Category Archives: RCMP

Threatpost - Blackberry CEO defends lawful access principles, supports phone hack - 20160419

Threatpost - Blackberry CEO defends lawful access principles, supports phone hack - 20160419

BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices.

The company’s CEO John Chen penned a statement on Monday, reiterating that one of BlackBerry’s core principles is customer privacy but also acknowledged that BlackBerry stood by its “lawful access principles” in a recently publicized criminal investigation where it was alleged that BlackBerry assisted law enforcement in retrieving data from a phone.

“We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests,” Chen said. Then, in a thinly veiled jab at Apple, Chen added, “I have stated before that we are indeed in a dark place when companies put their reputations above the greater good.” Speculation around the inner workings of the case, which deals with a mafia-related murder in Montreal, has intensified over the last week following a Vice report on Thursday. According to the news outlet, the Royal Canadian Mounted Police (RCMP) – the country’s federal police force – successfully intercepted and decrypted over one million BlackBerry messages relating to the case between 2010 and 2012.

Reporters combed through thousands of court documents that strongly suggest that both BlackBerry and Rogers, a Canadian communications company, cooperated with law enforcement to do so. Particularly telling was a reference in the documents to a “decryption key” that deals with “BlackBerry interception.”

The RCMP oversees a server in Ottawa that “simulates a mobile device that receives a message intended for [the rightful recipient]” according to court filings. In another document, an affidavit, RCMP Sergeant Patrick Boismenu said the server is referred to by the RCMP as a “BlackBerry interception and processing system,” and that it “performs the decryption of the message using the appropriate decryption key.”

BlackBerry has long used a global encryption key – a PIN that it uses to decrypt messages – for its consumer devices.

It’s unclear how exactly the RCMP secured access to a BlackBerry decryption key, or for that matter if it still has the key, but BlackBerry “facilitated the interception process,” according to RCMP inspector Mark Flynn, who testified in a transcript.

Defense lawyers believe the technology the RCMP is using to target BlackBerry devices mimics a cell phone tower and can be manipulated to intercept devices and forward information to police. Largely known as Stingray tracking devices or International Mobile Subscriber Identity (IMSI) catchers, the RCMP refers to the devices as “mobile device identifiers” or “MDIs.” The Globe and Mail did a deep dive on the technology on Monday, noting the technology has been in use in Canada since 2011 and is capable of knocking people calling 911 offline.

If the RCMP is still in possession of the global key, it’s likely that Mounties could still use it to decrypt PIN-to-PIN communications on consumer devices.

While Chen didn’t get into specifics around his company’s move, he lauded it on Monday.

“Regarding BlackBerry’s assistance, I can reaffirm that we stood by our lawful access principles,” Chen wrote, further likening it to doing the right thing in a difficult situation and boasting that it helped lead to a “major criminal organization being dismantled.”

Conversely, privacy experts questioned Chen’s statement and pondered whether it could signal the beginning of the end for the company.

“I think Chen is traveling down a very dangerous path here,” Richard Morochove, a computer forensics investigator with Toronto-based computer consulting firm Morochove & Associates said Tuesday on Canada’s Business News Network, “With this announcement he’s just pounded a big nail into BlackBerry’s coffin.”

BlackBerry uses a global key for its consumer devices, but Chen insists that the company’s BlackBerry Enterprise Server (BES) was not involved in the case and that messages sent from corporate BlackBerry phones cannot be decrypted.

“Our BES continues to be impenetrable – also without the ability for backdoor access – and is the most secure mobile platform for managing all mobile devices,” Chen wrote.

While that means that many of the company’s higher end clientele, government workers and corporations, are protected, any consumers who own BlackBerry devices may have been open, or could still be open to spying by the Canadian police.

Chen’s position of course marks a stark delineation between BlackBerry and Apple, another company that’s been waging its own battle with the government over granting access to customer information.

While Apple refused to break its own crypto to let the FBI bypass the iPhone’s encryption, it sounds like all law enforcement has to do to break into a BlackBerry is ask.

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

The commissioner has opened an investigation into the use of International Mobile Subscriber Identity (IMSI) catchers, otherwise known as stingrays, by law enforcement.

Canada’s privacy watchdog says it will investigate a privacy complaint about the alleged use of “stingrays” by the RCMP.
Office of the Privacy Commissioner spokesperson Valerie Lawton said the organization has opened an investigation into the RCMP’s refusal to admit whether or not it usesthe surveillance technology known as stingrays, formally called International Mobile Subscriber Identity (IMSI) catchers.

During the course of an investigation, the privacy commissioner typically determines if any privacy laws have been broken and makes recommendations on future policy.
The complaint was filed by Laura Tribe, a digital rights specialist for free speech advocate OpenMedia, after she read a story in the Star about the RCMP’s refusal to answer questions about the devices.

“If these invasive technologies are not in use, then these agencies should have no problem confirming that their surveillance activities remain within the confines of the law. If these StingRay technologies are being used in Canada however, the public has a right to know,” said her complaint, filed in December.

