You Are Under Surveillance by Matt Katzenberger (CC BY-NC-SA 2.0) https://flic.kr/p/6JBjhQ

You Are Under Surveillance by Matt Katzenberger (CC BY-NC-SA 2.0) https://flic.kr/p/6JBjhQ

Columns

Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks

After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.

While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.

The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.

My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill.  Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.

Those provisions were dropped from Bill C-13, yet according to documents obtained under the Access to Information Act, both Internet providers and the government have been debating a “Plan B” on how to ensure that there are surveillance and interception capable networks.

Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. A 2013 memorandum prepared for the public safety minister reveals that Canadian telecom companies advised the government that the leading telecom equipment manufacturers, including Cisco, Juniper, and Huawei, all offer products with interception capabilities at a small additional cost.

In light of the standardization of the interception capabilities, the memo notes that the Canadian providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”

In other words, Canadian telecom providers are telling the government there is no need for legally mandated surveillance and interception functionality since they will be building networks that will feature those capabilities by default.

While Canadian network providers claimed that interception and surveillance capabilities would become a standard feature in their networks, government officials were not entirely convinced. Department officials argued that interception is a “complex process” and that legislative requirements were preferred.

In the absence of mandated surveillance and interception capabilities, another internal government memorandum emphasized the value of incorporating the technologies in wireless networks through spectrum licence requirements. The memorandum notes that Public Safety works with Industry Canada in developing those requirements and deals directly with providers to ensure that they meet the necessary standards.

The department’s stated goal is to “ensure that the lawful interception capabilities of public safety agencies are maximized within the existing legal framework.”  In meeting its goal, the memorandum notes that it will work directly with the wireless providers to assess compliance levels and gain “valuable information on the interception capability currently available.”

The latest chapter of lawful access legislation may have come to a close, but the internal government documents suggest that the story is not yet over. With telecom providers suggesting that surveillance-capable networks are inevitable and government officials seeking alternatives to mandatory interception capabilities, the reality is that some of the issues at the heart of lawful access remain very much in play.

20 Comments

  1. Pingback: Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks | vyagers

  2. When the small ISPs looked at this proposal initially, the cost of a deep-packet-inspection box was equivalent to that of the top-line cisco routers. The “cheap” approach was to have the router copy everything to a machine with a few day’s to a month’s worth of disk space.

    You can imagine how desirable that would be to the criminal community, who would have a “one-stop shopping” option if they wanted to spy on each other, the police, and everyone else. An absolute boon to blackmailers, and to untrustworthy characters like J. Edgar Hoover of the US FBI.

    • As a former CTO of a regional ISP in the U.S., I can relate that since 1994 this particular capability has been required under CALEA legislation, interpreted to require just what Dave mentions, in real time and without degradation. With the move to a duopoly model for ISPs, it has become a lucrative government/industry partnership, one of considerable scale, with the elimination of smaller players lending an economy of scale and required lobbying levels.

  3. How did the government get to build a four billion dollar spy palace in Ottawa if their intent is not to spy on everybody ? Could it be that american cultured paranoia sells to the conservative party from within ?

    What is the government going to do, and what are the communications companies going to do, when the consumer says `put your monitoring where the sun don’t shine, as they cancel their internet and their cell phones.

    When the consumer is treated as one of the sheep, the sheppard will get an flock that demands change. The bozo’s that believe the consumer won’t walk away from their techie toys, are fooling themselves !

    • I remain skeptical that a majority of consumers would ever walk away from their toys…or that sufficient numbers of consumers are or will ever be aware or will care.

  4. Interesting, in the last month we found a rootkit on our daughter’s computer and then shortly after that we found a rootkit on our son’s computer and about a week ago we found one on my computer. We have been finding rootkits on our systems for about 15 years, ever since we first got a computer. Since we switched to Linux we get a lot less malware but it still happens and I know alot of them are installed through the ISP’s. When you have a fresh system with no malware on it and you take it online for the first time and the first and only connection you make is to your ISP and then you test for malware right after that connection and you have a rootkit installed and you perform that fresh system test 5 times in a row and you get the same result then it is fair to say it is coming from your ISP. ISP’s will always be agents for the state. If they don’t play ball they won’t be in business to much longer. Follow the money. Thanks

    • Your machines were infected by a network virus, probably installed originally by a web browser. The virus spreads by looking for other computers on the local network. The virus will listen for connections there after. By using software like netstat to see what `ports’ are open for listening. you can see these, and find them… although it is tech work and the average guy would be lost in it all.

