Slashdot Mirror
Canadian Spy Agency Snooped Travelers With Airport Wi-Fi
Walking The Walk writes: "It seems the NSA isn't the only agency doing illegal domestic spying. According to a Snowden document obtained by the CBC, Communications Security Establishment Canada (CSEC) has apparently been tracking domestic travelers, starting from when they first use free Wi-Fi at an airport, and continuing for days after they left the terminal. From the article: 'The document indicates the passenger tracking operation was a trial run of a powerful new software program CSEC was developing with help from its U.S. counterpart, the National Security Agency. In the document, CSEC called the new technologies "game-changing," and said they could be used for tracking "any target that makes occasional forays into other cities/regions."' The CBC notes early in the article that the spy agency 'is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant.' Predictably, CSEC's chief is quoted saying that they aren't allowed to spy on Canadians, so therefore they don't. As observed by experts consulted for the story, that claim is equivalent to saying that they collect the data but we're to trust that they don't look at it."
And I thought you were so nice and polite.
I guess you were spying, but politely.
Welcome to the Panopticon. Used to be a prison, now it's your home.
They spent a lot of time on this story last night and let the privacy comissioner speak her mind about it. I didn't expect such unbiased open coverage of this topic by our state broadcaster.
We'll send this junk back, up to 221K, so far.
A feeling of having made the same mistake before: Deja Foobar
RANDOM MAC ADDRESSES.
Chances are they're tracking people by MAC. Set up a cron job on your device to *ahem* adjust your MAC address with some regularity. You need to maintain a connection, so perhaps every hour? Or tie it to GPS coordinates or SSID names and when they change, update the MAC to something random...
The trick will be to make sure you don't repeat MAC's - probably want to keep an encrypted DB of hashs of the MAC's so you can verify you haven't used it previously before assigning a new one...
Effectively turn your token into a one-time pad... Fuck 'em.
I'm sure the NSA has already thought of this. The only airport that I have been through that has free WiFi is in New Orleans. Everywhere else you pay if you want access. What a country.
I would like to know CSEC would get from YVR WiFi. It is so slow that it is useless except for slow surfing on internet web pages.
(from the summary) ...they collect the data but we're to trust that they don't look at it
That's the wrong way of evaluating the situation. The correct way is to realize that IF they were trustworthy, then they wouldn't be spying on innocent people (you) in the first place.
It seems the fact you travel internationally is a great reason to keep tabs on you. Add mobile phones and laptops to the list of things you shouldn't carry when traveling internationally if you wish to avoid security hassle, along with explosives, guns, drugs, knives, scissors, nail clippers, tweezers, breast milk, toothpicks, sports equipment, medicines, tent pegs, children, people named Mohammed....
How do you propose not using a MAC address with any network protocol?
What makes you think you need to use it for them to track stuff?
upon the advice of my lawyer, i have no sig at this time
Democratic governments the world over are in a classic catch-22: they're damned if they do and they're damned if they don't. Prior to 9-11, we had pretty good safeguards in place against domestic spying. Watergate and the revelations of what J. Edgar Hoover did put a bad taste in everyone's mouth in the US about domestic spying. Then a bunch of nihilistic apostate Saudis flew airplanes into the Twin Towers, and over 3000 Americans died in the space of a single morning. The entire world watches in shock and horror--and then following America's lead, immediately begins investigating how this could have happened. And as the US discovers very quickly, it happened due to intentional inefficiencies and silo-ization of intelligence.
If there is one thing we Americans cannot stand more than anything else, it's inefficiency. We want our government/society/economy to WORK, dammit! Make it effective and efficient! The families of 9/11, and the politicians discover to their horror that this all could have easily been prevented, had we made our internal counterintelligence and domestic crime monitoring more efficient. The worst part is that 9/11 really could have been prevented --so easily--, and that's what led to the Patriot Act, the NSA, all of it. And it's not just America that learns this lesson.
So now the Canadians are following in America's footsteps, because no government, Liberal or Conservative, wants to be blamed for the next attack. And, there always will be a next attack. Maybe not from Islamists, maybe not from brown-skinned people, but there always will be. No one wants to be the one person on the news who's faced with the "Why didn't you stop this!" question. Imagine if you will what would have happened if John Ashcroft and President Bush had stepped up together following 9/11 and said "We understand that this could have been prevented if the FBI, CIA, and NSA had shared their information, but we're not about to dismantle federal policy to facilitate that because we don't want to turn America into a police state". Just imagine for a moment, the response that would have come to that statement from an enraged nation--let alone the entire state of New York.
What's really, really funny is that on /., we are all pro-privacy, pro-dismantling of the security apparatus. But none of us ever stop to consider if we'd change our tune, if one of our family or loved ones was suddenly, inexplicably killed in a horrible way--and then discover that said death could have been easily prevented if only X and Y agencies had bothered to share their information. And here's why this problem will never be solved--most of us have never been confronted with the desire for justice/vengeance, the anger of being a victim of system failure, and then understanding that there was a reason for the inefficiencies in the first place. Knowing what we know now, can any of us truly say that we'd face 300 million people (or 20 million if you're Canadian) and say "I know we could have easily prevented this tragedy, but we're not going to put in place the fixes that would prevent a future tragedy like this because we believe the outcome would be worse than the disease." And if you are willing to do so, are you willing to face a lifetime of condemnation and excommunication from everything you hold dear?