The RCMP did not immediately return the Star’s request for comment.

The Mounties have remained tight-lipped about the tech, which mimics a cellphone tower and collects information such as identifying data, text messages and phone calls from people’s cellphones. The device casts a wide net that doesn't distinguish between suspects in criminal cases and ordinary citizens.

In December, when the Star used the Access to Information Act to request policies related to the RCMP’s use of the technology, the RCMP wrote back that those records were exempt from disclosure. The OPP also wouldn’t comment on whether they used the devices.

Meanwhile in the U.S., the FBI has admitted to employing them and drafted a guidance document restricting how law enforcement should use the surveillance technology.

Documents obtained by the Star using the Access to Information Act reveal the privacy commissioner had planned to sit down with RCMP in January to discuss stingrays. But Lawton said the meeting was cancelled once the commissioner decided to launch the investigation.
“That meeting was delayed and before it could be re-scheduled we opened an investigation into a related complaint. Therefore, the issue is now being handled via our investigations process. Due to confidentiality provisions in the Privacy Act, we are not able to offer further information at this time,” Lawton said in an email.
The commissioner has been following media reports about the device for some time and had hoped to get clarity from the RCMP, documents show.

“We have not been made aware by the RCMP of their use of the technology,” OPC spokesperson Tobi Cohen wrote in an email to another media outlet, obtained by the Star using the Access to Information Act.

“If they are using this technology, we expect to be consulted.”

The privacy commissioner is already conducting an investigation into Correctional Service Canada for the alleged use of stingray technology at Warkworth Institution in Campbellford, Ont.

Tribe told the Star she got word last week that the privacy commissioner would investigate her complaint. OpenMedia is also involved in the B.C. access and privacy watchdog’s probe of the Vancouver Police Department’s failure to respond to requests on the subject.
“These are really dangerous tools that can be used to invade the privacy of tens of thousands of Canadians at a time,” Tribe said. “I’m not saying there’s never a time or place for them, but we can’t even begin to have that conversation until we know that they’re being used, or what those circumstances are.”

The RCMP Are Being Investigated Over Controversial Spy Tech - Motherboard 20160413

Canada’s federal police force is being investigated by the country’s top privacy watchdog for its use of a controversial mass surveillance device.

A spokesperson from the Office of the Privacy Commissioner of Canada (OPC) confirmed to Motherboard that it has opened an investigation into the Royal Canadian Mounted Police’s use of IMSI catchers, or “StingRays.” These devices are essentially fake cell phone towers that force phones in the vicinity to connect and reveal identifying information.

The use of such devices has been the topic of much heated discussion and public debate in the US. The Florida Supreme Court ruled that the warrantless use of StingRays by police is unconstitutional in 2014. StingRays are controversial because they target devices within a certain area, and thus risk violating the privacy of innocents.

A leaked email from Correctional Services Canada last year indicated that an unnamed, StingRay-like device was installed in an Ontario prison to monitor inmate communications, but also caught innocent people outside the facility in the dragnet.

“These are fundamentally tools of mass surveillance,” said David Christopher of OpenMedia, the organization that filed the privacy complaint that spurred OPC’s investigation.

Canadian police have been extraordinarily unforthcoming when it comes to the use of IMSI catchers, or StingRays.

Last month, seven men accused in a Quebec court case relating to a mafia slaying pleaded guilty, but not before the RCMP was forced to reveal in open court that they had used a so-called “mobile device identifier”—the RCMP’s term for IMSI catchers—in the course of their investigation. The end of the case meant that the RCMP will reveal no more information about its use of IMSI catchers in court.

"The RCMP will continue cooperating with the Privacy Commissioner on this matter," an RCMP spokesperson wrote me in an email.

In British Columbia, Vancouver police are embroiled in a public battle to keep the details of their use of IMSI catchers secret.

An OPC report on the RCMP’s use of the technology, however, may finally shed some much-needed light on the police’s use of a highly controversial and potentially privacy-destroying surveillance device.

“In order to have a debate, we first need to get the facts on the table,” Christopher said.

Canadian Librarians Must Be Ready to Fight the Feds on Running a Tor Node - Motherboard 20160316

Canadian Librarians Must Be Ready to Fight the Feds on Running a Tor Node - Motherboard 20160316

Political dissidents and cyber criminals alike will soon be sending anonymous internet traffic through a library at Western University in Canada, thanks to a new “node” in the encrypted Tor network operated by staff there—the first to open at a library in the country.

In Canada, the legality of running a Tor node is essentially untested, making the high profile, institutionally-backed node at Western a potential target for the feds.

Tor is touted as a tool for people, such as journalists, to keep their browsing habits safe from spies and police. But more nefarious traffic, such as drug dealing or child pornography, also passes through the network. A small public library in New Hampshire began operating a Tor node last year, and faced pressure from the Department of Homeland Security to shut it down. The library resisted, and the node is still running.