      If you want to track all that flows through your network, get yourself some packet sniffing software. Available from various companies usually outside of north america, and for the small time techie. This software will constantly show the traffic and write/save it to hard disk… useful when tracing network viruses etc. The cost varies from free to $50 for something that works in Windows or Linux.

      I agree with your logic of following the money… computer viruses follow a business philosophy… `create the problem and then sell the solution’.

      The same type of logic is applied in other forms.

  5. We have TCPdump running 24-7, we can go back in our logs months is we want and grep out anything we are looking for. We always have an agent on the wire. Thanks for reading. Follow the money.

  6. Anyhow, when you have a subverted kernel all that stuff is useless anyways. Thanks for reading. Follow the money.

  7. I work in telecom. I can assure you most networks are already surveillance-ready. In fact, it has been a perequisite for telephone networks for decades.

    Some ISDN phones even have their microphones on at all times, with the sound data going right back to the central office. I see that a lot.

    VoIP conversations are almost never encrypted, causing a higher risk of interception than a regular phone line.

    • We never use our phone to talk on, we only send text messages, we can’t afford voice. We turn our phone on every other day for about 5 minutes and when we have it off we take the battery out. Thanks for reading. Follow the money.

  8. Devil's Advocate says:

    “Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks.”

    I’m sure most of the larger providers have already “voluntarily” set this up some time ago. Bell and Rogers, at least, have always shown us how they’d like to control pretty much all network activity, as well as leverage as much personal info as possible for their own benefit.

    Naturally, these companies would rather the government simply allow them to perform the surveillance as part of their business model, thus “legalizing” all sorts of activities they really have no business doing, and with that added benefit of gaining pretty much complete control of content flow.

    We’re now between the government and the corporate agendae. Neither one has our benefit in mind. It appears we’ve reached a point where we should be looking at ways to eliminate the need for providers.

  9. I am much more afraid of ending up on a no-fly list (or some similarly evil spook/government list) without cause or explanation, than being attacked by some random terrorist.

  10. Aaron Sheldon says:

    Assume your adversary can intercept every message you send.

    Assume your adversary can insert any content they want.

    Assume your adversary can make 1 trillion guesses at your password, a second.

    Assume your adversary can simultaneously monitor and capture traffic from every node in the network.

    Assume your adversary can execute traffic analysis on signals with up to one month of latency.

    Assume your adversary has compromised every proprietary piece of software; only trust software either you or an organisation you trust has compiled into binary.

    Assume every major communication institution and organisation, both public and private, is in collusion with your adversary.

    Assume your adversary has catalogued every weak semi-prime to a hundred digits.

    Assume your adversary has catalogued every weak elliptic curve to a hundred digits.

    Assume your adversary as catalogued the first few million weak instances of every major NP-complete problem.

    Assume the capabilities of your adversary are growing in proportion to Moore’s law.

  11. All false nonsense as this already exists.

    No requests are ever denied and piggies get all the info they ever want and probably then some but we have no way of knowing. We’re slaves and the irony is that we pay for it.

    This is just a dog and pony show for naive fools who imagine we live in a democracy. No one does and never did. If you know the word actually means that is.

  12. Pingback: Harper’s new ‘anti-terror’ laws threaten basic freedoms | (Un)Conventional Analysis

  13. Pingback: The utter inefficacy of overbearing security laws | (Un)Conventional Analysis

  14. Pingback: قوانین جدید “ضد ترور” هارپر، آزادی‌های پایه‌ای را تهدید می‌کنندshahrgon.com | By shahrvandBC | shahrgon.com | By shahrvandBC

  15. Pingback: قوانین جدید "ضد ترور" هارپر، آزادی‌های پایه‌ای را تهدید می‌کنند - shahrgon.com | By shahrvandBC