rcmp

Website Resource Updates

/ Christopher Parsons
Photo by Markus Winkler on Pexels.com

Over the past several months I’ve updated a number of the resources on this website and it’s time to make it a little more apparent to other scholars, experts, and members of the public.

ATIP Repository

As part of my day job at the Citizen Lab I’ve regularly relied on access to information legislation to better understand how the federal government is taking up, and addressing, national security-related issues. It can be difficult for other parties, however, to get access to the same documents given the federal government’s policy of not proactively releasing ATIPs after a year or two.

The result is that scholars and journalists regularly sift through documents that have been released to them for what interests them but they may miss other interesting, or even essential, information that is outside of their interests or expertise. To try and at least somewhat ameliorate that issue I’ve spent the past several months uploading a large number of ATIP releases that I have collected over the past decades. Some were filed by me but the majority were either provided by other scholars or journalists, or retroactively obtained as a re-released package.

The bulk of the ATIPs are associated with CSIS, CSE, and Public Safety Canada. Other agencies and departments include: Department of Justice; Department of National Defence; Employment and Social Development Canada; Global Affairs Canada; Immigration, Refugees and Citizen Canada; Innovation, Science and Economic Development Canada; Office of the Communications Security Establishment Commissioner; Office of the Privacy Commissioner of Canada; Privy Counsel Office; Royal Canadian Mounted Police; Shared Services Canada; Transport Canada; and Treasury Board of Canada.

In many cases I have provided some brief description of things I found notable in the ATIP packages though I have not done so in all cases.

Access ATIP Repository

Order Paper Responses

Under the Canadian parliamentary systems, members of parliament can issue order paper questions to the government. Such questions must be specific and pertain to public affairs. They are typically addressed to government Ministers. The purpose of such questions is to obtain precise or detailed answers and, as such, overly broad questions may be split or broken down to elicit such a response from government agencies. The government is expect to reply within 45 days though this norm is not enforceable by parliament. In the event of parliament being prorogued the Order Paper is cleared and any requests or questions are cancelled.

I have collected a set of Order Paper questions that address issues such as Facial Recognition Technology, mobile device surveillance, data collection by CSIS, disclosures of subscriber information, monitoring of protests, and government interception techniques. None of these Order Paper documents are accompanied by commentary.

Access Order Paper Repository

Canadian Electronic Surveillance Reports

Over the past several years I have undertaken research exploring how, how often, and for what reasons governments in Canada have accessed telecommunications data. As one facet of this line of research I worked with Dr. Adam Molnar and Benjamin Ballard to understand the regularity at which policing agencies across Canada have sought, and obtained, warrants to lawfully engage in real-time electronic surveillance. Such data is particularly important given the regularity at which law enforcement agencies call for new powers; how effective are historical methods of capturing communications data? How useful are the statistics which are tabled by governments?

I have collated the reports which have been published by the provincial and federal governments and, also, noted where provincial governments have failed to provide these reports despite being required to published them under the Criminal Code of Canada. I have not provided any analysis of these reports on this website, aside from a paper I wrote with Dr. Adam Molnar about lawful interception entitled, “Government Surveillance Accountability: The Failures of Contemporary Canadian Interception Reports.”

Access Canadian Electronic Surveillance Reports Repository

Miscellaneous

Finally, I’ve published documents that the RCMP provided to the ETHI Committee concerning its use of On Device Investigative Tools (ODITs), or the malware used by RCMP to gain access to personal devices. These documents were removed from the Committee’s website and so I’ve made them available here, as the were once publicly available materials and remain important for advancing public policy about how and when the RCMP can use these kinds of techniques.

Access ODIT Repository

Pleading the Case: How the RCMP Fails to Justify Calls for New Investigatory Powers

/ Christopher Parsons

'RCMP' by POLICEDRIVER2 (CC BY 2.0) https://flic.kr/p/sEM7W5

‘RCMP’ by POLICEDRIVER2 (CC BY 2.0) https://flic.kr/p/sEM7W5

A pair of articles by the Toronto Star and CBC have revealed a number of situations where the authors report on why authorities may be right to ask for new investigatory powers. A series of cases, combined with interviews with senior RCMP staff, are meant to provide some insight into the challenges that policing and security agencies sometimes have when pursuing investigations. The articles and their associated videos are meant to spur debate concerning the government’s proposal that new investigatory powers are needed. Such powers include a mandatory interception capability, mandatory data retention capability, mandatory powers to compel decryption of content, and easy access to  basic subscriber information.

