We put a lot of trust in the electronic devices we use. Our computers, our smartphones, our laptops, our tablets. And with that trust, we also sign away a lot of rights to privacy and personal information. We blindly check off a box that says, “I agree to…” without so much as a glance at exactly what it is we’re agreeing to. In return, we hope that those we’re signing away our rights to don’t decide to abuse them.
Two weeks ago, revelations hit the media about some of the borderline methods being used by Communications Security Establishment Canada (CSEC) – and other spy organizations around the world – to collect information on private citizens. If you’re unfamiliar with CSEC, you’re probably like most people in our country, including yours truly. As Canada’s foreign-intelligence surveillance agency, its job is to track potential foreign terrorists and other troublemakers. That’s a good thing, right?
Maybe not so good. It turns out one of the ways CSEC attempted to get information was by clandestinely monitoring people at a major Canadian airport in 2012. Over a two-week period, it’s alleged that CSEC intercepted information through laptop and smartphone signals from people using the free Wi-Fi service at the airport. Theoretically, the spies were only supposed to be tracking information from foreign visitors at the airport, but the potential was certainly there to monitor anyone’s electronic devices, including those of Canadians.
Also, theoretically, the software can’t be used to actually read the content of emails and text messages, the so-called “communications.” Ostensibly, it can only access “metadata” through what are called “leaky apps,” which may include everything from mobile versions of Facebook and Twitter to Google Maps to games like Angry Birds.
The available metadata includes information such as who the users are contacting and how often, their address books and contacts lists, and the users’ whereabouts. For instance, if a person logged on again at a Wi-Fi hotspot in another location like a bookstore or a coffee shop, the software could track the person there and continue following all their information wherever they used Wi-Fi. The potential even existed to go back in time and track the people’s movements before they had even arrived at the airport. Why, all of that is hardly intrusive or illegal or scary at all, am I right?
No, wait a minute. It’s all of that and more. Think about it. Simply by using the Wi-Fi service at an airport – and without anyone warning you that it might be happening – the potential existed for CSEC to track your whereabouts, access the names and contact information of your family, friends and colleagues, and find out who you’ve been talking to and how often.
The CBC, which broke the story in Canada, discovered about CSEC’s methods from information released by American whistleblower and former National Security Agency (NSA) contractor Edward Snowden, who further revealed that the methods used by CSEC were also being employed by the NSA in the U.S. and by various other international government spy organizations.
Robert Deibert, an expert on cyber-security, told the CBC that all Canadians using electronic devices are “essentially carrying around digital dog tags as we go about our daily lives.” Further, the metadata left behind on wireless hotspots allows people using tracking software to acquire, “extraordinarily precise information about our movements and social relationships,” according to Deibert.
The powerful software program used by CSEC was developed in cooperation with the NSA in the U.S. and shared with intelligence partners in Britain, New Zealand and Australia. Ontario’s Privacy Commissioner Ann Cavoukian told the CBC she was “blown away” by the revelations. She said, “That could have been me at the airport walking around. This resembles the activities of a totalitarian state, not a free and open society.”
In Ottawa, opposition members have been haranguing Defence Minister Rob Nicholson, who refused to say categorically that Canadians weren’t targeted in CSEC’s airport surveillance. Part of the problem is that the spy agency may actually have been only collecting metadata, which is not considered “communication.” That’s a pretty fine line to be treading. Too fine for the opposition, which believes that, either way, collecting any information from Canadians, especially without informing them, should still be considered illegal and outside the mandate of the CSEC.
Here’s something else scary to toss in the pot. CSEC is permitted to wiretap foreigners without the requirement of search warrants, something other organizations such as the RCMP and the Canadian Security Intelligence Service (CSIS) must do before they’re permitted to hack into people’s information networks. However, as The Globe and Mail reported last week, those two organizations are allowed to request assistance from CSEC for their investigations and, in fact, did so almost 300 times between 2009 and 2012. This had led to speculation that the RCMP and CSIS could be, potentially, using CSEC to do an end-run around the necessary legal requirements for wiretapping.
It’s bad enough that “Big Brother” is watching. What about “Acme Marketing” and “Joey The Hacker” and all the others who are busy working away on similar metadata tracking software products? Are they all watching, too? You bet they are. Thirty years after 1984, our freedom continues to become more and more illusory.