Canada’s spy agency, the Communications Security Establishment, has been eavesdropping on 102 free file upload sites, including Sendspace, Rapidshare and Megaupload, which has been shut down.
A CSE program called “Levitation” lets analysts access information on 10-15 million uploads and downloads of files from such sites daily, according to documents released by whistle-blower Edward Snowden.
The information was published by the Canadian Broadcasting Corporation in collaboration with The Intercept.
Levitation can monitor downloads across Europe, the Middle East, North Africa and North America.
Public acceptance of disclosures of surveillance may be greater now, in the wake of the terrorist attack on the Charlie Hebdo offices in Paris earlier this month and the recent roundup of terrorist suspects in France and Belgium.
“In an era of terrorist threats, social media [and] lack of privacy, very little personal information is viewed as insignificant,” Darren Hayes, director of cybersecurity at Pace University’s Seidenberg School of CSIS, told TechNewsWorld.
Data is obtained directly from Internet cables the CSE has tapped into, through a separate CSE operation codenamed “Atomic Banjo,” according to The Intercept.
CSE then gleans the IP addresses of each computer that downloads files from target websites.
About 350 “interesting” files are found each month — less than 0.0001 percent of the total traffic collected, notes a 2012 Powerpoint presentation released by Snowden.
The IP addresses of people downloading suspicious files are plugged into Mutant Broth , a database run by GCHQ, the UK’s equivalent of CSE, for analysis of online traffic.
CSE analysts reportedly also used the U.S. National Security Agency’s Marina database.
The searches disclose other websites visited by those downloading suspicious files — in some cases, Facebook or Google accounts, which may disclose information about individual downloaders.
CSE apparently has claimed two successes since 2012: the discovery of an unspecified German hostage video; and an uploaded document outlining the hostage strategy of an unnamed terrorist organization.
As of 2012, CSE maintained a list of 2,200 download links considered connected to suspicious documents of interest.
Arguments for the Surveillance
“You can never completely identify or eliminate all potential threats, but you catch nothing if you don’t try,” observed Jim McGregor, a principal analyst at Tirias Research.
“If you stop just one individual or group that’s planning a large-scale attack, it’s worth it,” he told TechNewsWorld.
There are two challenges involved in combating terrorism, McGregor pointed out — identifying the individuals who pose a threat, and identifying the potential attacks.
“More than anything, this type of surveillance helps with the identification of individuals that may pose a threat,” he maintained.
Why Spy With Your Little Eye?
The CSE has been monitoring communications in Canada since 2001, when it was known as the “CSES.”
“The default argument here is ‘simply because we can,’ remarked Danny O’Brien, international director at the Electronic Frontier Foundation.
“Oversight of the intelligence agencies’ dragnet surveillance has been so weak, and the economic costs of scooping all this data relatively cheap — compared to the shared budget of the Canadian, U.S., UK, and Australian and New Zealand secret services — [that] they have no reason not to experiment with the data they’ve piled up,” he told TechNewsWorld.
Human rights laws are an argument against such mass surveillance, O’Brien said.
“We built our societies on the idea that law enforcement can’t just fish in people’s private affairs for clues about their behavior,” he contended. “If you think you have a case, you get a warrant.”
The revelations of CSE’s surveillance will impact Canadians’ view of their own government and security services rather than Canada’s international reputation, O’Brien suggested.
Still, “there are hundreds of reasons not to take such actions, but millions to do so,” argued McGregor — each citizen you might save.”