"Frankly, in some ways, I would like to see them try"
“If any intelligence agency or law enforcement tries to intervene again, we will do the same thing that we did in New Hampshire: we will rally community support, we will get our very broad coalition of public interest organizations and luminary individuals, and amazing supporters, to support Western,” said Alison Macrina, director of the Library Freedom Project and adviser to the Tor project at Western.

“Frankly, in some ways, I would like to see them try,” she said.

Traffic going through Tor is encrypted and “hops” through three volunteer nodes—or relays—before reaching the regular web, thus staying relatively anonymous. At the moment, the Western node is running as a middle relay, which means that it operates as one of the three hops in the network, and is blind to the final destination of any traffic.

If the library were to switch its node to an “exit” (where Tor traffic finally enters the regular web), then information about where traffic is going could be known to Western—and that is what law enforcement would likely be interested in, Macrina said. She hopes that Western does make the switch, she added, because institutions are better suited to face legal pressure stemming from running a node than individuals. Staff from the Faculty of Information and Media Studies, the faculty at Western responsible for the node, could not be reached in time for comment.

Watch more from Motherboard: Buying Guns and Drugs on the Dark Net

“It's great news to see more libraries and universities running Tor nodes,” Ian Goldberg, a University of Waterloo professor and inventor of the popular OTR encryption protocol, who operates a Tor exit node at the school, wrote me in an email. Goldberg noted that a middle relay should have no issues, legally, although exit node operators often “get annoyed by people on the Internet contacting them to ask why they are attacking various websites, sending them [copyright] notices for sharing content (in the US), etc.”

Tor use has been raised in at least one criminal case involving child pornography in Canada. Toronto police also told Motherboard last year that the force has investigated people operating Tor exits in the past, particularly in cases involving child pornography. At the time, the Canadian Civil Liberties Association (CCLA) said they had “nothing to add” on the subject.

When asked if the CCLA would support Western staff if Canadian law enforcement pressured them to shut their node down, however, spokesperson Jonah Kanter said, ”In principle we are in favour of tools that protect privacy and will continue to research how Tor nodes can help accomplish that.”

Macrina emphasized that if push came to shove, Western should expect the support of the CCLA and other civil rights organizations in Canada. If the feds come knocking, they may very well need it.

RCMP Wants Facial Recognition 'As an Option' - Motherboard 20160317

RCMP Wants Facial Recognition 'As an Option' - Motherboard 20160317

UPDATE: Two days after we first contacted the RCMP for comment, and one day after this article was posted, Canada’s federal police force has answered some of the questions raised in this story. Their response confirms the reporting below.

“The RCMP does not currently have an approved project plan to implement a facial recognition system,” the statement we received by email states, although the new fingerprint system will “allow the RCMP to implement facial recognition as an option.”

The RCMP does currently maintain a database of facial images voluntarily sent by “police agencies,” but “they are not being used or accessed by the RCMP at this time,” the emailed statement continues. Despite pushing ahead with the procurement process for the technology needed to access such a database, the RCMP spokesperson wrote: “There is currently no policy on the retention of facial images, including purging rules,” and that these questions will be addressed when RCMP policy is “finalized.”

The RCMP statement noted that the law enforcement agency has not consulted the Office of the Privacy Commissioner with regards to this project, but is part of a biometrics working group, along with numerous other national security agencies such as the Canadian Security Intelligence Service and Canada Border Services Agency, created by Defence Research and Development Canada's Centre for Security Science.


The Royal Canadian Mounted Police is aiming to upgrade its automated fingerprint identification system (AFIS), and this time, Canada’s top cops want the system to have facial recognition search capabilities.

Even more concerning, available documents suggest that the plan flies in the face of Canada’s existing privacy guidelines for facial recognition technology.

The AFIS renewal contract is set to run until 2021, according to a 2015 letter of interest, but there is “no planned implementation time” for the facial recognition aspect, according to another letter of interest published on Wednesday. Instead, a successful bidder for the AFIS contract only needs to “support” facial recognition capabilities, should the RCMP decide to implement them.

Despite this ambiguity over when facial recognition will be used, the RCMP has some pretty clear ideas about how it should be used. According to a previously released document, the RCMP would like to store and analyze surveillance and cellphone video, “or other non-controlled, poor-quality sources.” The RCMP also expects that these videos may only contain partial facial images. It’s unclear from where, or how, the RCMP plans on acquiring cellphone video.

"People marching in a demonstration should not be videoed and have their images placed in an RCMP unknown photo database"
According to the document, the RCMP will perform one-to-one searches (using one image to confirm the identity of one suspect), as well as one-to-many searches—fishing expeditions involving large databases of photos. If a photo does not contain an identifiable person, then it should be stored in an “unknown photo database repository,” according to the letter of interest, which the RCMP can later query.

