Paroxysms

Now, the Vancouver 2010 Integrated Security Unit consisted of the following groups:

• RCMP
• VPD
• West Vancouver PD
• CSIS
• Canadian Forces (DND)
• CBSA

Now, of all of these groups, it’s safe to say that the RCMP, VPD, CSIS and CBSA are the four groups that had a direct role in spying during the games. The DND may have sicked CSEC on me as well, but I’m going to wait until I get evidence that they were even used. I first requested information from the RCMP, because based on the Memorandum of Understanding that was received through ATIP, the RCMP was the central custodian of these records. However, that being said, I knew that it was worthwhile asking the other agencies.

I filed the same request with the VPD that I filed with the RCMP, and they said that the RCMP has custody of those records, and that they have no access to that information. We know that this is a complete and total lie, since the VPD does have access to PRIME. However, I don’t see it worthwhile to complain to the Privacy Commissioner of BC yet.

I also filed a request with CBSA about all the information that they have on me from this same time period. The first request was using the same language, and I was asked to provide more information within 30 days. I thought that I failed to do that, so I filed a new request including the information that they asked for, as well as a request asking for their copy of the file that they gave to the RCMP, including any letters from the RCMP and correspondence that they sent back to the RCMP.

So far, I only got back my traveller’s record from this period, which is really unimpressive, since it only indicates when I get back into Canada. I decided that this was complete bullshit and I called CBSA today about it.

It turns out that the CBSA didn’t close the earlier request after all. After calling the first analyst that worked on my file, and then quit, I ended up calling the ATIP Analyst that her voicemail referred me to. I found out that the CBSA ATIP people were still working on the first request, and that it will have all the information as opposed to this one which was just the traveller’s record, that tells me NOTHING. This includes the information that was gathered from when I was detained at the border when I was coming back from Toorcamp, as well as the information about my extended visit to Trudeau Airport.

Once this is done, the next task is to ATIP CBSA about all their completed ATIPs over the past two years. I plan to do the same thing with CSIS as well, to see if anyone ever bothers to ATIP CSIS about anything.

Earlier this week, I got a strange call from FedEx. The call went something like this:

Them: Hello, is this Joey
Me: Hey, this is Joe
Them: Oh sorry, I’m so-and-so with FedEx, we tried to deliver your package to your old address at {old-address}, but it appears that you have moved, so we need your new address
Me: I’m not expecting any package, who is it from?
Them: It says it’s from Bill Veck at PSEPC, from Ontario
Me: Who?
Them: PSEPC
Me: Send it to my work

So, after a quick google search, it turns out that PSEPC is Public Safety and Emergency Preparedness Canada. This is the ministry that is now in charge of all the Anti-Terrorism stuff, the RCMP, CSIS, etc. Anyway, I wanted to know who Bill Veck was, and why the hell Bill Veck would be sending me any packages. I did a quick Google Search and found his profile on Linked In.

I have no idea what “Head” is in the Government of Canada, but this looks downright suspicious. Calling the government and demanding head would probably be considered sexual harassment. The following day, I get the package, and low and behold, it’s my CSIS ATIP request.

This request doesn’t expose anything other than these facts:

1. They did search for my records
2. It took them 19 days to process this request
3. The records do exist, or it took them 19 days to do nothing! I think the records do exist, and they decided that they weren’t releasable.

The thing with CSIS is that I didn’t get any notice prior to these documents that they were coming like the other agencies. They just showed up. Furthermore, even though I requested the documents from my current address, my old address was used by CSIS. I hope that this problem doesn’t continue, since I do plan on requesting more documents from the service in the future.

