We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus

May 7, 2020December 10, 2020 / Christopher Parsons

Over the past several months I’ve had the distinct honour to work with, and learn from, a number of close colleagues and friends on the topic of surveillance and censorship that takes place on WeChat. We have published a report with the Citizen Lab entitled, “We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus.” The report undertook a mixed methods approach to understand how non-China registered WeChat accounts were subjected to surveillance which was, then, used to develop a censorship list that is applied to users who have registered their accounts in China. Specifically, the report:

Presents results from technical experiments which reveal that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
Documents and images transmitted entirely among non-China-registered accounts undergo content surveillance wherein these files are analyzed for content that is politically sensitive in China.
Upon analysis, files deemed politically sensitive are used to invisibly train and build up WeChat’s Chinese political censorship system.
From public information, it is unclear how Tencent uses non-Chinese-registered users’ data to enable content blocking or which policy rationale permits the sharing of data used for blocking between international and China regions of WeChat.
Tencent’s responses to data access requests failed to clarify how data from international users is used to enable political censorship of the platform in China.

You can download the report as a pdf, or read it on the Web in its entirety at the Citizen Lab’s website. There is also a corresponding FAQ to quickly answer questions that you may have about the report.

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

August 21, 2019August 22, 2019 / Christopher Parsons

Photo by Marco Verch (CC BY 2.0) https://flic.kr/p/RjMXMP

The Government of Canada has historically opposed the calls of its western allies to undermine the encryption protocols and associated applications that secure Canadians’ communications and devices from criminal and illicit activities. In particular, over the past two years the Minister of Public Safety, Ralph Goodale, has communicated to Canada’s Five Eyes allies that Canada will neither adopt or advance an irresponsible encryption policy that would compel private companies to deliberately inject weaknesses into cryptographic algorithms or the applications that facilitate encrypted communications. This year, however, the tide may have turned, with the Minister apparently deciding to adopt the very irresponsible encryption policy position he had previously steadfastly opposed. To be clear, should the Government of Canada, along with its allies, compel private companies to deliberately sabotage strong and robust encryption protocols and systems, then basic rights and freedoms, cybersecurity, economic development, and foreign policy goals will all be jeopardized.

This article begins by briefly outlining the history and recent developments in the Canadian government’s thinking about strong encryption. Next, the article showcases how government agencies have failed to produce reliable information which supports the Minister’s position that encryption is significantly contributing to public safety risks. After outlining the government’s deficient rationales for calling for the weakening of strong encryption, the article shifts to discuss the rights which are enabled and secured as private companies integrate strong encryption into their devices and services, as well as why deliberately weakening encryption will lead to a series of deeply problematic policy outcomes. The article concludes by summarizing why it is important that the Canadian government walk back from its newly adopted irresponsible encryption policy.

Continue reading →

Accountability and the Canadian Government’s Reporting of Computer Vulnerabilities and Exploits

November 2, 2018August 18, 2022 / Christopher Parsons

Photo by Taskin Ashiq on Unsplash

I have a new draft paper that outlines why the Canadian government should develop, and publish, the guidelines it uses when determining whether to acquire, use, or disclose computer- and computer-system vulnerabilities. At its crux, the paper argues that an accountability system was developed in the 1970s based on the intrusiveness of government wiretaps and that state-used malware is just as, if not more so, intrusive. Government agencies should be held to at least as high a standard, today, as they were forty years ago (and, arguably, an even higher one today than in the past). It’s important to recognize that while the paper argues for a focus on defensive cybersecurity — disclosing vulnerabilities as a default in order to enhance the general security of all Canadians and residents of Canada, as well as to improve the security of all government of Canada institutions — it recognizes that some vulnerabilities may be retained to achieve a limited subset of investigative and intelligence operations. As such, the paper does not rule out the use of malware by state actors but, instead, seeks to restrict the use of such malware while also drawing its use into a publicly visible accountability regime.

I’m very receptive to comments on this paper and will seek to incorporate feedback before sending the paper to an appropriate journal around mid-December.