This post does not provide an in-depth analysis of the aforementioned proposed powers. Instead, it examines the specific ‘high priority’ cases that the RCMP, through a pair of journalists, has presented to the public. It’s important to recognize that neither the summaries nor underlying documents have been made available to the public, nor have the RCMP’s assessments of their cases or the difficulties experienced in investigating them been evaluated by independent experts such as lawyers or technologists. The effect is to cast a spectre of needing new investigatory powers without providing the public with sufficient information to know and evaluate whether existing powers have been effectively exercised. After providing short commentaries on each case I argue that the RCMP has not made a strong argument for the necessity or proportionality of the powers raised by the government of Canada in its national security consultation.

Continue reading

The Governance of Telecommunications Surveillance

/ Christopher Parsons

Last week I released a new report, The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians, through the Telecommunications Transparency Project. The Project is associated with the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, and the report was funded through the Canadian Internet Registration Authorities’s .CA Community Investment Program.

The report examines how contemporary telecommunications surveillance is governed in Canada. In it, we ask how much telecommunications surveillance is occurring in Canada, what actors are enabling the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly and that government irresponsibility surrounding accountability strains its credibility and aggravates citizens’ cynicism about the political process. In aggregate, these failings endanger both the development of Canada’s digital economy and aggravate the democratic deficit between citizens and their governments.

Continue reading

Accountability and Government Surveillance

/ Christopher Parsons / 3 Comments

Charmaine Borg, MPThe issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

Continue reading

(Draft) ANPR: Code and Rhetorics of Compliance

/ Christopher Parsons

Image by ntr23

For roughly the past two years I’ve been working with colleagues to learn how Automatic Number Plate Recognition (ANPR) systems are used in British Columbia, Canada’s westernmost province. As a result of this research one colleague, Rob Wipond, has published two articles on how local authorities and the RCMP are using ANPR technologies. Last February I disclosed some of our findings at the Reboot privacy and security conference, highlighting potential uses of the technology and many of the access to information challenges that we had experienced with respect to our research. Another, Kevin McArthur has written several pieces about ANPR on his website over the years and is largely responsible for Rob and I getting interested, and involved, in researching the technology and the practices associated with it.

The most recent piece of work to come out of our research is a paper that I, Joseph Savirimuthu, Rob, and Kevin have written. Joseph and I will be presenting it in Florence later this month. The paper, titled “ANPR: Code and Rhetorics of Compliance,” examines BC and UK deployments of ANPR systems to explore the rationales and obfuscations linked to the programs. The paper is presently in a late draft so if you have any comments or feedback then please send it my way. The abstract is below, and you can download the paper from the Social Sciences Research Network.

Abstract

Automatic Number Plate Recognition (ANPR) systems are gradually entering service in Canada’s western province of British Columbia and are prolifically deployed in the UK. In this paper, we compare and analyze some of the politics and practices underscoring the technology in these jurisdictions. Drawing from existing and emerging research we identify key actors and how authorities marginalize access to the systems’ operation. Such marginalization is accompanied by rhetorics of privacy and security that are used to justify novel mass surveillance practices. Authorities justify the public’s lack of access to ANPR practices and technical characteristics as a key to securing environments and making citizens ‘safe’. After analyzing incongruences between authorities’ conceptions of privacy and security, we articulate means of resisting intrusive surveillance practices by reshaping agendas surrounding ANPR.

Download paper from the Social Sciences Research Network

UPDATE: The paper is now published in the European Journal of Law and Technology

Deep Packet Inspection and Law Enforcement

/ Christopher Parsons / 4 Comments

rcmpCandace Mooers asked me a good question today about deep packet inspection (DPI) in Canada. I’m paraphrasing, but it was along the lines of “how might DPI integrate into the discussion of lawful access and catching child pornographers?” I honestly hadn’t thought about this, but I’ll recount here what my response was (that was put together on the fly) in the interests of (hopefully) generating some discussion on the matter.

I’ll preface this by noting what I’ve found exceptional in the new legislation that was recently presented by the Canadian conservative government (full details on bill C-47 available here, and C-46 here) is that police can require ISPs to hold onto particular information, whereas they now typically required a judicial warrant to compel ISPs to hold onto particular data. Further, some information such as subscriber details can immediately be turned over to police, though there is a process of notification that must immediately followed by the officers making the request. With this (incredibly brief!) bits of the bills in mind, it’s important for this post to note that some DPI appliances are marketed as being able to detect content that is under copyright as it is transferred. Allot, Narus, ipoque, and more claim that this capacity is built into many of the devices that they manufacture; a hash code, which can be metaphorically thought of like a digital fingerprint, can be generated for known files under copyright and when that fingerprint is detected rules applied to the packet transfer in question. The challenge (as always!) is finding the processor power to actually scan packets as they scream across the ‘net and properly identify their originating application, application-type, or (in the case of files under copyright) the actual file(s) in question.

Continue reading