I’ve published a report with the Citizen Lab, entitled, “Huawei and 5: Clarifying the Canadian Equities and Charting a Strategic Path Forward.” The report first provides a background to 5G and the Chinese telecommunications vendor, Huawei, as well as the activities that have been undertaken by Canada’s closest allies before delving into issues that have been raised about Huawei, its products, and its links to the Chinese government. At its core, the report argues that Canada doesn’t have a ‘Huawei problem’ per se, so much as a desperate need to develop a principled and integrated set of industrial, cybersecurity, and foreign policy strategies. The report concludes by providing a range of suggestions for some elements of such strategies, along the lines of how Canada might develop and protect its intellectual property, better manage trade issues, and develop stronger cybersecurity postures.Continue reading
With a series of incredible co-authors at the Citizen Lab, I’ve co-authored a report that extensively investigates the stalkerware ecosystem. Stalkerware refers to spyware which is either deliberately manufactured to, or repurposed to, facilitate intimate partner violence, abuse, or harassment. “A Predator in Your Pocket” is accompanied by a companion legal report, also released by the Citizen Lab. This companion report is entitled “Installing Fear: A Canadian Legal and Policy Analysis of Using, Developing, and Selling Smartphone Spyware and Stalkerware Applications,” and conducts a comprehensive criminal, civil, regulatory, and international law assessment of the legality of developing, selling, and using stalkerware.Continue reading
I have a paper on telecommunications transparency reports which has been accepted for publication in Business and Society for later this year.
Centrally, the paper finds that companies will not necessarily produce easily comparable reports in relatively calm political waters and that, even should reports become comparable, they may conceal as much as they reveal. Using a model for evaluating transparency reporting used by Fung, Graham, and Weil in their 2007 book, Full Disclosure: The Perils and Promises of Transparency, I find that the reports issued by telecommunications companies are somewhat effective because they have led to changes in corporate behaviour and stakeholder interest, but have have been largely ineffective in prodding governments to behave more accountably. Moreover, reports issued by Canadian companies routinely omit how companies themselves are involved in facilitating government surveillance efforts when not legally required to do so. In effect, transparency reporting — even if comparable across industry partners — risks treating the symptom — the secrecy of surveillance — without getting to the cause — how surveillance is facilitated by firms themselves.
A pre-copyedited version of the paper, titled, “The (In)effectiveness of Voluntarily Produced Transparency Reports,” is available at the Social Sciences Research Network.
IMSI Catchers enable state agencies to intercept communications from mobile devices and are used primarily to identify otherwise anonymous individuals associated with a mobile device or to track them. These devices are also referred to as ‘cell site simulators’, ‘mobile device identifiers’, and ‘digital analyzers’, as well as by the brandnames such as ’Stingray’, DRTBox’, and ‘Hailstorm’. These surveillance devices are not new – their use by state agencies spans decades. However, the ubiquity of the mobile communications devices in modern day life, coupled with the plummeting cost of IMSI Catchers, has led to a substantial increase in the frequency and scope of IMSI Catcher use by government and non-government agents alike. The devices pose a serious threat to privacy given that they are highly intrusive, surreptitious, and subject to limited controls in relation to their licit and illicit sale or operation.
One of the challenges with understanding the current policy landscape around IMSI Catchers in Canada stems from different government agencies’ deliberate efforts to prevent the public from learning about whether agencies use such devices. Journalists and academics have tried to determine whether and how the devices are used over the course of approximately a decade; this means that information concerning their operation has unfolded over a significant length of time. Without a centralized resource to curate the successes and failures of these investigations it is often challenging for non-experts to understand the full context and history of IMSI Catchers’ operation in Canada.
Only recently have journalists, advocacy groups, and academics in North America learned about how their respective governments have historically, and presently, operated IMSI Catchers. Such revelations began around four years ago in the United States and within the past year and a half in Canada. Such revelations are the culmination of extensive preparatory work: though news articles and research reports appear more frequently, now, their existence today is predicated on the hidden labour that took place over the prior years.
For Canadians, the release of select court documents enabled more informed analysis of how these devices were used by federal, provincial, and municipal agencies. Such information was drawn on to prepare a report on IMSI Catchers that I wrote with Tamir Israel last year, in which we canvassed, collated, and analyzed what was technically understood about how IMSI Catchers operate, as well as the challenges Canadians have faced using freedom of information request to learn more about the technology. That report also included legal analyses of different ways of authorizing the devices’ operation and the Charter implications of their operation. Furthermore, in recent weeks the RCMP finally admitted to the public that it has used IMSI Catchers after previously claiming that any revelation of whether and how they used the devices would infringe on national security or ongoing investigations. Many other agencies have since followed suit, also informing the public whether they possess and operate IMSI Catchers in the course of their investigations.
To help interested members of the public, journalists, advocacy and activist groups, and fellow academics, I have collated a list of IMSI Catcher-related resources that pertain to the Canadian situation. This listing includes the most important primary and secondary documents to read to understand the state of play in Canada. Some of the resources are produced by academics and technologists, some focus on technology or policy or law, and others encompass the major news stories that have trickled out about IMSI Catchers over the past several years. If you believe that I have missed any major documents feel free to contact me.