Spying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites
from the more-sharing-going-on-than-previously-imagined dept
If it can be accessed with minimal effort, it’s safe to say one government or another is looking at it. Here in the US, phone records, license plate data, cell site location information and any number of communications traveling across international internet backbones are all fair game for the world’s law enforcement and intelligence agencies.
In the first document from Snowden’s stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north, it’s file sharers who are under the
microscope mass surveillance macroscope.
The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…
According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.
The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace’s permission (or promises to its users about data security) ultimately matters.
LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.
The documents (dated 2012) say the agency is only looking for about “2,200 documents” related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a-patent-thicket sorting process…
…which at least attempts to sort out the TV episodes from the hostage videos.
The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH. NSA-developed MARINA harvests a vast amount of internet activity and GCHQ’s MUTANT BROTH intercepts “billions” of ad cookies to help correlate IP addresses.
But, while the agency says it’s only tracking ~2,200 files (leading to 350 “interesting” downloads per month), there’s nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn’t stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.
It’s safe to say that no major file-sharing service is able to protect its users’ data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow — if unintentionally so. The document notes that the agency “sees” about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If “sees” means “collects,” then the agency has access to millions of non-relevant IP addresses and uploads. If “sees” means “disregards non-‘interesting’ uploads/downloads,” then the effort is more focused than most of its counterparts’ surveillance programs.
On top of that, there’s nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting’s sake.
It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.
When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder, rather than easier. And while there is at least some form of targeting built into the system, there’s always the potential for abuse. CSE says it won’t spy on its own citizens but this statement is undercut by its vast collection effort. It can’t have it both ways, especially if it’s gathering data directly from backbones. It could be anybody’s data, but the agency won’t know whose it is until it’s looked at it.