Why Watching the Watchers Isn’t Enough: Michael Geist

Michael Geist gives a good talk on Why Watching the Watchers Isn’t Enough. This talk was part of a symposium on Pathways To Privacy.

Geist’s point is that oversight is not enough. Those who now provide oversight have come out to say that they are on the job and that the CSE’s activities are legal. That means that oversight isn’t really working. The surveillance organizations and those tasked with oversight seem to be willfully ignoring the interpretation of experts that the gathering and sharing of metadata is the gathering and sharing of information about Canadians.

He talked about how C-51 affects privacy allowing information sharing way beyond what is needed for counter-terrorism. C-51 puts in place a legal framework for which no amount of oversight will make a difference. C-51 allows information to be shared between agencies about “activities that undermine the security of Canada.” An opinion piece in the Toronto Star by Craig Forcese and Kent Roach of antiterrorlaw.ca suggests that this could be interpreted as license to spy on students protesting tuition fees without municipal permission, eco-activists protesting illegally and so on.

Canadian Spies Collect Domestic Emails in Secret Security Sweep

The Intercept and CBC have been collaborating on stories based on documents leaked by Edward Snowden. One recent story is about how Canadian Spies Collect Domestic Emails in Secret Security Sweep. CSE is collecting email going to the government and flagging suspect emails for analysts.

An earlier story titled CSE’s Levitation project: Expert says spy agencies ‘drowning in data’ and unable to follow leads, tells about the LEVITATION project that monitors file uploads to free file hosting sites. The idea is to identify questionable uploads and then to figure out who is uploading the materials.

Glenn Greenwald (see the embedded video) questions the value of this sort of mass surveillance. He suggests that mass surveillance impedes the ability to find terrorists attacks. The problem is not getting more information, but connecting the dots of what one has. In fact the slides that you can get to from these stories both show that CSE is struggling with too much information and analytical challenges.

It’s official: NSA spying is hurting the US tech economy

Slashdot pointed me to a ZDnet story that It's official: NSA spying is hurting the US tech economy. As one can imagine, the Snowden revelations are having an impact on American businesses. Who trusts them anymore?

A related story describes the brokers who handle data requests for companies like those from the FISA court. See Meet the shadowy tech brokers that deliver your data to the NSA. One of the bottlenecks is the shortage of lawyers with security clearance who could fight orders. The system seems designed so that few think about whether government orders should be resisted at all.

Alain Resnais: Toute la mémoire du monde

Thanks to 3quarksdaily.com I came across the wonderful short film by Alan Resnais, Toute la mémoire du monde (1956). The short is about memory and the Bibliothèque nationale (of France.) It starts at the roof of this fortress of knowledge and travels down through the architecture. It follows a book from when it arrives from a publisher to when it is shelved. It shows another book called by pneumatique to the reading room where it crosses a boundary to be read. All of this with a philosophical narration on information and memory.

The short shows big analogue information infrastructure at its technological and rational best, before digital informatics disrupted the library.

HathiTrust Research Center Awards Three ACS Projects

A Advanced Collaborative Support project that I was part of was funded, see HathiTrust Research Center Awards Three ACS Projects. Our project, called The Trace of Theory, sets out to first see if we can identify subsets of the HathiTrust volumes that are “theoretical” and then study try to track “theory” through these subsets.

The problem with calls for more online data laws

One of the outcomes of the Charlie Hebdo attack is that politicians are using the terrorist attacks to call for more intrusive surveillance legislation. For example the BBC reports that UK Prime Minister David Cameron says new online data laws needed. Gibbs and Hern for the Guardian interpret Cameron as calling for “anti-terror laws to give the security services the ability to read encrypted communications in extreme circumstances.” (David Cameron in ‘cloud cuckoo land’ over encrypted messaging apps ban, Jan. 13, 2015) This would mean that either back doors are built into communications technologies with encryption or the technologies are banned in the UK.

Needless to say all sorts of people are responding to these calls for new legislation by pointing out the dangers of deliberately crippling encryption. If there are back doors they can be found and used by criminals which will mean that all sorts of companies that need/offer strong encryption will move out of the UK. For that matter, what would this mean for the use of global systems that might have encryption. (See James Ball’s article in the Guardian, Cameron wants to ban encryption – he can say goodbye to digital Britain, Jan. 13, 2015).

What few people are commenting on is the effectiveness of SIGINT (signals intelligence) in cases like the attacks in Paris. Articles in The Globe and Mail and the Guardian suggest that a combination of human intelligence and early interventions would be more likely to make a difference. The alleged culprits were known to all sorts of people (neighbours, people at their mosque, police). The problem was how difficult it is to know what to do with that information and when to intervene. This is a human problem not a signals intelligence problem. SIGINT could just add to the noise without guiding authorities as to how to deal with people.

To be honest I don’t know what would work, and perhaps predictive analytics, for all its problems, could be part of identifying at-risk youth early so that they are not thrown together in prison (as the Paris attackers were) and so interventions could be organized. Nonetheless, we clearly need more studies of the circumstances of those that are radicalized and we need to seriously try to intervene in positive ways. The alternative is arresting people for intents which are very hard to prove and has all sorts of problems as an approach.

We also need research and discussion about the balance of approaches, something that is impossible as long as surveillance is inaccessible to any oversight and accountability. Who would know if funding was better spent on human approaches? Who would dare cut the budget to nice clean modern digital intelligence in favour of a messy mix of human approaches? How to compare approaches that are hard to measure given the thankfully small numbers of incidents?

Some links:

And … we need to be able to talk openly about the issues without fear – Je suis Charlie

UNIty in diVERSITY talk on “Big Data in the Humanities”

Last week I gave a talk for the UNIty in diVERSITY speaker series on “Big Data in the Humanities.” They have now put that up on Vimeo. The talk looked at the history of reading technologies and then some of the research at U of Alberta we are doing around issues of what to do with all that big data.

Michael Jordan on the Delusions of Big Data

IEEE Spectrum has an interview with Michael Jordan that touches on the Delusions of Big Data and Other Huge Engineering Efforts. He is worried about the white noise or false positives. If a dataset is big enough you can always find something to correlate with what you want. That doesn’t mean it is causal or informatively correlated. He predicts a “big-data winter” after the bubble of excitement pops.

After a bubble, when people invested and a lot of companies overpromised without providing serious analysis, it will bust. And soon, in a two- to five-year span, people will say, “The whole big-data thing came and went. It died. It was wrong.” I am predicting that.

Adobe is Spying on Users, Collecting Data on Their eBook Libraries

AdobDR4

Nate Hoffelder on The Digital Reader blog has broken a story about how Adobe is Spying on Users, Collecting Data on Their eBook Libraries. He and Arts Technica report that the Adobe’s Digital Editions 4 send data home about what you read and how far (what page) you get to. The data is sent in plain text.

Hoffelder used a tool called Wireshark to look at what was being sent out from his computer.