Tag Archives: Airport WiFi

Spy agencies, prime minister's adviser defend Wi-Fi data collection - CBC News 20140203

Original: Spy agencies, prime minister's adviser defend Wi-Fi data collection - CBC News 20140203

'It's data about data,' Stephen Harper's national security adviser says of metadata collection - by Laura Payton, CBC News

The head of Canada's communications surveillance agency defended its use of metadata Monday and argued a test using Canadian passengers' data — revealed by CBC News last week — didn't run in real-time and wasn't an actual operation.

John Forster, chief of the Communications Security Establishment Canada, defended the cybersecurity agency over revelations contained in a document released by U.S. National Security Agency whistleblower Edward Snowden.

Forster was appearing before the Senate national defence committee along with the head of CSIS and the prime minister's national security adviser days after a CBC News report on the document that showed CSEC used airport Wi-Fi to track the movements of Canadian passengers, including where they'd been before and after the airport.

Forster did not deny the story, but said CSEC was acting within the law.

Forster said the agency used metadata to develop a model that showed they could track an internet user's network activity "around a public access mode," and that the tracking didn't happen in real time.

Metadata can reveal a trove of information, including, for example, the location and telephone numbers of all calls a person makes and receives. It does not include the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant.

"This exercise involved a snapshot of historic metadata collected from the global internet. There was no data collected through any monitoring of the operations of any airport. Just a part of our normal global collection," he said.

"We weren't targeting or trying to find anyone or monitoring individuals' movements in real time. The purpose of it was to build an analytical model of typical patterns of network activity around a public access mode," Forster said.

The spy chief said the agency also uses metadata to ensure it isn't inadvertently directing investigative efforts at a Canadian phone number or IP address. The agency is supposed to stick to foreign intelligence, not domestic.

Is metadata discarded?

Metadata, Forster said, is essential to CSEC's work. But he said the agency doesn't use it to build profiles on Canadians, and that its own staff would report CSEC to its commissioner watchdog if the agency started tracking Canadians.

Speaking to reporters after the committee meeting, Forster allowed that Canadian metadata is being collected.

"There are foreign and Canadian information mixed together in the internet," he said, responding to a question about whether the agency picks up data belonging to Canadians.

CSEC Chief John Forster 20140203

John Forster, chief of Communications Security Establishment Canada (CSEC), defended the agency's use of metadata Monday and argued it didn't run a surveillance program at a Canadian airport, despite a report to the contrary by CBC News last week. (Fred Chartrand/Canadian Press)

The collection of metadata was approved by a ministerial directive, Forster said. The first directive was issued in 2005 under a Liberal government, with the latest one issued in 2011 under the Conservatives.

Asked whether the data collected for the model had been discarded, Forster referred to a directive about how long it could be stored.

"After a maximum amount of time that data, if it hasn't already been discarded, is discarded," he said.

CSIS denies mass surveillance

Ontario Privacy Commissioner Ann Cavoukian said the law needs to be updated to include metadata, a term that appears nowhere in the current act.

What is 'metadata'?

Metadata refers to information used to order or describe data, rather than the data itself. In the case of modern communications, it is the digital traces created when a phone call is made, an email or text is sent or a webpage is accessed — but it does not contain the content or conversation that was exchanged in those calls, messages or web surfing.

To use a less modern example, a library card catalogue contains the metadata for the books in a library.

However, metadata can include a lot of information, including the date, time, duration and location of a communication, the wireless device ID or internet address of the device that was used and the IDs or addresses of devices on the other end of the message or call — and even keywords or "tags" that relate to the information being exchanged.

"So it is fiction to say that the act authorizes metadata. It's an interpretation — the way I interpret it, any interception is not permitted," Cavoukian told Evan Solomon, host of CBC News Network's Power & Politics.

The head of Canada's spy agency, the Canadian Security Intelligence Service, told senators the agency doesn't perform mass surveillance of Canadians.

"I can assure you that CSIS warrants authorized by the Federal Court do not allow the mass surveillance of Canadians and we do not engage in such activities," Michel Coulombe said.

"Our warrants are directed against specific individuals who pose a threat to the security of Canada, a threshold that is clearly articulated in the CSIS Act."

