Analyzing the "airport wi-fi" map
CSEC's 10 May 2012 IP Profiling Analytics & Mission Impacts presentation, one of the Snowden documents leaked to the press in January 2014 (previous discussion here), contained the intriguing slide depicted above, which shows some of the locations where the metadata records of devices detected at a major Canadian airport were also detected at other times within a two-week period.
The image is clearly a map, as the note stating that the "Longitude scale is non-linear" makes evident. But the absence of identifying features such as coastlines and borders, and the already-noted fact about the longitude scale, make it difficult to recognize the locations depicted.
What the legend doesn't say, however, is that the latitude scale is non-linear.
And that's because it's not.
At least, that's the conclusion I draw after having tested the hypothesis.
The devices depicted on CSEC's map were detected while connected through public wi-fi spots, but not all of those spots need necessarily have been in major cities. It is likely that not all of the spots on the map do in fact correspond to major cities.
It would appear, however, that most of them do, or at least to spots near major cities, as most seem to correspond within a pixel or so in terms of latitude to the locations of major cities. Longitudinal position cannot be calculated with similar precision because of the scale issue, but the cities identified also appear to line up pretty well in terms of their longitudinal position with respect to each other (allowing for changes such as compression of the Atlantic and Pacific oceans).
Check it out for yourself:
Note that, for clarity, the labels for Toronto, Ottawa, Montreal, and Quebec City are located next to the bars emanating from their respective spots rather than to the squares that represent the spots themselves. All of the city identifications are guesses, and it is quite possible that some of them are wrong, but I think their recognizable configuration and the precision of their latitudinal coordinates make the possibility that most are misidentified negligible.
What can we conclude from this map?
Several things, I think.
1) First of all, the airport that served as the seed location for the experiment was indeed Toronto/Pearson, as was widely suspected.
2) Devices were detected at wi-fi locations across Canada, ranging from Vancouver to Calgary, Edmonton, Sudbury, Ottawa, Montreal, Quebec City, Halifax, St. John’s, and even (apparently) Fort Smith, NWT.
3) Detections were also made at several locations around the world, including Kuala Lumpur, Hong Kong, Tokyo, Havana, Paris, Amsterdam, Rome, what appear to be two cities in India, many sites in the United States, and possibly Buenos Aires (not shown on the map excerpts above; check near the bottom of the slide in the original document). Thus, either CSEC was able to access metadata records from a wide range of countries around the world or—perhaps more likely—it picked up the locations of those devices that connected back to a Canadian service provider (e.g., to perform tasks such as accessing e-mail) when the metadata was collected at the Canadian end.
4) Detections were made at a large number of U.S. sites, including Los Angeles, the San Francisco Bay area, Salt Lake City, Chicago, Detroit, Atlanta, St. Petersburg, Charleston, New York City, and Washington. Did CSEC obtain this data from NSA or, again, was it picked up only if there was a Canadian end? Either way, by definition all detections within the U.S. must have involved devices operated by persons within the United States. The study thus provides clear evidence that not just U.S. agencies but also Five Eyes partners such as CSEC have the ability to access and analyze metadata information related to communications activities of persons in the United States, perhaps limited in the case of CSEC to those communications that extend into Canada, or perhaps not. What controls and safeguards exist with respect to CSEC use of this "U.S. person" data? (And what controls and safeguards exist to limit NSA access to and use of similar data relating to Canadian communications?)
More information and analysis about the project can be found here.