1 / 21

Addressing Canadian Privacy Risks in the Internet ‘Cloud’

Addressing Canadian Privacy Risks in the Internet ‘Cloud’. Andrew Clement & Jonathan Obar Faculty of Information, University of Toronto The New Transparency: Surveillance and Social Sorting http://iprp.ischool.utoronto.ca/. Privacy at the Public/Private Interface Pathways to Privacy

peigi
Télécharger la présentation

Addressing Canadian Privacy Risks in the Internet ‘Cloud’

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Addressing Canadian Privacy Risks in the Internet ‘Cloud’ Andrew Clement & Jonathan Obar Faculty of Information, University of Toronto The New Transparency: Surveillance and Social Sorting http://iprp.ischool.utoronto.ca/ Privacy at the Public/Private Interface Pathways to Privacy University of Toronto March 20, 2014

  2. Internet surveillance (US) • USA PATRIOT & FISA Amendments Acts • Expanded surveillance capabilities • Interception of messages • Meta-data capture with reduced judicial oversight • Extends to “protected computers” outside the US • Gag orders • NSA Warrantless Wiretapping • Fibre-optic “splitters” at major internet gateways • San Francisco, Seattle, San Jose, Los Angeles, San Diego, Atlanta, + ~10 others (see Klein 2009; Bamford, 2008)

  3. EFF's view:Source: Electronic Frontier Foundation (EFF)

  4. Suspected NSA splitter cities (18)

  5. Can US traffic avoid NSA cities?

  6. "Collect it all" from traffic and servers

  7. "Own the internet" FAIRVIEW (Upstream)

  8. "Own the internet" FAIRVIEW (Upstream)

  9. Suspected NSA splitter cities (18)

  10. What does this mean for Canadian domestic routing?

  11. "Boomerang" routing • Routes originate and terminate in Canada, but transit the US • Very common! ~25% in IXmaps database • Why? • Capacity/congestion? Economic efficiency? Carrier interconnection policies

  12. Univ Toronto >> Ont Gov OSAP) > Cogent > Telus (TR6896)

  13. Canadians to Federal Gov (…gc.ca)(92 boomerang routes)

  14. What is the role of Canadian ISPs?

  15. Better data privacy in Canada? http://www.bell.ca/web/enterprise/bbm/secure-canadian-data-centres-mpls.html?ETCID=Print_07052013_en_DataResidency_emk

  16. Findings • Little ISP transparency overall (30/200 stars) • Smaller/Canadian ISPs better than larger/foreign ISPs • No Canadian ISPs post Transparency Reports • Unlike Google, Facebook, Twitter, AT&T, Microsoft,… • Very little transparency about: • normal retention periods • personal data including ‘meta-data’, device IDs • routing location/jurisdictions • Hand-offs to non PIPEDA-compliant carriers?

  17. Recommendations • Keep Canadian data in Canada • away from NSA surveillance • Require ISP transparency • 3rd party requests/demands • law access requirements • retention periods • routing and storage jurisdictions • carrier hand-off policies • Fix CSEC and our own mass state surveillance

  18. See where your packets go! (and contribute to the database) Try it out and get more information at:http://IXmaps.ca

  19. Project team: • Andrew Clement,1 Steve Harvey, 3 Yannet Lathrop,1 Colin McCann,1 Nancy Paterson12 & Gabby Resch1 1 Faculty of Information, Univ of Toronto 2 OCAD University 3 Independent Funding: Social Sciences and Humanities Research Council (SSHRC) Office of the Privacy Commissioner (OPC) of Canada References: • Bamford, James (2008) The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America. Doubleday. • Klein, Mark (2009)Wiring Up The Big Brother Machine...And Fighting It. Booksurge. • Landau, Susan (2011) Surveillance or Security?The Risks Posed by New Wiretapping Technologies, MIT Press.

More Related