Earlier, Prime Minister Stephen Harper's national security adviser, Stephen Rigby, defended the collection of Canadians' metadata by Canada's surveillance agency, calling it "data about data."

Rigby said he is "not totally persuaded" that Canada's spy agencies tapped into airport Wi-Fi.

"I think that the document that has been released clearly indicates that there has been collection of metadata," Rigby said.

"That is a well-known fact.… It does not represent a compromise of private communications by Canadians. It's data about data," making it "well within the legal parameters" of agency operations, he said.

Privacy concerns

Canada's interim privacy commissioner, Chantal Bernier, said in a report last week that she had serious concerns about how spy agencies use social media to collect information. Bernier said the potential for privacy invasion calls for commensurate protection, including an updated law.

130 Canadian extremists abroad

Michel Coulombe, the head of the Canadian Security Intelligence Service, says his agency is aware of more than 130 Canadians working abroad in support of extremist activities. He says it's his number 1 security concern.

"Currently, CSIS is aware of over 130 Canadians who are abroad in support of extremist activities, including approximately 30 in Syria alone. Such individuals' activities vary widely, ranging from paramilitary activity, training in weapons and explosives, and logistical support, to terrorist fundraising and studying in extremist madrassas.

"Some never achieve their intent and simply return home. Thus their depth of experience varies widely, making some individuals much more concerning than others. The service actively investigates such individuals, however, I must be clear in stating that such investigations are inherently challenging and gaps in our understanding are unavoidable. The number of individuals overseas are in constant flux. Their motivations are difficult to ascertain and their movement against sometimes isolated terrain are difficult to track."

Rigby said Bernier presented Parliament with some interesting ideas, but that the current controls "are reasonably robust."

"I think to a certain extent there's been a lot of public debate about some of the actions of our security agencies as a result of Mr. Snowden's disclosures," he said.

"I'm not persuaded at the end of the day that all of them are 100 per cent accurate."

Rigby said Bernier's ability to audit CSIS and CSEC is a check in itself.

"I think that the annual reports that are tabled by the commissioner, by SIRC [CSIS's review body the Security Intelligence Review Committee] and by the director of CSIS, for example, all represent opportunities to comment on privacy issues and the checks that are in place to assure Canadians that they have reasonable privacy protections in place," he said.

'That, simply put, is spying'

Opposition members in the House of Commons have long demanded more parliamentary oversight of the country's national security agencies.

NDP defence critic Jack Harris tabled a motion last fall to create a parliamentary committee to determine the best way to oversee CSEC and CSIS. The motion was defeated.

Liberal public safety critic Wayne Easter is tabling a motion in the House Tuesday to order CSEC to end all illegal monitoring of Canadians and increase proper oversight of the cybersecurity agency via a national security parliamentary committee.

"When Canadian citizens transferring through airports and using Wi-Fi have their metadata collected, that, simply put, is spying," Easter said in the House Monday.

A report by the commissioner from last June, Easter said, noted that some activities may have been directed at Canadians.

CSEC Snowden docs: MPs grill defence minister on spying revelation - CBC News 20140131

Original: CSEC Snowden docs: MPs grill defence minister on spying revelation - CBC News 20140131

Tories say independent report shows CSEC obeys law as NDP, Liberals call tracking, spying illegal - by Laura Payton, CBC News

Nothing in a document obtained by CBC News suggests Canada's communications spy agency used airport Wi-Fi to track Canadians, Defence Minister Rob Nicholson said Friday.

Nothing in a document obtained by CBC News suggests Canada's communications spy agency used airport Wi-Fi to track Canadians, Defence Minister Rob Nicholson said Friday. (Reuters)

Opposition MPs say the government has to do more to reassure Canadians after a document newly released by former NSA contractor Edward Snowden suggested Canada's communications spy agency tracked people through free airport Wi-Fi.

The top secret document shows Canada's electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

Under repeated questioning by opposition MPs on Friday, Defence Minister Rob Nicholson didn't directly deny the story, but said that the document detailing work by the Communications Security Establishment Canada (CSEC) doesn't show that Canadian communications were targeted or used.

New Democrat House Leader Nathan Cullen said the government needs to offer proof no Canadians were tracked.

