Canada

Online Voting and Hostile Deployment Environments

/ Christopher Parsons / 4 Comments

Voting requiredElections Canada recently stated that sometime after 2013 it intends to trial online voting, a system that lets citizens vote over the Internet. Fortunately, they are just committing to a trial but if the trial is conducted improperly then Elections Canada, politicians, and the Canadian public may mistakenly come to think that online voting is secure. Worse, they might see it as a valid ‘complement’ to traditional voting processes. If Canadians en masse vote using the Internet, with all of its existing and persistent infrastructural and security deficiencies, then the election is simply begging to be stolen.

While quick comparisons between the United States’ electronic voting system and the to-be-trialed Canadian online voting system would be easy to make, I want to focus exclusively on the Canadian proposition. As a result, I discuss just a small handful of the challenges in deploying critical systems into known hostile deployment environments and, more specifically, the difficulties in securing the vote in such an environment. I won’t be writing about any particular code that could be used to disrupt an election but instead about some attacks that could be used, and attackers motivated to use them, to modify or simply disrupt the Canadian electoral process. I’ll conclude by arguing that Elections Canada should set notions of online voting aside; paper voting requires a small time investment that is well worth its cost in electoral security.

Continue reading

Letter to Stephen Harper on Lawful Access Legislation

/ Christopher Parsons / 1 Comment

SurveillanceFor the past several years, public advocates, academics, the privacy commissioners of Canada, and members of the Canadian Parliament have all voiced concerns about proposed lawful access legislation. There are generally three types of ‘powers’ associated with such legislation: (1) enhanced search and seizure provisions; (2) increased interception of privacy communications powers; (3) production of subscriber data. During the last election cycle, Stephen Harper assured Canadians that within 100 sitting days lawful access provisions would be passed, along with other legislation, in an omnibus crime bill. Lawful access legislation has not been fully debated in the House or Senate, and has significant implications for the future of anonymity and privacy on the Internet, while simultaneously expanding police powers without a clearly demonstrated need to expand such powers.

Working from the most recent lawful access bills, which died when the last election was called, advocates and academics have come together to send a letter of concerns to Prime Minister Harper. Our concerns are as follows:

  1. The ease by which Canadians’ Internet service providers, social networks, and even their handsets and cars will be turned into tools to spy on their activities further to production and preservation orders in former Bill C‐51 – a form of spying that is bound to have serious chilling effects on online activity and communications, implicating fundamental rights and freedoms
  2. The minimal and inadequate amount of external oversight in place to ensure that the powers allotted in these bills are not abused
  3. Clause 16 of former Bill C‐52, which will allow law enforcement to force identification of anonymous online Internet users, even where there is no reason to suspect the information will be useful to any investigation and without adequate court oversight and
  4. The manner in which former Bill C‐52 paves the way to categorical secrecy orders that will further obscure how the sweeping powers granted in it are used and that are reminiscent of elements of the USA PATRIOT Act that were found unconstitutional.

On a final note, we object that Canadians will be asked to foot the bill for all this, in what essentially amounts to a hidden e‐surveillance tax, and are concerned that compliance will further impede the ability of smaller telecommunications service providers to compete in Canada by saddling them with disproportionate costs.

It is of critical import that the lawful access provisions of the omnibus crime bill are shaved off into their own batch of legislation and are afforded their own debates and hearings. Failing to do otherwise would underplay how much the bills’ massive expansions of surveillance capacities might impact the Internet in Canada, and digital communications in this country more generally. If you want to learn more about the concerns listed above, you can read the full letter that was sent to the PMO (.pdf), and you can take action by voicing your concerns at the Stop Online Spying website. Sign the petition located there and then contact your MP: it is only by demonstrating public interest and concern in these bills that they might be clarified, reformed, and potentially prevented from being brought forward in the first place.

Creeping Towards a State of Surveillance

/ Christopher Parsons

internet down :( On Wednesday, July 27 2011, I’ll be talking at the forum to stop online spying. The forum is part of a larger national campaign to raise awareness about the potentials of state surveillance and the implications of the Government of Canada’s (expected) surveillance legislation that will be announced in the fall 2011 session. Amongst other provisions, the legislation is expected to significantly reduce the degree of judicial oversight surrounding government acquisition of subscriber data – data that users of the Internet provide to their ISP, chat services (e.g. MSN, AIM), social networking sites (e.g. Google+, Orkut, Facebook), and other online communications mediums.

