TORONTO – New allegations that government officials tracked the gadgets of travellers who used free wireless fidelity (Wi-Fi) services provided at a major Canadian airport may have some questioning their privacy – but experts argue there is little Canadians can do about it in this case.
According to a CBC report, documents leaked by whistleblower Edward Snowden allege that the Communications Security Establishment of Canada (CSEC) was given information retrieved from wireless devices using an airport’s wireless network over a two-week period. The specific airport is not named.
The documents further claim CSEC was able track those same travellers for over a week as they popped up on wireless networks across Canada.
The information was tracked as part of a pilot project done with the American National Security Agency (NSA), according to the documents. CSEC reportedly tracked metadata like the location and telephone numbers of calls made and received, but not the content.
CSEC on Friday denied that it tracked Canadians. “No Canadian or foreign travelers were tracked. No Canadian communications were, or are, targeted, collected or used. All CSE activities include measures to protect the privacy of Canadians,” it told Global News in a statement.
“In 2011, the Commissioner completed a review specifically focused on CSE’s metadata activities, finding them to be lawful. The CSE Commissioner is currently conducting another review of CSE’s metadata activities.”
CSEC’s mandate includes monitoring foreign computer, satellite, radio and telephone traffic of people, states, organizations and terrorist groups for information of interest to Canada.
“What seems to be happening – based on this particular subset of documents – is when individuals were connecting to Wi-Fi on their computers, smartphones, or whatever they happened to be using, they would be sending metadata,” explained Christopher Parsons, a post-doctoral fellow with the Citizen Lab at the Munk School of Global Affairs.
Wireless devices use metadata to communicate with the Internet.
Metadata contains information such as the phone numbers involved in a call, the duration of the phone call and even the geo-location of the people on either end of that call – but it does not reveal the contents of the call.
“The allegation isn’t that CSEC was examining the contents of your email, because they didn’t have to. Instead they would take the metadata,” Parsons told Global News.
“So even if you encrypted your communications the data was still there for them to be running their analysis.”
As Parsons points out, using encryption measures – such as a virtual private network (VPN), which many businesses use in order to ensure employees’ emails stay private when checked on public networks – are fairly useless when it comes to this type of data mining.
“It speaks to how important metadata actually is in contemporary surveillance,” he said.
Ronald Deibert, Director of Citizen Lab at the Munk School of Global Affairs who examined the documents, added that aside from citizens contacting their MPs to take action, it’s hard for Canadians to do much else.
“The fact of the matter is that wherever we go we leave a digital trail behind us,” Deibert told Global News in a phone interview Friday. “I don’t think it’s realistic to assume that you can ever escape from this ecosystem that we live in.”
Public Wi-Fi networks are generally unsafe
Privacy experts are quick to point out that using any public Wi-Fi network is risky if you are concerned about private communications.
“If you are going to use public Wi-Fi you just have to assume everything you do is visible to other people and you shouldn’t be doing anything that you don’t want to be displayed on the TV in the corner of the room that you are sitting in,” said David Skillicorn, privacy expert and professor at Queen’s University.
Skillicorn notes that un-encrypted public Wi-Fi networks are very easily compromised – adding that anyone can download software to their computer that would let them see all of the traffic on the Wi-Fi hub.
He said that sites with an HTTP Secure (HTTPS) connection will give you some level of protection, but cautioned that generally public Wi-Fi is indeed “public.”
“The step up from public Wi-Fi to something that is reasonably secure is more than most people are technically willing and able to do,” Skillicorn said.
Skillicorn said a VPN connection would be the most plausible step-up in protection when using a Wi-Fi hotspot, but added that those types of connections are usually provided by an employer that has technically sophisticated people at the other end setting it up.
– With files from James Armstrong and The Canadian Press