There’s a grand total of 19 pages of mostly empty paper. I was thinking of calling the CSIS ATIP line and asking what was going on with this request, however since this is a mostly vanity request I decided not to. It’s good to know that this tactic actually works, and I do plan on trying it with the CBSA, when I get more meaningful records back from them. I will give an update on this in the next post.

metacsis.pdf – SHA1SUM: b00fd3768fd076354b83089afd5e0d9e112e65ff

I was looking at Scribd, and I came across this report from the Public Security Technical Program on BotNet Traffic, and the authors have this to say about it:

This report is written as a comprehensive reference ‘how to’ Combat Robot Networks and Advanced Persistent Threats on a national scale

Now, while the report is mostly on Botnet Analysis, listing a series of well-known Botnets, we notice that it also has some interesting claims in the summary, which should alarm everyone who is concerned about their Privacy in Canada. The first claim that they make in this report is the following:

This report represents a departure from traditional cyber security studies that have relied on interviews to canvas opinions about the cyberthreat. This report is informed by actual data, in addition to a case study of botnet activity during Vancouver’s 2010 Olympic Games. Cyber intelligence estimates for this study are derived from a network sample of 839 petabytes(1) of communications traffic examined over the period of a year, covering 70% of all Internet communications traffic in Canada. Detailed threat analysis was performed on a malicious traffic sample size of 200 Petabytes. This represents the largest statistically valid sample set of cyber threat activity in Canada to date, upon which police can rely on evidence-based decision-making to combat botnets and their controllers.

For the non technical readers, a petabyte(PB) is 1024 terabytes or TB, and a terabyte is 1024 gigabytes, or GB. Most drives these days weigh in at 720 GB to 1TB. This amount of data is insane, since the infrastructure to store close to an Exabyte of data is extremely huge. Considering that Petabyte storage is in the millions of dollars in cost, it’s likely that they did not store all the data, and in the footnote you can see that they only stored 8.3 TB of network traffic in Canada for their analysis.

Of course, we don’t know what their methodology is, and the fact is that they won’t tell us because 58 of these pages have been redacted before this report became unclassified. Here’s the info about the full report’s security status:

The tradecraft in operation by carriers is considered to be exceptionally sensitive and is handled in a compartmented fashion. Full disclosure of techniques and proactive defence measures may not be possible. The main body of this report will be unclassified. Sensitive information has been placed in a classified annex and handled through the appropriate channels. Notwithstanding, significant findings remain classified. The full report is classified CONFIDENTIAL / CTI / PROTECTED C CRITICAL INFRASTRUCTURE / EMERGENCY MANAGEMENT INFORMATION and is not subject to ATIP. The Emergency Management Act (EMA) includes a consequential amendment to the Access to Information Act (ATIA) that allows the Government of Canada to protect from disclosure specific critical infrastructure / emergency management (CI/EM) information supplied in confidence to the government by third parties.

This is interesting, I wasn’t aware of this particular amendment. I took a quick look at it, and sure enough, there’s something right here that covers this. We will never know how they did their research, but it’s very likely that the Government intercepted and did traffic analysis on 70% of all Canada’s network traffic. I’m pretty sure that this is illegal, but we don’t have anything super definitive, other than a graph taken a MONTH AFTER the Olympics of all traffic going over the BELL-AS Backbone that they were listening to.

The report then proceeds to list the worst ISPs, which appear to be various Canadian hosting companies, including iWeb and NetNation. They then have a section that refers to Threat Agent Analysis, which seems to be the most screwed up part of the entire report, and involves the RAND Corporation. Here’s the paragraph that mentions an organization near and dear to me, the Chaos Computer Club:

Colloquial usage has almost taken “hacker” in a pejorative sense, where it is likely to remain. Notwithstanding, any serious assessment of the threats to information systems needs to have an unequivocal definition of the hacker. For this purpose you can think of a hacker as: “a person who exploits information technology for the sake of the technology.” This distinguishes them from criminals, terrorists of spies who may exploit a computer system using the same means but for entirely different motives – like money or secrets. Hacking groups have adopted social and political agendas since the beginning. The Chaos Computer Club has had several agendas in its lifetime, and across the spectrum. The truth is that most hackers are opportunists with one-day agendas with a force of conviction traced along a compass heading which is more often influenced by the magnetic attraction of the moment. In this sense, many within the community view hackers as rebels without a cause, or at most with one that is morally flexible.

