U.S. online snooping: What Canadians need to know

The Toronto Star’s Mitch Potter interviews Ronald Deibert, director of University of Toronto’s Citizen Lab, director of the Canada Centre for Global Security Studies and author of Black Code: Inside the Battle for Cyberspace, about the recent surveillance revelations in the United States. The Guardian and The Washington Post reported last week on two National Security Agency programs: one that collects data on phone calls made on the Verizon network, and one that collects Internet data from major tech companies.

This interview has been edited and condensed.

Toronto Star: All these stunning revelations about the U.S. government’s access of everything from phone calls to Facebook reminds me of a moment in Baghdad, 11 years ago, during the final months of life under Saddam Hussein. I was staying where every foreign journalist was forced to stay — the Al Rashid Hotel, which was basically a branch of the mukhabarat, the Iraqi intelligence agency. There were eyes and ears everywhere. At one point, another reporter unplugged the television in his room — it wasn’t even turned on — and within minutes there was a knock on the door, with two men in black suits saying, “Sir, problem with your television?” They insisted he plug it back in.

In light of these new revelations, has the world become just one big Al Rashid Hotel?

Ronald Deibert: Yes. Yes it has. Life is not only one giant Al Rashid Hotel, but it has been for a long time now. The difference now, I think, is that people are just waking up to the fact. And to some of the details of what is going on beneath the surface of what we call cyberspace.

Toronto Star: The big question for Canadians in light of the latest news is, “Can the American government sees everything we do?” Is there a cyber border of any kind when it comes to digital communication?

Ron Deibert: No. There is no border. The way telecommunication traffic is routed in North America, the fact of the matter is about 90 per cent of Canadian traffic — no one really knows the exact number — is routed through the United States. It’s mostly an economic issue rather than a security issue, at a baseline level. When the telecom carriers and wireless service providers steer their traffic, they look for the cheapest possible route to transfer data between them. Internet exchange points are critical — this is where traffic is passed between the companies — and we have only two Internet exchange points in Canada. There is one in Vancouver and one in Toronto. As a consequence, even an email sent within the city of Toronto most likely would transit to Chicago before being routed back to Toronto. And that’s simply a matter of economics.

But security enters into it in a number of ways. It’s well known now, before these revelations came to light, going back to Mark Klein whistleblower case in 2006, that the NSA has set up special eavesdropping facilities and equipment in major area exchange points in the U.S. At least two were brought up by Mark Klein, which led to lawsuits by the Electronic Frontier Foundation against Verizon and AT&T. Those lawsuits were later dismissed when the president (George W. Bush) gave those companies retroactive immunity in 2008, from liabilities for essentially violating their own terms of service in participating in, at that time, extrajudicial surveillance.

The other component of the borderless nature of all this is what has happened in Canada. There’s the National Security Agency in the United States. We have a counterpart called the Communications Security Establishment Canada. CSEC happens to be building a $900 million new complex right next to CSIS headquarters (in Ottawa). It’s massive — I was at CSIS a month and a half ago, glanced out the window and it looks to be an airport terminal being built. Now, most Canadians have never heard of CSEC — it operated under the Department of Defence until recently, when it became its own federal agency. Oversight of CSEC is really thin, compared to even the oversight that takes place at the National Security Agency. There’s one retired judge with staff that issue an annual review, and in all the years they’ve been doing reviews they’ve never once found a single problem with CSEC.

Of course CSEC is restricted, prohibited from collecting data on Canadians as a primary focus. But they are allowed to collect information that includes Canadians in the communications where they’re targeting foreign personnel.

It’s important to understand CSEC and the NSA have a long-standing historical relationship. They’re essentially twinned agencies. CSEC operates very much in conjunction and co-ordination with the National Security Agency. Some have speculated that the reason that these two agencies — in fact, the reason that all the “Five Eyes” as they’re called, New Zealand, Australia, the U.K., the U.S. and Canada — operate in this manner is so they can evade the domestic laws that prohibit them from collecting communications on domestic citizens. But even this appears to be moot, based on the revelations that are coming to light now. Legal as they may be — “legal” in scare quotations — Canadians should know that we live in a borderless environment when it comes to North America.

The way I’ve tried to describe this in my book and lectures — if you could just slow down time and shrink yourself down in cyberspace, shrink down and travel through the arteries and the veins, you’d be shocked and astonished at the filters and checkpoints all along the way where communications are archived and stored, processed, shared with third parties, with law enforcement and of course intelligence agencies that operate in the shadows.

Toronto Star: Are you basically saying that Ottawa has no say in the matter? The architecture of North American communications means the Americans see everything that Canadians do, regardless of Canadian government policy?