"All we saw in the House today was rhetoric and empty lines. Talking points aren't going to assure Canadians that they are not in fact being spied upon by their government," Cullen said.

"We see quotation [marks] and weasel-words from the minister. This is worrisome for me and it certainly doesn't give any assurance to Canadians who are properly worried as well."

Nicholson says CSEC "made it clear to CBC that nothing in the documents that they had obtained showed that Canadian communications were targeted, collected, or used, nor that travellers' movements were tracked."

The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant.

More CSEC debate next week

The Liberal Party moved to continue debate on Tuesday, planning to devote a day to debating the spy agency's activity. Liberal MP Wayne Easter will move that the government "immediately order CSEC to cease" all illegal monitoring of Canadians and "increase proper oversight" through a committee of parliamentarians.

The non-binding motion will be debated as part of a regularly scheduled opposition day in which one of the non-governing parties controls the day's agenda.

That debate will come the day after senators on the national security and defence committee have a chance to question John Forster, CSEC's chief, as well as Prime Minister Stephen Harper's national security adviser, Stephen Rigby, and Michel Coulombe, director of the Canadian Security Intelligence Service.

Three consumer and privacy groups wrote to Daniel Lang, the committee's Conservative chair, on Friday to ask that he have the three experts testify under oath.

“It is vital to get to the bottom of what our intelligence agencies are doing in terms of mass surveillance of Canadians contrary to the law," Vincent Gogolek wrote on behalf of the B.C. Freedom of Information and Privacy Association, Open Media and the Canadian Internet and Public Interest Clinic.

"Your committee has the first opportunity to ask these questions, and we believe the gravity of this fact-finding exercise must be impressed on your witnesses. As such, we ask that testimony from these officials scheduled for Monday, Feb. 3, 2014, occur under oath.”

Metadata at issue

The latest Snowden document indicates the spy service was provided with information captured from unsuspecting travellers' wireless devices by the airport's free Wi-Fi system over a two-week period.​ In the case of the airport tracking operation, that information came from metadata that apparently identified travellers' wireless devices, but not the content of calls made or emails sent from them.

New Democrat MP David Christopherson asked Nicholson to categorically deny the agency has tracked Canadians, but Nicholson would only say that regular reports by a watchdog, the CSEC commissioner, affirm the signals intelligence agency doesn't break the law.

Nicholson declined to be interviewed by CBC News following question period.

Nicholson's argument seemed to hinge on a difference in terminology, referring to communications rather than metadata.

Metadata reveals a trove of information including, for example, the location and telephone numbers of all calls a person makes and receives — but not the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant.

Charmaine Borg, the NDP's digital issues critic, zeroed in on the question of metadata and their distinction from a person's conversations.

"Is the government really claiming that gathering information is not the same as illegally tracking Canadians?" she said.

Nicholson repeated that nothing in the document "showed that Canadians' communications were targeted, collected or used, nor that travellers' movements were tracked.​"

Value of intelligence vs. privacy

CSEC itself referred to the metadata around a person's communications, which it is legally authorized to collect and analyze as part of its role in gathering foreign intelligence.

"Metadata is technical information used to route communications, and not the contents of a communication," CSEC said in a written statement.

Metadata is "the new frontier of signals intelligence operations around the world," said Wesley Wark, an expert on national security and visiting professor at the University of Ottawa.

Wark says metadata is valuable because intelligence agencies can trace the networks through which communications flow and identify patterns and people they may be concerned about.

"You don't actually have to read the content of communications if you can follow the networks' signalling and patterns and movements involved as people move from place to place with their wireless devices and so on, and you still have an important intelligence tool," Wark said.

"Many voices have said there's not really any significant intelligence payoff that could be measured in the balance against the potential intrusions to civil liberties and privacy."

Liberal MP Scott Brison said MPs spend a lot of time in airports and questioned whether the government would tell any MPs or other Canadians whether they had been caught up "in this data sweep."

"And will the minister initiate his own investigation into CSEC's activities to reassure Canadians that their privacy has not been violated?"

Nicholson didn't answer the question.

Interim Privacy Commissioner Chantal Bernier says privacy is a fundamental right and that privacy law needs to be modernized to address concepts like metadata.

"People do not want to be tracked. People do not believe that their metadata is innocuous," Bernier told CBC News.

CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents - CBC News 20140130

Original: CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents - CBC News 20140130

Electronic snooping was part of a trial run for U.S. NSA and other foreign services  - by Greg Weston, Glenn Greenwald, Ryan Gallagher, CBC News

A top secret document retrieved by U.S. whistleblower Edward Snowdenand obtained by CBC News shows that Canada's electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

After reviewing the document, one of Canada's foremost authorities on cyber-security says the clandestine operation by the Communications Security Establishment Canada (CSEC) was almost certainly illegal.

Ronald Deibert told CBC News: "I can't see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC's mandates."

The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant.

As CSEC chief John Forster recently stated: "I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada.

"In fact, it's prohibited by law. Protecting the privacy of Canadians is our most important principle."

But security experts who have been apprised of the document point out the airline passengers in a Canadian airport were clearly in Canada.

CSEC said in a written statement to CBC News that it is "mandated to collect foreign signals intelligence to protect Canada and Canadians. And in order to fulfill that key foreign intelligence role for the country, CSEC is legally authorized to collect and analyze metadata."

Metadata reveals a trove of information including, for example, the location and telephone numbers of all calls a person makes and receives — but not the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant.

"No Canadian communications were (or are) targeted, collected or used," the agency says.

In the case of the airport tracking operation, the metadata apparently identified travelers' wireless devices, but not the content of calls made or emails sent from them.

Black Code

Deibert is author of the book Black Code: Inside the Battle for Cyberspace, which is about internet surveillance, and he heads the world-renowned Citizen Lab cyber research program at the University of Toronto's Munk School of Global Affairs.

He says that whatever CSEC calls it, the tracking of those passengers was nothing less than an "indiscriminate collection and analysis of Canadians' communications data," and he could not imagine any circumstances that would have convinced a judge to authorize it.

Cellphone-travel

A passenger checks his cellphone while boarding a flight in Boston in October. The U.S. Federal Aviation Administration issued new guidelines under which passengers will be able to use electronic devices from the time they board to the time they leave the plane, which will also help electronic spies to keep tabs on them. (Associated Press)

The latest Snowden document indicates the spy service was provided with information captured from unsuspecting travellers' wireless devices by the airport's free Wi-Fi system over a two-week period.

Experts say that probably included many Canadians whose smartphone and laptop signals were intercepted without their knowledge as they passed through the terminal.

The document shows the federal intelligence agency was then able to track the travellers for a week or more as they — and their wireless devices — showed up in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports.

That included people visiting other airports, hotels, coffee shops and restaurants, libraries, ground transportation hubs, and any number of places among the literally thousands with public wireless internet access.

The document shows CSEC had so much data it could even track the travellers back in time through the days leading up to their arrival at the airport, these experts say.

While the documents make no mention of specific individuals, Deibert and other cyber experts say it would be simple for the spy agency to have put names to all the Canadians swept up in the operation.

All Canadians with a smartphone, tablet or laptop are "essentially carrying around digital dog tags as we go about our daily lives," Deibertsays.

Anyone able to access the data that those devices leave behind on wireless hotspots, he says, can obtain "extraordinarily precise information about our movements and social relationships."

Trial run for NSA

The document indicates the passenger tracking operation was a trial run of a powerful new software program CSEC was developing with help from its U.S. counterpart, the National Security Agency.

In the document, CSEC called the new technologies "game-changing," and said they could be used for tracking "any target that makes occasional forays into other cities/regions."

Sources tell CBC News the technologies tested on Canadians in 2012 have since become fully operational.

CSEC claims "no Canadian or foreign travellers' movements were 'tracked,'" although it does not explain why it put the word "tracked" in quotation marks.

Deibert says metadata is "way more powerful than the content of communications. You can tell a lot more about people, their habits, their relationships, their friendships, even their political preferences, based on that type of metadata."

The document does not say exactly how the Canadian spy service managed to get its hands on two weeks' of travellers' wireless data from the airport Wi-Fi system, although there are indications it was provided voluntarily by a "special source."

The country's two largest airports — Toronto and Vancouver — both say they have never supplied CSEC or other Canadian intelligence agency with information on passengers' Wi-Fi use.

