[Advisors] FW: [liberationtech] CSEC Snowden revelations

michael gurstein gurstein at gmail.com
Fri Jan 31 04:55:30 PST 2014 

 

 

From: liberationtech-bounces at lists.stanford.edu
[mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Ronald
Deibert
Sent: Thursday, January 30, 2014 7:35 PM
To: liberationtech
Subject: [liberationtech] CSEC Snowden revelations

 

Libtech

 

There are more details to it than what's described here - more damning.

I believe most, if not all, of the documents I saw should be released
tomorrow.

 

I am planning on writing a detailed oped, which I hope will appear tomorrow.

 

Regards

RD

 

EXCLUSIVE


CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden
documents


Electronic snooping was part of a trial run for U.S. NSA and other foreign
services


By Greg Weston, Glenn Greenwald, Ryan Gallager,
<http://www.cbc.ca/news/cbc-news-online-news-staff-list-1.1294364> CBC News
Posted: Jan 30, 2014 8:59 PM ET Last Updated: Jan 30, 2014 10:00 PM ET

http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-tr
avellers-edward-snowden-documents-1.2517881

 

 

A top secret document retrieved by U.S. whistleblower Edward Snowdenand
obtained by CBC News shows that Canada's electronic spy agency used
information from the free internet service at a major Canadian airport to
track the wireless devices of thousands of ordinary airline passengers for
days after they left the terminal.

After reviewing the document, one of Canada's foremost authorities on
cyber-security says the clandestine operation by the Communications Security
Establishment Canada ( CSEC) was almost certainly illegal.

 

Ronald Deibert told CBC News: "I can't see any circumstance in which this
would not be unlawful, under current Canadian law, under our Charter, under
CSEC's mandates."

 

The spy agency is supposed to be collecting primarily foreign intelligence
by intercepting overseas phone and internet traffic, and is prohibited by
law from targeting Canadians or anyone in Canada without a judicial warrant.

As CSEC chief John Forster recently stated: "I can tell you that we do not
target Canadians at home or abroad in our foreign intelligence activities,
nor do we target anyone in Canada.

"In fact, it's prohibited by law. Protecting the privacy of Canadians is our
most important principle."

 

But security experts who have been apprised of the document point out the
airline passengers in a Canadian airport were clearly in Canada.

 

CSEC said in a written statement to CBC News that it is "mandated to collect
foreign signals intelligence to protect Canada and Canadians. And in order
to fulfill that key foreign intelligence role for the country, CSEC is
legally authorized to collect and analyze metadata."

 

Metadata reveals a trove of information including, for example, the location
and telephone numbers of all calls a person makes and receives - but not the
content of the call, which would legally be considered a private
communication and cannot be intercepted without a warrant.

 

"No Canadian communications were (or are) targeted, collected or used," the
agency says.

In the case of the airport tracking operation, the metadata apparently
identified travelers' wireless devices, but not the content of calls made or
emails sent from them.


Black Code


 

Diebert is author of the book Black Code: Inside the Battle for Cyberspace,
which is about internet surveillance, and he heads the world-renowned
Citizen Lab cyber research program at the University of Toronto's Munk
School of Global Affairs.

 

He says that whatever CSEC calls it, the tracking of those passengers was
nothing less than an "indiscriminate collection and analysis of Canadians'
communications data," and he could not imagine any circumstances that would
have convinced a judge to authorize it.

 Cellphone-travel
<http://i.cbc.ca/1.2517883.1391128507!/fileImage/httpImage/image.jpg_gen/der
ivatives/original_300/cellphone-travel.jpg> 

A passenger checks his cellphone while boarding a flight in Boston in
October. The U.S. Federal Aviation Administration issued new guidelines
under which passengers will be able to use electronic devices from the time
they board to the time they leave the plane, which will also help electronic
spies to keep tabs on them. (Associated Press)

The latest Snowden document indicates the spy service was provided with
information captured from unsuspecting travellers' wireless devices by the
airport's free Wi-Fi system over a two-week period.

Experts say that probably included many Canadians whose smartphone and
laptop signals were intercepted without their knowledge as they passed
through the terminal.

The document shows the federal intelligence agency was then able to track
the travellers for a week or more as they - and their wireless devices -
showed up in other Wi-Fi "hot spots" in cities across Canada and even at
U.S. airports.

That included people visiting other airports, hotels, coffee shops and
restaurants, libraries, ground transportation hubs, and any number of places
among the literally thousands with public wireless internet access.

The document shows CSEC had so much data it could even track the travellers
back in time through the days leading up to their arrival at the airport,
these experts say.

While the documents make no mention of specific individuals, Deibert and
other cyber experts say it would be simple for the spy agency to have put
names to all the Canadians swept up in the operation. 

All Canadians with a smartphone, tablet or laptop are "essentially carrying
around digital dog tags as we go about our daily lives," Deibert says.

Anyone able to access the data that those devices leave behind on wireless
hotspots, he says, can obtain "extraordinarily precise information about our
movements and social relationships."


Trial run for NSA


The document indicates the passenger tracking operation was a trial run of a
powerful new software program CSEC was developing with help from its U.S.
counterpart, the National Security Agency.

In the document, CSEC called the new technologies "game-changing," and said
they could be used for tracking "any target that makes occasional forays
into other cities/regions."

Sources tell CBC News the technologies tested on Canadians in 2012 have
since become fully operational.

CSEC claims "no Canadian or foreign travellers' movements were 'tracked,'"
although it does not explain why it put the word "tracked" in quotation
marks.

Deibert says metadata is "way more powerful that the content of
communications. You can tell a lot more about people, their habits, their
relationships, their friendships, even their political preferences, based on
that type of metadata."

