New Additions to the Canadian SIGINT Summaries

January 8, 2015August 18, 2022 / Christopher Parsons

Grondstation van de Nationale SIGINT Organisatie (NSO) in Burum, Frysl‚n

I’ve added three new items to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment(CSE) documents, along with summary, publication, and original source information.¹ CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.

Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD),² and Government Communications Security Bureau (GCSB)).

All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page. Continue reading →

Draft: Do Transparency Reports Matter for Public Policy?

January 6, 2015August 18, 2022 / Christopher Parsons

Telecommunications transparency reports detail the frequency at which government agencies request information from telecommunications companies. Though American companies have been releasing these reports since 2009, it wasn’t until 2014 that Canadian companies began to follow suit. As part of my work at the Citizen Lab I’ve analyzed the Canadian reports against what makes an effective transparency report, with ‘effectiveness’ relating to achieving public policy goals as opposed to ‘having an effect’ in terms of generating media headlines.

Today I’m publishing a draft paper that summarizes my current analyses. The paper is titled, “Do Transparency Reports Matter for Public Policy? Evaluating the effectiveness of telecommunications transparency reports” and is available for download. I welcome feedback on what I’ve written and look forward to the conversations that it spurs in Canada and further abroad.

Abstract:

Telecommunications companies across Canada have begun to release transparency reports to explain what data the companies collect, what data they retain and for how long, and to whom that data is, or has been, disclosed to. This article evaluates the extent to which Canadian telecommunications companies’ transparency reports respond to a set of public policy goals set by civil society advocates, academics, and corporations, namely: of contextualizing information about government surveillance actions, of legitimizing the corporate disclosure of data about government-mandated surveillance actions, and of deflecting or responding to telecommunications subscribers’ concerns about how their data is shared between companies and the government. In effect, have the reports been effective in achieving the aforementioned goals or have they just had the effect of generating press attention?

After discussing the importance of transparency reports generally, and the specificities of the Canadian reports released in 2014, I argue that companies must standardize their reports across the industry and must also publish their lawful intercept handbooks for the reports to be more effective. Ultimately, citizens will only understand the full significance of the data published in telecommunications companies’ transparency when the current data contained in transparency reports is contextualized by the amount of data that each type of request can provide to government agencies and the corporate policies dictating the terms under which such requests are made and complied with.

Download Telecommunications Transparency in Canada 1.5 (Public Draft) (Alternate SSRN link)

The Canadian SIGINT Summaries

December 30, 2014August 18, 2022 / Christopher Parsons

Grondstation van de Nationale SIGINT Organisatie (NSO) in Burum, Fryslân Journalists with access to leaked documents have reported on the partnerships and activities undertaken by Canada’s foreign signals intelligence (SIGINT) agency, the Communications Security Establishment (CSE), since October 2013. As a result of their stories we know that the Canadian government hosts collection facilities in its diplomatic outposts for American SIGINT operations, has co-ordinated with the NSA to monitor for threats to international summits that took place in Canada, and shares a cooperative relationship with the National Security Agency (NSA) to protect North America from foreign threats. CSE, itself, was found to be conducting signals intelligence and development operations against the Brazilian government, running experiments using domestically collected metadata to track Canadians’ devices, and automating both the discovery of vulnerable computer devices on the Internet for later exploitation and identifying network administrators’ Internet traffic.

The aforementioned revelations are just a sample of what Canadians have learned as journalists have reported on documents leaked to them by Edward Snowden and other whistleblowers. But it has been challenging for even experts to keep track of the Canadian discoveries amongst the tidal wave of information concerning American and British SIGINT agencies. I have created and published a resource to help researchers and members of the public alike track mentions of CSE in documents that have been reported on by professional journalists.

The Canadian SIGINT Summaries page of this website currently includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents. The page will be updated as new whistleblower documents are released and as I parse and add information about CSE’s operational guides that have been released to the public under Access to Information and Privacy (ATIP) laws. I plan to also include copies of the CSE Commissioner’s reports. While I will try to exhaustively collate documents it is entirely possible that I have, or will, miss some; if you believe I have failed to include a primary document and would like me to add it to the SIGINT Summaries page please contact me with the document and a link to the journalistic source which reported on it.

The Canadian SIGINT Summaries are not meant to replace the detailed reporting of documents nor the exhaustive examination of them by other researchers, scholars, or other analysts. And I expect to write more extensive analyses based upon the documents that extend beyond my summarizations of them. The Canadian SIGINT Summaries are meant as a public resource, listing all of the relevant public documents, briefly describing their contents and publication data, and letting readers download them to draw their own conclusions.

As I update the page with new items or sections I will publish blog posts which either include the item (if just one or two are added) or short summaries when larger updates are published. I hope that you find the Canadian SIGINT Summaries helpful and, for international visitors, encourage you to replicate this model to summarize information about your own domestic SIGINT agency.

A Crisis of Accountability — The Canadian Situation

June 10, 2014August 18, 2022 / Christopher Parsons

The significance of Edward Snowden’s disclosures is an oft-debated point; how important is the information that he released? And, equally important, what have been the implications of his revelations? Simon Davies, in association with the Institute of Information Law of the University of Amsterdam and Law, Science, Technology & Social Studies at the Vrie Universiteit of Brussels, has collaborated with international experts to respond to the second question in a report titled A Crisis of Accountability: A global analysis of the impact of the Snowden revelations.

In what follows, I first provide a narrative version of the report’s executive summary. The findings are sobering: while there has been a great deal of international activity following Snowden’s revelations, the tangible outcomes of that activity has been globally negligible. I then provide the text of the Canadian section of the report, which was drafted by Tamir Israel, myself, and Micheal Vonn. I conclude by providing both an embedded and downloadable version of the report.

Continue reading →

Canadian Cyberbullying Legislation Threatens to Further Legitimize Malware Sales

June 4, 2014August 18, 2022 / Christopher Parsons

Lawful access legislation was recently (re)tabled by the Government of Canada in November 2013. This class of legislation enhances investigative and intelligence-gathering powers, typically by extending search and seizure provisions, communications interception capabilities, and subscriber data disclosure powers. The current proposed iteration of the Canadian legislation would offer tools to combat inappropriate disclosure of intimate images as well as extend more general lawful access provisions. One of the little-discussed elements of the legislation is that it will empower government authorities to covertly install, activate, monitor, and remove software designed to track Canadians’ location and ‘transmission data.’

In this post I begin by briefly discussing this class of government-used malicious surveillance software, which I refer to as ‘govware’. Next, I outline how Bill C–13 would authorize the use of govware. I conclude by raising questions about whether this legislation will lead government agencies to compete with one another, with some agencies finding and using security vulnerabilities, and others finding and fixing the vulnerabilities such tools rely. I also argue that a fulsome debate must be had about govware based on how it can broadly threaten Canadians’ digital security. Continue reading →

Accountability and Government Surveillance

March 27, 2014August 18, 2022 / Christopher Parsons / 3 Comments

The issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

Continue reading →

Technology, Thoughts & Trinkets

Touring the Digital Though Type

Canada