⊗ Network sovereignty
⊗ Clement, A and Obar, JA - Canadian Internet \"boomerang\" traffic and mass NSA surveillance: Responding to privacy and network sovereignty challenges - 2015
⊗ Clement, Andrew - Canada\'s bad dream - 2014
⊗ Experts Say Economics and Politics Hamper Efficient Routing of Internet Data - 201411
⊗ Clement, Andrew and Obar, Jonathan A - Keeping Internet Users in the Know or in the Dark: An Analysis of the Data Privacy Transparency of Canadian Internet Service Providers - 20140327 <download>
⊗ Obar, Jonathan A and Clement, Andrew - Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty - 20130701 <download>
TEM 2013: Proceedings of the Technology & Emerging Media Track - Annual Conference of the Canadian Communication Association (Victoria, June 5-7, 2012)
Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby internet transmissions originating and terminating in Canada are routinely routed through the United States. Canadian originated transmissions that travel to a destination in Canada via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty.
In the face of this unregulated surveillance of Canadians, the Federal government and internet service providers should re-assert our national network sovereignty and better protect Canadian civil liberties. In what follows, we present boomerang route findings and discuss U.S. National Security Agency (NSA) tracking concerns. We then offer a plan for strengthening Canadian network sovereignty, including: 1) strengthening and enforcement of Canadian privacy law (e.g. PIPEDA), and 2) repatriation of Canadian internet traffic by building more internet exchange points.
⊗ Clement, Andrew and Obar, Jonathan A - Keeping Internet Users in the Know or in the Dark: An Analysis of the Data Privacy Transparency of Canadian Internet Service Providers - 20140327 <download>
In the wake of the Snowden revelations about NSA surveillance, recent calls for greater data privacy recommend that internet service providers (ISPs) be more forthcoming about their handling of our personal information. Responding to this concern as well as in keeping with the transparency, openness and accountability principles fundamental to Canadian privacy law, this report evaluates the data privacy transparency of twenty of the most prominent ISPs (aka carriers) currently serving the Canadian public. We award ISPs up to ten ‘stars’ based on the public availability of the following information: 1. A public commitment to PIPEDA compliance. 2. A public commitment to inform users about all third party data requests. 3. Transparency about frequency of third party data requests and disclosures. 4. Transparency about conditions for third party data disclosures. 5. An explicitly inclusive definition of ‘personal information’. 6. The normal retention period for personal information. 7. Transparency about where personal information is stored. 8. Transparency about where personal information is routed. 9. Publicly visible steps to avoid U.S. routing of Canadian data. 10. Open advocacy for user privacy rights (such as in court and/or legislatively).
Stars are awarded based on careful examination of each ISP’s corporate website. We selected the 20 ISPs in our sample based on their prevalence among the approximately 6000 internet traceroutes in the IXmaps.ca database (out of 25,000 in total) that correspond to intra-Canadian routes – i.e. with origin and destination in Canada.
ISPs earn very few stars – 1.5/10 on average. The highest scoring carrier overall is TekSavvy, earning 3.5 stars in aggregate based on full or half stars across five criteria. The large foreign carriers Cogent and AboveNet (Zayo) receive no stars. Slightly more than half of the ISPs (11 of 20), all operating primarily in Canada, state a commitment to adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs the handling of personal information in commercial transactions. None of the foreign-based ISPs that carry significant amounts of intra-Canadian traffic indicate any explicit compliance with Canadian privacy law. At the time of writing, no Canadian ISP had yet published a transparency report along the lines of AT&T, Verizon, Google, Facebook or Twitter, each of which have begun to report standardized statistics concerning law enforcement access requests.
Without proactive public reporting on the part of ISPs in the key areas identified above, it is very difficult for Canadians to protect their personal privacy online nor hold these important organizations to account. To remedy this situation, we provide a number of policy recommendations specific to the various groups involved.
⊗ Clement, Andrew - Mapping Internet Backbone Traffic for Understanding Communication Policy Issues: Surveillance and Network Sovereignty in a North American Context- 20120331
Objectives: There is much attention to internet policy issues but this is mainly focused on activities at the ‘edges’ of the internet. Furthermore, understanding internet traffic routing and storage issues and their associated policy implications is made more difficult by how the ‘cloud’ metaphor obscure the ‘hard’ structures, jurisdictional boundaries and dynamic processes of internet routing.
