#CyberFLASH: One quarter of Canadian online traffic vulnerable to NSA sweeps: researchers

leaked_data_focus_455234A large amount of Canadian internet traffic is being routed through the United States, leaving it vulnerable to collection and probing by the National Security Agency.

And most Canadians have no idea of how exposed they are to American data sweeps, say the researchers behind a new tool that aims to show Canadians what path their internet traffic takes to connect to the websites they want to visit.

In a new online project launched Thursday, researchers from the University of Toronto and York University have partnered with Open Media to create a tool to show the paths Canadians’ internet data take when they access websites or send online communications.

While past estimates have suggested roughly 90 per cent of Canadian internet traffic is routed through the United States — particularly in cases where a Canadian visits an American or foreign website — the new data gathered so far by the researchers build on that and suggest that even when both the origin and destination of the traffic are in Canada, there’s still a one-in-four chance it goes through the U.S.

“I think most Canadians would be really surprised to learn that quite so much of our internet traffic, even our domestic Canada-to-Canada traffic, actually ends up being routed through the U.S.,” said David Christopher, spokesperson for Open Media.

“Canada’s lack in sufficient internet exchange points within our borders is really a big reason why so much of our traffic does travel through the U.S. I think nowadays a lot of people think of the internet as almost like a cloud and I think a lot of people don’t put a lot of thought into what happens when we visit a website on the other side of the country.”

Read more here

#CyberFLASH: University of Toronto researchers show how Canadian data can be vulnerable to US state surveillance

Canada cyber security newsWhile Edward Snowden leaked documents exposing the wide breadth of National Security Agency surveillance in 2013, the repercussions of those documents still inform conversations around online privacy concerns. And University of Toronto researchers have created an interactive database to show how NSA surveillance can even have an impact on Canadians.

The IXMaps database helps Canadians understand how their internet traffic moves—specifically, it helps Canadians understand how certain traffic routes, known as boomerang routes, move data into the United States and into the jurisdiction of the NSA before the data returns to Canada. The tool is funded by the .CA Community Investment program, which is dedicated to funding initiatives “keep Canadians at the forefront of the digital age,” according to its website.

“IXmaps highlights just how much of our Canadian web traffic is unnecessarily being routed through the U.S. and back againwithout our knowledge. The biggest concern about our data moving into the NSA’s jurisdiction is that Canadians do not have the same protections from NSA surveillance that Americans do, so our information is more vulnerable.” says Laura Tribe, digital rights specialist at Open Media. “ And as the Snowden revelations have highlighted, the amount of information being shared between the Five Eyes governments (Canada, U.S., U.K, Australia and New Zealand), means that our information doesn’t likely stop with just the NSA.”

Many of the major Internet providers in Canada have networks that favour north – south connections, pushing Canadian data flows toward key American routing hubs in New York, Chicago, Seattle, or California, and popular sites like Google, Facebook, YouTube, and Amazon leaves Canadian data vulnerable to American mass surveillance.

Read more here

#CyberFLASH: IXmaps illustrates how your “local” data travels through the NSA’s jurisdiction

IXmapsA new online database called IXmaps has gone live, put together by University of Toronto researchers and funded by the .CA Community Investment Program, to help Canadians understand how their data traffic moves, particularly how it moves through nodes in the United States and therefore under the jurisdiction of the U.S. National Security Agency.

The project is also designed to offer Canadians a sense of agency, in that you personally can contribute to the project, adding to the 40,000 internet routes already crowdsourced in the IXmaps database.

The most concerning point made by the project, for those that didn’t know already, is the fact that even if you’re sending an email from Point A (Halifax, let’s say) to Point B (any other Canadian destination), the data will almost definitely pass through an American data traffic hub and swept into the NSA info dragnet.

“There is nothing inherently wrong with data moving unencumbered across an interconnected global Internet infrastructure,” says the University of Toronto’s Andrew Clement. “It is, however, critical that Canadians understand the implications of their data being stored on U.S servers and moving through U.S. jurisdiction. ISPs need to be transparent, privacy protective and accountable custodians of user information in this regard. Internet users should be fully informed consumers and citizens when making choices about their sensitive personal data.”

And even if you’re not sending an email, but merely using a service like Facebook, Google, YouTube or Amazon, these are American companies operating in American jurisdictions, so again, subject to data snooping and the hysterical overreach of the Patriot Act.

Read more here

#CyberFLASH: Edward Snowden speaks to Queen’s students via Skype

snowden0.jpg.size.xxlarge.letterboxReceiving astounding applause, Edward Snowden appeared on screen at Queen’s University stage via Skype as the keynote speaker for the Queen’s Model United Nations Invitational on Thursday night.

The security-agency whistleblower, who now lives in exile in Russia, first thanked the professors and students involved with organizing the conference, moderated by Dr. David Lyons, who directs the Surveillance Studies Centre at Queens. Then he thanked the online Twitter community for ensuring that he received the invitation to speak at Queen’s — something he had missed at first — as an example of the importance of public opinion.

“Too often, when we are engaging in society we don’t get to seem to get the right response. By working together, and if we amplify our voice… we can get results.”

Snowden, a hero or a criminal depending on your point of view, began to lay down a brief history of the “growing up in the shadow of the NSA (National Security Agency)” and coming from a family with deep roots in the U.S. military. “When I started working for the government, I was really a true believer,” said Snowden. “I swallowed propaganda entirely.”

