Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned.
Details of the Communications Security Establishment project dubbed "Levitation" are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News.
Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.
"Every single thing that you do — in this case uploading/downloading files to these sites — that act is being archived, collected and analyzed," says Ron Deibert, director of the University of Toronto-based internet security think-tank Citizen Lab, who reviewed the document.
In the document, a PowerPoint presentation written in 2012, the CSE analyst who wrote it jokes about being overloaded with innocuous files such as episodes of the musical TV series Glee in their hunt for terrorists.
CBC analyzed the document in collaboration with the U.S. news website The Intercept, which obtained it from Snowden.
The presentation provides a rare glimpse into Canada's cyber-sleuthing capabilities and its use of its spy partners' immense databases to track the online traffic of millions of people around the world, including Canadians.
That glimpse may be of even greater interest now that the Harper government plans to introduce new legislation increasing the powers of Canada's security agencies.
Though Canada’s always been described as a junior partner in the Five Eyes spying partnership, which includes the U.S., Britain, New Zealand and Australia, this document shows it led the way in developing this new extremist-tracking tool.
"It's really the first time that a story has been reported that involves [CSE] as the lead agency in a program of pure mass surveillance," said Glenn Greenwald, a constitutional lawyer and journalist with The Intercept, and who has been instrumental in bringing Snowden's information to public attention.
Canada's electronic surveillance service said it cannot comment on the specific program, but added that some of its metadata analysis is designed to identify foreign terrorists who use the internet for activities threatening the security of Canada and Canadians.
Story Continues After Slideshow
According to documents given to Privacy Commissioner Chantal Bernier, the federal government asks telecom for data on subscribers 1.2 million times a year. That’s one request for every 30 Canadians, every year. Most of those requests don’t involve a warrant, and in 2011 telecoms complied with at least 784,000 of those requests.
The federal government spent more than $50 million buying high-security communications technology from the U.S. National Security Agency, according to data unearthed by Vice magazine. There have been at least 73 contracts for telecommunications equipment procured through the NSA over the past decade.
According to documents given to NDP MP Charmaine Borg under an access to information request, some telecoms are building databases of customer information specifically for police use. A Competition Bureau document noted the bureau had "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-2013.
At least one Canadian telecom is evidently giving the government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner. The unnamed telecom says the government has the ability to copy the traffic on its communications network, then mine the copied data to determine what sort it is.
Critics say Bill C-13, the “anti-cyberbullying bill” the Harper government is promoting, is essentially a back-door for a host of measures that would allow greater government intrusion into private lives. The bill would provide legal immunity to telecoms that hand over customer data without a warrant, and would lower the standard under which police can get warrantless data. Digital rights group OpenMedia says the bill “would let ... authorities create detailed profiles of Canadians based on who they talk to and what they say and do online.” Pictured: Justice Minister Peter MacKay
Industry Minister James Moore's Digital Privacy Act is being billed as “protection for Canadians when they surf the web and shop online,” but critics say it amounts to a wholesale threat to the privacy rights it ostensibly aims to enshrine. Bill S-4 would allow internet service providers to share customer data with any organization that is investigating a possible breach of contract, such as a copyright violation, or illegal activity. Thus, private corporations, and not just the government, could obtain personal information about you. The bill would also eliminate court oversight of file-sharing lawsuits, which critics fear would lead to the sort of “copyright trolling” seen in the U.S.
An estimated 90 per cent of Canadian Internet traffic moves through the U.S., which means that Canadians are being caught up in the NSA’s surveillance dragnet, experts say. Data passes through “filters and checkpoints” and is “shared with third parties, with law enforcement and of course intelligence agencies that operate in the shadows,” says Ronald Deibert, head of the University of Toronto’s Citizen Lab.
Documents obtained by the Globe and Mail and The Canadian Press suggest that Canada is engaged in mass warrantless surveillance. The documents show then-Defence Minister Peter MacKay signed a ministerial directive in November, 2011, authorizing the re-start of “a secret electronic eavesdropping program that scours global telephone records and Internet data trails – including those of Canadians – for patterns of suspicious activity.”
Canada’s electronic spy agency, CSEC, will see its budget skyrocket to $829 million in 2014-15, from $444 million this year. Pictured: CSEC's new $1.2-billion headquarters in Ottawa, currently under construction.
According to journalist Glenn Greenwald’s book “No Place To Hide,” Canada took some $300,000 to $400,000 from the NSA in 2012 to develop surveillance capabilities. However, that money amounts to a drop in the bucket given CSEC’s $829 million budget for electronic surveillance. Pictured: Glenn Greenwald
The CSEC was in charge of developing an international standard for encryption keys to transmit data securely. But according to documents obtained by the New York Times, CSEC handed over control of the standard to the NSA, allowing the U.S. surveillance agency to build back-doors that allowed it to crack the encryptions. As a result, the NSA was able to crack data transmissions that internet users thought were secure.
The Harper government allowed the U.S. to carry out widespread surveillance in Canada during the G20 meeting in Toronto in 2010, according to documents leaked by NSA whistleblower Edward Snowden. Few details of the espionage were released, but it appears this is a sort of rotating circle of spying: Canada helped the U.S. and U.K. spy on the 2009 G20 conference in London.
"CSE is clearly mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism," agency spokesman Andrew McLaughlin wrote in an email to CBC.
Deibert, at the Citizen Lab, says that on the surface the Levitation program is reassuring, indicating Canada's spies are doing their job, but he adds that the mass surveillance nature of it raises questions.