Nah, the biggest joke is that this shit HAS to happen, and then we have to go through years of rollbacks and abuses and fighting to undo all the damage, only to have it happen all over again and a new generation has to relearn the lessons. This is life, people. This is human nature. There is no answer, there is only the cycle.
Here's to hot beer, cold women, and Glaswegian kisses for all.
"the spy service was provided with information captured from unsuspecting travellers' wireless devices by the airport's free Wi-Fi system over a two-week period."
Like what? Mac addresses? Mac address + IPs it connected to?
"The document shows the federal intelligence agency was then able to track the travellers for a week or more as they — and their wireless devices — showed up in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports."
How? Did CSEC have a deal with companies providing wifi?
"free" airport wifi is a vacuum operation. Interesting note: we were heading out on a vacation a couple of weeks ago. I plugged my iPad into the USB charger in the plane and got a nice popup (typing this from the screen shot I took):
So charging on planes is another thing to avoid for me.
Trolling is a art,
I no longer expect outrage, as that seems to be beyond our capacity anymore, but it feels like we treat this kind of news as if it's just trivial bullshit. Has it come to that? Doesn't anyone call their representatives, no matter how deaf they might be? Anyone write letters to their local newspaper about this kind of erosion of personal liberties? Anyone trying to get someone to listen and pay attention, or are we all just willing to head blindly to the kill-floor, tweeting and texting the latest lolcat?
It seems to me that we are giving our lives away for nothing.
"Life is not magic." Dr. Ron Weiss - "If we don't play God, who will?" Dr. James Watson
MAC addresses are sufficiently long that you can randomly generate a new one for every connection attempt without a significant risk of collision. Random "serial numbers" are already available as a feature on some RFID chips (precisely to prevent tracking of the RFID chip by unauthorized readers). Note that I'm not suggesting that users start randomizing MAC addresses. That is a possible remedy, but this really needs to be designed into the protocol. A wireless device should never use identifiers in a way which enables untrusted listeners to recognize the device.
Governments of the day would love us to have a "state broadcaster", and might also prefer to have a pliant privacy commissioner, but neither report directly to the PM. It's admittedly hard for them to honour and defend our constitution (to borrow a U.S. phrase) but they manage somehow.
davecb@spamcop.net
Same way as early PCs and IBM token-rings did it: broadcast("I'd like to be user %d", id=rand(seed)); and see if anyone already has that number.
(Never ask a factual question sarcastically on a nerd site: someone will probably know the answer (:-))
davecb@spamcop.net
But you're completely correct. The world is going back to a bi-polar state, with the democratic westernized economies on one side, and authoritarian non-democratic countries on another (Russia, Iran, China ect...). To the victor goes the spoils. For there to be victory, the USA (and her many allies) must stay on top of the game.
Sure, but the WiFi analyzer on my phone will say "Holy cow, Dave, that's an insanely loud transmitter on channel 11, I'm going to have to shut down now or I'll blow".
davecb@spamcop.net
Solution looking for a problem, field test of something to use somewhere else, and/or overweening arrogance.
davecb@spamcop.net
Statistically.
MAC addresses are six bytes long. Even minus the multicasts, that's still a lot of combinations. The solution is obvious:
1. Client generates random MAC for the session, connects, starts doing stuff.
2. Client listens for a couple of minutes for a matching MAC. If found, goto 1.
A collision is possible, yes, if the previous user of that address happens to be quiet at the time. But it's also very unlikely, and can be resolved by simply reconnecting. No modification to the network hardware is required, nor to other clients.
Secret != illegal
Not that I'm agreeing with what their doing, but I do believe there need to be secrets.l
Just another day in Paradise
When two kids start arguing over a toy, we take the toy away. When someone drives while drunk, we confiscate their car. When governments start abusing their secret work, we must take away their abilities to keep secrets.
In all cases everybody gets hurt a little, but the alternative is to let things escalate and then somebody will get hurt a lot more.
Just because you're in an airport doesn't mean you're getting on a plane.
upon the advice of my lawyer, i have no sig at this time
with the democratic westernized economies on one side, and authoritarian non-democratic countries
Say what again? I do not see a huge difference these days between Russia and over-regulated western countries controlled by what is essentially a permanent ruling class of government workers. Russia is just a tiny bit more brazen about what it does... a TINY bit more.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Why exactly are you entitled to free WiFi in airports?
If I have nothing to hide, you have no reason to look.
When our name is on the back of your car, we're behind you all the way!
Last time I use the free wifi at Pearson. Wifi adapter disabled from now on!
"When information is power, privacy is freedom" - Jah-Wren Ryel
If you are using an Airport's WiFi without connecting to your trusted VPN, you'll get what you deserve. Airports are a wonderful place to play "Yes, I am that AP" and other fun games while bored hackers wait for their flights.