Hacktivists are electronic guerrillas with political agendas ranging from ending censorship to outright sabotage. The concept of righteous hacking is in vogue. Participants stem from two sources: traditional crackers who are looking for altruism from otherwise illicit activities, and political motivated activists who see hacking as a tool for advancing “the cause”. As far as hacktivists are concerned, the Internet is not only rule-free and ethically liberal but also serves as a large wall for political graffiti. There seems to be a general acceptance (at least within these spheres) that the end justifies the means. Hacktivism as almost died out as a meaningful threat in 2005. Recent hacktivism around the 2010 Olympics failed before it even began.

This is hilariously funny. I’m not sure what Hacktivism that they were referring to, and if they had access to the V2010ISU’s files on me. I think it’s time I stated the impracticality of “Hacking the Vancouver 2010 Winter Olympic Games”.

Opposition to the Vancouver 2010 Winter Olympic games was localized in Vancouver. While other anarchist groups protested the torch, and other Anti-Olympic groups issued statements of solidarity, there was very little that could have been done to disrupt it electronically. The fact is that if the Vancouver 2010 Winter Olympics got hacked in any serious way by Hacktivists, the RCMP would have thrown my ass in jail so fast, it would have been ridiculous, whether I had anything to do with it or not, because I was known to be technical. It’s not that I couldn’t have done it (and yes, there were numerous opportunities), it’s the fact that the risk to myself was so damned high that it wasn’t worth it. It’s next to impossible to do Hacktivism on a local scale without putting yourself in immediate risk just for being considered a hacktivist.

OK, back to the document, the next idiotic quote can be attributed to the TAO collective in Toronto. They’re kinda like Riseup, except stupid:

“Hacktivists are savvy, subversive and seasoned veterans of the Cola War” – Tao Collective.

The Electronic Disturbance Theater is also quoted:

On the other hand, assuming that hackers are driven to pernicious ends by the dark side of the force and labelling those enemies of the state, is overly alarmist and erodes the credibility of the security community. “We need to seriously question and abandon some of the language that the state uses to demonize genuine political protest and expressions” – Electronic Disturbance Theatre.

Finally, they decide that the least signficant threat to Canadian interests is “Cyberterrorism” in this paragraph:

It is our finding that, one of the ¬least significant network threats to Canadian interests is posed by terrorist and extremist groups. The Internet provides the capability to disseminate propaganda and recruit members but there is a natural aversion to mingling with the hacker community. Cyber-terrorism simply has not materialized and the National Information Infrastructure is all but immune from netcentric acts of cyber terrorism. Terrorist organizations collectively lack the knowledge, capacity and will to launch significant attacks over cyberspace. All they could muster would be buried in the noise of attacks that are repelled on the NII every morning. They also do not appear to be partnering with entities that do have the means. A terrorist attack against cyberspace will most likely be delivered with an improvised explosive device, constructed locally and placed near a carrier office. The recent 2006 alleged terrorist plot in Toronto and in England 2007 support this hypothesis.

The report then goes through two sets of recommendations. The recommendations are insanely huge and are as weird as the report itself gets, here’s three of them:

• Tax Credits for the National Cyber Strategy
• Increase in the number of Public-Private-Partnerships
• Increased funding of Research into Cyber Defence

They also recommend developing various sources of information including sources listed as “Dark Web”, “Dark Matter”, “Dark Space” and “Dark Universes”. This just sounds comical seeing this report link World of Warcraft Gold Farming to Organized Crime! It starts getting very interesting when you start looking at the Technical Recomemndations:

The principle challenge facing law enforcement and national security institutions addressing cyberspace is an absence of appropriate of tools, tradecraft, and permissions enabling clear and credible path from detection through to prosecution. The staggering growth of the Internet over the past 20 years has outpaced the capacity for law-enforcement and security institutions to adapt their procedures, obtain sufficient political guidance, and build the necessary capabilities to sustain
effective policing within this domain

That makes sense, and corresponds with what we’ve already seen with the logs of this blog. However, things get even more relevant shortly:

Undercover or covert investigations – carried out through the use of specially constructed online persona consistent with legends used for conventional undercover work. Online personas need to possess identity congruence, ensuring that the characteristics of the persona are consistent and include such things as the geolocation of the IP address from which the persona accesses the Internet, the characteristics of the computer system, and remotely searchable information such as cookies, browser type, etc.