Alana Lawrence, a spokesperson for the Vancouver Airport Authority, says it operates the free Wi-Fi there, but does "not in any way store any personal data associated with it," and has never received a request from any Canadian intelligence agency for it.

A U.S.-based company, Boingo, is the largest independent supplier of Wi-Fi services at other Canadian airports, including Pearson International in Toronto.

Spokesperson Katie O'Neill tells CBC News: "To the best of our knowledge, [Boingo] has not provided any information about any of our users to the Canadian government, law enforcement or intelligence agencies."

It is also unclear from the document how CSEC managed to penetrate so many wireless systems to see who was using them — specifically, to know every time someone targeted at the airport showed up on one of those other Wi-Fi networks elsewhere.

Deibert and other experts say the federal intelligence agency must have gained direct access to at least some of the country's main telephone and internet pipelines, allowing the mass-surveillance of Canadian emails and phone calls.

'Blown away'

Ontario's privacy commissioner Ann Cavoukian says she is "blown away" by the revelations.

"It is really unbelievable that CSEC would engage in that kind of surveillance of Canadians. Of us.

"I mean that could have been me at the airport walking around… This resembles the activities of a totalitarian state, not a free and open society."

 Ann Cavoukian

Privacy commissioner Ann Cavoukian. (Colin Perkel/Canadian Press)

Experts say the document makes clear CSEC intended to share both the technologies and future information generated by it with Canada's official spying partners — the U.S., Britain, New Zealand and Australia, the so-called Five Eyes intelligence network.

Indeed, the spy agency boasts in its leaked document that, in an apparently separate pilot project, it obtained access to two communications systems with more than 300,000 users, and was then able to "sweep" an entire mid-sized Canadian city to pinpoint a specific imaginary target in a fictional kidnapping.

The document dated May 2012 is a 27-page power-point presentation by CSEC describing its airport tracking operation.

While the document was in the trove of secret NSA files retrieved by Snowden, it bears CSEC's logo and clearly originated with the Canadian spy service.

Wesley Wark, a renowned authority on international security and intelligence, agrees with Deibert.

"I cannot see any way in which it fits CSEC's legal mandate."

Wark says the document suggests CSEC was "trying to push the technological boundaries" in part to impress its other international counterparts in the Five-Eyes intelligence network.

"This document is kind of suffused with the language of technological gee-whiz."

Wark says if CSEC's use of "very powerful and intrusive technological tools" puts it outside its mandate and even the law, "then you are in a situation for democracy where you simply don't want to be."

Like Wark and other experts interviewed for this story, Deibert says there's no question Canada needs CSEC to be gathering foreign intelligence, "but they must do it within a framework of proper checks and balances so their formidable powers can never be abused. And that's the missing ingredient right now in Canada."

The only official oversight of CSEC's spying operations is a retired judge appointed by the prime minister, and reporting to the minister of defence who is also responsible for the intelligence agency.

"Here we clearly have an agency of the state collecting in an indiscriminate and bulk fashion all of Canadian communications and the oversight mechanism is flimsy at best," Deibert says.

"Those to me are circumstances ripe for potential abuse."

CSEC spends over $400 million a year, and employs about 2,000 people, almost half of whom are involved in intercepting phone conversations, and hacking into computer systems supposedly in other countries.

It has long been Canada's most secretive spy agency, responding to almost all questions about its operations with reassurances it is doing nothing wrong.

Privacy watchdog Cavoukian says there has to be "greater openness and transparency because without that there can be no accountability.

"This trust-me model that the government is advancing and CSEC is advancing – 'Oh just trust us, we're doing the right thing, don't worry' — yes, worry! We have very good reason to worry."

In the U.S., Snowden exposed massive metadata collection by the National Security Agency, which is said to have scooped up private phone and internet records of more than 100 million Americans.

A U.S. judge recently called the NSA's metadata collection an Orwellian surveillance program that is likely unconstitutional.

The public furor over NSA snooping prompted a White House review of the American spy agency's operations, and President Barack Obama recently vowed to clamp down on the collection and use of metadata.

Cavoukian says Canadians deserve nothing less.

"Look at the U.S. — they've been talking about these matters involving national security for months now very publicly because the public deserves answers.

"And that's what I would tell our government, our minister of national defence and our prime minister: We demand some answers to this."