He recalled how, as he worked in various parts of the NSA with increasing levels of access, he began to sketch out the contradictions between the public pronouncements made to citizens and the reality behind the government’s closed doors, where his agency was carrying out programs of mass surveillance, including extensive phone and Internet surveillance of the public.

Read more here

#CyberFLASH: Canada uses NSA Search Engine which Taps Into Global Comms to Intercept, Well, Everything

edward-snowden.jpg.size.xxlarge.letterboxEdward Snowden has once again provided fodder for the surveillance fears of American citizens: New leaked documents show that the National Security Agency’s (NSA’s) XKeyscore search engine hoovers up vast amounts of private communications information, to the tune of 700,000 voice, fax and video files every day.

According to a report in The Intercept, XKeyscore doesn’t bother with intercepting last-mile telephone calls and the like. Oh no. It drinks directly from the hose: it taps into the billions off bits that are carried on the long-haul fiber-optic cables that make up the global communications network, including data on people’s internet searches, documents, usernames, passwords, emails and chats, pictures, voice calls, webcam photos, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, VOIP streams taken from Skype sessions, etc. etc.

In other words, it absorbs everything.

XKeyscore is used by NSA intelligence agents as well as spooks in Canada, New Zealand and the UK (and possibly other allies) to target people by location, nationality and browsing histories. The NSA itself calls it “a fully distributed processing and query system that runs on machines around the world” with “the ability to scale in both processing power and storage.”

Read more here

#CyberFLASH: How Canada Can End Mass Surveillance

c51protest610pxJust two short years ago, if you asked strangers on the street about mass surveillance, you’d likely encounter many blank stares.

Some would remember East Germany’s Stasi spy agency, or reference China’s extensive Internet censorship. But few would express fear that western democratic governments like the U.S., Britain, and Canada were engaged in the mass surveillance of law-abiding citizens.

That all changed in June 2013 when Edward Snowden, a contractor at the U.S. National Security Agency (NSA), blew the whistle on the spying activities of the NSA and its Five Eyes partners in Canada, Australia, New Zealand, and the U.K. Since then, we’ve seen a long stream of revelations about how Canada’s Communications Security Establishment (CSE) is engaged in extensive spying on private online activities.

To give just a few examples, we learned that CSE spied on law-abiding Canadians using the free Wi-Fi at Pearson airport, and monitored their movements for weeks afterward. We learned that CSE is monitoring an astonishing 15 million file downloads a day, with Canadian Internet addresses among the targets.

Even emails Canadians send to the government or their local MP are monitored — up to 400,000 a day according to CBC News. Just last week we discovered CSE targets widely-used mobile web browsers and app stores. Many of these activities are not authorized by a judge, but by secret ministerial directives like the ones MP Peter MacKay signed in 2011.

CSE is not the only part of the government engaged in mass surveillance. Late last year, the feds sought contractors to build a new monitoring system that will collect and analyze what Canadians say on Facebook and other social media sites. As a result, the fear of getting caught in the government’s dragnet surveillance is one more and more Canadians may soon face.

Read more here

#CyberFLASH: Watchdog presses Ottawa for strong rules on sharing surveillance data

canada cyber security newsA federal watchdog is urging Ottawa to put strong rules around how it shares its surveillance data, warning that the U.S. National Security Agency and other close allies can put their own intelligence interests first.

Allied intelligence agencies have general agreements not to spy on each other, but the review body for Canada’s Communications Security Establishment (CSE) has reminded Parliament that exceptions exist for every rule.

Every “sovereign nation, can derogate from agreements … as dictated by their own national interests,” wrote Jean-Pierre Plouffe, a retired judge, in his annual report to Parliament last year. The report gives some context to modern surveillance partnerships and the risk of unpredictable uses of shared information.

The risks became clearer this week when The Globe and Mail reported that Rogers Communications Inc. and Royal Bank of Canada are named in a leaked NSA document. The 2012 U.S. intelligence presentation, stamped for sharing with Canada, was describing how intelligence analysts can apply surveillance methods to map out the “private networks” used by global corporations.

The full extent and nature of the NSA’s interest in the Canadian entities, shown as two of 15 firms on a partial list, were not made clear. A Canadian government spokesman reacted to the document by saying that it showed no evidence that any spying activities were “directed” at Canadian entities.

Read more here

#CyberFLASH: NSA offered help hours after Ottawa attack

edward-snowden.jpg.size.xxlarge.letterboxOTTAWA—The NSA was offering assistance to Canadian authorities within hours of the deadly shooting on Parliament Hill, newly released emails show.

The head of the National Security Agency, the U.S. agency tasked with global monitoring, emailed his Canadian counterpart at the Communications Security Establishment just after 11 p.m. on Oct. 22, 2014, to offer his condolences, and his agency’s support.

“We stand ready to support you and our CSE teammates in any way we can,” wrote Adm. Mike Rogers to former CSE chief John Forster. “You have but to ask and we’ll turn to it for you.”

The email indicated officials at the NSA and CSE were already “talking” in the wake of the shooting, but the subject of those talks is censored from the document. Rogers adds that the NSA is “willing to do more as we can and as you request.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.