New Peril

The Background

The United States National Security Agency (NSA) logs the metadata of all electronic communications that pass through US networks. This program is well known and acknowledged by the NSA. Given the general design of network routing and the anemic state of Canada’s IT infrastructure, this dragnet captures a vast swath of Canadian communications. Even text messages or mobile calls made between devices located in the same Canadian city are likely routed through US servers at some point in their journey from source to destination, and so will be logged by this security apparatus.

How does this work?

Simple actions, like calling a friend or sending a text message or email to a colleague, generate a lot of data. The NSA records at least the metadata (the data ABOUT the communication, not necessarily its content) of these transactions: date-time, source, destination, duration (if it is a call), the routing information, device hardware and OS information and whatever else is exposed.

Why?

This data warehouse was created to assist the NSA in its mandate of ensuring US national security (a rather vague and politically malleable concept). Currently, this data trove is secured by legislation. In order access it, government agencies must apply to a special court for a warrant. But let’s be clear, this is only a LEGAL protection. And legislation is fluid. Laws are constantly being super-ceded, amended and rescinded. There is certainly no TECHNICAL barrier whatsoever to accessing this data and using it for any reason deemed appropriate by the current administration.

So What?

If data is collected, it will be used. The NSA is not building-out the infrastructure to house all of this data (and we are talking about exabytes, upon many exabytes of data, with more being accrued every second) and developing the tools to query it efficiently, merely as a technical exercise. Through this admittedly impressive technical feat, the NSA is curating a complete historical record of communications appropriate for any manner of “future use”. The nature of this “future use” is unspecified, unrestricted and politically agnostic.

While the details of the call you placed or the iMessage you sent may not be “interesting” to the current security apparatus, the data persists. It may become “interesting” as the political climate changes. We are seeing this play out in the US right now.

Why does this matter for Canadians?

Consider the following scenario: You subscribe to the mailing list of a US civil liberties organization or donate a few bucks to a registered pro-Palestinian charity, for example. These actions were likely “uninteresting” to to previous US administrations. Under the current Trump administration, however, they make you a member of the “Radical Left” and potentially an foreign supporter of a “Terrorist Organization.” As such, you are labeled a “threat to US national security,” and a legally legitimate application can be made to access your NSA logged communications records. On your next trip to the US, you could be denied entry, or worse detained by ICE.

Canada itself does not log such communications data. This is not due to some enlightened respect for personal privacy or any such elevated policy; Canada simply does not have the technical chops, or resources to pull it off. Also, if the US is efficiently collecting this information and is willing to share it, why duplicate efforts and waste resources by storing all of this data again?

Canada is a member of “Five Eyes”, a security signals intelligence sharing network consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. If the NSA flags you as a potential security risk, this information will be shared with Canada (and Australia, New Zealand and the UK). While the current Canadian security establishment may not find the information “interesting,” at the moment. This information is still recorded.

But times change. There are elements in the Canadian political landscape that are very impressed with the second Trump administration and its methods. Your communications may be “uninteresting” under the current political/security environment, but this could change in the future. To reiterate, if the data is collected, it will be used.

What can I do about it?

In short, nothing.

You could stop using electronic means of communications. But this is not practical.

You could try to use encrypted forms of communication. You should be careful here. Research what your tool of choice actually encrypts. Even encrypted services must expose enough metadata to route its packets from source to destination. This information will be captured and logged.

You could try to limit your communications, avoiding electronic resources that may be considered objectionable. But how can you know what is going to be considered “interesting” in the future? This sort of self-restriction is a serious limitation on the freedoms we, as members of a democratic society, expect to enjoy.