“What is the criteria for adding photos to that database?” Asked lawyer Micheal Vonn, policy director of the British Columbia Civil Liberties Association, who said she isn’t aware of any such RCMP repository. “If they are going to just download all manner of photos and videos into the repository without strict inclusion or exclusion criteria, that is a problem. For example, people marching in a demonstration should not be videoed and have their images placed in an RCMP unknown photo database [to be used as] a repository of suspects.“

Provisions in Bill C-51 that allow for an unprecedented level of information sharing between federal agencies under the aegis of national security, Vonn said, pose additional dangers. “If the RCMP used a national security rationale for commandeering, say, the passport database, it’s got much more photos of Canadians than it would have in their mugshots.”

The RCMP declined to comment within Motherboard’s publishing timeframe, and we will update this article if we hear from them.

Watch more from Motherboard: Inhuman Kind

In a 2013 report prepared by the Office of the Privacy Commissioner of Canada (OPC), the nation’s top privacy watchdog listed several guidelines for facial recognition. Two of them include stipulations to record and store descriptions of biometric data instead of images themselves to ensure they’re not re-analyzed improperly, and to stick to one-to-one searches to minimize the risk of false matches or data breaches. By stating that they wish to maintain a database of images, and perform one-to-many searches, the RCMP appears to be disregarding both of these guidelines.

“We were not specifically aware of this letter of interest,” Tobi Cohen, OPC spokesperson, wrote me in an email. “The issue of facial recognition did come up in a Privacy Impact Assessment (PIA) from the RCMP in relation to body worn video cameras. In our response to the PIA last fall, we indicated that the RCMP would have to update its PIA and assess the privacy risks if it were to apply facial recognition technology to any footage collected. At the time, the RCMP indicated it was not contemplating such a thing.”

“If the RCMP were to use facial recognition in any capacity, we would expect to receive a PIA on the program,” she added.

Facial recognition technology has been used in Canada by passport authorities for years in order to detect fraud, beginning in 2009. That program has been undergoing PIAs since 2004, according to an OPC report, years before it was actually implemented.

Despite shopping around for a company to supply them with facial recognition-ready technology, it appears as though the RCMP is not following the lead of other government agencies in terms of their concern for citizen privacy.

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Prime Minister Justin Trudeau arrived in Ottawa promising to rein in Canada’s spies. But the bosses at the Canadian Security Intelligence Service want the Liberals to know that “robust” rules already govern their expanding operations – including their controversial, and newly legalized, disruption campaigns.

PDF: CSIS Director Michel Coulombe's letter of introduction to Public Safety Minister Ralph Goodale

Transition materials that CSIS provided to Public Safety Minister Ralph Goodale highlight some of the challenges from the Bill C-51 controversy last year, when Canadian spying became a political issue. The documents, which were released to The Globe and Mail, show polite CSIS pushback against some of the Liberals’ campaign pledges.

During the election, the governing Conservatives vowed to empower CSIS to fight terrorism, and cited Bill C-51, a new law that vastly increased the agency’s freedom to operate and share information, as proof that they could do it.

The NDP vowed to repeal the law, and the Liberals promised a middle course. On Nov. 4, Mr. Trudeau told Mr. Goodale in a mandate letter he should “work to repeal … the problematic elements of C-51 and introduce new legislation that strengthens accountability.”

A week later, CSIS director Michel Coulombe sent a letter of introduction, and arranged a briefing, telling Mr. Goodale his spy service operates on tight strictures, not arbitrary whims.

“Recent legislation, including an expansion of the Service’s mandate, has of course led to many changes of our policies,” Mr. Coulombe wrote. “Most recently, a robust new framework was established to govern the conduct of threat-reduction activities.”

letter and related briefing materials were released under the Access to Information Act. On Monday, Mr. Coulombe is to testify before a Parliamentary committee.

“Threat reduction” refers to the most controversial clauses of C-51, which give CSIS disruptive powers to “take measures, within or outside Canada, to reduce the threat” of any forces felt to be dangerous to national security. The law says CSIS intelligence officers cannot harm, kill or sexually assault anyone, but use of the power is otherwise open-ended.

The transition materials show CSIS officials view threat reduction as a large part of their jobs now. They assured Mr. Goodale they do not take their new responsibilities lightly. “Every effort has been made to ensure the responsible exercise … each time the Service exercises its authority.”

CSIS officials said the service lives up to its legal obligations to consult Federal Court judges, or the public-safety minister and his written directives guiding the use of disruptive powers. Internal policies, they added, require further consultation with Mounties, diplomats and the Communications Security Establishment.

“Though CSIS’s authority to investigate and respond is rooted in its own legislation, its actions are not taken in isolation and demand close collaboration with the national-security community,” the documents say. (They do not make clear if CSIS is apprising the federal partners of planned disruptions, or enlisting their help.)

The CSIS Act passed in 1984 reflected a relatively passive federal intelligence-collection agency. Agents had no powers to arrest anyone, or carry guns. Nothing explicitly enabled CSIS officers to interpose themselves in suspects’ lives beyond tapping phones or conducting interviews.

