Technology, Thoughts & Trinkets

Touring the digital through type

Tag: snowden (page 2 of 2)

The Canadian SIGINT Summaries

Grondstation van de Nationale SIGINT Organisatie (NSO) in Burum, FryslânJournalists with access to leaked documents have reported on the partnerships and activities undertaken by Canada’s foreign signals intelligence (SIGINT) agency, the Communications Security Establishment (CSE), since October 2013. As a result of their stories we know that the Canadian government hosts collection facilities in its diplomatic outposts for American SIGINT operations, has co-ordinated with the NSA to monitor for threats to international summits that took place in Canada, and shares a cooperative relationship with the National Security Agency (NSA) to protect North America from foreign threats. CSE, itself, was found to be conducting signals intelligence and development operations against the Brazilian government, running experiments using domestically collected metadata to track Canadians’ devices, and automating both the discovery of vulnerable computer devices on the Internet for later exploitation and identifying network administrators’ Internet traffic.

The aforementioned revelations are just a sample of what Canadians have learned as journalists have reported on documents leaked to them by Edward Snowden and other whistleblowers. But it has been challenging for even experts to keep track of the Canadian discoveries amongst the tidal wave of information concerning American and British SIGINT agencies. I have created and published a resource to help researchers and members of the public alike track mentions of CSE in documents that have been reported on by professional journalists.

The Canadian SIGINT Summaries page of this website currently includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents. The page will be updated  as new whistleblower documents are released and as I parse and add information about CSE’s operational guides that have been released to the public under Access to Information and Privacy (ATIP) laws. I plan to also include copies of the CSE Commissioner’s reports. While I will try to exhaustively collate documents it is entirely possible that I have, or will, miss some; if you believe I have failed to include a primary document and would like me to add it to the SIGINT Summaries page please contact me with the document and a link to the journalistic source which reported on it.

The Canadian SIGINT Summaries are not meant to replace the detailed reporting of documents nor the exhaustive examination of them by other researchers, scholars, or other analysts. And I expect to write more extensive analyses based upon the documents that extend beyond my summarizations of them. The Canadian SIGINT Summaries are meant as a public resource, listing all of the relevant public documents, briefly describing their contents and publication data, and letting readers download them to draw their own conclusions.

As I update the page with new items or sections I will publish blog posts which either include the item (if just one or two are added) or short summaries when larger updates are published. I hope that you find the Canadian SIGINT Summaries helpful and, for international visitors, encourage you to replicate this model to summarize information about your own domestic SIGINT agency.

Microsoft’s OneDrive Storage Expands NSA Surveillance

spigget_dispersive_prism_illustration

Earlier this month Microsoft announced that its Office 365 subscribers would be able to upload an unlimited amount of data into Microsoft’s cloud-based infrastructure. Microsoft notes that the unlimited data storage capacity is:

just one small part of our broader promise to deliver a single experience across work and life that helps people store, sync, share, and collaborate on all the files that are important to them, all while meeting the security and compliance needs of even the most stringent organizations.

Previously, subscribers could store up to 1TB of data in OneDrive. The new, unlimited storage model, creates new potential uses of the Microsoft cloud including even “wholesale backup of their computer hard drives, or even of their local backup drives”. And, given OneDrive’s integration with contemporary Windows operating systems there is the opportunity for individuals to expand what they store to the Cloud so it can be accessed on other devices.

While the expanded storage space may be useful to some individuals and organizations, it’s important to question Microsoft’s assertion that OneDrive meets the most stringent organization’s security and compliance needs. One reason to question these assertions arise out of a memo that was disclosed by National Security Agency (NSA) whistleblower Edward Snowden. The memo revealed that:

NSA Memo on Microsoft enabling SIGINT Access to SkyDrive

As summarized by the Electronic Frontier Foundation, Section 702 of the FISA Amendments Act which is mentioned in the NSA memo is extremely permissive. The section has been used to authorize:

  • collection of Americans’ phone records without a warrant;
  • access to large portions of Internet traffic that moves through American servers;
  • disclosure of collected information to other parties (e.g. the Drug Enforcement Agency);

European policy analysts agree that Section 702 is overly permissive(.pdf) and argue that the definitions used in the section are so general that “any data of assistance to US foreign policy is eligible, including expressly political surveillance over ordinary lawful democratic activities.” The scope of surveillance was made worse as a result of the FISA Amendments Act 2008. While the FAA 2008 is perhaps best known for providing legal immunity to companies which participated in the warrantless wiretapping scandal, it also expanded the scope of NSA surveillance. Specifically:

[b]y introducing “remote computing services” (a term defined in ECPA 1986 dealing with law enforcement access to stored communications), the scope was dramatically widened communications and telephony to include Cloud computing (.pdf source).

Microsoft’s expansion of OneDrive storage limits is meant to enhance its existing consumer cloud offerings. And such cloud storage can produce workplace efficiencies by simplifying access to documents, protecting against device loss, and externalizing some security-related challenges.

However, if subscribers take advantage of the new unlimited storage and send ever-increasing amounts of data into Microsoft’s cloud, then there will be a much greater amount of information that is readily available to the NSA (and other allied SIGINT agencies). And given that Section 702 authorizes surveillance of foreign political activities there is a real likelihood that data content which was previously more challenging for NSA to access will now be more readily available to interception and analysis.

Signals intelligence agencies, such as the NSA, are likely not top of mind threats to individuals around the world. However, Microsoft’s willingness to manufacture government access to personal and business data should give people pause before they generate sensitive documents, share or store intimate photos, or otherwise place important data in Microsoft’s cloud infrastructure. Any company so willing to engineer its users’ privacy out of personal and enterprise services alike must be treated with a degree of suspicion and its product announcement and security assurances with extremely high levels of skepticism.

A Crisis of Accountability — The Canadian Situation

CanadaThe significance of Edward Snowden’s disclosures is an oft-debated point; how important is the information that he released? And, equally important, what have been the implications of his revelations? Simon Davies, in association with the Institute of Information Law of the University of Amsterdam and Law, Science, Technology & Social Studies at the Vrie Universiteit of Brussels, has collaborated with international experts to respond to the second question in a report titled A Crisis of Accountability: A global analysis of the impact of the Snowden revelations.

In what follows, I first provide a narrative version of the report’s executive summary. The findings are sobering: while there has been a great deal of international activity following Snowden’s revelations, the tangible outcomes of that activity has been globally negligible. I then provide the text of the Canadian section of the report, which was drafted by Tamir Israel, myself, and Micheal Vonn. I conclude by providing both an embedded and downloadable version of the report.

Continue reading

Newer posts »