The document does not say exactly how the Canadian spy service managed to
get its hands on two weeks' of travellers' wireless data from the airport
Wi-Fi system, although there are indications it was provided voluntarily by
a "special source."

The country's two largest airports - Toronto and Vancouver - both say they
have never supplied CSEC or other Canadian intelligence agency with
information on passengers' Wi-Fi use.

Alana Lawrence, a spokesperson for the Vancouver Airport Authority, says it
operates the free Wi-Fi there, but does "not in any way store any personal
data associated with it," and has never received a request from any Canadian
intelligence agency for it.

A U.S.-based company, Boingo, is the largest independent supplier of Wi-Fi
services at other Canadian airports, including Pearson International in
Toronto.

Spokesperson Katie O'Neill tells CBC News: "To the best of our knowledge,
[Boingo] has not provided any information about any of our users to the
Canadian government, law enforcement or intelligence agencies."

It is also unclear from the document how CSEC managed to penetrate so many
wireless systems to see who was using them - specifically, to know every
time someone targeted at the airport showed up on one of those other Wi-Fi
networks elsewhere.

Deibert and other experts say the federal intelligence agency must have
gained direct access to at least some of the country's main telephone and
internet pipelines, allowing the mass-surveillance of Canadian emails and
phone calls.


'Blown away'


 

Ontario's privacy commissioner Ann Cavoukian says she is "blown away" by the
revelations.

 

"It is really unbelievable that CSEC would engage in that kind of
surveillance of Canadians. Of us.

 

"I mean that could have been me at the airport walking around. This
resembles the activities of a totalitarian state, not a free and open
society."

 in-220-ann-k-cp-00795902
<http://i.cbc.ca/1.2045051.1381648888!/httpImage/image.jpg_gen/derivatives/o
riginal_300/in-220-ann-k-cp-00795902.jpg> 

Privacy commissioner Ann Cavoukian. (Colin Perkel/Canadian Press)

Experts say the document makes clear CSEC intended to share both the
technologies and future information generated by it with Canada's official
spying partners - the U.S., Britain, New Zealand and Australia, the
so-called Five Eyes intelligence network.

Indeed, the spy agency boasts in its leaked document that, in an apparently
separate pilot project, it obtained access to two communications systems
with more than 300,000 users, and was then able to "sweep" an entire
mid-sized Canadian city to pinpoint a specific imaginary target in a
fictional kidnapping.

The document dated May 2012 is a 27-page power-point presentation by CSEC
describing its airport tracking operation.

While the document was in the trove of secret NSA files retrieved by
Snowden, it bears CSEC's logo and clearly originated with the Canadian spy
service.

Wesley Wark, a renowned authority on international security and
intelligence, agrees with Deibert.

"I cannot see any way in which it fits CSEC's legal mandate."

Wark says the document suggests CSEC was "trying to push the technological
boundaries" in part to impress its other international counterparts in the
Five-Eyes intelligence network.

"This document is kind of suffused with the language of technological
gee-whiz."

Wark says if CSEC's use of "very powerful and intrusive technological tools"
puts it outside its mandate and even the law, "then you are in a situation
for democracy where you simply don't want to be."   

Like Wark and other experts interviewed for this story, Deibert says there's
no question Canada needs CSEC to be gathering foreign intelligence, "but
they must do it within a framework of proper checks and balances so their
formidable powers can never be abused. And that's the missing ingredient
right now in Canada."

The only official oversight of CSEC's spying operations is a retired judge
appointed by the prime minister, and reporting to the minister of defence
who is also responsible for the intelligence agency.

.
<http://www.cbc.ca/news/politics/csec-watchdog-muzzled-defanged-greg-weston-
1.2462279> CSEC's defanged watchdog: Greg Weston

"Here we clearly have an agency of the state collecting in an indiscriminate
and bulk fashion all of Canadian communications and the oversight mechanism
is flimsy at best," Deibert says.

"Those to me are circumstances ripe for potential abuse."

CSEC spends over $400 million a year, and employs about 2,000 people, almost
half of whom are involved in intercepting phone conversations, and hacking
into computer systems supposedly in other countries.

It has long been Canada's most secretive spy agency, responding to almost
all questions about its operations with reassurances it is doing nothing
wrong.

Privacy watchdog Cavoukian says there has to be "greater openness and
transparency because without that there can be no accountability.

"This trust-me model that the government is advancing and CSEC is advancing
- 'Oh just trust us, we're doing the right thing, don't worry' - yes, worry!
We have very good reason to worry."

In the U.S., Snowden exposed massive metadata collection by the National
Security Agency, which is said to have scooped up private phone and internet
records of more than 100 million Americans.

A U.S. judge recently called the NSA's metadata collection an Orwellian
surveillance program that is likely unconstitutional.

The public furor over NSA snooping prompted a White House review of the
American spy agency's operations, and President Barack Obama recently vowed
to clamp down on the collection and use of metadata.

Cavoukian says Canadians deserve nothing less.

"Look at the U.S. - they've been talking about these matters involving
national security for months now very publicly because the public deserves
answers.

"And that's what I would tell our government, our minister of national
defence and our prime minister: We demand some answers to this."

 


Share Tools


Ronald Deibert

Director, the Citizen Lab 

and the Canada Centre for Global Security Studies

Munk School of Global Affairs

University of Toronto

(416) 946-8916

PGP: http://deibert.citizenlab.org/pubkey.txt

http://deibert.citizenlab.org/
twitter.com/citizenlab
r.deibert at utoronto.ca



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://victoria.tc.ca/pipermail/advisors/attachments/20140131/c2ad7f51/attachment-0001.html>

More information about the Advisors mailing list