The job of a spy agency is to spy, that will never change. The problem I have is when it starts infringing the rights and freedoms of it's own citizens (ie C-51).
Great opportunity - for nation states that don't have the ability to create a cyber department, just outsource to somebody who can spy on everybody. There are some great economies of scale, since more than one client is going to be interested in mining in Brazil or some piece of oil information from the middle east... You've got multiple customers for the same data.
There is a great difference between spying on individual targets and capturing data from millions of people who have done no harm. The latter practice is what these agencies have been have heavily criticized for.
I see two strategies: (1) fight to restrict how much spy agencies spy. (2) fight to bolster ordinary citizens' use of technologies like encryption so that they cannot be spied upon.
I would bet that strategy (2) is the more likely one to gain traction and make a difference against the infringement of our rights as citizens.
The problem with strategy (2) is that the government can take action to stop it. For example, in the UK it's a criminal offence to withhold encryption keys in the face of a warrant.
David Cameron also relatively recently argued that encryption should be banned or controlled to prevent anyone hiding things from the intelligence services.
Widespread deployment of encryption would probably just result in more offensive tactics from intelligence agencies.
Key disclosure laws fall into this same category. It doesn't matter if you use full-disk encryption - you have to turn over the keys when asked else you face imprisonment. TrueCrypt's plausible deniability feature was really helpful; I wish dm-crypt has something like this.
Going forward, option 1 is the only realistic way to ensure privacy. We leak too much data. It's not completely out of the question that in a few decades, extracting audio+video information on everyone, all the time, will be technically feasible. Add that to tracking software to monitor movements, and a state-level adversary may very well be able to know everything about you. Encryption doesn't help if they're listening to every word you speak in your house. Even today, what are the technical limitations in deploying array microphones, or laser listening devices?
(I'd say TEMPEST style attacks might exist too, but display technology advancing might put a crimp in that, maybe.)
We've seen places use MAC addresses and WiFi probes to track people. In the future, it may be possible to do active monitoring via cameras, then correlate to identity by sweeping up organic pieces and sequencing DNA. (Maybe? I don't think there's any theoretical problem here, is there? We shed hair and skin all over.) Heck, I'm a bit surprised places aren't collecting fingerprints left and right.
It does not seem like there are available countermeasures. You'd need a constant energy+matter shield everywhere you go. Instead, making surveillance tech strictly limited seems like the only real defense. (Just like nuclear defense relies heavily on restricting access.)
This is a prediction of a shitty future, but do we realistically expect tech advances to stop soon? If you went back 30 years and polled people, they'd probably think the surveillance that's done today to be inconceivable.
There are plenty of other options. My personal favorite is the google method - recognize that "spying" is inevitable and embrace it in order to improve your own life.
Fellow Canadian, definitely cool we have some bleeding edge stuff, just scares the hell out of me. Trying to convince fellow non-technical friends of what this means with C-51.
This is not a "cyberware toolbox." This is an IDS. For real, I bet they are using Snort inside one of their codeworded intrusion detection/response systems. Companies try to defend themselves from hackers by analogous systems. Is this any different?
You are poorly informed. This goes well beyond an IDS. While yes, I'm sure they detect using signatures LIKE snort but snort isn't storing 300TB of full take content on citizens to be shared with the other nations that play ball. Full take data goes "on your permanent record" which can be used later to frame or blackmail you. Much different than snort.
Are we seeing an arms race now in terms of cyberwarfare? It seems like this is the next "must have" for any nation state arsenal.
Makes you wonder what will be more powerful in five years. These kinds of weapons that can attack and bring down parts of a countries infrastructure or a nuclear bomb?
26 comments
[ 2.8 ms ] story [ 54.7 ms ] threadI don't know about Canadian law, but most likely the spirit of:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures
Was certainly not: Ask the Canadians to seize it for you and then they can give it back to you without due process.
(This is exactly the kind of Hostile Act the NSA should be protecting American's against, not cooperating with).
http://www.cbc.ca/news/canada/communication-security-establi...
https://firstlook.org/theintercept/2015/03/23/canada-cse-hac...
One of the documents (PDF, 46 pages):
https://s3.amazonaws.com/s3.documentcloud.org/documents/1690...
I would bet that strategy (2) is the more likely one to gain traction and make a difference against the infringement of our rights as citizens.
David Cameron also relatively recently argued that encryption should be banned or controlled to prevent anyone hiding things from the intelligence services.
Widespread deployment of encryption would probably just result in more offensive tactics from intelligence agencies.
https://en.wikipedia.org/wiki/Key_disclosure_law
And this is what happened in Canada recently:
http://www.cbc.ca/news/canada/nova-scotia/quebec-resident-al...
(I'd say TEMPEST style attacks might exist too, but display technology advancing might put a crimp in that, maybe.)
We've seen places use MAC addresses and WiFi probes to track people. In the future, it may be possible to do active monitoring via cameras, then correlate to identity by sweeping up organic pieces and sequencing DNA. (Maybe? I don't think there's any theoretical problem here, is there? We shed hair and skin all over.) Heck, I'm a bit surprised places aren't collecting fingerprints left and right.
It does not seem like there are available countermeasures. You'd need a constant energy+matter shield everywhere you go. Instead, making surveillance tech strictly limited seems like the only real defense. (Just like nuclear defense relies heavily on restricting access.)
This is a prediction of a shitty future, but do we realistically expect tech advances to stop soon? If you went back 30 years and polled people, they'd probably think the surveillance that's done today to be inconceivable.
The worst part is that if this was part of evidence-based policy, strategy, or tactics, it would at least be arguably not stupid.
Sigh.
This is not a "cyberware toolbox." This is an IDS. For real, I bet they are using Snort inside one of their codeworded intrusion detection/response systems. Companies try to defend themselves from hackers by analogous systems. Is this any different?
Makes you wonder what will be more powerful in five years. These kinds of weapons that can attack and bring down parts of a countries infrastructure or a nuclear bomb?