Surveillance

A Crisis of Accountability — The Canadian Situation

/ Christopher Parsons

CanadaThe significance of Edward Snowden’s disclosures is an oft-debated point; how important is the information that he released? And, equally important, what have been the implications of his revelations? Simon Davies, in association with the Institute of Information Law of the University of Amsterdam and Law, Science, Technology & Social Studies at the Vrie Universiteit of Brussels, has collaborated with international experts to respond to the second question in a report titled A Crisis of Accountability: A global analysis of the impact of the Snowden revelations.

In what follows, I first provide a narrative version of the report’s executive summary. The findings are sobering: while there has been a great deal of international activity following Snowden’s revelations, the tangible outcomes of that activity has been globally negligible. I then provide the text of the Canadian section of the report, which was drafted by Tamir Israel, myself, and Micheal Vonn. I conclude by providing both an embedded and downloadable version of the report.

Continue reading

Canadian Cyberbullying Legislation Threatens to Further Legitimize Malware Sales

/ Christopher Parsons

Focus, Build, HackLawful access legislation was recently (re)tabled by the Government of Canada in November 2013. This class of legislation enhances investigative and intelligence-gathering powers, typically by extending search and seizure provisions, communications interception capabilities, and subscriber data disclosure powers. The current proposed iteration of the Canadian legislation would offer tools to combat inappropriate disclosure of intimate images as well as extend more general lawful access provisions. One of the little-discussed elements of the legislation is that it will empower government authorities to covertly install, activate, monitor, and remove software designed to track Canadians’ location and ‘transmission data.’

In this post I begin by briefly discussing this class of government-used malicious surveillance software, which I refer to as ‘govware’. Next, I outline how Bill C–13 would authorize the use of govware. I conclude by raising questions about whether this legislation will lead government agencies to compete with one another, with some agencies finding and using security vulnerabilities, and others finding and fixing the vulnerabilities such tools rely. I also argue that a fulsome debate must be had about govware based on how it can broadly threaten Canadians’ digital security. Continue reading

Responding the the Crisis in Canadian Telecommunications

/ Christopher Parsons

In the middle of an identity crisisOn April 29, 2014 the Interim Privacy Commissioner of Canada, Chantal Bernier, revealed that Canadian telecommunications companies have disclosed enormous volumes of information to state agencies. These agencies can include the Royal Canadian Mounted Police, Canadian Security Intelligence Service, Canadian Border Services Agency, as well as provincial and municipal authorities. Commissioner Bernier’s disclosure followed on news that federal agencies such as the Canadian Border Services Agency requested access to Canadians’ subscriber data over 19 thousand times in a year, as well as the refusal of Canadian telecommunications companies to publicly disclose how, why, and how often they disclose information to state agencies.

This post argues that Canadians are not powerless. They can use existing laws to try and learn whether their communications companies are disclosing their personal information to state agencies. I begin by explaining why Canadians have a legal right to compel companies to disclose the information that they generate and collect about Canadians. I then provide a template letter that Canadians can fill in and issue to the telecommunications companies providing them with service, as well as some of the contact information for major Canadian telecommunications companies. Finally, I’ll provide a few tips on what to do if companies refuse to respond to your requests and conclude by explaining why it’s so important that Canadians send these demands to companies providing them with phone, wireless, and internet service.

Continue reading

Accountability and Government Surveillance

/ Christopher Parsons / 3 Comments

Charmaine Borg, MPThe issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

Continue reading

The Murky State of Canadian Telecommunications Surveillance

/ Christopher Parsons

Telephone PoleOn January 20, 2014 the Citizen Lab along with leading Canadian academics and civil liberties groups sent letters to Canada’s most prominent Internet service providers. We asked the companies to reveal the extent to which they voluntarily, and under compulsion, disclose information about their subscribers to state agencies, as well as for information about business practices and data retention periods. The requested information would let researchers, policy analysts, and civil liberties groups better understand the current telecommunications landscape and engage in evidence-based policy analysis of current and proposed government surveillance activities. The companies were asked to provide responses by March 3, 2014.

A considerable amount of attention has been given to state access to telecommunications data since January 20. Organizations such as the Globe and Mail wrote that Canadians deserve to know who is listening to their communications, and reporting by The Wire Report found that while telecommunications companies believed they might not be able to respond to all the questions in the letters, at least some responses might be provided without running afoul of government gag laws. However, The Wire Report also found that some sources believed they were forbidden from disclosing any information about the assistance they provide to government agencies, with one stating they were “completely resigned.”

At the same time as the letters were being examined by the companies, a series of high-profile telecommunications-related stories broke in the media. In the United States, leading telecommunications carriers released ‘transparency reports’ that put some information in the public arena concerning how often the companies disclose information to American state agencies. In Canada, there were revelations that the Communications Security Establishment Canada (CSEC) had surreptitiously monitored the movements of Canadians vis-a-vis mobile devices that connected to wireless routers. These revelations sparked renewed interest in the origins of CSEC’s data, whether Canadian telecommunications companies either voluntarily or under compulsion provide data to CSEC, the nature of CSEC’s ‘metadata’ collection process, and the rationales driving data exchanges between telecommunications companies and state agencies more generally. The Office of the Privacy Commissioner of Canada also tabled a report that outlined a series of ways to improve accountability and transparency surrounding state access to telecommunications data. Finally, MP Charmaine Borg, the New Democratic Party Member of Parliament for the riding of Terrebonne—Blainville in Quebec, issued a series of questions to the federal government that are meant to render transparent how federal agencies request information from telecommunications companies.

Continue reading

The Oddities of CBC’s Snowden Redactions

/ Christopher Parsons / 3 Comments

cbcThe CBC has recently partnered with Glenn Greenwald to publish some of Edward Snowden’s documents. Taken from the National Security Agency (NSA), the documents the CBC is exclusively reporting on are meant to have a ‘Canadian focus.’ Many of the revelations that have emerged from Mr. Snowden’s documents have provided insights into how the NSA conducts its activities both domestically and abroad, and have also shown how the Agency’s ‘Five Eyes’ partners conduct their affairs.

Journalists have redacted documents or provided partial copies since first reporting on the Snowden documents in summer 2013. To date, no common method or system of redacting documents has been agreed upon between the journalists and news agencies covering these documents.

In this post I want to spend some time talking about the redactions that the CBC has made to the sole Snowden document it has (thus far) released to the public. I begin by explaining how I got my – almost entirely unredacted – version of the document and why I am comparing my copy to the ‘publicly released’ version. Next, I discuss the various redactions made by the CBC and comment on the appropriateness of each redaction. Where I think that information ought to have been released, or the redacted information is outside of the ‘personal information’ reason the CBC gave for redacting information, I provide or describe the information to the public. Finally, I write about the need for a more robust way of redacting documents: as I will make clear, the CBC’s approach seems (at best) scattershot and (at worst) inappropriate. The CBC is the journalist source that will  be controlling the Canadian Snowden documents and, as a result, has a public obligation to dramatically improve its explanations for why it is redacting sections of the leaked documents. Continue reading