Abstract:

Computer security vulnerabilities can be exploited by unauthorized parties to affect targeted systems contrary to the preferences their owner or controller. Companies routinely issue patches to remediate the vulnerabilities after learning that the vulnerabilities exist. However, these flaws are sometimes obtained, used, and kept secret by government actors, who assert that revealing vulnerabilities would undermine intelligence, security, or law enforcement operations. This paper argues that a publicly visible accountability regime is needed to control the discovery, purchase, use, and reporting of computer exploits by Canadian government actors for two reasons. First, because when utilized by Canadian state actors the vulnerabilities could be leveraged to deeply intrude into the private lives of citizens, and legislative precedent indicates that such intrusions should be carefully regulated so that the legislature can hold the government to account. Second, because the vulnerabilities underlying any exploits could be discovered or used by a range of hostile operators to subsequently threaten Canadian citizens’ and residents’ of Canada personal security or the integrity of democratic institutions. On these bases, it is of high importance that the government of Canada formally develop, publish, and act according to an accountability regime that would regulate its agencies’ exploitation of computer vulnerabilities.

Download .pdf // SSRN Link

In Support of Chelsea Manning Entering Canada

October 26, 2017 / Christopher Parsons

‘Chelsea Manning’ by Tim Travers Hawkins (CC BY-SA 4.0) at https://goo.gl/mhhbdm

Earlier this month I composed and sent a letter in support of Chelsea Manning being permitted to enter Canada. Manning previously released classified military and diplomatic documents to Wikileaks. Those documents shed light on American activities in Iraq as well as diplomatic efforts around the world, to the effect of revealing US avoidance of cluster munition bans, US pressure on the Italian government to drop charged against CIA operatives who conducted extraordinary rendition activities, and the actual causality rates suffered by Iraqi citizens. She was disallowed entry last year when Canadian officials asserted that the crimes associated with her whistleblowing in the United States were akin to a violation of Canadian treason laws. The letter that I wrote in support of her entry to Canada is reproduced, below.

October 13, 2017

Hon. Ahmed Hussen
Minister of Immigration, Refugees and Citizenship

Hon. Ralph Goodale
Minister of Public Safety and Emergency Preparedness

RE: Welcoming Chelsea Manning to Canada

Dear Minister Hussen and Minister Goodale:

I am writing as a Research Associate at the Citizen Lab, Munk School of Global Affairs, at the University of Toronto to ask you to allow Chelsea Manning to enter Canada. Refusing her entry to the country is a real loss for Canada and an injustice to whistleblowers who expose information in the public interest.

Chelsea is an internationally recognized advocate for freedom of expression, transparency, and civil liberties. As a whistleblower, she revealed documents that—among other things—exposed the disproportionate impact of military activities abroad on civilians, including journalists and children. Her work has been used by academics across Canada to understand the impacts American adventurism, the relationships between American diplomats and government officials with autocratic governments, and the status of copyright negotiations between US officials and their foreign counterparts. Documents that she provided to the public also shed light on critical issues such as the United States’ avoidance of cluster munitions bans, the United States’ pressure on the Italian government to drop charges against CIA operatives who engaged in renditions, American military executions of civilians, and Iraqi civilian death tolls. She has received a host of awards from prominent media and human rights organizations for this work.

Not all Canadians will agree with what Chelsea did or what she stands for—but as a country that values freedom of expression, open dialogue, and human rights we should permit her to visit and speak in Canada. She stands as a guiding light for persons to stand up and both do what they believe to be honorable and right, as well as be held to account for those beliefs and corresponding actions.

Whether Chelsea wishes to enter Canada to continue her work to advocate for social change or simply to visit friends, there is no principled reason to turn her away. She has served her time in a US military prison after accepting responsibility for her actions. Her sentence was commuted by former US President Barack Obama in January 2017 and she has been living freely in the United States since May 2017. Continuing to deny her entry to Canada would serve no rational benefit to public safety and would undermine Canada’s commitment to international justice and human rights.

