Bill Robinson has penned a nice essay Marking 70 years of eavesdropping in Canada. The essay gives the background of Canada’s signals intelligence unit, the Communications Security Establishment (CSE) which just marked its 70th anniversary (on Sept. 1st.)
The original unit was the peacetime version of the Joint Discrimination Unit called the CBNRC (Communications Branch of the National Research Council). I can’t help wondering what was meant by “discrimination”?
Unable to read the Soviets’ most secret messages, the UKUSA allies resorted to plain-language (unencrypted) communications and traffic analysis, the study of the external features of messages such as sender, recipient, length, date and time of transmission—what today we call metadata. By compiling, sifting, and fusing a myriad of apparently unimportant facts from the huge volume of low-level Soviet civilian and military communications, it was possible to learn a great deal about the USSR’s armed forces, the Soviet economy, and other developments behind the Iron Curtain without breaking Soviet codes. Plain language and traffic analysis remained key sources of intelligence on the Soviet Bloc for much of the Cold War.
Robinson is particularly interesting on “The birth of metadata collection” as the Soviets frustrated developed encryption that couldn’t be broken.
Robinson is also the author of one of the best blogs on Canadian Signals Intelligence activities Lux Ex Umbra. He posts long thoughtful discussions like this one on Does CSE comply with the law?
They know is a must see design project by Christian Gross from the Interface Design Programme at University of Applied Sciences in Potsdam (FHP), Germany. The idea behind the project, described in the They Know showcase for FHP, is,
I could see in my daily work how difficult it was to inform people about their privacy issues. Nobody seemed to care. My hypothesis was that the whole subject was too complex. There were no examples, no images that could help the audience to understand the process behind the mass surveillance.
The answer is to mock up a design fiction of an NSA surveillance dashboard based on what we know and then a video describing a fictional use of it to track an architecture student from Berlin. It seems to me the video and mock designs nicely bring together a number of things we can infer about the tools they have.
Feminist Frequency has posted an excellent Speak Up & Stay Safe(r): A Guide to Protecting Yourself From Online Harassment. This is clearly written and thorough discussion of how to protect yourself better from the sorts of harassment Anita Sarkeesian has documented in blog entries like Harassment Through Impersonation: The Creation of a Cyber Mob.
As the title suggests the guide doesn’t guarantee complete protection – all you can do is get better at it. The guide is also clear that it is not for protection against government surveillance. For those worried about government harassment they provide links to other resources like the Workbook on Security.
In her blog entry announcing the guide, Anita Sarkeesian explains the need for this guide thus and costs of harassment thus:
Speak Up & Stay Safe(r): A Guide to Protecting Yourself From Online Harassment was made necessary by the failure of social media services to adequately prevent and deal with the hateful targeting of their more marginalized users. As this guide details, forcing individual victims or potential targets to shoulder the costs of digital security amounts to a disproportionate tax of in time, money, and emotional labor. It is a tax that is levied disproportionately against women, people of color, queer and trans people and other oppressed groups for daring to express an opinion in public.
How did we get to this point? What happened to the dreams of internet democracy and open discourse? What does it say about our society that such harassment has become commonplace? What can we do about it?
Ars Technical has a series of interesting articles about doxing including an article about how the Islamic State doxes US soldiers, airmen, calls on supporters to kill them . How long before IS starts identifying the Canadian special forces sent to advise in the war in Iraq and Syria. Or … imagine the doxing of drone operators as a form of retaliation.
Doxing and other troll tactics seem to be entering the mainstream. Gabriella Coleman in Hacker, Hoaxer, Whistleblower, Spy writes about Anonymous and their use of various tactics for often admirable causes. She goes further and suggests that trolling may be form of resistance suited to the emerging surveillance state,
Anonymous is emblematic of a particular geography of resistance. Composed of multiple competing groups, short-term power is achievable for brief durations, while long-term dominance by any single group or person is virtually impossible. In such a dynamic landscape, it may be “easy to co-opt, but impossible to be co-opted,” (location 5691 of 8131)
She also sees in Anonymous and trolling the tradition of the trickster. “Trickster tales are not didactic and moralizing but reveal their lessons playfully.” (Location 511 of 8131) It wasn’t long before the tricksters got attacked as the tactics spread. See Dox everywhere: LulzSec under attack from hackers, law enforcement.