'A giant X-ray machine'
According to the document, Canada can access data from 102 free file upload sites, though only three file-host companies are named: Sendspace, Rapidshare and the now-defunct Megaupload.
Sendspace told CBC News that "no organization has the ability/permission to trawl/search Sendspace for data," and its policy states it won't disclose user identities unless legally required.
No other file-sharing company responded to CBC requests for comment.
However, the Levitation document says that access to the data comes from unnamed "special sources," a term that in previous Snowden documents seemed to refer to telecommunications companies or cable operators.
It is also unclear which, or how many, of the Five Eyes access information on these uploaded files and whether the companies involved know the spy agencies have this access.
Many people use file-sharing websites to share photos, videos, music and documents, but these cyber-lockers have also been accused of being havens for illegally sharing copyrighted content.
Not surprisingly, extremists also use the online storage hubs to share propaganda and training materials.
To find those files, the document says Canada's spy agency must first weed out the so-called Glee episodes as well as pictures of cars on fire and vast amounts of other content unrelated to terrorism.
Analysts find 350 "interesting download events" each month, less than 0.0001 per cent of the total collected traffic, according to the top-secret presentation.
Surveillance specialists can then retrieve the metadata on a suspicious file, and use it to map out a day's worth of that file user's online activity.
By inputting other bits of information into at least two databases created by the spying partners, analysts can discover the identity and online behaviour of those uploading or downloading these files, as well as, potentially, new suspicious documents.
The Levitation project illustrates the "giant X-ray machine over all our digital lives," says Deibert.
From IP to ID
Once a suspicious file-downloader is identified, analysts can plug that IP address into Mutant Broth, a database run by the British electronic spy agency Government Communications Headquarters (GCHQ), to see five hours of that computer's online traffic before and after the download occurred.
That can sometimes lead them to a Facebook profile page and to a string of Google and other cookies used to track online users' activities for advertising purposes. This can help identify an individual.
In one example in the top-secret document, analysts also used the U.S. National Security Agency's powerful Marina database, which keeps online metadata on people for up to a year, to search for further information about a target's Facebook profile. It helped them find an email address.
After doing its research, the Levitation team then passes on a list of suspects to CSE's Office of Counter Terrorism.
The agency cites two successes as of 2012: the discovery of a German hostage video through a previously unknown target, and an uploaded document that gave it the hostage strategy of a terrorist organization.
It's unclear from the leaked document how long Levitation was operational and whether it is still in use.
CSE says its foreign signals intelligence has "played a vital role in uncovering foreign-based extremists' efforts to attract, radicalize and train individuals to carry out attacks in Canada and abroad." But it offered no specifics about Levitation.
'What else can they do?'
Back in 2012, the spy agency appeared to be assessing the power and accuracy of the Levitation project as compared to other tools in its counterterrorism arsenal.
Though the presentation jokes about filtering out Glee episodes, the issue underscores an increasing problem for spy agencies around the world: how the massive haystack of internet traffic they are collecting is straining spy agency resources.
Projects like Levitation aim to automate part of the process.
But it also causes some people to worry about what these powerful and secretive agencies can do with such an immense store of data at their fingertips.
"The specific uses that they talk about in this context may not be the problem, but it's what else they can do," says Tamir Israel, a lawyer with the University of Ottawa's Canadian Internet Policy and Public Interest Clinic.
National security expert Wesley Wark says the Levitation documents clearly demonstrate the CSE's abilities. But he also warns the tool has the potential to be "hugely intrusive."
A recent story by The Guardian illustrates that potential. The British newspaper revealed that that the GCHQ scooped up emails to and from journalists working for some of the largest American and British media outlets, as part of a test exercise.
The story, based on Snowden documents, says GCHQ has also listed investigative journalists as a "threat" who rank somewhere between terrorists and hackers.
A similar issue could arise here, with the eavesdropping service choosing targets outside the terrorism realm, says Israel.
Academics, lawyers, journalists, activists and business people commonly use file-hosting sites as part of their jobs.
"It's completely at the discretion of CSE essentially what documents to pick," Israel says.
The mass surveillance by Canada's signals intelligence agency also raises questions about the number of Canadians inadvertently caught up in it.
In the Levitation presentation, two anonymous Canadian IP addresses from a Montreal-based data server appear on a list of suspicious downloads around the world. The list also included several from allies and trading partners, including the U.K., U.S., Spain, Brazil, Germany and Portugal.
By law, CSE isn't allowed to target Canadians. Canada's commissioner charged with reviewing the secretive group found it unintentionally swept up private communications of 66 Canadians while monitoring signals intelligence abroad, but concluded there was no sign of unlawful practice.
Canada is supposed to mask the identities of untargeted Canadians scooped up in its surveillance before passing information to its Five Eyes partners and law enforcement agencies.
Deibert says there are "all sorts of grey areas" in how CSE operates, including how long they can retain the data they collect, the volume of the mass collection, the rules around metadata and how this data is shared with spying partners.
"The mission is appropriate," he says. "But is engaging in wholesale mass surveillance the appropriate means to that end? Especially in the context where, in this country, you have very little oversight in any meaningful sense."
CBC is working with U.S. news site The Intercept to shed light on Canada-related files in the cache of documents obtained by U.S. whistleblower Edward Snowden. The CBC News team — Dave Seglins, Amber Hildebrandt and Michael Pereira— collaborated with The Intercept’s Glenn Greenwald and Ryan Gallagher to analyze the documents. For a complete list of the past stories done by CBC on the Snowden revelations, see our topics page. Contact us by email by clicking on our respective names or search for our PGP keys here.