited version of the paper, titled, “The (In)effectiveness of Voluntarily Produced Transparency Reports,” is available at the Social Sciences Research Network.

Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency

‘Communication’ by urbanfeel (CC BY-ND 2.0) at https://flic.kr/p/4HzMbw

Last year a report that I wrote for the Centre for Law and Democracy was published online. The report, “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency,” discusses how governments have expanded their surveillance capabilities in an effort to enhance law enforcement, foreign intelligence, and cybersecurity powers and the implications of such expansions. After some of these powers are outlined and the impact on communicating parties clarified, I explore how the voluntary activities undertaken by communications intermediaries can also facilitate government surveillance activities. However, while private companies can facilitate government surveillance they can also facilitate transparency surrounding the surveillance by proactively working to inform their users about government activities. The report concluded by discussing the broader implications of contemporary state surveillance practices, with a focus on the chilling effects that these practices have on social discourse writ large.

Cite as: Parsons, Christopher. (2016). “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency,” Centre for Law and Democracy. Available at: http://responsible-tech.org/wp-content/uploads/2016/06/Parsons.pdf

Read “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency

Computer network operations and ‘rule-with-law’ in Australia

‘Cyberman’ by Christian Cable (CC BY-NC 2.0) at https://flic.kr/p/3JuvWv

Last month a paper that I wrote with Adam Molnar and Erik Zouave was published by Internet Policy Review. The article, “Computer network operations and ‘rule-with-law’ in Australia,” explores how the Australian government is authorized to engage in Computer Network Operations (CNOs). CNOs refer to government intrusion and/or interference with network information communications infrastructures for the purposes of law enforcement and national security operations.

The crux of our argument is that Australian government agencies are relatively unconstrained in how they can use CNOs. This has come about because of overly permissive, and often outdated, legislative language concerning technology that has been leveraged in newer legislation that expands on the lawful activities which government agencies can conduct. Australian citizens are often assured that existing oversight or review bodies — vis a vis legislative assemblies or dedicated surveillance or intelligence committees — are sufficient to safeguard citizens’ rights. We argue that the laws, as currently written, compel review and oversight bodies to purely evaluate the lawfulness of CNO-related activities. This means that, so long as government agencies do not radically act beyond their already permissive legislative mandates, their oversight and review bodies will assert that their expansive activities are lawful regardless of the intrusive nature of the activities in question.

While the growing capabilities of government agencies’ lawful activities, and limitations of their review and oversight bodies, have commonalities across liberal democratic nations, Australia is in a particularly novel position. Unlike its closest allies, such as Canada, the United States, New Zealand, or the United Kingdom, Australia does not have a formal bill of rights or a regional judicial body to adjudicate on human rights. As we write, “[g]iven that government agencies possess lawful authority to conduct unbounded CNO operations and can seek relatively unbounded warrants instead of those with closely circumscribed limits, the rule of law has become distorted and replaced with rule of law [sic]”.

Ultimately, CNOs represent a significant transformation and growth of the state’s authority to intrude and affect digital information. That these activities can operate under a veil of exceptional secrecy and threaten the security of information systems raises questions about whether the state has been appropriately restrained in exercising its sovereign powers domestically and abroad: these powers have the capability to extend domestic investigations into the computers of persons around the globe, to facilitate intelligence operations that target individuals and millions of persons alike, and to damage critical infrastructure and computer records. As such, CNOs necessarily raise critical questions about the necessity and appropriateness of state activities, while also showcasing the state’s lack of accountability to the population is is charged with serving.

Read the “Computer network operations and ‘rule-with-law’ in Australia” at Internet Policy Review.

« Older posts