The working assumption should be that a clever target will attempt to reverse interrogate and verify the identity of any online persona attempting to enter the circle of trust. Consequently, online personas require as much attention to detail as the construction of conventional undercover and or covert identities for criminal and security investigations. Online personas can be manually managed in order to collect evidence, or they can be programmed to automatically harvest data, for example from message boards and other communication streams. Some systems, such as Cloakroom allow for the tagging and structuring of data directly within the investigation environment, which facilitates its incorporation into an investigation being carried out within an advance link analysis and visualization platform (such as Palantir).

Hey, look, it’s Cloakroom Connect, that product from SecDev that they wanted to integrated with HBGary’s stuff. You know, the darknet that is built directly into Bell Canada’s infrastructure? Yeah, that one! Furthermore, it talks about the various practices of Law Enforcement Agents (LEAs) and how they investigate or conduct Open Source Surveillence, and makes a very obvious point:

Most web browsing sessions are visible by all web site owners that investigators visit. The identity of police can be easily ascertained and a case burnt. Even innocuous browsing to a university site, political, media or activist site can have a chilling effect and raise unwarranted allegations of investigation.

This is true, since the visits to wikileaks.ca by the RCMP led me to file an ATIP regarding any investigation of Wikileaks supporters in Canada. Of course, there’s the fact that the RCMP DOES visit political, media and activist sites and does work to criminalize dissent. I’m also certain that CSIS engages in similar tactics, although it should be pointed out that CSIS Agents are not LEAs.

ISP staff who handle LEA circuits and contracts are generally not required to go through security vetting. Until recently this has included personnel performing lawful intercept operations. Still most ISPs have no cleared staff or criminal background checks.

This is also a good point. However, I’m wondering if there’s going to be system administrators with radical tendencies that are going to find themselves forced out of a job.

Eventually the report discusses the need for anonymity, and the report starts to resemble the brochure that was used for selling Cloakroom Connect. The bias towards SecDev is clearly apparent here. Under the heading “Future Work”, they then get into anonymity again. This also uses ridiculous buzzwords like Web 3.0, Information Peacekeeping and Cyberterrorism 3.0. This definitely sounds completely sinister and talks about “reshaping the debate” and using Psyops over social networks to “counter the propaganda”.

They then talk about the Tor Project

Many private and public sector enterprises or citizens use anonymizers, or less-attributable mechanisms for web browsing. Organized crime, terrorist cells and foreign espionage programs go to extraordinary means to obfuscate their identity and activities on-line by constructing covert communications access points. Most of the non-attributable systems used in public and private sectors in Canada today remain attributable and insecure. The TOR Onion Routing software provides a pseudo-anonymity layer for the internet users. PSIPHON is a social-network based software that allows users to circumvent internet censorship in the various countries that use various filters. A basic version is distributed free to respect the civil liberties environment from which these products come from. Although both TOR and PSIPHON are popular with civil libertarians, privacy advocates and criminals, neither is suitable for public safety or highly sensitive commercial operations. The project would build high-assurance clandestine non-attributable network access. It is imperative that an organization look after the network access all network layers including obfuscating the financial trail, people, processes, gateway technologies, host machines, software configurations and data leakage. Some innovated means already deployed by threat agents to avoid capture include: virtual machines and spiders can act as transient instances of software implants leaving no physical real estate within target environments; fast-flux nets using encrypted peer-to-peer communications; Persistent virtual environments to establish electronic dead letter boxes, enable
brush meets, broker information and launder money; compromised launch points can be buried deep into the host infrastructure. It would also be necessary to engineer broadband secure wireless roaming capability established to provide covert communications globally.

This reads like they’re trying to sell something, like perhaps Cloakroom Connect. They don’t get into details as to why Tor is inadequate, they just say that it is.

