November 22, 2024

Canada’s Eavesdropping Agency Blasts Tradecraft Leak

Posted on February 2, 2014 by in Security

OTTAWA – Canada’s ultra-secret eavesdropping agency on Friday blasted the disclosure of its tradecraft, after it was reported the agency had tracked airline passengers connected to Wi-Fi services at airports.

Communications Security Establishment Canada said: “The unauthorized disclosure of tradecraft puts our techniques at risk of being less effective when addressing threats to Canada and Canadians.”

On Thursday, the Canadian Broadcasting Corporation said documents leaked by fugitive NSA contractor Edward Snowden showed that the CSEC could follow the movements of people who passed through airports and connected to Wi-Fi systems with mobile phones, tablets and laptops.

The documents showed the agency could track the travellers for a week or more as they and their wireless devices showed up in other Wi-Fi “hot spots” in cities across Canada and beyond.

This included people visiting other airports, hotels, coffee shops and restaurants, libraries and ground transportation hubs and other places with public wireless Internet access.

Under Canadian law, the CSEC is prohibited from domestic spying.

But the agency said it is authorized to collect and analyze metadata — the identifying data generated by calls from wireless devices such as called ID, telephone numbers and user location.

The leaked classified document was “a technical presentation between specialists exploring mathematical models built on everyday scenarios to identify and locate foreign terrorist threats.”

According to the documents, older software took too long to locate targets to be useful. The new software cut the time from more than two hours to several seconds, in tests.

“It is important to note that no Canadian or foreign travelers were tracked. No Canadian communications were, or are, targeted, collected or used,” the CSEC added.

Defense Minister Rob Nicholson meanwhile in Parliament said the CSEC is in “complete compliance with Canadian law.”

© AFP 2013


SecurityWeek RSS Feed

US Allows Tech Giants to Reveal Spy Agency Demands

Posted on January 28, 2014 by in Security

WASHINGTON – The United States agreed to give technology firms the ability to publish broad details of how their customer data has been targeted by US spy agencies, officials said Monday.

Facing a legal challenge and a furious public debate, Attorney General Eric Holder and Director of National Intelligence James Clapper said the companies would now be allowed to disclose figures on consumer accounts requested.

“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers,” the officials said in a joint statement.

In a letter to tech giants Facebook, Google, LinkedIn, Microsoft and Yahoo, the Justice Department freed them to release the approximate number of customer accounts targeted.

President Barack Obama’s administration has faced pressure from the tech sector following leaked documents outlining vast surveillance of online and phone communications. The companies have said the reports have already begun to affect their business.

Facebook, Google, LinkedIn, Microsoft and Yahoo, which sued for the right to publish more data, said in a joint statement they were pleased with the settlement.

“We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said.

“We’re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”

Under the agreement filed with the secretive Foreign Intelligence Surveillance Court the companies will be able to disclose the numbers, within ranges.

They will have an option to reveal within bands of 1,000 the numbers of “national security letters” and specific court orders. Another option will be to disclose, in bands of 250, all the national security requests, lumped together.

The reports will have a six-month lag time, so data for the second half of 2014 may be published in mid-2015, according to the agreement.

Previously, the existence of orders made by the secret for access to private online data was itself classified, to the outrage of the firms.

In addition to the bare numbers of targeted consumers, the companies will also be permitted to disclose the number but not the nature of selection criteria for broader Internet sweeps.

Civil liberties groups welcomed the deal, while arguing for even more transparency.

“This is a victory for transparency and a critical step toward reining in excessive government surveillance,” said Alex Abdo, an ACLU attorney.

But Abdo said more is needed: “Congress should require the government to publish basic information about the full extent of its surveillance, including the significant amount of spying that happens without the tech companies’ involvement.”

Kevin Bankston of the New America Foundation’s Open Technology Institute, called the news “an important victory in the fight for greater transparency around the NSA’s surveillance programs” but said the agreement “falls far short of the level of transparency that an unprecedented coalition of Internet companies, privacy advocates and civil liberties organizations called for this summer.”

“Meaningful transparency means giving companies the ability to publish the specific number of requests they receive for specific types of data under specific legal authorities,” Bankston said.

“Fuzzing the numbers into ranges of a thousand — and even worse, lumping all of the different types of surveillance orders into a single number — serves no national security purpose while making it impossible to effectively evaluate how those powers are being used.”

US tech firms have claimed that reports on the US government’s secretive data collection programs have distorted how they work with intelligence and law enforcement. The firms have been asking for permission to disclose more on the nature of the requests and what is handed over.

Google’s petition said that despite reports to the contrary, the US government “does not have direct access to its servers” and that it only complies with “lawful” requests.

The issue caught fire after Edward Snowden, a former IT contractor at the National Security Agency, revealed that US authorities were tapping into Internet user data.

[Updated]

© AFP 2013


SecurityWeek RSS Feed