I’ll be giving a short talk entitled “Creeping Towards a State of Surveillance” that is meant as an introduction to the gravity and nuances of surveillance legislation. In it, I’ll first talk about what constitutes surveillance and what constitutes function creep. From there, I’ll briefly discuss the challenges associated with classifying data as ‘public’ or ‘private’ and the deficits of ‘anonymizing’ data. This will focus on distinguishing between so-called traffic and content data types, and the kinds of private information that can be extracted from ‘mere’ traffic data. I’ll wrap things up with a quick overview of the positive, and problematic, aspects of audits, advocates, and government commissioners in restraining the state’s appetite for intelligence for so-called policing actions.

If you’re interested in coming out then head over to StopOnlineSpying.com and register. The talks start at 1:30 and run until 5:30, and are a non-partisan discussion of the forthcoming legislative agenda. It’s meant to be heavy on discussion and maximally accessible to people that don’t focus their lives studying privacy, democracy, or telecommunications and has a good mix of advocates and scholars. If you can’t make the forum, but are either bothered by or want to learn more about the Canadian government’s expanded surveillance laws, check out the national campaign.

ISPs, Advocates, and Framing at the 2011 Telecom Summit

/ Christopher Parsons

3183290111_989c5b1bec_bEach year Canada’s leaders in telecommunications gather at the Canadian Telecommunications Summit to talk about ongoing policy issues, articulate their concerns about Canada’s status in the world of telecommunications, and share lessons and experiences with one another. This years Summit was no exception. While some commentators have accused this year’s event of just rehashing previous years’ content – it is true that each Summit does see similar topics on the conference agenda, with common positions taken each year – there are some interesting points that emerged this year.

Specifically, discussions about the valuation of telecom services regularly arose, discussions of supply and demand in the Canadian ISP space, as well as some interesting tidbits about the CRTC. For many people in the industry what I’ll be talking about isn’t exactly new; those not inside the industry’s fold, however, may find elements of this interesting. After outlining some of the discussions that took place I will point to something that was particularly striking throughout the Summit events I attended: Open Media loomed like a spectre throughout, shaping many of the discussions and talking points despite not having a single formal representative in attendance.

Continue reading

Released: Literature Review of Deep Packet Inspection

/ Christopher Parsons

Scholars and civil advocates will be meeting next month in Toronto at the Cyber-surveillance in Everyday Life workshop. Participants will critically interrogate the surveillance infrastructures pervading daily life as well as share experiences, challenges, and strategies meant to to rein in overzealous surveillance processes that damage public and private life. My contribution to the workshop comes in the form of a modest overview of literature examining Deep Packet Inspection. Below is an abstract, as well as a link to a .pdf version on the review.

Abstract

Deep packet inspection is a networking technology that facilitates intense scrutiny of data, in real-time, as key chokepoints on the Internet. Governments, civil rights activists, technologists, lawyers, and private business have all demonstrated interest in the technology, though they often disagree about what constitutes legitimate uses. This literature review takes up the most prominent scholarly analyses of the technology. Given Canada’s arguably leading role in regulating the technology, many of its regulator’s key documents and evidentiary articles are also included. The press has been heatedly interested in the technology, and so round out the literature review alongside civil rights advocates, technology vendors, and counsel analyses.

Downloadable .pdf version of the literature review.

Deep Packet Inspection and Consumer Transparency

/ Christopher Parsons

Image by David Clow

Rogers Communications modified their packet inspection systems last year, and ever since customers have experienced degraded download speeds. It’s not that random users happen to be complaining about an (effectively) non-problem: Rogers’ own outreach staff has confirmed that the modifications took place and that these changes have negatively impacted peer to peer (P2P) and non-P2P applications alike. Since then, a Rogers Communications senior-vice president, Ken Englehart, has suggested that any problems customers have run into are resultant of P2P applications themselves; no mention is made of whether or how Rogers’ throttling systems have affected non-P2P traffic.

In this brief post, I want to quickly refresh readers on the changes that Rogers Communications made to their systems last year, and also note some of the problems that have subsequently arisen. Following this, I take up what Mr. Englehart recently stated in the media about Rogers’ throttling mechanisms. I conclude by noting that Rogers is likely in compliance with the CRTC’s transparency requirements (or at least soon will be), but that such requirements are ill suited to inform the typical consumer.

Continue reading