Spying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites
from the more-sharing-going-on-than-previously-imagined dept
If it can be accessed with minimal effort, it's safe to say one government or another is looking at it. Here in the US, phone records, license plate data, cell site location information and any number of communications traveling across international internet backbones are all fair game for the world's law enforcement and intelligence agencies.In the first document from Snowden's stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north, it's file sharers who are under the
The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace's permission (or promises to its users about data security) ultimately matters.
According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.
LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.The documents (dated 2012) say the agency is only looking for about "2,200 documents" related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a-patent-thicket sorting process…
…which at least attempts to sort out the TV episodes from the hostage videos.
The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH. NSA-developed MARINA harvests a vast amount of internet activity and GCHQ's MUTANT BROTH intercepts "billions" of ad cookies to help correlate IP addresses.
But, while the agency says it's only tracking ~2,200 files (leading to 350 "interesting" downloads per month), there's nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn't stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.
It's safe to say that no major file-sharing service is able to protect its users' data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow -- if unintentionally so. The document notes that the agency "sees" about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If "sees" means "collects," then the agency has access to millions of non-relevant IP addresses and uploads. If "sees" means "disregards non-'interesting' uploads/downloads," then the effort is more focused than most of its counterparts' surveillance programs.
On top of that, there's nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting's sake.
It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder, rather than easier. And while there is at least some form of targeting built into the system, there's always the potential for abuse. CSE says it won't spy on its own citizens but this statement is undercut by its vast collection effort. It can't have it both ways, especially if it's gathering data directly from backbones. It could be anybody's data, but the agency won't know whose it is until it's looked at it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: canada, copyright, cse, file sharing, five eyes, nsa, surveillance, terrorism
Companies: megaupload, rapidshare, sendspace
Reader Comments
Subscribe: RSS
View by: Time | Thread
lolololol
Buah-hah-hah-hah
When there are at any one time, hundreds if not thousands of "computers" NAT'd behind a single ISP's ip address, yeah, good luck with that there bub.
[ link to this | view in chronology ]
Re: lolololol
Poor spooks, they should've hired you all along.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Terrorists do not want to keep everything secret, they want their propaganda widely distributed, which they can do via such sites, and using cutouts to actually post it..
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Terrorism, Child Porn, Drug Smuggling......
Agree. Given their abysmally poor record in actually catching anyone anywhere the primary motivation is to increase their budgets by adapting the appropriate buzz phrase.
[ link to this | view in chronology ]
Re:
A lot of these files are already encrypted to frustrate the copyright mafiaa, so bruteforcing everything is a waste of time.
[ link to this | view in chronology ]
It's always hollow
All such promises are hollow (especially in the US), not just because of backbone spying -- but because the "proper legal paperwork" is devoid of a lot of meaning, and is trivially easy to obtain.
Although having that paperwork is a good thing because it ensures there's some sort of paper trail, that sort of statement is functionally equivalent to saying "we'll let the government access anything they want."
[ link to this | view in chronology ]
We used to see some jihadi videos on our site sometimes weeks before they showed up in the media. The same users were also uploading encrypted zip files, with no torrent description, and garbage/random names.
We allowed the videos for free speech reasons, but nuked the zip files for violating site rules about no personal/encrypted uploads.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Second, for the sake of argument, IF , i stress IF, our governments had any kind of fucking common sense in remotely implementing something that could be vaguely seen as a "good idea", it certainly wouldnt fucki be allow other nations WITH NO FUCKING juristriction to spy on the nation you represent, least not, to even say nothing to that effect PUBLICALLY
Offcourse we all suspect that they are colluding with one another, all having the same goal purely by their already existant participation on global fucking surveillane to fight terrorism but is in actual fact an excuse to implement something they know would look REALLY FUCKING BAD if their wasnt this ever so fucki convinient excuse
At the very fing least, IF, i stress IF, our governments didnt at least want to look like complete and utter incompatent evil fing morons, they would have had the sense to know, at the very fing least, that you should'nt let other fing nations without LEGAL fing juristriction to ILLEGALLY spy on those you SUPPOSEDLY "represent"
Offcourse, we all can guess you are in fact colluding with one another IN SECRET, behind our backs, i.e withou public knowledge........AND STILL, have the audacity to try and pass illegal laws for things you can ALREADY DO....TODAY,......IF NOT .....MORE........i.e. recent snoopers charter house of lords debate were one lord made the statement that the bill was asking for something the snowden documents already say they have the capability............your a bunch of liars, thieves, murderes and backstabbers to your nations(except the ones who care enough to say something and the ones on the fence).........i mean, im confused why i cant get behind that /s
Ffs.......the more you think you reasonably know just how fu our shared situation is, this happens, then the more you realise, what else could be lurking out there
House of lords debate on the bill had a few folks talking about the lack of trust in the system if we pass this laws trampling human rights......im sorry, but its now past the point of no return for me, you thank yourselves, because i dont think i can trust the system without it being COMPLETELY demolished and built brand new.......oh, and trials galore for the too big to jail
Im sorry, i sure as hell dont want to think like that, their not really giving much people a choice, i think they crossed the line a long time ago in the specific case of the entitled surveilance mentality and secret implementation,
God dammit, through your own actions you create your own opposition, and thats why, I, think their is this drive for surveillance sacrificing the what i now see as the illusion of the moral high ground.......it just anothef tool to control, circumvent, disrupt, kidnap/kill? any and ALL that oppose the actions you take...........you are making the action, and you want to CONTROL the RE-action
God dammit man, nothing more in this life infuriates me more to hear about what they are doing what they ALREADY have set up, and being helpless to do anything about it, or exercise my natural right to NOT GIVE MY CONSENT.........i SERIOUSLY question the morality of the system as a whole when it comes to using terrorism as the excuse to justify 1984........
And where was it mandated that information that coincidently and undeniably helps MEDIA distributers and their need to exist, where is it mandated that this this thing that is OBVIOUSLY, NOT solely intended to catch terrorist but to allow a corporation to spy on nation outside their scope of non existant authority
ughhhh!
This is wrong,
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Tim, I love your writings, but you guys have got to get over this fiction. It's delusional.
Yes, we're very civilized and polite ordinarily, but you don't want to be anywhere near us once our dander is up. Ask the Netherlanders. They love us to this day for kicking Nazi butt in some of the most horrific battles of WWII. Hell, we did it in WWI too (Ypres).
CSE is looking for people who're looking for "Anarchist Cookbook" crap (how to build a gasoline bomb). Compare that to USA's "troll everybody then hand it to the DEA to try too."
Don't ever believe Canucks will just present their hind quarters to tyrants when threatened. It'll be the last thing you do.
You may've forgotten "Don't tread on me." We never have nor will. !@#$ with us at your peril.
Have a nice day. :-)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just a quick thought...
But if they eavesdrop on my (legitimate) streaming of some song, aren't they infringing on the copyright? Even if they are 'just listening'.
(Hell, that's all everyone ever does with songs...)
[ link to this | view in chronology ]
filters out episodes?
I'll take two please!
[ link to this | view in chronology ]
[ link to this | view in chronology ]