They talk more about the need for lawful access, and they get into hypothetical situations. This report is vague, has a lot of incredible claims, and is clearly written for the purposes of villifying everyone who isn’t the government. They don’t expose how they did the packet analysis on the Bell network, because you know, that’s tradecraft, and they spend a LOT of time getting off-topic talking about things like the Chaos Computer Club and Hacktivism for something that’s supposed to be a paper about Botnets.

I think this has a lot of interesting questions that we need answers to, like:

• Who captured all the traffic used for the analysis? Did Bell’s clients, and people who peer with this backbone consent to their traffic to be captured and manipulated in this way? Since Bell asserts that they own the network and can manipulate traffic, do they lose their common carrier status?
• What is the relationship between SecDev and the Federal Government? Does SecDev, a private company in Ottawa, have top secret clearance? Which other countries does SecDev do business with?
• Why does this report state that all governments have Lawful Access regulations when Canada currently doesn’t have such regulations!

So, I think it’s clear who is in the driver’s seat from this document when it comes to how the Internet is run in Canada, and it’s not even the ISPs who own it this time. It’s these newly invented shadowy agencies who come up with laws that they recommend to the Conservative Government (such as the lack of Network Neutrality, Lawful Access legislation and the privatization of National Security). I think that this document should get greater scrutiny, because it’s unclear what the hell is going on, but I’ll end this post on this final quote:

Cyber security is not ‘top-of-mind’ for the average Canadian. There is general ignorance, apathy and a feeling of helplessness amongst the population. Security is simply not one of the hottest iphone apps. It is very difficult for providers to sell security if no one feels like buying it. Costs will remain high unless there are the economies of scale. A sophisticated public awareness campaign requires public and private investment. A campaign must advertise security in a persuasive manner to drive specific actions. It must put in place the necessary conditions to allow providers to sell security, and invest more in fighting cybercrime such as botnets. Such a public awareness campaign falls clearly in the ‘swing zone’ of the public sector.

Update: After googling the report, I came across the author and who they paired this report with. This was a Bell Canada/RCMP initiative, which explains the partnership with SecDev and the pushing of the Cloakroom Connect software as the solution over things such as Tor and others. The question is whether Bell Canada is doing something funny with Tor traffic on their network. Since Bell is a private company, I can’t really get much info on that sort of information, but Bell seems to be doing something far more sinister than the other Telcos in Canada (as usual).

So, until now, I’ve been pissing around with ATIP on my spare time, and I didn’t actually look at how to get information until today. It turns out that Chad Skelton, the guy that I knew for writing articles about being a Curious Dad actually specializes in ATIP and FOI and maintains the Paper Trail blog on the Vancouver Sun website.

It’s interesting getting his take on the whole ATIP/FOI regime in Canada. He also provides far more information on ATIP and FOI on his blog, including this series of links from David McKie at CBC. He also talks about the issues with fees associated with FOI and ATIP and how they’re prohibitive and that when combined with the full disclosure that BC Ferries practices, discourages the media from requesting it since news publications make their money off the publication.

This makes perfect sense when you think about it, since WikiLeaks tried both models, and found that exclusivity worked better than relying simply on the analysis of the documents. The case in point is the various huge leaks that WikiLeaks has released in 2010, such as the Afghan War Diaries, the Iraq War Logs, and of course, the US Diplomatic Cables. While people like David Eaves may argue otherwise, the fact is that other than a tiny core of activists who spend their spare time grinding on this data, the bulk of the requests come from mainstream journalists who have the money to do this.

Anyway, this is mostly linkspam talking about how this is a good resource:

• CBSA and the Nuclear Threat to the Olympics
• Internal Files on Police Misconduct at the Vancouver 2010 Winter Olympic Games
• RCMP Blames “Crusty Sergent Syndrome” for Media Problems
• BC RCMP starts posting reporters ATIP requests online (except they backtracked)

Another thing that’s interesting is the fact that everyone seems to use Scribd to host their ATIP results, and other documents. Not only does it turn up documents from journalists, it also turns up other documents that are far more controversial. So controversial, that it needs to be in another post.

