26 comments

[ 2.8 ms ] story [ 54.7 ms ] thread
The job of a spy agency is to spy, that will never change. The problem I have is when it starts infringing the rights and freedoms of it's own citizens (ie C-51).
They don't even have to. The NSA will spy on Canadians and then ship CSE the data.
There needs to be a ban on this practice.

I don't know about Canadian law, but most likely the spirit of:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures

Was certainly not: Ask the Canadians to seize it for you and then they can give it back to you without due process.

(This is exactly the kind of Hostile Act the NSA should be protecting American's against, not cooperating with).

Great opportunity - for nation states that don't have the ability to create a cyber department, just outsource to somebody who can spy on everybody. There are some great economies of scale, since more than one client is going to be interested in mining in Brazil or some piece of oil information from the middle east... You've got multiple customers for the same data.
There is a great difference between spying on individual targets and capturing data from millions of people who have done no harm. The latter practice is what these agencies have been have heavily criticized for.
I see two strategies: (1) fight to restrict how much spy agencies spy. (2) fight to bolster ordinary citizens' use of technologies like encryption so that they cannot be spied upon.

I would bet that strategy (2) is the more likely one to gain traction and make a difference against the infringement of our rights as citizens.

The problem with strategy (2) is that the government can take action to stop it. For example, in the UK it's a criminal offence to withhold encryption keys in the face of a warrant.

David Cameron also relatively recently argued that encryption should be banned or controlled to prevent anyone hiding things from the intelligence services.

Widespread deployment of encryption would probably just result in more offensive tactics from intelligence agencies.

In this context hindering the use of encryption by your own citizens seems like making every other intelligence agency's job easier.
Number one problem is attribution. Restricting the agencies will never be effective if you cannot know which one did something.
Option 3 would be to leave. I don't have a lot of patriotism, but I also don't know where I'd go.
Which means there's no option 3. There's really no "better place" to go. The whole world is under their control and other countries are worse.
Going forward, option 1 is the only realistic way to ensure privacy. We leak too much data. It's not completely out of the question that in a few decades, extracting audio+video information on everyone, all the time, will be technically feasible. Add that to tracking software to monitor movements, and a state-level adversary may very well be able to know everything about you. Encryption doesn't help if they're listening to every word you speak in your house. Even today, what are the technical limitations in deploying array microphones, or laser listening devices?

(I'd say TEMPEST style attacks might exist too, but display technology advancing might put a crimp in that, maybe.)

We've seen places use MAC addresses and WiFi probes to track people. In the future, it may be possible to do active monitoring via cameras, then correlate to identity by sweeping up organic pieces and sequencing DNA. (Maybe? I don't think there's any theoretical problem here, is there? We shed hair and skin all over.) Heck, I'm a bit surprised places aren't collecting fingerprints left and right.

It does not seem like there are available countermeasures. You'd need a constant energy+matter shield everywhere you go. Instead, making surveillance tech strictly limited seems like the only real defense. (Just like nuclear defense relies heavily on restricting access.)

This is a prediction of a shitty future, but do we realistically expect tech advances to stop soon? If you went back 30 years and polled people, they'd probably think the surveillance that's done today to be inconceivable.

There are plenty of other options. My personal favorite is the google method - recognize that "spying" is inevitable and embrace it in order to improve your own life.
None of the spying being discussed in this thread is for your personal benefit or can be used by you at all.
That betrays a shameful lack of creativity.
I'm Canadian, and my initial thought was "Yay! We don't suck at something! Hooray! We're not irrelevant!" followed quickly by "Oh, $hit..." :-(

The worst part is that if this was part of evidence-based policy, strategy, or tactics, it would at least be arguably not stupid.

Sigh.

Fellow Canadian, definitely cool we have some bleeding edge stuff, just scares the hell out of me. Trying to convince fellow non-technical friends of what this means with C-51.
Have you thought about what "we" means there?
https://s3.amazonaws.com/s3.documentcloud.org/documents/1690...

This is not a "cyberware toolbox." This is an IDS. For real, I bet they are using Snort inside one of their codeworded intrusion detection/response systems. Companies try to defend themselves from hackers by analogous systems. Is this any different?

You are poorly informed. This goes well beyond an IDS. While yes, I'm sure they detect using signatures LIKE snort but snort isn't storing 300TB of full take content on citizens to be shared with the other nations that play ball. Full take data goes "on your permanent record" which can be used later to frame or blackmail you. Much different than snort.
Are we seeing an arms race now in terms of cyberwarfare? It seems like this is the next "must have" for any nation state arsenal.

Makes you wonder what will be more powerful in five years. These kinds of weapons that can attack and bring down parts of a countries infrastructure or a nuclear bomb?

I stand by this statement. All good governments eventually turn bad.