Spying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites

from the more-sharing-going-on-than-previously-imagined dept

The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…



According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.

LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.

It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

If it can be accessed with minimal effort, it's safe to say one government or another is looking at it. Here in the US, phone records cell site location information and any number of communications traveling across international internet backbones are all fair game for the world's law enforcement and intelligence agencies.In the first document from Snowden's stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north, it's file sharers who are under the microscope mass surveillance macroscope The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace's permission (or promises to its users about data security) ultimately matters.The documents (dated 2012) say the agency is only looking for about "2,200 documents" related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a- patent-thicket sorting process……which at least attempts to sort out the TV episodes from the hostage videos.The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH . NSA-developed MARINA harvests a vast amount of internet activity and GCHQ's MUTANT BROTH intercepts "billions" of ad cookies to help correlate IP addresses.But, while the agency says it's only tracking ~2,200 files (leading to 350 "interesting" downloads per month), there's nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn't stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.It's safe to say that no major file-sharing service is able to protect its users' data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow -- if unintentionally so. The document notes that the agency "sees" about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If "sees" means "collects," then the agency has access to millions of non-relevant IP addresses and uploads. If "sees" means "disregards non-'interesting' uploads/downloads," then the effort is more focused than most of its counterparts' surveillance programs.On top of that, there's nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting's sake.When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder , rather than easier. And while there is at least some form of targeting built into the system, there's always the potential for abuse. CSE says it won't spy on its own citizens but this statement is undercut by its vast collection effort. It can't have it both ways, especially if it's gathering data directly from backbones. It could bedata, but the agency won't know whose it is until it's looked at it.

Filed Under: canada, copyright, cse, file sharing, five eyes, nsa, surveillance, terrorism

Companies: megaupload, rapidshare, sendspace