But that began to change, especially after the Sept. 11, 2001, attacks. CSIS operatives started going to places such as Afghanistan and carrying guns. Its leaders testified they started working more closely with police, and doing things that could help prevent terrorism. Some suspects began publicly complaining about CSIS officers aggressively following them or showing up to conduct interviews at workplaces.

C-51 allows CSIS officers to do all this and more. Mr. Coulombe last year told Parliament the bill could facilitate hacking operations – such as meddling with suspects’ smartphones, money movements or travel. The law does not contemplate CSIS ever disclosing such operations to suspects.

The Liberals have never spelled out how they plan to overhaul the C-51 powers. Scott Bardsley, a staffer for Mr. Goodale, said the minister is consulting with security experts for national-security reforms.

The federal government has also promised to create a Parliamentary committee where select MPs would be allowed insights into classified CSIS operations. Most Canadian lawmakers currently know nothing about the specifics of CSIS operations.

Mr. Coulombe says he is aware of a growing political appetite to shine some light on CSIS.

“The Service recognizes the current environment of heightened public interest in national security,” he said in his November letter to Mr. Goodale. He added that as “trust underpins the Service’s ability to be effective, the opportunity to contribute to this discussion is most welcome.”

Police in Ontario and Canada refuse to answer questions about the use of Stingrays - Rabble 20160302

What the heck is a Stingray? And what does it have to do with my privacy? - Rabble 20160302

You may not be aware that a device named after an unusual sea creature poses a serious threat to your cell phone -- but I assure you, it does. A growing concern in the privacy world, the surveillance device nicknamed a "Stingray" (technically known as an IMSI catcher) is an invasive technology that threatens to undermine the privacy of anyone with a cell phone.

A small device about the size of a briefcase, Stingrays are used by some law enforcement agencies to simulate cell phone towers, and trick nearby mobile phones into connecting to them and exposing sensitive personal information. That includes revealing your phone's location, as well as recording incoming and outgoing phone calls. That isn't bad enough? The Stingray can also intercept your text communications, and even extract the encryption keys you use to protect your data.

Incredibly invasive? Yes. But the problem with Stingrays doesn't stop there. They're not just invasive, but they're also indiscriminate. Stingrays use blanket surveillance on everyone in a given geographic location, without any clear targeting.

Are you caught up within the Stingray's radius? Your information is being captured. It has nothing to do with any reasonable expectation of guilt -- just your geography. Just as a cell phone tower connects with all nearby phones, so does the Stingray. They can be targeted into homes, offices or parks. Wrong place, wrong time? You're going to be included in the sweep.

This means you don't have to be the target of an investigation to be spied on. By definition, innocent citizens are inevitably caught up in the Stingray's dragnet. And, perhaps worst of all, you won't even know if you're a victim.

One of the challenges with StingRays is that there is little information about the full extent to which these devices are currently in use. But we do know that they are being used. The NYPD recently revealed these devices have been used over 1,000 times since 2008. Canada's own RCMP, Ontario Provincial Police, and the Vancouver Police Department have all refused to answer requests for information on the subject.

Worse yet, we don't know how this information is being used, how long it's being stored for, and what protections are in place to ensure it is not misused. It's bad enough to collect all of this information about innocent citizens. Failing to ensure it's being treated appropriately only makes things worse.

As we increasingly find ourselves under more and more surveillance, with our privacy under attack from what feels like all sides, is all lost? No. We don't yet know how common Stingray usage is in Canada, and we still have a chance to stop this before their use becomes more widespread.

Transparency is the first step. We need to know if, when, and where these technologies are in use, to be able to demand accountability of our law enforcement agencies. We need to understand the facts to ensure our right to privacy is being protected, and that authorities are being held accountable for this type of surveillance.

That's why, at OpenMedia, we're intervening alongside a number of other pro-privacy organizations at an upcoming case to be heard by the B.C. Privacy Commissioner. We're asking the Commissioner to rule that police must come clean about whether, and how often, they use these spying devices. The case will be heard later this month, and you can check out our website or follow us on Facebook for the latest developments.

Laura Tribe is Digital Rights Specialist for OpenMedia, a community-based organization that safeguards the possibilities of the open Internet.

Rogers and Alcatel-Lucent Proposed an Encryption Backdoor for Police - Motherboard 20160212

Rogers and Alcatel-Lucent Proposed an Encryption Backdoor for Police - Motherboard 20160212

As telecom companies prepare for the day when phone calls are counted in megabytes and not minutes, yet another contentious encryption debate is looming: how to secure subscribers' voice conversations, while balancing law enforcement’s need to eavesdrop when needed.

For Canadian telecom company Rogers and equipment maker Alcatel-Lucent (now Nokia), one option was a so-called backdoor, a secret key of sorts that could decrypt otherwise secure communications, and that theoretically only law enforcement could use.

In 2012, the two companies came up with a lawful interception proposal for a next-generation voice encryption protocol, known as MIKEY-IBAKE. The protocol was designed to protect conversations end-to-end—that is, no one sitting in the middle of a call's network connection could eavesdrop on what was being said.

