Technology, Thoughts & Trinkets

Touring the digital through type

Tag: Surveillance (page 1 of 30)

Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports

‘Radome at Hartland Point’ by shirokazan (CC BY 2.0) at https://flic.kr/p/dfn9ei

Adam Molnar and I have a new paper on accountability and signals intelligence, which we will be presenting at the Security Intelligence & Surveillance in the Big Data Age workshop. The workshop will be held at the University of Ottawa later this month as part of the Big Data Surveillance partnership project that is funded by the Social Sciences and Humanities Research Council of Canada.

The paper focuses exclusively on the mechanisms which are needed for civil society actors to evaluate the propriety of actions undertaken by signals intelligence agencies. In it, we argue that Canada’s foreign signals intelligence agency’s public accountability reporting might be enhanced by drawing on lessons from existing statutory electronic surveillance reporting. Focusing exclusively on Canada’s signals intelligence agency, the Communications Security Establishment (CSE), we first outline the relationships between accountability of government agencies to their respective Ministers and Members of Parliament, the role of transparency in enabling governmental accountability to the public, and the link between robust accountability regimes and democratic legitimacy of government action. Next, we feature a contemporary bulk data surveillance practice undertaken by Canada’s signals intelligence agency and the deficiencies in how CSE’s existing review body makes the Establishment’s practices publicly accountable to Parliamentarians and the public alike. We then discuss how proposed changes to CSE oversight and review mechanisms will not clearly rectify the existing public accountability deficits. We conclude by proposing a principle-based framework towards a robust public accountability process that is linked to those underlying domestic and foreign statutory electronic surveillance reports.

A copy of our paper, titled, “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” is available at the Social Sciences Research Network as well as for download from this website.

Update to the SIGINT Summaries

As part of my ongoing research into the Edward Snowden documents, I have found and added an additional two documents to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment (CSE) documents, along with summary, publication, and original source information. CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.

Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD), and Government Communications Security Bureau (GCSB).

All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page.

These documents came to light as I examined the activities that took place between the NSA and New Zealand signals intelligence agencies. The first, “NSA Intelligence Relationship with New Zealand” notes that Canada is a member of the SIGINT Seniors Pacific group as well as SIGINT Seniors Europe. The second, “SIGINT Development Forum (SDF) Minutes”, notes how CSE and GCSB define shaping as “industry engagement and collection bending” as well as CSEC had considered audit analysts’ accounts similar to the NSA, though the prospect of such auditing had rearisen as a discussion point.

NSA Intelligence Relationship with New Zealand

Summary: This document summarizes the status of the NSA’s relationship with New Zealand Government Communications Security Bureau (GCSB). The GCSB has been forced to expend more of its resources on compliance auditing following recommendations after it exceeded its authority in assisting domestic law enforcement, but continues to be focused on government and five eyes priorities and encouraged to pursue technical interoperability with NSA and other FVEY nations.

The NSA provides GCSB with “raw traffic, processing, and reporting on targets of mutual interest, in addition to technical advice and equipment loans.” The GCSB primarily provides the NSA with access to communications which would otherwise remain inaccessible. These communications include: China, Japanese/North Korean/Vietnamese/South American diplomatic communications, South Pacific Island nations, Pakistan, India, Iran, and Antartica, as well as French police and nuclear testing activities in New Caledonia.

Of note, GCSB is a member of SIGINT Seniors Pacific (SSPAC) (includes Australia, Canada, France, India, Korea, New Zealand, Singapore, Thailand, United Kingdom, and United States) as well as SIGINT Seniors Europe (SSEUR) (includes Australia, Belgium, Canada, Denmark, France, Germany, Italy, Netherlands, New Zealand, Norway, Spain, Sweden, United Kingdom, and United States).

Document Published: March 11, 2015
Document Dated: April 2013
Document Length: 3 pages
Associated Article: Snowden revelations: NZ’s spy reach stretches across globe
Download Document: NSA Intelligence Relationship with New Zealand
Classification: TOP SECRET//SI//REL TO USA, FVEY
Authoring Agency: NSA
Codenames: None

SIGINT Development Forum (SDF) Minutes

Summary: This document summarizes the state of signals development amongst the Five Eyes (FVEY). It first outline the core imperatives for the group, including: ensuring that the top technologies are being identified for use and linked with the capability they bring; that NSA shaping (targeting routers) improves (while noting that for CSE and GCSB shaping involves “industry engagement and collection bending”); improving on pattern of life collection and analysis; improving on IP address geolocation that covers Internet, radio frequency, and GSM realms; analyzing how convergence of communications systems and technologies impacts SIGINT operations.

Privacy issues were seen as being on the groups’ radar, on the basis that the “Oversight & Compliance team at NSA was under-resourced and overburdened.” Neither GCSB or DSD were able to sponsor or audit analysts’ accounts similar to the NSA, and CSEC indicated it had considered funding audit billets; while dismissed at the time, the prospect has re-arisen. At the time the non-NSA FVEYs were considering how to implement ‘super-user’ accounts, where specific staff will run queries for counterparts who are not directly authorized to run queries on selective databases.