This paper reports on research aimed at rendering more visible and amenable to public policy treatment the relatively hidden aspects of backbone routing. By mapping the routes packets take across the North America, this research seeks to shed light on two phenomena in particular: internet surveillance conducted by security and law enforcement agencies (eg NSA, CSE); and ‘boomerang routing’, where packets originating and terminating in the same country are routed via one or more other countries where they may be subject to surveillance or delay. These have implications for privacy and ‘network sovereignty.’
Methods: There are several steps in the analysis and mapping of internet routing: 1) crowdsourced generation of traceroutes - user installed traceroute generation software which automatically ‘pings’ a series of predefined destination URLs and uploads results to central IXmaps database; 2) geo-location of IP addresses produced in 1) assigning lat/long to IP addresses via a combination of three techniques: traceroute-landmark; hostname parsing; and comparative hop latency; 3) background research on the carriers, data centers and exchange points referenced in traceroutes; 4) combining data from previous steps by mapping traceroutes and intermediate sites in Google Earth.
Data: So far our database contains over 14,000 individual traceroutes spanning North America, based on 92 originating addresses, over 1,700 destination URLs: 1722 and includes more than 13,000 unique IP Addresses, half of which have been geo-located to the city level or better.
Novelty: Prior work in mapping internet traffic typically shows aggregate flows between major switching centers from the perspective of the carriers. The mapping of individual routes between user selected origins and destination provides for a much finer grained analysis and more specific policy insights. eg. We show that a significant portion of intra-Canadian traffic transits via the US. Furthermore, it enables a nuanced account for why particular routes cross borders or pass through surveillance sites, as well as suggesting remedial responses such as the siting of backbone facilities and jurisdictional regulation.
⊗ Clement, Andrew and Obar, Jonathan A - Internet Boomerang Routing: Surveillance, Privacy and Network Sovereignty in a North American Context - 20130331
Due to technical and political economic choices made principally by private corporations, worldwide internet traffic is often routed through the United States. For example, in 2005 it was estimated that 94 percent of internet traffic routed between Latin America and Asia or Latin America and Europe passed through switches in the U.S. (Bamford, 2009). Packets originating and terminating in the same country may also travel via the U.S. - a process we refer to as ‘boomerang routing’.
Beyond the economic and network performance issues of increased latency, boomerang routing raises several policy concerns, many emanating from the alleged surveillance practices of U.S. government agencies, most notably the National Security Agency (NSA). Unchecked surveillance of foreign internet traffic, a practice protected and engendered by the U.S. Patriot Act, threatens national network sovereignty, or the concept that a nation should have control over the routing, maintenance and protection of its internet traffic. A loss of network sovereignty threatens civil liberties as users become subject to the laws and policies of foreign governments, corporations and others engaging in surveillance.
It is worth noting that the prospect of NSA surveillance may also be damaging to the reputation of the U.S. government and its ISPs, painting the American government as a ‘surveillance state’ that cannot be trusted. The outcomes of this potential shift in reputation could include the political economic consequences of physical layer circumvention efforts by would-be sovereign nations protecting traffic from interception.
This paper describes ongoing research aimed at rendering more visible and amenable to public policy treatment the relatively hidden aspects of backbone routing. By mapping the routes packets take across North America, we seek to shed light on the phenomenon of ‘boomerang routing’ from several policy perspectives. Taking Canadian boomerang routing as a case study, we show its extent and recurring patterns. In particular, we examine how relations between different classes and nationalities of carriers, as well as the availability of local public peering points affects whether data is routed internally within Canada or whether it transits the U.S.
This research draws on our IXmaps database (see: IXmaps.ca), which contains over 22,000 individual traceroutes spanning North America. About 2500 of these originate and terminate in Canada. Well over a third are boomerang routes, initiated from public and private locations in Canada that transit the United States before ending at similarly public and private locations in Canada. Nearly all of this boomerang traffic passes through cities where the NSA is strongly suspected of having installed splitter operations.