Unless you were law enforcement, that is. For them, there was an exception, a backdoor. But there’s a problem with this scenario: a backdoor for law enforcement has the potential to be exploited by others, which is why, amongst security professionals, backdoors are so vehemently opposed.

"In the US, this has been the debate. Are we going to backdoor communications? We simply haven't had that debate here," said Christopher Parsons, a post-doctoral researcher at the Citizen Lab, which belongs to the University of Toronto’s Munk School for Global Affairs. "It seems as though we have carriers and vendors who are looking for ways to subvert that without bothering to deal with the politicians."

The documents detailing the Rogers and Alcatel-Lucent proposal are related todocuments analyzed last month by Steven Murdoch, a Royal Society University Research Fellow in the Information Security Research Group of University College London. Murdoch’s analysis described an encryption protocol related to MIKEY-IBAKE that had been modified—backdoored—by the UK intelligence agency GCHQ.

An excerpt from one of the documents describing Rogers and Alcatel-Lucent's proposal. Image: Screenshot/3GPP

On the one hand, telecom providers have no choice but to opt for stronger encryption (and, to be clear, this is a good thing). At present, "land-line calls are almost entirely unencrypted, and cellphone calls are also unencrypted except for the radio link between the handset and the phone network," wrote Murdoch, in his recent analysis of GCHQ’s backdoored cellular encryption scheme.

On the other, more widespread use of encryption has drawn the ire of law enforcement. The FBI famously described Apple and Google’s efforts to increase user data protections as making evidence go “dark.” And because various jurisdictions—including Canada and the US—include wiretap provisions as a condition of having access to wireless spectrum, employing protections that also stymie law enforcement isn't so cut and dry.

"These lawful intercept requirements are harming security,” Murdoch said in an interview. “They're preventing the deployment of security in order to facilitate surveillance, and that's not really a debate that's been discussed."

The Rogers and Alcatel-Lucent proposal was introduced during a meeting of the 3rd Generation Partnership Project's lawful interception working group in 2012. The 3GPP is an organization that develops standards that dictate how much of the world's cellular infrastructure works, including 4G and LTE (draft documents of the proposal are available on its website, but the final proposal is not).

At that meeting, which was held in Barcelona, Rogers and Alcatel-Lucent proposed an approach to encryption where, instead of protecting communications using a random number generator the system would use a pre-defined "pseudo-random number generator," or a secret number, that only a telecom provider or network operator would know.

Because all messages would be encrypted using this pre-determined number, anyone that discovered the number could decrypt any message they wanted.

“We're talking about fundamental aspects of how law enforcement interacts with our communications, that the extent to which we can trust the security provided to us by telecommunications providers"

The proposal was described by Parsons and fellow Citizen Lab researcher Andrew Hilts last year, in a report for the the Telecom Transparency Project (Parsons is its founder), but received little notice at the time.

"The Rogers/Alcatel-Lucent solution would let a [telecom service provider] either decrypt traffic in real time or retroactively decrypt traffic that had been encrypted using the [pseudo-random number generator]," the pair wrote in their 2015 report on the telecommunications surveillance. "As such, their proposal would effectively undermine the core security design decisions that were ‘baked’ into MIKEY-IBAKE."

"This should be a public discussion. This shouldn't be something that's buried away in a pretty cloistered standards environment,” said Parsons, who called the proposal “worrying.” Canadian Parliament has yet to engage in the sort of encryption debate currently taking place in the US.

“We're talking about fundamental aspects of how law enforcement interacts with our communications, that the extent to which we can trust the security provided to us by telecommunications providers,” Parsons continued. “And this all comes after Canada has passed numerous legislature that deals with security and surveillance, none of which, to my mind, explicitly clarify whether or not this kind of decryption on the fly would be required."

The encryption protocol proposed by Rogers and Alcatel-Lucent was actually previously rejected by the UK government's spy agency agency GCHQ for being too difficult to eavesdrop on. Instead, GCHQ proposed an alternate standard, MIKEY-SAKKE, which can be more readily intercepted. The UK government has beenpromoting adoption of the standard in both government and commercial products.

MIKEY-IBAKE, meanwhile, does not appear to have been implemented. Leonard Pesheck, a spokesperson for Nokia (which recently purchased Alcatel-Lucent), wrote in an email that "the MIKEY-IBAKE proposal we submitted to 3GPP SAE for standardization was not accepted and we therefore did not pursue product plans."

Rogers spokesperson Jennifer Kett also confirmed the company brought forward the MIKEY-IBAKE proposal, but "ultimately that proposal was not adopted."

"As you can appreciate, in order to best protect our customers and as a condition of our licenses, we don’t publicly disclose our security practices," Kett wrote in an email.

If those practices include backdoors, however, it’s only a matter of time before others disclose them first.

