Public Wi-Fi also a spying tool, Snowden documents show in new Canada scandal

Here’s a new and potentially explosive twist to our ongoing surveillance saga: according to CBC News, documents obtained by NSA leaker Edward Snowden show that the Canadian signals intelligence agency has been using public Wi-Fi, such as that found in some Canadian airports, to spy on travellers.

This is big because the Communications Security Establishment Canada (CSEC) is not supposed to spy on Canadians, just like its partners in the other “Five Eyes” espionage ring – the U.S., U.K., Australia and New Zealand – aren’t supposed to spy on their citizens.

CSEC says all it’s been scooping up is metadata – when people were logged into certain Wi-Fi networks – rather than the content of communications. However, as everyone has come to realize since the Snowden fiasco kicked off almost 8 months ago, metadata is all you need to paint a pretty accurate picture of a person’s relationships, activities, routine and intent.

Here’s what the scheme is actually trying to achieve.

IP profiling

The 2012 PowerPoint(s msft) presentation (PDF) refers to an early trial at a particular yet unidentified Canadian airport, where CSEC was able to somehow use the free Wi-Fi system to log user IDs, cross-referenced with time of logon and logoff. That data could then be correlated with data from other networks, both forward and backward in time. Those other networks might be in other airports, or in hotels, internet cafes, local transportation hubs and so on.

The presentation does not say how the data was obtained from any of these networks. Canada’s big airports and popular Wi-Fi provider Boingo (mentioned in the document) have denied having any idea about the operation.

The presentation suggests this is a IP profiling system for quickly identifying places that are potential targets for terrorism and raising the alert when a known bad person is around. The “new needle-in-a-haystack analytic” technique is described as “contact chaining across air-gaps” in order “to provide richer contextual data about a network address” and to support CSEC and its partners’ “tipping & cueing objectives” — in other words, to tip off the spies that something is worth watching, and putting eyes (or sensors, rather) on that thing.

In a use-case example presented in the document — with proof-of-concept trials apparently having taken place — a kidnapper in a rural area goes to an urban area to make ransom calls via a phone that he hasn’t used for any other communications, because he wants to blend into a bigger pool. His device happens to say hello to a public network at the time of the call.

The CSEC technique would then make it possible to cross-reference the ransom call (due to its time) with all this public access point data, in order to figure out the kidnapper’s IP address. The agency would swiftly sweep an entire city or region to figure out where the public access points are, see which are being used, and eliminate all the users that are “highly active outside the times of the ransom calls”, eventually whittling the dataset down to our kidnapper.

In the first trial, CSEC “swept a modest size city”, sucking up over 300,000 user IDs over a 2-week period. The agency said it used a big-data system called Collaborative Analytics Research Environment (CARE) to handle the analytics, which reduced the run-time for “hop profiles” from over 2 hours to “several seconds”. “Allows for tradecraft to be profitably productized,” the presentation notes in italics. CBC has redacted the subsequent part that illustrates a “possible route for productizing analytics.”

CSEC’s documents refer to the technique as “game-changing” and CBC’s sources suggest it is now operational on a wider scale.

Of course, tons of tracking data is being indiscriminately logged here in order to make the system work. CBC’s report quotes Canadian security expert Ronald Deibert as saying CSEC’s activities are almost certainly unlawful under the agency’s mandate, and Canadian privacy commissioner Ann Cavoukian – author of the “privacy by design” principles and something of an international guru on the subject – as saying the spying “resembles the activities of a totalitarian state, not a free and open society.”

Turbulent times

While none of the Five Eyes countries has announced any meaningful reforms in the wake of the Snowden revelations – Obama’s recent speech really doesn’t count for much — the heads of a couple of agencies have recently announced they are standing down. Entirely coincidentally, you understand.

The most recent is Sir Iain Lobban, the director of the U.K.’s Government Communications Headquarters (GCHQ). GCHQ announced on Tuesday that Lobban would leave at the end of the year – a move that was apparently “planned”.

Over in the U.S., the White House confirmed on Thursday that Navy Vice Admiral Michael Rogers was Obama’s nominee to succeed Army General Keith “Emperor” Alexander at the helm of the NSA. In October, Alexander announced his imminent retirement this coming March or April, in a move that was also allegedly “planned”. Alexander’s civilian deputy, John Inglis, left his post at the end of December.

The international diplomatic repercussions of the surveillance scandal continue to cause pain for the governments behind it. This week, newly-revealed documents showed the U.S. government used the NSA to spy on participants at the 2009 U.N. climate summit in Copenhagen , strengthening the U.S.’s hand in negotiations. This has particularly irked developing countries that took part in the talks.

And last week, the European Court of Human Rights (ECHR) decided to fast-track legal action waged against the British government by privacy campaigners, who see GCHQ’s indiscriminate tapping of the world’s internet arteries as perhaps not entirely legal.

FUN FACT: British Prime Minister David Cameron told a parliamentary committee on Thursday that his enthusiasm for surveillance was inspired by cop shows. He said:

“I love watching crime drama on the television, as I should probably stop telling people. There is hardly a crime drama that is not solved without using the data of a mobile communications device. If we don’t modernise the practice and the law over time we will have the communications data to solve these horrible crimes on a shrinking proportion of the total use of the devices. That is a real problem for keeping people safe. At the start of the next parliament, we have got to build a cross-party case for legislation to deal with this.”

This article was updated at 10am PT to include a link to the documents and better reflect their content.