So, we’re three months in and so far ATIP has not turned up anything useful! Today I got a response via e-mail about the most recent request about the Vancouver Hack Space being investigated by the RCMP:

This is in response to your request under the Access to Information Act received on March 4, 2011, seeking all information regarding the investigation of the Vancouver Hack Space by the Vancouver 2010 Integrated Security Unit, the Major Crime unit and RCMP Tech Crime Unit between June 2007 and December 2010.

Jeff Hurry, Insp.
A/Departmental Privacy and
Access to Information Coordinator

Even though the “Vancouver Hacker Society” was mentioned in the my ATIP file, and even though VHS was across the street from the Olympic Tent Village for the entirety of the Olympics, and even though we have logs showing that the RCMP visited the site, they claim that they have no documents about any investigation of the Vancouver Hack Space by the RCMP. Honestly, any belief that RCMP undercovers didn’t pay a visit to VHS would be completely ridiculous, but it seems that VHS isn’t being investigated, which is a good thing, since the last thing we need is the RCMP being ridiculous and cracking down on people making Arduinos.

So far, the stats on the ATIPs are as follows:

• 9 Access to Information Requests with the RCMP
• 1 Request completed with a redacted document
• 3 Requests completed with a negative result
• Over 60 days have passed since the 3 requests that I sent that are currently under review
• No cheques have been cashed as of yet

Now, as for the other Govt. Agencies:

• 4 Requests sent – 3 to the DND, 1 to Industry Canada
• One cheque cashed – Industry Canada

There will definitely be more requests to both the RCMP and the DND, but it looks like I have to be better at requesting information from the RCMP if I want to get usable documents, since you have to pay the $5 whether the document exists or not. While seeing if wikileaks.ca and VHS are being actively looked into by the RCMP is a good idea, neither of these requests yielded any documents, nor did my joke request about the UFO complaints caused by the Grouse Mountain Gondola. I expect the Hackerspaces request to also be empty as well.

Now, one thing that I SHOULD have sent an ATIP for is a list of the ATIP requests relating to G8-G20 ISU or the Vancouver 2010 Integrated Security Unit. Since there’s no good way to see what other people requested, this would at least speed things up a bit, since I could piggy-back on another request instead of having to file the same one.

But yeah, I need those cheques cashed before I file any more ATIPs. Hopefully, I’ll get a response soon about that issue.

Update: I e-mailed Normand Sirois yesterday before writing the post asking if he searched for the “Vancouver Hacker Society” alias, and it turns out that it wasn’t searched. I fortunately don’t have to file a new request. This makes more sense, since this group was present in the referrer in the logs, and it was in the IIF reports that the Vancouver 2010 ISU filed.

I also got a response about the RCMP’s ATIP policy with cheques, the response from Sgt. Kent Swim is below:

Please be advised that our department does not process the cheques for a period of 60 days to ensure that our Processing Unit has completed the retrieval of the relevant records. Once this process is complete we forward the cheques to the Receiver General of Canada.

It all makes sense now. The reason you can’t send a single cheque to cover multiple requests is because each request is not guaranteed to go through at the same time. I guess this is more stupid policy than the RCMP being incapable of doing basic mathematics. This also means that I’ll be writing up more ATIPs soon, since I won’t be hammered with ten five dollar cheques being cashed all at once.

It’s still a major downside of the ATIP process, but at least there’s some semblance of process involved, and at least it’s a lot better than trying to do a Privacy Act request with CSIS.

After reading the book “Inside Canadian Intelligence”, I had the opportunity to look at “Whose National Security?”, which was a nice change of pace from the book written by Canadian Intelligence Officers in the military. The book was edited by Gary Kinsman, Dieter K. Buse and Mercedes Steedman. I’ve seen other books written by Kinsman before, most of which to do with his Queer Activism, but I wasn’t aware of this particular book other than a Google Books search that I did about looking for my CSIS file back in November of 2010.

I also signed out a bunch of other books about the RCMP Security Service and their history of suppression, and they are all the same. It appears that the end of all the dirty deeds is on 1984 when the RCMP is forced to stop its activity in this area and CSIS is created. This book does attempt to go past that showing the after effects of the 1984 decision, namely how to get your record, as well as some of the state repression that happened during APEC, that then lead to the APEC inquiry.

