Technology, Thoughts & Trinkets

Touring the digital through type

Year: 2015 (page 2 of 5)

Beyond Privacy: Articulating the Broader Harms of Pervasive Mass Surveillance

2852616711_57c5d04259_b

I’ve published a new paper titled “Beyond Privacy: Articulating the Broader Harms of Pervasive Mass Surveillance” in Media and Communication. Media and Communication is an open access journal; you can download the article from any location, to any computer, free of cost. The paper explores how dominant theories of privacy grapple with the pervasive mass surveillance activities undertaken by western signals intelligence activities, including those of the NSA, CSE, GCHQ, GCSB, and ASD. I ultimately argue that while these theories provide some recourse to individuals and communities, they are not sufficiently holistic to account for how mass surveillance affects the most basic elements a democracy. As such, I suggest that academic critics of signals intelligence activities can avail themselves to theory from the Frankfurt School to more expansively examine and critique contemporary signals intelligence surveillance practices.

Full Abstract

This article begins by recounting a series of mass surveillance practices conducted by members of the “Five Eyes” spying alliance. While boundary- and intersubjectivity-based theories of privacy register some of the harms linked to such practices I demonstrate how neither are holistically capable of registering these harms. Given these theories’ deficiencies I argue that critiques of signals intelligence surveillance practices can be better grounded on why the practices intrude on basic communicative rights, including those related to privacy. The crux of the argument is that pervasive mass surveillance erodes essential boundaries between public and private spheres by compromising populations’ abilities to freely communicate with one another and, in the process, erodes the integrity of democratic processes and institutions. Such erosions are captured as privacy violations but, ultimately, are more destructive to the fabric of society than are registered by theories of privacy alone. After demonstrating the value of adopting a communicative rights approach to critique signals intelligence surveillance I conclude by arguing that this approach also lets us clarify the international normative implications of such surveillance, that it provides a novel way of conceptualizing legal harm linked to the surveillance, and that it showcases the overall value of focusing on the implications of interfering with communications first, and as such interferences constituting privacy violations second. Ultimately, by adopting this Habermasian inspired mode of analysis we can develop more holistic ways of conceptualizing harms associated with signals intelligence practices than are provided by either boundary- or intersubjective-based theories of privacy.

Download the Paper

Photo credit: Retro Printers by Steven Mileham (CC BY-NC 2.0) https://flic.kr/p/5m5pyK

Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance

rkBJB0J-300x225Andrew Hilts and I have released a new paper that is titled “Half-Baked: The Opportunity To Secure Cookie-Based Identifiers From Passive Surveillance.” Cookie-based identifiers are used by websites to deliver advertisements as well as collect analytics information about website visitors. Incidentally, intelligence agencies such as the NSA, GCHQ, CSE, and other Western signals intelligence bodies use the same identifiers to track the activities of individuals and their devices as they access, and use, the Internet. The paper respond to a series of basic questions: To what extent do major online properties encrypt the advertising, cookie, and other digital identifiers used by the NSA and other intelligence agencies to track users and their devices around the globe? Since the Snowden revelations began have providers actually encrypted more, or less, of these identifiers?

Full Abstract

Documents released by Edward Snowden have revealed that the National Security Agency, and its Australian, British, Canadian, and New Zealand equivalents, routinely monitor the Internet for the identifiers that are contained in advertising and tracking cookies. Once collected, the identifiers are stored in government databases and used to develop patterns of life, or the chains of activities that individuals engage in when they use Internet-capable devices. This paper investigates the extent to which contemporary advertising and analytics identifiers that are used in establishing such patterns continue to be transmitted in plaintext following Snowden’s revelations. We look at variations in the secure transmission of cookie-based identifiers across different website categories, and identify practical steps for both website operators and ad tracking companies to take to better secure their audiences and readers from passive surveillance.

Download the Paper

This post first appeared on the Telecom Transparency Project website.

Canada’s Quiet History Of Weakening Communications Encryption

500995147_6c97aab488_o-300x225American and British officials have been warning with an increasing sense of purported urgency that their inability to decrypt communications could have serious consequences. American authorities have claimed that if they cannot demand decrypted communications from telecommunications providers then serious crimes may go unsolved. In the UK this danger is often accentuated by the threat of terrorism. In both nations, security and policing services warn that increased use of encryption is causing communications to ‘go dark’ and thus be inaccessible to policing and security services. These dire warnings of the threats potentially posed by criminals and terrorists ‘going dark’ have been matched over the years with proposals that would regulate encryption or mandate backdoors into any otherwise secure system. Comparatively little has been said about Canada’s long-standing efforts to inhibit end-user encryption despite the federal government’s longstanding efforts to restrict the security provided to Canadians by encryption.

