Website Resource Updates

Photo by Markus Winkler on Pexels.com

Over the past several months I’ve updated a number of the resources on this website and it’s time to make it a little more apparent to other scholars, experts, and members of the public.

ATIP Repository

As part of my day job at the Citizen Lab I’ve regularly relied on access to information legislation to better understand how the federal government is taking up, and addressing, national security-related issues. It can be difficult for other parties, however, to get access to the same documents given the federal government’s policy of not proactively releasing ATIPs after a year or two.

The result is that scholars and journalists regularly sift through documents that have been released to them for what interests them but they may miss other interesting, or even essential, information that is outside of their interests or expertise. To try and at least somewhat ameliorate that issue I’ve spent the past several months uploading a large number of ATIP releases that I have collected over the past decades. Some were filed by me but the majority were either provided by other scholars or journalists, or retroactively obtained as a re-released package.

The bulk of the ATIPs are associated with CSIS, CSE, and Public Safety Canada. Other agencies and departments include: Department of Justice; Department of National Defence; Employment and Social Development Canada; Global Affairs Canada; Immigration, Refugees and Citizen Canada; Innovation, Science and Economic Development Canada; Office of the Communications Security Establishment Commissioner; Office of the Privacy Commissioner of Canada; Privy Counsel Office; Royal Canadian Mounted Police; Shared Services Canada; Transport Canada; and Treasury Board of Canada.

In many cases I have provided some brief description of things I found notable in the ATIP packages though I have not done so in all cases.

Order Paper Responses

Under the Canadian parliamentary systems, members of parliament can issue order paper questions to the government. Such questions must be specific and pertain to public affairs. They are typically addressed to government Ministers. The purpose of such questions is to obtain precise or detailed answers and, as such, overly broad questions may be split or broken down to elicit such a response from government agencies. The government is expect to reply within 45 days though this norm is not enforceable by parliament. In the event of parliament being prorogued the Order Paper is cleared and any requests or questions are cancelled.

I have collected a set of Order Paper questions that address issues such as Facial Recognition Technology, mobile device surveillance, data collection by CSIS, disclosures of subscriber information, monitoring of protests, and government interception techniques. None of these Order Paper documents are accompanied by commentary.

Canadian Electronic Surveillance Reports

Over the past several years I have undertaken research exploring how, how often, and for what reasons governments in Canada have accessed telecommunications data. As one facet of this line of research I worked with Dr. Adam Molnar and Benjamin Ballard to understand the regularity at which policing agencies across Canada have sought, and obtained, warrants to lawfully engage in real-time electronic surveillance. Such data is particularly important given the regularity at which law enforcement agencies call for new powers; how effective are historical methods of capturing communications data? How useful are the statistics which are tabled by governments?

I have collated the reports which have been published by the provincial and federal governments and, also, noted where provincial governments have failed to provide these reports despite being required to published them under the Criminal Code of Canada. I have not provided any analysis of these reports on this website, aside from a paper I wrote with Dr. Adam Molnar about lawful interception entitled, “Government Surveillance Accountability: The Failures of Contemporary Canadian Interception Reports.”

Miscellaneous

Finally, I’ve published documents that the RCMP provided to the ETHI Committee concerning its use of On Device Investigative Tools (ODITs), or the malware used by RCMP to gain access to personal devices. These documents were removed from the Committee’s website and so I’ve made them available here, as the were once publicly available materials and remain important for advancing public policy about how and when the RCMP can use these kinds of techniques.

Counterfeit and Security

One of those batteries is fake. Can you tell which?

Over the past few weeks more and more attention has been drawn to fake computer hardware that was sold to varying interests around the world. While fakes aren’t new (AMD, Intel, and a variety of other hardware companies have processes in place to avoid repeats of past counterfeiting), what seems to be new is the kind of hardware being ‘faked’.

Networking Hardware

The FBI investigated claims that the government had purchased counterfeit Cisco hardware that may have potentially held, well, God knows what. As is noted by Assistant Attorney General Alice S. Fisher;

Counterfeit network hardware entering the marketplace raises significant public safety concerns and must be stopped . . . It is critically important that network administrators in the private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks.

While it’s of concern that government data may be being directed/inspected by unknown groups, I don’t really want to talk about that. Instead, what I think this shows is that when deploying new networking tools that it is essential that some kind of authentication process occurs – rather than just purchase from trusted vendors and call it a day, those purchases must be tested. Moreover, while the FBI was able to conduct an operation that resulted in convictions and fines, it raises the specter that other groups with less capital to invest in internal investigations may similarly be threatened, and their data and customers as well.