Will Trudeau finally let Parliament watch the watchers? - Globe and Mail 20160115

Will Trudeau finally let Parliament watch the watchers - Globe and Mail 20160115

Prime Minister Justin Trudeau takes part in a virtual reality demonstration at the new Google Canada Development headquarters in Kitchener, Ont., this week. (Nathan Denette/The Canadian Press)

For many voters, the Liberal Party stumbled badly last year when, still in opposition, it voted in favour of the Harper government’s Anti-Terrorism Act. Also referred to as Bill C-51, the act – now the law of the land – is a dangerous overreach, something critics were saying loudly when the Liberals backed it.

Among other problems, the law lumps legitimate protest and free speech in with acts of terrorism and gives police-like powers to CSIS, the domestic spy agency. Most alarming of all, CSIS can ask a judge in secret for a warrant that lets its agents violate the Charter rights of terrorism suspects. The law establishes secret police powers in the name of national security, with zero parliamentary oversight.

And the Liberals went along with it. Voting for the Bill C-51 was a tactical move by leader Justin Trudeau to outflank a Conservative government that hoped to corner him into appearing weak on terrorism. But in denying Stephen Harper an election soundbite (Justin is for terrorism!), Mr. Trudeau betrayed his party’s values. It was a troubling trade-off, one the Liberal leader vowed to put right if he was elected prime minister.

And now here we are. Mr. Harper is a spectral Opposition backbencher, and Mr. Trudeau has a majority government. There is nothing stopping the Prime Minister from bringing in his promised amendments. To date, all indications are that he will do so quickly.

Even more promisingly, though, the new government has taken preliminary steps to increase parliamentary oversight of CSIS and other intelligence and security services. This is great news. If Mr. Trudeau delivers on this, he will more than erase the black mark he earned with his support for Bill C-51.

The question of the moment, then, is, will this government do what all before it have failed to do and create an oversight body or bodies that have the power, resources, independence and mandate to credibly monitor and review Canada’s intelligence and security agencies?

The Maher Arar and Air India debacles, as well as the passage of Bill C-51, have demonstrated that Canadians’ liberties and security are as much at risk from sloppy intelligence work, unjust arrest and detention, and government invasion of privacy as they are from the threat of terrorism. But no government of the past 30 years has established an adequate level of scrutiny of our security and intelligence bodies.

The big three – CSIS, the RCMP and the Communications Security Establishment, which intercepts and analyzes foreign communications and electronic signals – can gather information and share it liberally with each other, as well as with the Armed Forces and a multitude of government departments.

But most of that security work is done without review. The review bodies that do exist – the Security Intelligence Review Committee (SIRC) for CSIS, the Civilian Review and Complaints Commission for the RCMP, and the CSE commissioner – can’t talk to each other. They are confined to their corner of the world and thus can only carry out partial reviews. It would make far more sense to have a single review body – a “super-SIRC,” as many have called it – that could monitor security and intelligence-related work across the entire government.

The biggest failing of all, though, is that Canada is the only one of the so-called Five Eyes security partners that doesn’t give elected representatives, other than cabinet ministers, access to secret information. (The other Five Eyes partners are the U.S., the U.K., Australia and New Zealand.)

In fact, Canada is virtually alone among Western countries in the sidelining of elected representatives in matters of security and intelligence oversight, according to a new omnibus analysis of the issue by Craig Forcese and Kent Roach, two university professors who are among the leading critics of Bill C-51 and Canada’s security oversight shortcomings.

Their primer on the subject points to the obvious solution: the creation of a committee of parliamentarians who have classified access to all of the doings of CSIS, the CSE, the RCMP, the Armed Forces, the Canada Border Services Agency and others in order to ensure that the nation’s intelligence and security activities are “lawful; proportionate to the threat; necessary; and designed to be effective and efficient.”

As it stands right now, parliamentarians can’t even get a straight answer “about the number of Canadians who have left the country to join terrorist groups abroad,” a Senate committee complained in July.

Mr. Trudeau signalled this week that he is moving in the right direction when he announced that MP David McGuinty will chair a proposed “statutory committee of parliamentarians that will be responsible for reviewing security-related issues.” The legislation creating the committee will be tabled by June, the government said.

As well, Public Safety Minister Ralph Goodale and Mr. McGuinty travelled to the U.K. this week to study Britain’s Intelligence and Security Committee of Parliament. The British committee, though not without its own controversies, is considered to be the gold standard because of its relative independence from government, the scope of its mandate, its large resources (it has its own secretariat) and its access to all secret information.

Canada must strive to meet that standard. Our intelligence and security capacities have increased steadily since 2001 and are more vital than ever today.

But Canadians need to be able to trust that their tax dollars are being wisely and efficiently spent, that the Charter of Rights and the laws of the country are being respected, and that they are not being duped by government officials hiding behind a curtain of official secrecy. Our Five Eyes allies have demonstrated that an independent parliamentary committee is a non-negotiable part of any democratic nation’s security apparatus. Canada should have one, too.

Mr. Trudeau knows what the right thing to do is. Anything less than that will be a failure.

