Skip to main content

Canada Spy program raises concerns about Internet anonymity

Revelations about a Canadian spy program that can sift through 15 million downloaded files a day are raising concerns that Ottawa's fight against terrorism is eroding Internet anonymity. But Canadian spies claim to have used this technique to unearth a specific intelligence lead – the "hostage strategy" of an al-Qaeda offshoot, before passing it along to U.S. intelligence.

A top-secret Communications Security Establishment document about its "Levitation" program was leaked by U.S. contractor Edward Snowden and published by the CBC and online publication The Intercept on Tuesday.

Some of the spying described in the document closely matches what a federal official has suggested is one of Canada's most valued spying stratagems.

"Let's imagine there is a hostage situation unfolding," the CSE's signals-intelligence director said in a 2013 interview with The Globe. Drawing a diagram of three terrorist hostage takers talking on their phones, he said that "the solution to this, for us, is metadata."

Metadata is information about an electronic communication excluding the spoken or typed words. Leaders of electronic-eavesdropping agencies, such as CSE, have convinced the executive branches of government that they need an unfettered ability to collect, log, and search this material – in bulk.

Past leaks have shown that CSE analysts have a continually collected trove of metadata at their fingertips, through a database known as "Olympia," which allows Ottawa to scour all manner of covertly collected telecommunications traffic. Sifting tools are needed because Olympia taps into the overwhelming collections of the "Five Eyes" allies – Canada, the United States, Britain, Australia and New Zealand.

Previous leaks have shown that "Levitate" is among dozens of search techniques now readily available to CSE analysts, on a drop-down menu within Olympia.

But the latest leak shows that three years ago CSE intelligence analysts were trying it out as "Levitation."

The hypothesis was that snooping on sites used to swap large data files – video, music, or documents – can reveal terrorists. "Extremists use Free File Upload (FFU) sites differently than the general public," the newly disclosed slides say.

So CSE watched for 2,200 known Web links to extremist literature moving on MegaUpload, RapidShare, and 100 similar sites.

How CSE got its covert collection systems in place is unclear. The slides indicate a distinction between "seeing" downloads and "finding" intelligence leads. "We see about 10-15 million FFU events per day," reads the presentation. "… We're finding about 350 interesting download events per month."

Documents with titles such as "How to Make a Gas Bomb" were seen turning up in Iraq, Saudi Arabia, Syria – and in Canada. It's unclear whether CSE told police about the Canadian activity. CSE appears to have "anonymized" such transactions, an automatic scrubbing of identifying information that protects the spy agency from allegations it engages in warrantless domestic spying.

Foreigners are offered no such privacy protections. And CSE analysts leveraged other Five Eyes metadata databases to figure out which foreigners might be behind the suspicious transactions.

For that, CSE tapped into a British agency's logs of corporate "cookies." Cookies are the unique codes that social-media sites place on Web browsers, so as to better track their users' habits and sell advertising. Knowing which cookies link to which Facebook identities, and which Internet Protocol addresses, is valuable – they help corporations figure out just whom to target.

The same can be said for piggybacking spy agencies. Some of the CSE "Levitation" searches took place on March 28, 2012. It was around this time that reports surfaced that al-Qaeda in the Islamic Maghreb (AQIM) was circulating a new "proof of life" video from Africa. In it, German hostage Edgar Fritz Raupach was shown pleading for a ransom.

The final slide says CSE acquired "a German hostage video from a previously unknown target." It then adds that an "FFU upload event gave us AQIM's hostage strategy. The resulting report was disseminated widely including by the CIA to their counterparts overseas."

Mr. Raupach was reported stabbed to death in May, 2012, by his captors, as Nigerian forces raided a safe house used by suspected terrorists.

In a statement, the CSE said that it is legally authorized to collect metadata to protect Canadians from terrorist threats. "We regret that the publication of techniques and methods, based on stolen documents, renders those techniques and methods less effective."

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Latest Videos