The GamerGate controversy showed a much darker side to trolling and how these tactics could be used to bully as much as to resist. The people doxed were mostly women and so-called “social justice warriors” who annoyed certain gamers. Those doxed were hardly the powerful or Big Brother watching us. Now (women) academics who study gaming are being identified. How long before we have to train our graduate students in Anti-doxing strategy as part of preparation for research into games?
Is it Research or is it Spying? Thinking-Through Ethics in Big Data AI and Other Knowledge Sciences has just been published online. It was written with Bettina Berendt and Marco Büchler and came out of a Dagschule retreat where a group of us started talking about ethics and big data. Here is the abstract:
How to be a knowledge scientist after the Snowden revelations?” is a question we all have to ask as it becomes clear that our work and our students could be involved in the building of an unprecedented surveillance society. In this essay, we argue that this affects all the knowledge sciences such as AI, computational linguistics and the digital humanities. Asking the question calls for dialogue within and across the disciplines. In this article, we will position ourselves with respect to typical stances towards the relationship between (computer) technology and its uses in a surveillance society, and we will look at what we can learn from other fields. We will propose ways of addressing the question in teaching and in research, and conclude with a call to action.
A PDF of our author version is here.
One of the key issues raised by Snowden is whether all this surveillance works. The Washington Post has a story from a year ago reporting that NSA phone record collection does little to prevent terrorist attacks, group says. This story is based on a report:
Continue reading NSA phone record collection does little to prevent terrorist attacks, group says
Canadian Journalists for Free Expression and partners have announced and released a searchable Snowden Surveillance Archive. This archive is,
a complete collection of all documents that former NSA contractor Edward Snowden leaked in June 2013 to journalists Laura Poitras, Glenn Greenwald and Ewen MacAskill, and subsequently were published by news media, such as The Guardian, The New York Times, The Washington Post, Der Spiegel, Le Monde, El Mundo and The Intercept.
It is dynamic. As new documents are published they will be added.
You can hear the announcement and Snowden in CBC’s stream of Snowden Live: Canada and the Security State.
One thing I don’t understand is why, in at least one case, the archived document is of lower quality than the one originally released. For example, compare the Snowden Archive of the CSEC Document about Olympia and the version from the Globe and Mail. The Snowden one is both cropped and full of artefacts of compression (or something.)
One of the points that both Snowden and the following speakers made is that the massive SIGINT system set up doesn’t prevent terrorist attacks, it can be used retrospectively to look back at some event and figure out who did it or develop intelligence about a someone targeted. One of the speakers followed up on the implications of retrospective surveillance – what this means for citizens is that things you do now might come back to haunt you.
Michael Geist gives a good talk on Why Watching the Watchers Isn’t Enough. This talk was part of a symposium on Pathways To Privacy.
Geist’s point is that oversight is not enough. Those who now provide oversight have come out to say that they are on the job and that the CSE’s activities are legal. That means that oversight isn’t really working. The surveillance organizations and those tasked with oversight seem to be willfully ignoring the interpretation of experts that the gathering and sharing of metadata is the gathering and sharing of information about Canadians.
He talked about how C-51 affects privacy allowing information sharing way beyond what is needed for counter-terrorism. C-51 puts in place a legal framework for which no amount of oversight will make a difference. C-51 allows information to be shared between agencies about “activities that undermine the security of Canada.” An opinion piece in the Toronto Star by Craig Forcese and Kent Roach of antiterrorlaw.ca suggests that this could be interpreted as license to spy on students protesting tuition fees without municipal permission, eco-activists protesting illegally and so on.