Over the past several months I’ve had the distinct honour to work with, and learn from, a number of close colleagues and friends on the topic of surveillance and censorship that takes place on WeChat. We have published a report with the Citizen Lab entitled, “We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus.” The report undertook a mixed methods approach to understand how non-China registered WeChat accounts were subjected to surveillance which was, then, used to develop a censorship list that is applied to users who have registered their accounts in China. Specifically, the report:
Presents results from technical experiments which reveal that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
Documents and images transmitted entirely among non-China-registered accounts undergo content surveillance wherein these files are analyzed for content that is politically sensitive in China.
Upon analysis, files deemed politically sensitive are used to invisibly train and build up WeChat’s Chinese political censorship system.
From public information, it is unclear how Tencent uses non-Chinese-registered users’ data to enable content blocking or which policy rationale permits the sharing of data used for blocking between international and China regions of WeChat.
Tencent’s responses to data access requests failed to clarify how data from international users is used to enable political censorship of the platform in China.
Photo by Marco Verch (CC BY 2.0) https://flic.kr/p/RjMXMP
The Government of Canada has historically opposed the calls of its western allies to undermine the encryption protocols and associated applications that secure Canadians’ communications and devices from criminal and illicit activities. In particular, over the past two years the Minister of Public Safety, Ralph Goodale, has communicated to Canada’s Five Eyes allies that Canada will neither adopt or advance an irresponsible encryption policy that would compel private companies to deliberately inject weaknesses into cryptographic algorithms or the applications that facilitate encrypted communications. This year, however, the tide may have turned, with the Minister apparently deciding to adopt the very irresponsible encryption policy position he had previously steadfastly opposed. To be clear, should the Government of Canada, along with its allies, compel private companies to deliberately sabotage strong and robust encryption protocols and systems, then basic rights and freedoms, cybersecurity, economic development, and foreign policy goals will all be jeopardized.
This article begins by briefly outlining the history and recent developments in the Canadian government’s thinking about strong encryption. Next, the article showcases how government agencies have failed to produce reliable information which supports the Minister’s position that encryption is significantly contributing to public safety risks. After outlining the government’s deficient rationales for calling for the weakening of strong encryption, the article shifts to discuss the rights which are enabled and secured as private companies integrate strong encryption into their devices and services, as well as why deliberately weakening encryption will lead to a series of deeply problematic policy outcomes. The article concludes by summarizing why it is important that the Canadian government walk back from its newly adopted irresponsible encryption policy.
I have a new draft paper that outlines why the Canadian government should develop, and publish, the guidelines it uses when determining whether to acquire, use, or disclose computer- and computer-system vulnerabilities. At its crux, the paper argues that an accountability system was developed in the 1970s based on the intrusiveness of government wiretaps and that state-used malware is just as, if not more so, intrusive. Government agencies should be held to at least as high a standard, today, as they were forty years ago (and, arguably, an even higher one today than in the past). It’s important to recognize that while the paper argues for a focus on defensive cybersecurity — disclosing vulnerabilities as a default in order to enhance the general security of all Canadians and residents of Canada, as well as to improve the security of all government of Canada institutions — it recognizes that some vulnerabilities may be retained to achieve a limited subset of investigative and intelligence operations. As such, the paper does not rule out the use of malware by state actors but, instead, seeks to restrict the use of such malware while also drawing its use into a publicly visible accountability regime.
I’m very receptive to comments on this paper and will seek to incorporate feedback before sending the paper to an appropriate journal around mid-December.
Computer security vulnerabilities can be exploited by unauthorized parties to affect targeted systems contrary to the preferences their owner or controller. Companies routinely issue patches to remediate the vulnerabilities after learning that the vulnerabilities exist. However, these flaws are sometimes obtained, used, and kept secret by government actors, who assert that revealing vulnerabilities would undermine intelligence, security, or law enforcement operations. This paper argues that a publicly visible accountability regime is needed to control the discovery, purchase, use, and reporting of computer exploits by Canadian government actors for two reasons. First, because when utilized by Canadian state actors the vulnerabilities could be leveraged to deeply intrude into the private lives of citizens, and legislative precedent indicates that such intrusions should be carefully regulated so that the legislature can hold the government to account. Second, because the vulnerabilities underlying any exploits could be discovered or used by a range of hostile operators to subsequently threaten Canadian citizens’ and residents’ of Canada personal security or the integrity of democratic institutions. On these bases, it is of high importance that the government of Canada formally develop, publish, and act according to an accountability regime that would regulate its agencies’ exploitation of computer vulnerabilities.
‘Chelsea Manning’ by Tim Travers Hawkins (CC BY-SA 4.0) at https://goo.gl/mhhbdm
Earlier this month I composed and sent a letter in support of Chelsea Manning being permitted to enter Canada. Manning previously released classified military and diplomatic documents to Wikileaks. Those documents shed light on American activities in Iraq as well as diplomatic efforts around the world, to the effect of revealing US avoidance of cluster munition bans, US pressure on the Italian government to drop charged against CIA operatives who conducted extraordinary rendition activities, and the actual causality rates suffered by Iraqi citizens. She was disallowed entry last year when Canadian officials asserted that the crimes associated with her whistleblowing in the United States were akin to a violation of Canadian treason laws. The letter that I wrote in support of her entry to Canada is reproduced, below.
October 13, 2017
Hon. Ahmed Hussen
Minister of Immigration, Refugees and Citizenship
Hon. Ralph Goodale
Minister of Public Safety and Emergency Preparedness
RE: Welcoming Chelsea Manning to Canada
Dear Minister Hussen and Minister Goodale:
I am writing as a Research Associate at the Citizen Lab, Munk School of Global Affairs, at the University of Toronto to ask you to allow Chelsea Manning to enter Canada. Refusing her entry to the country is a real loss for Canada and an injustice to whistleblowers who expose information in the public interest.
Chelsea is an internationally recognized advocate for freedom of expression, transparency, and civil liberties. As a whistleblower, she revealed documents that—among other things—exposed the disproportionate impact of military activities abroad on civilians, including journalists and children. Her work has been used by academics across Canada to understand the impacts American adventurism, the relationships between American diplomats and government officials with autocratic governments, and the status of copyright negotiations between US officials and their foreign counterparts. Documents that she provided to the public also shed light on critical issues such as the United States’ avoidance of cluster munitions bans, the United States’ pressure on the Italian government to drop charges against CIA operatives who engaged in renditions, American military executions of civilians, and Iraqi civilian death tolls. She has received a host of awards from prominent media and human rights organizations for this work.
Not all Canadians will agree with what Chelsea did or what she stands for—but as a country that values freedom of expression, open dialogue, and human rights we should permit her to visit and speak in Canada. She stands as a guiding light for persons to stand up and both do what they believe to be honorable and right, as well as be held to account for those beliefs and corresponding actions.
Whether Chelsea wishes to enter Canada to continue her work to advocate for social change or simply to visit friends, there is no principled reason to turn her away. She has served her time in a US military prison after accepting responsibility for her actions. Her sentence was commuted by former US President Barack Obama in January 2017 and she has been living freely in the United States since May 2017. Continuing to deny her entry to Canada would serve no rational benefit to public safety and would undermine Canada’s commitment to international justice and human rights.
Letting Chelsea enter Canada would affirm Canada’s values of dialogue, freedom of expression, and human rights. More than that, letting Chelsea in is simply the right thing to do.
I look forward to hearing news of your decision.
Dr. Christopher Parsons
Research Associate, Citizen Lab, Munk School of
Global Affairs, at the University of Toronto
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).