We will highlight implications of this research for ongoing internet governance negotiations, such as the recent ‘failed’ World Conference on International Telecommunications (WCIT-12), as well as how nations whose internet traffic is often routed via the U.S. may advance their network sovereignty. In particular we will discuss the prospect for governments and internet businesses to promote the establishment of national public internet exchanges that can help reduce congestion, enhance network performance and keep personal data under national privacy jurisdiction.
Bamford, J. (2009). The shadow factory: The ultra-secret NSA from 9/11 to the eavesdropping on America. New York: Doubleday.
Expert report reveals Internet providers should be more transparent about how they handle our private information
Report lifts the curtain on how Internet providers protect privacy, giving Canadians an at-a-glance tool to rate their provider’s transparency compared with others
March 27, 2014 – A new report by leading privacy experts has revealed that Canadian Internet providers need to be much more transparent about how they protect their customers’ private information.
The report found that while all providers had room for improvement, smaller independent providers tend to be more transparent overall than their larger counterparts. Smaller providers also got credit for being more transparent about their user privacy protection and for more visibly keeping domestic Canadian Internet traffic within Canada.
The report, entitled Keeping Internet Users in the Know or in the Dark, is being released today byIXmaps.ca and New Transparency Projects. The report offers Canadians an in-depth look at the Data Privacy Transparency of Canadian Internet Service Providers (ISPs). The authors have also released an at-a-glance ‘Star Table’ rating ISPs according to 10 transparency criteria. Canadians can use this chart to see how their provider compares with others. The ISP ‘star ratings can also be seen in relation to one’s personal internet traffic using the Explore feature of the IXmaps.ca internet mapping tool.
The study found that there was plenty of room for improvement among the 20 ISPs covered by the report. However smaller, independent Canadian carriers scored better overall than larger incumbents. Independent provider TekSavvy earned more stars across more categories than other ISPs. Canadian ISPs were overall more transparent than the foreign carriers that handle domestic Canadian internet traffic. They generally don’t even acknowledge their compliance with Canadian privacy law, notably the Personal Information Protection and Electronic Documents Act (PIPEDA).
The project was spearheaded by Prof. Andrew Clement and Dr. Jonathan Obar at the Faculty of Information, University of Toronto. Professor Clement explains that: “We’ve just seen that in 99% of Canadian Border Services Agency’s requests for subscriber information, telecom companies have turned this sensitive data over without a warrant. Internet providers must be accountable to the Canadian public for how they handle our personal information. ISPs that proactively demonstrate transparency can show leadership in the global battle for data privacy protection and bringing state surveillance under democratic governance.”
OpenMedia.ca, a community-based organization leading a 34,000-strong nationwide pro-privacy campaign, says the report has revealed that Canadians need better accountability from their ISPs, especially from the telecom giants.
“Canadians deserve to know whether their telecom provider has their back when it comes to how they protect your privacy,” says OpenMedia.ca Executive Director Steve Anderson. “Today’s report will make it easier for Canadians to make informed choices about which Internet provider to trust with their personal information. It’s clear from these detailed findings that smaller providers are more transparent about the measures they take to protect customer privacy - information customers need to assess which Internet provider is best for them.”
Anderson continued: “Nevertheless, all Internet providers have plenty of room for improvement. With so much of our private information now online, every Internet provider has a duty to safeguard Canadians from mass government surveillance - foreign and Canadian. They also need to be much more transparent about the extent of their cooperation with warrantless government spying - Canadians deserve to know exactly how often the government tries to invade their privacy, and exactly what their ISP is doing to protect them.”
The report makes a number of policy recommendations aimed at improving ISP transparency:
- ISPs should make public detailed information about their commitment to being transparent about when, why, and how they transfer private customer information to the state and other third parties.
- The federal Privacy Commissioner and CRTC should more closely oversee ISPs to ensure their data privacy transparency, and in particular that they only hand off Internet traffic to carriers with comparable privacy protections as those in Canadian privacy law.
- Legislators should reform privacy laws to include robust transparency norms.
The research has been supported by the Social Sciences and Humanities Research Council and the Office of the Privacy Commissioner of Canada. The views expressed are those of the authors alone.
OpenMedia.ca, Professor Andrew Clement and Dr. Jonathan Obar are part of the Protect our Privacy Coalition, which is calling for effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities.
