Technology, Thoughts & Trinkets

Touring the digital through type

Category: Politics (page 1 of 18)

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

Photo by Marco Verch (CC BY 2.0) https://flic.kr/p/RjMXMP

The Government of Canada has historically opposed the calls of its western allies to undermine the encryption protocols and associated applications that secure Canadians’ communications and devices from criminal and illicit activities. In particular, over the past two years the Minister of Public Safety, Ralph Goodale, has communicated to Canada’s Five Eyes allies that Canada will neither adopt or advance an irresponsible encryption policy that would compel private companies to deliberately inject weaknesses into cryptographic algorithms or the applications that facilitate encrypted communications. This year, however, the tide may have turned, with the Minister apparently deciding to adopt the very irresponsible encryption policy position he had previously steadfastly opposed. To be clear, should the Government of Canada, along with its allies, compel private companies to deliberately sabotage strong and robust encryption protocols and systems, then basic rights and freedoms, cybersecurity, economic development, and foreign policy goals will all be jeopardized.

This article begins by briefly outlining the history and recent developments in the Canadian government’s thinking about strong encryption. Next, the article showcases how government agencies have failed to produce reliable information which supports the Minister’s position that encryption is significantly contributing to public safety risks. After outlining the government’s deficient rationales for calling for the weakening of strong encryption, the article shifts to discuss the rights which are enabled and secured as private companies integrate strong encryption into their devices and services, as well as why deliberately weakening encryption will lead to a series of deeply problematic policy outcomes. The article concludes by summarizing why it is important that the Canadian government walk back from its newly adopted irresponsible encryption policy.

Continue reading

Accountability and the Canadian Government’s Reporting of Computer Vulnerabilities and Exploits

Photo by Taskin Ashiq on Unsplash

I have a new draft paper that outlines why the Canadian government should develop, and publish, the guidelines it uses when determining whether to acquire, use, or disclose computer- and computer-system vulnerabilities. At its crux, the paper argues that an accountability system was developed in the 1970s based on the intrusiveness of government wiretaps and that state-used malware is just as, if not more so, intrusive. Government agencies should be held to at least as high a standard, today, as they were forty years ago (and, arguably, an even higher one today than in the past). It’s important to recognize that while the paper argues for a focus on defensive cybersecurity — disclosing vulnerabilities as a default in order to enhance the general security of all Canadians and residents of Canada, as well as to improve the security of all government of Canada institutions — it recognizes that some vulnerabilities may be retained to achieve a limited subset of investigative and intelligence operations. As such, the paper does not rule out the use of malware by state actors but, instead, seeks to restrict the use of such malware while also drawing its use into a publicly visible accountability regime.

I’m very receptive to comments on this paper and will seek to incorporate feedback before sending the paper to an appropriate journal around mid-December.

Abstract:

Computer security vulnerabilities can be exploited by unauthorized parties to affect targeted systems contrary to the preferences their owner or controller. Companies routinely issue patches to remediate the vulnerabilities after learning that the vulnerabilities exist. However, these flaws are sometimes obtained, used, and kept secret by government actors, who assert that revealing vulnerabilities would undermine intelligence, security, or law enforcement operations. This paper argues that a publicly visible accountability regime is needed to control the discovery, purchase, use, and reporting of computer exploits by Canadian government actors for two reasons. First, because when utilized by Canadian state actors the vulnerabilities could be leveraged to deeply intrude into the private lives of citizens, and legislative precedent indicates that such intrusions should be carefully regulated so that the legislature can hold the government to account. Second, because the vulnerabilities underlying any exploits could be discovered or used by a range of hostile operators to subsequently threaten Canadian citizens’ and residents’ of Canada personal security or the integrity of democratic institutions. On these bases, it is of high importance that the government of Canada formally develop, publish, and act according to an accountability regime that would regulate its agencies’ exploitation of computer vulnerabilities.

Download .pdf // SSRN Link

In Support of Chelsea Manning Entering Canada

‘Chelsea Manning’ by Tim Travers Hawkins (CC BY-SA 4.0) at https://goo.gl/mhhbdm

Earlier this month I composed and sent a letter in support of Chelsea Manning being permitted to enter Canada. Manning previously released classified military and diplomatic documents to Wikileaks. Those documents shed light on American activities in Iraq as well as diplomatic efforts around the world, to the effect of revealing US avoidance of cluster munition bans, US pressure on the Italian government to drop charged against CIA operatives who conducted extraordinary rendition activities, and the actual causality rates suffered by Iraqi citizens. She was disallowed entry last year when Canadian officials asserted that the crimes associated with her whistleblowing in the United States were akin to a violation of Canadian treason laws. The letter that I wrote in support of her entry to Canada is reproduced, below.


