Mobiles

The Danger of Fetishizing BlackBerry Messenger Security

/ Christopher Parsons / 5 Comments

BlackBerry Bold 9780Research in Motion has a problem. For years they promoted themselves as a top-notch mobile security company. During those initial years most of their products were pitched at enterprise users.

Then RIM got into the consumer market.

Most consumers equate RIM’s products with security, email, BlackBerry Messenger (BBM), and a tepid suite of other smartphone features. Most of the people who report on the company tend to agonize over the fact that RIM complies with government surveillance laws. Such reports inevitably emerge each time that the public realizes that RIM meets its lawful access requirements for consumer-line products.

In this post, I want to briefly address some of the BBM-related security concerns and try to (again) correct the record surrounding the security promises of the messaging service. After outlining the deficits of consumer BBM products I briefly argue that we need to avoid fetishizing technology, encryption, or the law, and should instead focus on the democratic implications of the lawful access-style laws that governments use to access citizens’ communications.

In the interest of full disclose: I have family and friends who work at Research In Motion. I haven’t spoken to any of them concerning this post or its contents. None directly work on either BBM or RIM’s encryption systems.

Continue reading

Unpacking the Potential Costs of Bill C-30

/ Christopher Parsons / 6 Comments

Expense Sheet The Government of Canada has, at least temporarily, backed away from pushing through its tabled lawful access legislation. While many critiques of the legislation abound – some of which I’ve recently noted surrounding warrantless access to subscriber information – there have been limited critiques of the actual financial costs associated with the bill. While some public commentators have suggested that the legislation will threaten small Internet service providers’ financial viability, there has yet to be a formal, detailed, and public financial accounting of lawful access-related costs.

I’m incapable of offering this accounting. The same is true for every other Canadian, whether they are a government bureaucrat, private citizen, corporate agent, or government Minister, because the legislation itself remains murky. Thus, rather than suggest that the legislation will cost X dollars, in this post I outline why people cannot cost out the bill if they solely rely on existing public information.

I begin this post by quickly outlining what the Canadian government suggests that the legislation will cost. Having done so, I move to critique the origins of the government’s numbers. This entails first examining the issue of interception capabilities, second, of storage costs, and third, of the status of Telecommunication Service Providers’ existing lawful access capacities. I conclude by noting the lack of clarity surrounding C-30’s breadth and the need for clarity during the legislative, rather than regulation-setting, stage of the bill’s development.

Continue reading

BCCLA Releases Electronic Devices at the Border Handbook

/ Christopher Parsons

U.S.-Canada Border Crossing Crossing international borders can be worrying, especially for those carrying confidential or privileged information on their electronic devices. While I’ve seen a variety of documents and advisories explaining how to deal (or not deal) with American border authorities, there hasn’t been what I consider a decent guide for dealing with the Canadian Border Services Agency (CBSA). As of today, this deficit has been significantly remedied.

For the past several months, Greg McMullen has been working on a handbook to help Canadians (and non-Canadians) navigate officials’ demands for electronic devices at Canada’s national borders. The BCCLA has funded his work, and the handbook is intended for educational and discussion purposes; it isn’t intended to replace legal counsel or constitute firm legal advice. The handbook is written for a general audience and does a nice job of walking readers through what rights they enjoy at the border, CBSA policies, best practices, and what to do if you have been subject to a search.

I’d highly recommend the handbook, which is available through the BCCLA and also available for download through my website.

The Issues Surrounding Subscriber Information in Bill C-30

/ Christopher Parsons / 12 Comments

SIMThe most recent version of the Canadian Government’s lawful access legislation is upon us. The legislation expands the powers available to the police, imposes equipment- and training-related costs on Telecommunications Service Providers (TSPs), enables TSPs to voluntarily provide consumer information to authorities without a warrant, forces TSPs to provide subscriber data without warrant, and imposes gag orders on TSPs who comply with lawful access powers. Economic and civil rights costs are, as of yet, murky. Despite being an extremely lengthy piece of legislation, Bill C-30 lacks the specificity that should accompany serious expansions to Canadian policing and intelligence gathering powers.

In this post, I first outline a ‘subscriber data regime’ to discuss what does – and may – be entailed in accessing Canadians’ subscriber data. Second, I explain how subscriber data can be used for open-sourced intelligence gathering. Third, I argue that an administrative process of expanding subscriber identifiers is inappropriate. Finally, I articulate why warrants are so important, and why court approval should precede access to subscriber data. In aggregate, this post explicates the concerns that many civil advocates, academics, and technical experts have with access to subscriber information, why Canadians should be mindful of these concerns, and why Canadians should rebuff current efforts to expand warrantless access to subscriber information.

Continue reading

(Un)Lawful Access Forum in Ottawa

/ Christopher Parsons

I’ll be speaking at a forum about Canada’s forthcoming lawful access legislation on February 8 at St. Paul University. From 6pm-7pm there will be the formal book launch of the Canadian Centre for Policy Alternatives’ recent title, The Internet Tree: The State of Telecom Policy in Canada 3.0. Those attending the forum may be particularly interested in the two chapters on surveillance (one of which I authored). The lawful access event runs from 7-10PM. From 7:00-7:30 the organizers will be showing the mini-documentaries “(Un)Lawful Access” and “Moving Towards a Surveillance Society.” Following this, there will be two panels to discuss the expected legislation. The first (which I’m on) runs from 7:30-8:30 and discusses the technical elements of the forthcoming legislation. The panel is composed of myself, Kirsten R. Embree, Stephen McCammon, and John Lawford. The second panel runs from 8:45 to 9:30, and focuses on the political dimensions of the legislation. Panelists include Charlie Angus and Elizabeth May, with Michael Geist moderating. The final 30 minutes are devoted to summarizing the forum, outlining actions that are taking place, and suggesting continuing activities.

For more information about the event, see Unlawfulaccess.ca, and register for the event on Facebook. You can also download/print/share copies of the poster for the event. This will be a really great event, and the mixture of formally separated technical and political panels should do a great job in outlining the range of issues that lawful access legislation touches upon.

Amici Curiae on IMSI Catchers

/ Christopher Parsons

Image by iDownloadBlog

Security, surveillance, and privacy researchers alike have been watching how authorities exploit cellular communications devices – often in secret, or absent sufficient oversight – for years. Research to-date has been performed by security researchers and hackers, social scientists, advocates, activists, and the curious, with contributions spanning hundreds of discreet investigations into technical capabilities and their social implications. Of late, a considerable amount of attention has been devoted to IMSI Catchers, which are devices that establish false mobile phone towers for the purpose of monitoring and tracking mobile phones without their users’ awareness.

Given the use of IMSI catchers by American authorities, a group of researchers and academics submitted an Amici Curiae (in their individual capacities) January 17, 2012 concerning the catchers. Specifically, the brief is in support of a defendant’s motion for disclosure of all relevant and helpful evidence withheld by the government based on a claim of privilege. The government, in this particular case, has admitted that the surveillance technologies used simulated a cell site but have refused to provide specific details of how this surveillance was conducted. We argue that a substantial amount of information surrounding IMSI catchers is already public and that, as a result, the secrets that the government is attempting to protect are already in the public domain. Moreover, the public interest is best served by “greater public discussion regarding these tracking technologies and the security flaws in the mobile phone networks that they exploit, not less.”

Continue reading