GCSB, in particular, was developing its first network analyst team in October 2009 and was meant to prove the utility of network analysis so as to get additional staff for later supporting STATEROOM and Computer Network Exploitation tasks. Further, GCSB was to continue its work in the South Pacific region, as well as expanding cable access efforts and capabilities during a 1 month push.  There was also a problem where 20% of GCSB’s analytic workforce lacked access to DSD’s XKEYSCORE, which was a problem given that GCSB provided NSA with raw data. The reason for needing external tools to access data is GCSB staff are prohibited from accessing New Zealand data.

Document Published: March 11, 2015
Document Dated: June 8-9, 2009
Document Length: 3 pages
Associated Article: Snowden revelations: NZ’s spy reach stretches across globe
Download Document: SIGINT Development Forum (SDF) Minutes
Classification: TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
Authoring Agency: NSA
Codenames: STATEROOM, XKEYSCORE

Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency

‘Communication’ by urbanfeel (CC BY-ND 2.0) at https://flic.kr/p/4HzMbw

Last year a report that I wrote for the Centre for Law and Democracy was published online. The report, “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency,” discusses how governments have expanded their surveillance capabilities in an effort to enhance law enforcement, foreign intelligence, and cybersecurity powers and the implications of such expansions. After some of these powers are outlined and the impact on communicating parties clarified, I explore how the voluntary activities undertaken by communications intermediaries can also facilitate government surveillance activities. However, while private companies can facilitate government surveillance they can also facilitate transparency surrounding the surveillance by proactively working to inform their users about government activities. The report concluded by discussing the broader implications of contemporary state surveillance practices, with a focus on the chilling effects that these practices have on social discourse writ large.

Cite as: Parsons, Christopher. (2016). “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency,” Centre for Law and Democracy. Available at: http://responsible-tech.org/wp-content/uploads/2016/06/Parsons.pdf

Read “Transparency in Surveillance: Role of various intermediaries in facilitating state surveillance transparency

Curated Canadian IMSI Catcher Resources

‘Untitled’ by Andrew Hilts

IMSI Catchers enable state agencies to intercept communications from mobile devices and are used primarily to identify otherwise anonymous individuals associated with a mobile device or to track them. These devices are also referred to as ‘cell site simulators’, ‘mobile device identifiers’, and ‘digital analyzers’, as well as by the brandnames such as ’Stingray’, DRTBox’, and ‘Hailstorm’. These surveillance devices are not new – their use by state agencies spans decades. However, the ubiquity of the mobile communications devices in modern day life, coupled with the plummeting cost of IMSI Catchers, has led to a substantial increase in the frequency and scope of IMSI Catcher use by government and non-government agents alike. The devices pose a serious threat to privacy given that they are highly intrusive, surreptitious, and subject to limited controls in relation to their licit and illicit sale or operation.

One of the challenges with understanding the current policy landscape around IMSI Catchers in Canada stems from different government agencies’ deliberate efforts to prevent the public from learning about whether agencies use such devices. Journalists and academics have tried to determine whether and how the devices are used over the course of approximately a decade; this means that information concerning their operation has unfolded over a significant length of time. Without a centralized resource to curate the successes and failures of these investigations it is often challenging for non-experts to understand the full context and history of IMSI Catchers’ operation in Canada.

Only recently have journalists, advocacy groups, and academics in North America learned about how their respective governments have historically, and presently, operated IMSI Catchers. Such revelations began around four years ago in the United States and within the past year and a half in Canada. Such revelations are the culmination of extensive preparatory work: though news articles and research reports appear more frequently, now, their existence today is predicated on the hidden labour that took place over the prior years.

For Canadians, the release of select court documents enabled more informed analysis of how these devices were used by federal, provincial, and municipal agencies. Such information was drawn on to prepare a report on IMSI Catchers that I wrote with Tamir Israel last year, in which we canvassed, collated, and analyzed what was technically understood about how IMSI Catchers operate, as well as the challenges Canadians have faced using freedom of information request to learn more about the technology. That report also included legal analyses of different ways of authorizing the devices’ operation and the Charter implications of their operation. Furthermore, in recent weeks the RCMP finally admitted to the public that it has used IMSI Catchers after previously claiming that any revelation of whether and how they used the devices would infringe on national security or ongoing investigations. Many other agencies have since followed suit, also informing the public whether they possess and operate IMSI Catchers in the course of their investigations.

To help interested members of the public, journalists, advocacy and activist groups, and fellow academics, I have collated a list of IMSI Catcher-related resources that pertain to the Canadian situation. This listing includes the most important primary and secondary documents to read to understand the state of play in Canada. Some of the resources are produced by academics and technologists, some focus on technology or policy or law, and others encompass the major news stories that have trickled out about IMSI Catchers over the past several years. If you believe that I have missed any major documents feel free to contact me.

Access the IMSI Catcher in Canada Resources

Older posts