October 13, 2017

 

Hon. Ahmed Hussen
Minister of Immigration, Refugees and Citizenship

Hon. Ralph Goodale
Minister of Public Safety and Emergency Preparedness

RE:     Welcoming Chelsea Manning to Canada

 

Dear Minister Hussen and Minister Goodale:

I am writing as a Research Associate at the Citizen Lab, Munk School of Global Affairs, at the University of Toronto to ask you to allow Chelsea Manning to enter Canada. Refusing her entry to the country is a real loss for Canada and an injustice to whistleblowers who expose information in the public interest.

Chelsea is an internationally recognized advocate for freedom of expression, transparency, and civil liberties. As a whistleblower, she revealed documents that—among other things—exposed the disproportionate impact of military activities abroad on civilians, including journalists and children. Her work has been used by academics across Canada to understand the impacts American adventurism, the relationships between American diplomats and government officials with autocratic governments, and the status of copyright negotiations between US officials and their foreign counterparts. Documents that she provided to the public also shed light on critical issues such as the United States’ avoidance of cluster munitions bans, the United States’ pressure on the Italian government to drop charges against CIA operatives who engaged in renditions, American military executions of civilians, and Iraqi civilian death tolls. She has received a host of awards from prominent media and human rights organizations for this work.

Not all Canadians will agree with what Chelsea did or what she stands for—but as a country that values freedom of expression, open dialogue, and human rights we should permit her to visit and speak in Canada. She stands as a guiding light for persons to stand up and both do what they believe to be honorable and right, as well as be held to account for those beliefs and corresponding actions.

Whether Chelsea wishes to enter Canada to continue her work to advocate for social change or simply to visit friends, there is no principled reason to turn her away. She has served her time in a US military prison after accepting responsibility for her actions. Her sentence was commuted by former US President Barack Obama in January 2017 and she has been living freely in the United States since May 2017. Continuing to deny her entry to Canada would serve no rational benefit to public safety and would undermine Canada’s commitment to international justice and human rights.

Letting Chelsea enter Canada would affirm Canada’s values of dialogue, freedom of expression, and human rights. More than that, letting Chelsea in is simply the right thing to do.

I look forward to hearing news of your decision.

Regards,

Dr. Christopher Parsons
Research Associate, Citizen Lab, Munk School of
Global Affairs, at the University of Toronto

Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports

‘Radome at Hartland Point’ by shirokazan (CC BY 2.0) at https://flic.kr/p/dfn9ei

Adam Molnar and I have a new paper on accountability and signals intelligence, which we will be presenting at the Security Intelligence & Surveillance in the Big Data Age workshop. The workshop will be held at the University of Ottawa later this month as part of the Big Data Surveillance partnership project that is funded by the Social Sciences and Humanities Research Council of Canada.

The paper focuses exclusively on the mechanisms which are needed for civil society actors to evaluate the propriety of actions undertaken by signals intelligence agencies. In it, we argue that Canada’s foreign signals intelligence agency’s public accountability reporting might be enhanced by drawing on lessons from existing statutory electronic surveillance reporting. Focusing exclusively on Canada’s signals intelligence agency, the Communications Security Establishment (CSE), we first outline the relationships between accountability of government agencies to their respective Ministers and Members of Parliament, the role of transparency in enabling governmental accountability to the public, and the link between robust accountability regimes and democratic legitimacy of government action. Next, we feature a contemporary bulk data surveillance practice undertaken by Canada’s signals intelligence agency and the deficiencies in how CSE’s existing review body makes the Establishment’s practices publicly accountable to Parliamentarians and the public alike. We then discuss how proposed changes to CSE oversight and review mechanisms will not clearly rectify the existing public accountability deficits. We conclude by proposing a principle-based framework towards a robust public accountability process that is linked to those underlying domestic and foreign statutory electronic surveillance reports.

A copy of our paper, titled, “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” is available at the Social Sciences Research Network as well as for download from this website.

« Older posts