This article outlines some of the federal government of Canada’s successful and unsuccessful attempts to weaken cryptographic standards. It starts by explaining (in brief) what communications encryption is, why it matters, and the implications of enabling unauthorized parties to decrypt communications. With this primer out of the way, we discuss why all of Canada’s mobile telecommunications carriers agree to implement cryptographic weaknesses in their service offerings. Next, we discuss the legislation that can be used to compel telecommunications service providers to disclose decryption keys to government authorities. We then briefly note how Canada’s premier cryptologic agency, the Communications Security Establishment (CSE), successfully compromised global encryption standards. We conclude the post by arguing that though Canadian officials have not been as publicly vocal about a perceived need to undermine cryptographic standards the government of Canada nevertheless has a history of successfully weakening encryption available to and used by Canadians.

Continue reading

Canadian Transparency Publications

stack by hobvias sudoneighm (CC BY 2.0) https://flic.kr/p/Fecq6

Academics, private companies, journalists, non-government organizations, and government agencies have all made significant contributions to the telecommunications transparency debate in Canada since the beginning of this year. This post briefly describes the most significant contributions along with links to the relevant publications.

Academic Transparency Publications

Several academic groups published reports addressing telecommunications privacy and transparency issues. The Telecom Transparency Project published “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” which explored how much telecommunications surveillance occurs in Canada, what actors enable the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. Two other reports, “Keeping Internet Users in the Know or in the Dark: 2014 Report on Data Privacy Transparency of Canadian Internet Service Providers” and “The 3+3 Project: Evaluating Canada’s Wireless Carriers’ Data Privacy Transparency,” analyzed the privacy practices of major Canadian telecommunications providers. The former report evaluated the data privacy transparency of the most significant forty-three Internet carriers serving the Canadian public and ranked the carriers against ten questions. In contrast, the latter report used 10 criteria to evaluate Canada’s three largest wireless carriers and their extension brands to establish how transparent they were about their privacy practices and how they treated subscribers’ personal information.

Corporate Reports and Guidance

A trio of telecommunications companies also released transparency reports in the first half of 2015. WIND Mobile’s Mobile Transparency (2014) revealed a significant decrease in requests for customer name and address information, and a modest increase of emergency response requests combined with an explosion of court ordered/legislative demands requests. TELUS and Rogers also released transparency reports; overall TELUS’ report shows a small decrease in government requests whereas Rogers’ report shows a significant decrease of roughly 60,000 fewer requests. The relative merits of companies’ transparency reports were discussed in the Telecom Transparency Project’s report, mentioned previously. Industry Canada also released transparency reporting guidelines to “help private organizations be open with their customers, regarding the management and sharing of their personal information with government, while respecting the work of law enforcement, national security agencies, and regulatory authorities.” Some thoughts on those guidelines were published by Michael Geist as well as by the Telecom Transparency Project.

Government Investigations into Domestic Data Collection

During this time the Office of the Privacy Commissioner of Canada also audited how the Royal Canadian Mounted Police (RCMP) collected and used subscriber data. This data was obtained from Canadian telecommunications companies. The Office found that, “the RCMP’s information management systems were not designed to identify files which contained warrantless access requests to subscriber information, we were unable to select a representative sample of files to review. Consequently, we were unable to assess the sufficiency of controls that may exist or if the collection of warrantless requests from TSPs was, or was not in compliance with the collection requirements of the Privacy Act.” The challenges experienced by the Office of the Privacy Commissioner of Canada were perhaps unsurprising, given that the RCMP stated in 2014 that they did not have a way of tracking subscriber data requests in response to questions from MP Charmaine Borg.

Signals Intelligence-Related Publications

There have also been a series of contributions that have focused prominently on Canada’s foreign signals intelligence organization, the Communications Security Establishment. Michael Geist’s edited collection, Law, Privacy and Surveillance in the Post-Snowden Era, contains nine contributions grouped into three parts: understanding surveillance in Canada, legal issues, and prospects for reform. In addition to Geist’s collection, two Canadian archives have been created to host Snowden documents. The first, “The Snowden Archives,” is hosted by the Canadian Journalists for Free Expression. The Snowden Archives contain approximately 400 documents and were compiled “to provide a tool that would facilitate citizen and researcher access to these important documents.” The second is the “Canadian SIGINT Summaries” which collate leaked documents that are exclusively linked to CSE’s operations. The SIGINT Summaries identify when the documents were created, provide a summary of the documents themselves, and also include metadata such as length, codenames, and news stories linked with the documents’ publication. Finally, the Canadian Broadcasting Corporation and the Globe and Mail have both published stories based on Snowden documents.

Summary

Overall, there has been an exceptional amount written on telecom transparency issues in Canada. Several transparency reports are expected later this year from Sasktel, MTS Allstream, and TekSavvy. And the Canadian Internet Registration Authority, though its Community Investment Program, is funding projects which will help Canadians request their personal information from public and private organizations alike as well as to help companies develop transparency reports. The coming months promise to continue being busy for transparency in Canada!

Photo Credit: stack by hobvias sudoneighm (CC BY 2.0) https://flic.kr/p/Fecq6

This post first appeared at the Telecom Transparency Project website.

« Older posts Newer posts »