Canada's spy agencies broke surveillance laws, watchdogs reveal - Globe and Mail 20160129

Canada's spy agencies broke surveillance laws, watchdogs reveal - Globe and Mail 20160129

Canada’s two spy agencies have come under attack by their Ottawa watchdogs for breaking the rules of telecommunications surveillance.

A report released on Thursday revealed that the Communications Security Establishment (CSE) has unlawfully shared data with foreign allies, while a report on the Canadian Security Intelligence Service made public on the same day said CSIS has been neglecting to tell judges who authorize surveillance operations they are retaining elements of communications intercepts they are ordered to destroy.

The reports from the watchdogs for CSE and CSIS centred on “metadata,” or the intercepted telecommunications trails reflected in phone logs and Internet protocol (IP) exchanges. Collecting and sharing such material can vastly expand intelligence-gathering operations. The legal issues this raises have been quietly debated over the past 15 years within Canada’s intelligence bureaucracy, but not in open courts or Parliament.

The new Liberal government came to office last fall pledging to make the country’s spies more accountable and transparent, but highly classified and complex surveillance programs that have proliferated in secrecy over the past decade indicate how difficult that promise may be to fulfill.

Together, the CSE and CSIS get more than $1-billion from taxpayers. Both are banned from spying on Canadians without a warrant.

Government officials played down the significance of potential privacy breaches.

In discussing one watchdog report, the minister responsible for CSE, Ottawa’s ultra-secretive electronic spy agency, said he was unable to say how many Canadians were affected by the sharing of the metadata in 2013, or why it took until 2016 to disclose it.

“I can’t give you the actual number, because the way I am informed is that … we would be violating the law in digging up that type of information,” Defence Minister Harjit Sajjan told reporters.

Jean-Pierre Plouffe, a retired judge who acts as CSE’s watchdog commissioner, said in his report that the spy agency broke rules by passing metadata involving the communications of Canadians to its closest foreign allies, a group collectively known as “the Five Eyes.”

Experts say this is the first time in CSE’s modern existence that it has been found to have acted unlawfully. “I believe this is the first clear instance of a commissioner declaring that CSE did not comply with the law,” said Bill Robinson, a researcher whose blog is devoted to the spy agency.

The Five Eyes have existed since the Second World War, when signals intelligence agencies in Canada, the United States, Britain, Australia and New Zealand teamed up to spy on foreign adversaries. Today, the shared work continues, as the CSE and its counterparts analyze phone logs, Internet IP routing information, and other data trails that are captured through clandestine means on a massive, global scale.

All this is done so security agents can spot threats, or figure out who is talking to whom, even when they cannot snoop on the underlying conversations or messages. Sometimes this helps set up more targeted and invasive spying operations.

The danger with metadata is that spy agencies can break domestic-surveillance laws when they collect and share it in bulk. CSE says it only ever “incidentally” captures Canadian communications and works to protect privacy when it inevitably does.

Mr. Plouffe said the spy agency’s breaches in 2013 were “not intentional,” but that CSE did not exercise “due diligence when it failed to ensure that the Canadian identity information” was not included in reports given to allies. (Prosecutors decided not to lay charges after being assured by Mr. Plouffe it was unlikely that any Canadian identities were actually compromised.)

Faced with the adverse findings in the watchdog’s annual report, CSE held an unprecedented technical briefing for reporters in Ottawa – the first time the agency has done so.

Officials blamed a software problem, and said CSE stopped sharing the problematic information in 2014. Reporters were told the metadata did not contain the names of any Canadians, and that the CSE was confident that none of the allied agencies, including the U.S. National Security Agency, would have used the information to target Canadians.

Because CSE eavesdrops on foreigners, it needs legal authorization from the Minister of National Defence. On Thursday, Mr. Sajjan pointed out to reporters that “the actual deficiency was identified by CSE officials themselves and they proactively brought that to the attention of the [watchdog] commissioner.”

CSIS – the “human intelligence” counterpart to CSE’s “signals intelligence” service – was also criticized on Thursday for previously undisclosed efforts to collect metadata.

Because CSIS intelligence officers mostly focus on Canadian targets, they need authorization from Federal Court judges for any bugging or hacking operations. When warrants expire, CSIS is legally obliged to destroy the captured communications of people it did not specifically “target” in a surveillance operation.

Years ago, CSIS leaders decided officers could retain the metadata related to all intercepted communications, even if forced to destroy the contents of underlying conversations. The report on CSIS that was released on Thursday, written by the watchdog Security Intelligence Review Committee (SIRC), said the agency never revealed this practice to the judges who authorized the intercepts.

The report recommends that CSIS now do so each time it asks for a warrant.

“SIRC was given no indication that the Service was fully transparent with the Federal Court about the nature and scope of its activities with respect to metadata,” it reads. The report urges CSIS to disclose to judges what it has been doing, because “the court has a general interest in how the service uses the intelligence, including metadata, collected under the authority of a warrant.”

In its response, CSIS says it disagrees with the finding and that it has “communicated clearly and transparently to the Federal Court.”