The Xbox One is ALWAYS examining the contents of the room, ESPECIALLY when the light is low or off. Low light triggers the "sexual movement" algorithms of the Kinect 'Human motion aware' sensor system, the one that uses a military grade 'time of flight' depth camera that Bill Gates spent multiple billions of dollars to develop.
You were so close to a successful troll attempt until that paragraph.
Your furious rhetoric is invalid.
If anything, the NSA probably let it fucking happen as justification for even more power.
Selling point to compete with American airports. In Canada the airports are financed by ticket surcharges so many people cross the line to fly out of American airports as the whole airport is free.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
How much gas are you burning to avoid $5 of WiFi fees?
How much gas are you burning to avoid $5 of WiFi fees?
If your flight goes US->Canada->Europe (for example), you can often save hundreds of dollars by driving to America and catching the flight there rather than joining the flight at your local airport when it lands in Canada.
No, it doesn't make sense to Canadians, either.
Just because you're in an airport doesn't mean you're getting on a plane.
Ya, I was using the airport for free wifi, but now I'm going to reconsider...
Be seeing you...
As the sibling post says, it is much cheaper to catch a flight from an American airport, not just to Europe either but pretty well anywhere. This is (at least partly) due to Canadian airports having to be self-financing and people expect some perks like free WIFI after paying the extra charges.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Excuse me sir, but I believe that based you accidentally overpaid for your timbits and coffee, can you report back to Tim Horton's.
Oh, and this long cylindrical object with a fuse that was in your check-on, you can have this back now, thanks.
My conscience pinged me on this one -- you are also right about each cycle getting a little better. My biggest desire is that people would step back, consider the cycle, realize that they cannot *solve* the problem, but considerate amelioration and solutions do work in the long term.
Here's to hot beer, cold women, and Glaswegian kisses for all.
Until he's in the custody of the government and facing trial for his crimes, however certain his guilt may be, these documents mean nothing more than another charge against him. One could reasonably come up with something out of thin air, attribute it to him, blame a government agency, and people would believe it faster than they would believe the truth.
Some people side with Snowden and the foreign countries that aid and abet him. I side with the US, and the institutions, including the necessary NSA, and the efforts to bring the wayward ex-contractor to justice.
That said:
Hindering the NSA does no good when it comes to finding terrorists since it provides a convenient blindspot for them to stand in. Remove the blind spot and you give no place to hide.
(Of course, this goes against standard /. groupthink, and will be sent down the memory hole by virtue of modbombing anything that opposes the One True Snowden Opinion)
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
while true generate-spoof-new-mac-address connect-to-airport-access-point disconnect-after-3-seconds Someone should write a FREE app to flood their database to render their data useless :-)
http://washingtonexaminer.com/...
Is there any place the people of the World are not being data-raped?
"If any question why we died, Tell them because our fathers lied."
Funding, staff trying it out as a small project in Canada, then getting to reach out for help with the NSA, showing Canada can create, work together, share and then develop a larger tool and skill set with the USA.
The tech may be flaky, never really work, only work in some ares, be expensive... but the creativity, funding and US/Canadian cooperation is priceless over generations of staff.
You had the air gaps aspect, "user ID" and later expanded to global tracking.
Domestic spying is now "Benign Information Gathering"
No, that is not why it happened but framing it that way is seductively authoritarian and one of the main reasons for the creation of the modern surveillance state. Having spent billions to stop more attacks, what do we have to show for it? The Boston bombers plus a whole host of "white" attacks like mass shootings and the NSA's "official" record of having stopped precisely zero attacks on USA soil.
That's ~50 attacks short of the total, not counting ones they can't disclose due to classification rules.
...businesses and people spending time and money to shield themselves from the surveillance...
While those threats are mitigated by responsible citizens that render those efforts useless, as well as architectural efforts that make it too costly to implement the rest. Integrate deeply enough and betrayal won't matter.
The only way to win is not to play the game.
Then you leave room for terrorism to happen in the Constitutionally-mandated blind spot. The military and intelligence departments do ugly-but-necessary things that are not meant for the public to know until it is no longer a threat. Not playing the game puts the US at a disadvantage versus other nations that do so.
The way to win is to be ahead of the others in surveillance and to do it more cleanly. Then take care of the loose ends like Snowden and his associates in ways that prevent repeat occurrences.
We need to get away with from the authoritarian framing of the problem of our society being constantly vulnerable and change from a surveillance state
Not going to happen, and the risk calculations in the rest of your paragraph are compatible with the current surveillance posture. The NSA has outlasted its detractors, including this generation.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Come on guys, you're like the Chief of Police in Casablanca who is surprised gambling is going on in the casino? Someone still has an expectation of privacy?
You spy on my people & I'll spy on yours. After all, we're not allowed to spy on our own people.
Back when I was in Canada, CBC was routinely reporting on various fuck-ups by the government. They didn't seem to be in any way biased in favor of the latter.
It's what convinced me that state-funded media can be objective (I hail from a country where it is very much not the case, and assumed it to be universal).