America’s neighbors to the north are doing some mass surveillance of their own by analyzing information on up to 15 million uploads and downloads of files from free file-hosting websites every day, according to new documents released to CBC News by US whistleblower Edward Snowden.
Canada’s electronic spy agency, the Communications Security Establishment (CSE), has analysts look through millions of files to find “extremist plots and suspects” that could endanger Canadians, the CBC said, but less than 0.0001 percent of the total collected traffic is relevant.
Though the agency has not commented on the document or the program, called Levitation, specifically, it said it analyzes metadata to identify foreign terrorists that threaten national security.
The document, a 21-page PowerPoint presentation created in 2012, shows that CSE has access to data from 102 free file sharing sites via “special sources,” potentially referring to telecommunications companies or cable operators, CBC said.
The file-sharing companies include Sendspace, Rapidshare and Megaupload, which has since been shut down. Sendspace told the CBC that no organizations have access to the data stored on its service, but no other company responded to its request for comment.
According to the CBC, “once a suspicious file-downloader is identified, analysts can plug that IP address into Mutant Broth, a database run by the British electronic spy agency Government Communications Headquarters (GCHQ), to see five hours of that computer’s online traffic before and after the download occurred.” Analysts can also leverage the NSA’s Marina database to search for information about a target’s Facebook profile to find their email address, as it did in at least one case.
While many countries around the world use some degree of online surveillance to suss out potential security threats, the scope of these programs is a concern for many, particularly what these agencies “can do with such an immense store of data at their fingertips,” the CBC said.
With the CSE recently revealing an embarrassing physical vulnerability at its new headquarters, the concern of the security of the collected data is also a valid one.
For service providers operating internationally, awareness of each country’s powers of surveillance are crucial in understanding how to best serve customers and protect their privacy.