Letting Chelsea enter Canada would affirm Canada’s values of dialogue, freedom of expression, and human rights. More than that, letting Chelsea in is simply the right thing to do.

I look forward to hearing news of your decision.

Regards,

Dr. Christopher Parsons
Research Associate, Citizen Lab, Munk School of
Global Affairs, at the University of Toronto

Stuck on the Agenda: Drawing Lessons from the Stagnation of “Lawful Access” Legislation in Canada

October 21, 2015August 18, 2022 / Christopher Parsons

9780776622071_web_1 Earlier this year I had a book chapter, titled “Stuck on the Agenda: Drawing Lessons from the Stagnation of “Lawful Access” Legislation in Canada” published in Law, Privacy and Surveillance in Canada in the Post-Snowden Era. The book was edited by Michael Geist and is freely available in .pdf format from the University of Ottawa Press. The edited collection brings together many of Canada’s leading thinkers on privacy and national security issues, with authors outlining how Canadian-driven intelligence operations function, the legal challenges facing Canadian signals intelligence operations, and ways to reform Canada’s ongoing signals intelligence operations and the laws authorizing those operations.

The book arguably represents the best, and most comprehensive, examination of the Communications Security Establishment (CSE) in recent history. While not providing insiders’ accounts, many of the chapters draw from access to information documents, documents provided to journalists by Edward Snowden, and publicly available information concerning how intelligence operations are conducted by Canadian authorities. In aggregate they critically investigate the actual and alleged intelligence practices undertaken by Canadian authorities.

My contribution focuses on the politics associated with Canada’s lawful access legislation, and identifies some of the political conditions that may precede successful opposition to legislation that expands or reifies both domestic and foreign intelligence surveillance practices. Specifically, the chapter begins by outlining how agenda-setting operates and the roles of different agendas, tactics, and framings. Next, it turns to the Canadian case and identifies key actors, actions, and stages of the lawful access debates. The agenda-setting literature lets us identify and explain why opponents of the Canadian legislation were so effective in hindering its passage and what the future holds for opposing similar legislative efforts in Canada. The final section steps away from the Canadian case to suggest that there are basic as well as additive general conditions that may precede successful political opposition to newly formulated or revealed government surveillance powers that focus on either domestic or signals intelligence operations. You can read the chapter on pages 256-283.

Download the book from University of Ottawa Press

Image credit: Book Cover from Michael Geist (Ed.) (CC BY-NC-SA 3.0) http://www.press.uottawa.ca/law-privacy-and-surveillance

Review: Network Nation – Inventing American Telecommunications

April 5, 2011May 14, 2021 / Christopher Parsons / 4 Comments

I spend an exorbitant amount of time reading about the legacies of today’s telecommunications networks. This serves to historically ground my analyses of today’s telecommunications ecosystem; why have certain laws, policies, and politics developed as they have, how do contemporary actions break from (or conform with) past events, and what cycles are detectable in telecommunications discussions. After reading hosts of accounts detailing the telegraph and telephone, I’m certain that John’s Network Nation: Inventing American Telecommunications is the most accessible and thorough discussion of these communications systems that I’ve come across to date.

Eschewing an anachronistic view of the telegraph and telephone – seeing neither through the lens that they are simply precursors to contemporary digital communications systems – John offers a granular account of how both technologies developed in the US. His analysis is decidedly neutral towards the technologies and technical developments themselves, instead attending to the role(s) of political economy in shaping how the telegraph and telephone grew as services, political objects, and zones of popular contention. He has carefully poured through original source documents and so can offer insights into the actual machinations of politicians, investors, municipal aldermen, and communications companies’ CEOs and engineers to weave a comprehensive account of the telegraph and telephone industries. Importantly, John focuses on the importance of civic ideals and governmental institutions in shaping technical innovations; contrary to most popular understandings that see government as ‘catching up’ to technicians post-WW I, the technicians have long locked their horns with those of government.

Continue reading →

Technology, Thoughts & Trinkets

Touring the Digital Though Type

Politics