Monday, February 03, 2014

CSEC tracks Canadian travellers

The latest NSALeak: Canada's CSEC used airport wifi to track travellers:

The latest Snowden document indicates the spy service was provided with information captured from unsuspecting travellers' wireless devices by the airport's free Wi-Fi system over a two-week period.

Experts say that probably included many Canadians whose smartphone and laptop signals were intercepted without their knowledge as they passed through the terminal.

The document shows the federal intelligence agency was then able to track the travellers for a week or more as they — and their wireless devices — showed up in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports.

That included people visiting other airports, hotels, coffee shops and restaurants, libraries, ground transportation hubs, and any number of places among the literally thousands with public wireless internet access.

The document shows CSEC had so much data it could even track the travellers back in time through the days leading up to their arrival at the airport, these experts say.

(So basically the same trick the Seattle PD uses to track everybody, then)

This is, of course, illegal - Canadian law prohibits CSEC from targeting Canadians or anyone in Canada without a warrant. But Canada's government doesn't seem to care - as far as they're concerned, CSEC can do what it likes, and bugger the law.

The other question is where they got the data from. The suggestion is that it came from a US company which supplies public wifi services, and that they were compelled to hand it over by the NSA (who then provided it to their vassal Canadian service to experiment on). If so, this suggests that we should not be trusting any US company (or company compellable by US spy-laws) to implement any such public service in New Zealand. The existence of laws allowing the NSA to secretly demand data for mass-surveillance makes their entire tech industry untrustworthy.

And of course, there's the natural question: is GCSB doing this? We know that they don't regard metadata as a "communication" and think they can spy on it with impunity, and while they deny any "wholesale" collection, targeting e.g. everyone who travels through an airport probably falls outside that. Shouldn't the Intelligence and Security Committee be asking some serious questions about what GCSB is doing to ensure that they are not invading our privacy? Oh, that's right - they're not allowed to.