Wednesday, January 28, 2015

LEVITATION: CSE and free file upload sites

Excellent new CBC report on another CSE document leaked by Edward Snowden (Amber Hildebrandt, Michael Pereira and Dave Seglins, "CSE tracks millions of downloads daily: Snowden documents," CBC News, 28 January 2015):
Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned.

Details of the Communications Security Establishment project dubbed "Levitation" are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News.

Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.

"Every single thing that you do — in this case uploading/downloading files to these sites — that act is being archived, collected and analyzed," says Ron Deibert, director of the University of Toronto-based internet security think-tank Citizen Lab, who reviewed the document. ...

According to the document, Canada can access data from 102 free file upload sites, though only three file-host companies are named: Sendspace, Rapidshare and the now-defunct Megaupload.

Sendspace told CBC News that "no organization has the ability/permission to trawl/search Sendspace for data," and its policy states it won't disclose user identities unless legally required.

No other file-sharing company responded to CBC requests for comment.

However, the Levitation document says that access to the data comes from unnamed "special sources," a term that in previous Snowden documents seemed to refer to telecommunications companies or cable operators.

It is also unclear which, or how many, of the Five Eyes access information on these uploaded files and whether the companies involved know the spy agencies have this access.

Many people use file-sharing websites to share photos, videos, music and documents, but these cyber-lockers have also been accused of being havens for illegally sharing copyrighted content.

Not surprisingly, extremists also use the online storage hubs to share propaganda and training materials.

To find those files, the document says Canada's spy agency must first weed out the so-called Glee episodes as well as pictures of cars on fire and vast amounts of other content unrelated to terrorism.

Analysts find 350 "interesting download events" each month, less than 0.0001 per cent of the total collected traffic, according to the top-secret presentation.

Surveillance specialists can then retrieve the metadata on a suspicious file, and use it to map out a day's worth of that file user's online activity.

By inputting other bits of information into at least two databases created by the spying partners, analysts can discover the identity and online behaviour of those uploading or downloading these files, as well as, potentially, new suspicious documents.

The Levitation project illustrates the "giant X-ray machine over all our digital lives," says Deibert.

Once a suspicious file-downloader is identified, analysts can plug that IP address into Mutant Broth, a database run by the British electronic spy agency Government Communications Headquarters (GCHQ), to see five hours of that computer's online traffic before and after the download occurred.

That can sometimes lead them to a Facebook profile page and to a string of Google and other cookies used to track online users' activities for advertising purposes. This can help identify an individual.

In one example in the top-secret document, analysts also used the U.S. National Security Agency's powerful Marina database, which keeps online metadata on people for up to a year, to search for further information about a target's Facebook profile. It helped them find an email address.

After doing its research, the Levitation team then passes on a list of suspects to CSE's Office of Counter Terrorism.

The agency cites two successes as of 2012: the discovery of a German hostage video through a previously unknown target, and an uploaded document that gave it the hostage strategy of a terrorist organization.
There is much more worth reading in the CBC's story.

The CBC also published CSE's response to the questions that CBC submitted to the agency concerning the program.

You can listen to the CBC's Dave Seglins discussing the story on CBC Radio's The Current here. (I get my own two cents' worth in at the end of the segment. One minor correction: as I mentioned here, my father was never part of the SIGINT world.)

The CBC's reporting on the document was done in conjunction with Glenn Greenwald and The Intercept, whose take on the story can be read here: Ryan Gallagher & Glenn Greenwald, "Canada Casts Global Surveillance Dragnet Over File Downloads," The Intercept, 28 January 2015.

It is probably worth noting that none of the above means that CSE has been "targeting" or "directing its activities at" Canadians. As the agency frequently points out, it is not permitted to target Canadians anywhere or any person in Canada (except of course, as it much more rarely points out, when operating under its Mandate C). CSE is very much permitted, however, to collect the communications of or information about Canadians etc. if that collection is "incidental" to its efforts to collect information on its foreign targets, assuming a suitable Ministerial Authorization is in place (and you can rest assured, one is).

But when your 100% legal foreign target includes all traffic to or from all (presumably foreign-based) free upload sites in the world, then your "incidental" collection will include not just some, not just a lot of, but all Canadian traffic to or from those sites as well.

Which sort of makes the distinction between directing or not directing your activities at Canadians moot.

No Canadian transaction with these sites was targeted for collection. But every last one of them was in fact collected, either by CSE itself or by its partners, who then made it available for CSE's examination.

Other coverage/commentary:

- "Canadian spies scoured file-sharing sites to track jihadis, document shows," Globe & Mail, 28 January 2015.

- Matthew Braga, "Spies Know What You're Downloading on Filesharing Sites, New Snowden Docs Show," Motherboard, 28 January 2015. Includes interesting speculation on EONBLUE.

- "Spy agency CSE is monitoring our private online activities on a massive scale and sharing sensitive data with other governments,", 28 January 2015.

- David Ljunggren, "Snowden files show Canada spy agency runs global Internet watch: CBC," Reuters, 28 January 2015.

- Andy, "Canadian Government Spies on Millions of File-Sharers," TorrentFreak, 28 January 2015.

- Jim Bronskill, "Spies agency defends Internet terror hunt," Canadian Press, 28 January 2015.

- Jamie Condliffe, "Canadian Spies Monitor Millions of International File Downloads Daily," Gizmodo, 28 January 2015.

- Laura Tribe, "Mass surveillance program in Canada revealed on International Data Privacy Day," CJFE blog, 28 January 2015.

- "Cyber surveillance worries most Canadians: privacy czar's poll," CBC News, 28 January 2015.

- "Project Levitation and your privacy: Politicians call for cybersurveillance oversight," CBC News, 28 January 2015.

- Alex Boutilier, "Mass surveillance program defended by Conservatives," Toronto Star, 28 January 2015.

- Colin Freeze, "Spy program raises concerns about Internet anonymity," Globe & Mail, 28 January 2015.

- Ian Austen, "Canada Agency Monitors File-Sharing, Reports Say," New York Times, 28 January 2015.

Update 29 January 2015:

- Amber Hildebrandt, Michael Pereira and Dave Seglins, "CSE's Levitation project: Expert says spy agencies 'drowning in data' and unable to follow leads," CBC News, 29 January 2015.

- John Leyden, "Snowden reveals LEVITATION technique of Canada’s spies," The Register, 29 January 2015.

- Editorial, "Snowden and the dark sophistry of CSEC," Globe & Mail, 29 January 2015.

- Eva Prkachin, "The Mega-spies on Megaupload,", 29 January 2015.

Update 2 February 2015:

- Jesse Brown, "Your Government is Spying on Your Downloads," Canadaland, Episode 68, 1 February 2015. Brown interviews Christopher Parsons of CitizenLab on the LEVITATION document and broader CSE-related questions. Highly recommended.

Update 3 February 2015:

- Michael Geist, "The Canadian Privacy and Civil Liberties Punch in the Gut (or Why CSE/CSIS Oversight is Not Enough),", 3 February 2015. "Mass surveillance of a hundred million downloads every week by definition targets Canadians alongside Internet users from every corner of the globe. To argue that Canadians are not specifically targeted when it is obvious that the personal information of Canadians is indistinguishable from everyone else’s data at the time of collection, is to engage in meaningless distinctions that only succeed in demonstrating the weakness of Canadian law. Better oversight of CSE is needed, but so too is a better law governing CSE activities."


Post a Comment

<< Home