standards

Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure

/ Christopher Parsons

Last week, I published a report with Gary Miller and the Citizen Lab entitled, “Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure.” I undertook this research while still employed by the Citizen Lab and was delighted to see it available to the public. In it, we discuss how the configuration and vulnerabilities of contemporary telecommunications networks enables surveillance actors to surreptitiously monitor the location of mobile phone users.

The report provides a high-level overview of the geolocation-related threats associated with contemporary networks that depend on the protocols used by 3G, 4G, and 5G network operators, followed by evidence of the proliferation of these threats. Part 1 provides the historical context of unauthorized location disclosures in mobile networks and the importance of the target identifiers used by surveillance actors. Part 2 explains how mobile networks are made vulnerable by signaling protocols used for international roaming, and how networks are made available to surveillance actors to carry out attacks. An overview of the mobile ecosystem lays the foundation for the technical details of domestic versus international network surveillance, while the vectors of active versus passive surveillance techniques with evidence of attacks shows how location information is presented to the actor. Part 3 provides details of a case study from a media report that shows evidence of widespread state-sponsored surveillance, followed by threat intelligence data revealing network sources attributed to attacks detected in 2023. These case studies underscore the significance and relevance of undertaking these kinds of surveillance operations.

Deficiencies in oversight and accountability of network security are discussed in Part 4. This includes outlining the incentives and enablers that are provided to surveillance actors from industry organizations and government regulatory agencies. Part 5 makes clear that the adoption of 5G technologies will not mitigate future surveillance risks unless policymakers quickly move to compel telecommunications providers to adopt the security features that are available in 5G standards and equipment. If policymakers do not move swiftly then surveillance actors may continue to prey upon mobile phone users by tracking their physical location. Such a future paints a bleak picture of user privacy and must be avoided.

Download a ,pdf version of “Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure

The G7 Communique and Artificial Intelligence

/ Christopher Parsons

The G7 Communique which was issued on May 20 included discussions of AI technology and governance. While comments are high-level they are worth paying attention to since they may indicate where ongoing strategic pressure will be placed when developing AI policies.

The G7’s end goals around AI are to ensure that trustworthy AI is developed that is aligned with democratic values. The specific values called out include:

  • fairness;
  • accountability;
  • transparency;
  • safety;
  • protection from online harassment, hate, and abuse; and
  • respect for privacy and human rights, fundamental freedoms, and the protection of personal data.

While not surprising, the core values stated do underscore the role for privacy regulators and advocates in the development of AI governance policies and practices.

Three other highlights include:

  1. The need to work with private parties to promote responsible AI, with the caveat that platforms are singled out for the needing to address child sexual exploitation and abuse while upholding the children’s rights to safety and privacy online.
  2. A strong emphasis on developing interoperable international governance and technical standards to promote responsible AI governance and technologies.
  3. A commitment by the G7, in collaboration with the OECD and GPAI, to launch discussions on generative AI technologies by end of the year.

The first point, concerning child sexual exploitation, either suggests a new front on the discussions of technology policy and online child abuse images or is just another reference to ongoing pressure on large internet platforms. Only time will tell us how to interpret this aspect of the G7’s messaging. Monitoring other Five Eyes meetings and G7 outputs maybe help with this interpretation.

The second point, on international governance, raises the question of whether federal governments will link national regulations to international standards. Should that occur then it will be interesting to see the extent to which regulations in Canada’s Artificial Intelligence and Data Act ultimately refer to, or integrate, such standards. Assuming, of course, that that the Act is passed into law in its present format.

The third point underscores how generative AI technologies are attracting attention on prominent and important national and international agendas. It remains to be seen, however, whether such attention persists and, also, whether we see ongoing and significant concerns continue to percolate as the public and politicians become used to the technology and it’s increasing integration with failing computing functions. For my money I don’t see emerging uses of AI systems to fall off the agenda anytime in the near future.

If you’re curious in assessing the AI-related aspects of the Communique yourself, you can find them in the Preamble at 1, as well as in Digital at 38

Open Source and Open Office XML

/ Christopher Parsons

I’ve had friends and colleagues that have championed open source software and operating systems for ages. While I’ve appreciated their arguments I’ve never been convinced by them to actually proceed and move whole-scale to open source – either because it would be inconvenient, the software that I needed wasn’t immediately available in the same format as what I was using in Windows, or I just didn’t have the time to learn an entirely new way of computing. I’ve worked with computers for the past five or six years and in all that time has been in Microsoft environments – I’ve had (and in many ways continue to have) a deep investment in Microsoft products, and that’s been a central factor in Microsoft keeping my business.

The decision to avoid switching to an open source Office Suite was practically sealed when I started to demo Microsoft Office 2007 for my workplace – I love the interface, the built-in designs, and the ability to make professional looking documents with ease. Office 2007 completely drops the GUI of all other Office packages and reinvents the wheel, somehow managing to come closer to that Form of perfect Office computing. Without knowing anything about the new document format that Office 2007 used I was just annoyed that it wasn’t interoperable with previous versions of Office, but that was relieved when Microsoft placed a free conversion package on their Window’s Update website. Finally, I thought, I’d be able to share these awesome documents that I’m making with everyone in the Windows world!

Continue reading