Ronald Deibert: Absolutely. And let’s not forget, Canadians are “foreign citizens” by the American definition. So we’re fair game when it comes to eavesdropping, should they want to do so.

I think it’s important — not many people have picked up on this yet — there is a political economy dimension to this. What I mean is, you had this momentous event in 9/11 and a perceived “failure to connect the dots.” That cannot be overestimated, in my opinion. This dramatic, existential attack on the United States happened, and it spurred an urgency to remove barriers that prohibited the sharing of and access to data. But then also, it created an enormous market opportunity.

But that happened also to coincide with a revolutionary change in how we communicate. Throughout the last 10 years, and especially the last three, with the acceleration of mobile social media data, a massive market was created around “Big Data.” When people think of “Big Data” they think of the wonderful ways we can analyze this endless beach of information we are producing as we communicate, including this telephone call itself.

For people in the private-sector defence intelligence community, this is a kind of golden goose at a time of otherwise financial austerity. And the big market imperative here is how are you able to sift through and analyze all of this data that’s become available.

And so that leads to greater pressure to have access to more and more data. It’s like a python consuming and digesting a rat — and it’s insatiable. When you layer on top of that the fact that the checks and balances that were traditionally in place on privacy have been removed in the post-9/11 environment, you really have a dangerous brew here.

I’m so glad to see these stories coming out now. And I’m hoping people will wake up to the fact that these three-letter agencies that were born in the Cold War, whose primary mission at that time was to focus on each other — meaning, they were focused on politburo conversations and ballistic missile telemetry signals — have now turned their lens on all of us and everything we do. At the very same time, the safeguards preventing a concentration of power and potential abuse in the collection of data have been gradually winnowed away in the post-9/11 environment.

Toronto Star: That is . . . so depressing.

Ronald Deibert: It is depressing. But at the same time, the fact that we are becoming aware of this — through whistleblowing, through leaks, through the fact that people are just up in arms about this — gives me great encouragement. We also have very strong privacy commissioners in Canada. I would very much like to see the reactions of people like Jennifer Stoddart (privacy commissioner of Canada) and so on.

The budget for CSEC has more than doubled since 9/11. And this has come at a time when the Canadian government is cutting back agencies. CIDA’s been eliminated. DFAIT’s closing embassies. The money is all going to the spooks.

The key thing here is, Canadians should demand greater accountability. To be absolutely clear, we need defence and intelligence agencies. The world is a dangerous place. It’s not a question of that. It’s a question of basic checks and balances in a liberal democracy. It’s a question of preventing the abuse and concentration of power. It’s as old as ancient Greece, Alexis de Tocqueville, Publius and the founding fathers of the United States. And we’re losing sight of that in the headlong rush to secure cyberspace.

Toronto Star: What action can a Canadian reading this interview take in order to be certain they are communicating with absolute privacy?

Ronald Deibert: Nothing. It’s impossible — unless you whisper to each other face to face. These days we have essentially turned our lives inside-out completely. There is no way. No encryption, nothing you can do.

Look at Verizon and the NSA, for example. It’s not about the content, it’s about the metadata. They are not actually collecting the contents of the call. But the metadata is just as good when you have enough of it. You can piece together who’s talking to whom, when and where — that’s almost more valuable, in some circumstances, than the content.

The fact of the matter is, we leave digital traces of ourselves everywhere. Even when I’m not speaking on my cellphone, every few seconds it emits a pulse, a beacon to Wi-Fi routers and cellphone towers. That beacon contains metadata about my phone — the model, the make, what operating system I’m using, possibly even my name if it’s contained in information inside the device. And that data is carried by the cellphone carriers, by Verizon, which goes straight, apparently, into the National Security Agency. So every one of my movements, even when I’m not talking, when I’m not even using my device, as long as it is turned on, is shared.

Toronto Star: So, don’t just whisper face-to-face — turn your phone off as well, if you wish to live without a trace, as people did before 9/11?

Ronald Deibert: Yes. And of course, that’s absurd. I’m underlining the absurdity. We can’t go back to a time prior to all of this. But the new wireless world is ours. It belongs to us. It wouldn’t exist if not for us. And it’s going to become what we make of it.

And so it boils down to essentially a political question: How do we frame the architecture around these systems when it comes to securing it? And how do we do so without losing sight of some basic, timeless principles? These principles go back to ancient Greece and we’re losing sight of them as we rush to delegate and entrust this domain to three-letter agencies.

Original Article
Source: thestar.com
Author: Mitch Potter