Over 34,000 Canadians have spoken out about government spying in recent months at:https://openmedia.ca/csec and http://OurPrivacy.ca
About the IXmaps.ca research project:
Since 2008, the IXmaps.ca project has worked to help internet users “see where your data packets go”, with the aim of raising public awareness of the privacy implications of internet data packet routing. In particular, the project has mapped the sites of likely NSA interception in the US, enabling users to see whether their internet traffic may have been captured. It has also documented the extensive Canadian “boomerang traffic” - Internet communication that starts in Canada and ends in Canada, but which passes through the US where it is subject to NSA surveillance. The project has received funding from the Social Sciences and Humanities Research Council of Canada and the Office of the Privacy Commissioner of Canada and is affiliated with the New Transparency Project and the Information Policy Research Program at the Faculty of Information, University of Toronto.
OpenMedia.ca is a network of people and organizations working to safeguard the possibilities of the open Internet. We work toward informed and participatory digital policy.
Through campaigns such as StopTheMeter.ca and StopSpying.ca, OpenMedia.ca has engaged over half-a-million Canadians, and has influenced public policy and federal law.
About OpenMedia.ca’s privacy campaign
OpenMedia.ca led the successful StopSpying.ca campaign that forced the government to back down on its plans to introduce a costly, invasive, and warrantless online spying law (Bill C-30). Nearly 150,000 Canadians took part in the campaign. To learn more, see this infographic.
On October 10, 2013 OpenMedia.ca collaborated with over 40 major organizations and over a dozen academic experts to form the Protect Our Privacy Coalition, which is the largest pro-privacy coalition in Canadian history. The Coalition is calling for effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities.
OpenMedia.ca and the BC Civil Liberties Association (BCCLA) recently announced they will work together to put a stop to illegal government surveillance against law-abiding Canadians. OpenMedia.ca has launched a national campaign encouraging Canadians to support a BCCLA legal action which aims to stop illegal spying by challenging the constitutionality of the government’s warrantless collection of data on Canadians’ everyday Internet use.
Communications Manager, OpenMedia.ca
- Telecom firms handed CBSA private customer data over 18,000 times last year without a warrant. Source: The Chronicle Herald
- Internet surveillance and boomerang routing: A call for Canadian network sovereignty - Source:Jonathan Obar and Andrew Clement
- IXmaps – Tracking your personal data through the NSA’s warrantless wiretapping sites, 2013 IEEE International Symposium on Technology and Society (ISTAS), Toronto, June 27-29, 2013. Source: Andrew Clement
- The murky state of Canadian telecommunications surveillance. Source: Christopher Parsons
- Proposed online spying bill would grant telecom firms immunity for handing over private information without a warrant. Source: Michael Geist
- Privacy experts ask telecoms if they’re helping the government spy on Canadians. Source:OpenMedia.ca
- New Snowden docs show U.S. spied during G20 in Toronto. Source: CBC News
- Five highlights from the Canada-Brazil spying revelations. [Source: The Globe and Mail]
- Privacy watchdog on spy agency’s data collection: ‘We want to find out more’. [Source: CBC News.mail.com/news/politics/privacy-watchdog-on-spy-agencys-data-collection-we-want-to-find-out-more/article12459998/">The Globe And Mail]
- Canada’s spy agency may have illegally targeted Canadians: watchdog. [Source: National Post]
- Inside Canada's top-secret billion-dollar spy palace. [Source: CBC News]
- Data breach protocols deficient in 9 federal departments, watchdog finds. - [Source: CBC News]
- Lawful Access back on the agenda this Fall? - Michael Geist.
- The secretive CSEC agency has a staff of more than 2,000 and a budget of about $400 million. [Source: CBC News]
- Surveillance expert Ron Deibert on the threat spy agencies pose for citizens.
- Internet Law expert Michael Geist on why Canadians should be concerned about government spying.
- Privacy commissioner Jennifer Stoddart says there are significant concerns about the scope of information that CSEC are reported to collect. [Source: CBC News]
- In this article, The Globe and Mail describes the revelations about Canadian government spying as “disturbing and unacceptable”
- This document, obtained by The Globe through Access to Information, shows how Minister MacKay authorized a top secret program to data-mine global ‘metadata’ in 2011.