I highly recommend purchasing this book, despite it’s age, and I am definitely looking forward to checking out Kinsman’s newest book, The Canadian War on Queers, which covers a LOT of the same subject matter as his book in 2000, but is updated to the modern day.

The thing that’s frustrating me personally about how social movements deal with surveillance is the fact that we don’t organize a clear way for us to counter their surveillance and hiding of information. The People Commission Network does some good work, but it seems to be entirely reactive, and it revolves around News Articles, Testimonials and furthermore just tells people to not talk to CSIS when they come knocking. There’s no idea about getting intelligence on them. People keep talking about the failures of the Access to Information Act, and yes, it’s pretty bad, but it would be more helpful if people that actually get their documents come forward and post their documents online for us all to see. We should be requesting our files (either directly, or indirectly through a 3rd party, depending on whether you value your privacy or not), and we should be sharing what they have on us with each other so that we have better intelligence and know how to act. The fact that the state knows something that we don’t know is a major weakness, and we should try to become more willing to share the results of ATIP and of the Privacy Act, since it helps to verify a story if you have the source material.

I understand that people wouldn’t want to disclose everything, and your personal file is up to you, but seriously, if we had an idea of what was requested, and what files were requested at the very least, we can then request copies of that information, get it faster and not have to deal with giving the government more of our money! Everyone who is involved in any sort of movement, and uses any tactics should find a way to obtain their file, redacted or not. If you fear the state getting your address, you can always use a shared address, or have someone request that data on your behalf, such as a lawyer, or another trusted person who the state would be less likely to mess with.

In conclusion, I HIGHLY recommend “Whose National Security” as a book, and it would be great to see another exercise such as this be done again in the Post-911 era where numerous activists over the past 25 years (the CSIS timeframe) share their stories, and their files so that we can fill the blanks and find out which huge multitude of institutions (CSIS, CSEC, RCMP, CBSA and others) have been spying on us, since this book was part of the inspiration for me to request my file and investigate the Canadian Security “Community” from the outside looking in.

Today, I just received the official response to my ATIP request regarding Wikileaks, Julian Assange and Wikileaks supporters in Canada. Turns out that the RCMP is not doing an official investigation regarding Wikileaks at this time. It could mean that they’re keeping it off the books, or that it was just some person who was interested in checking out wikileaks.ca at the RCMP. The problem with the RCMP is that if all you have is a log entry to go on, you can’t tell if they are investigating you. The main reason I know that they were investigating me was the fact that they visited my home and my work. I had no idea how extensive the file they had on me was, and that they were primarily using my old blog as evidence (and I’m certain that they are using this blog as evidence as well, although I have no idea what yet.)

I also received the notice of receipt of my ATIP request to see if I could confirm if CSEC (in this case, it’s SIGINT, but could be anyone) has attended Black Hat, ShmooCon, Toorcon, DEFCON, HOPE and the Chaos Communications Congress. It’s interesting to get something from the Department of National Defence, since they are pretty straight forward with their language, and let you know exactly who this request is assigned. Also, the DND has a Toll Free Number, which is totally awesome for ATIP, ad a list of ATIP requests that have actually been completed. I expect that I will be able to get documents a lot faster with them. I expect them to be redacted to uselessness, but I expect them to be more efficient than the black hole that is CSIS.

On the Provincial Front, the mystery of PRIME-BC continues. I got a call from the FOI office in Victoria about my request, and after a long conversation where they try and figure out whether PRIMECorp is a crown corporation or not, I end up getting a response asking for their statements from the Ministry of Public Safety and the Solicitor General. I’m not the only person trying to get this information, but I think that I’m the only non-journalist that is trying to get it. They did advise me to try and contact PRIMECorp directly for the information, and I probably will send them that info.

It should be noted that nobody has gotten back to me about the lack of an SSL Certificate on their FOI form.

Finally, I have submitted my talk for Chaos Communications Camp, or more accurately, I have created an event in pentabarf that I will keep working on until the submission deadline of May 1. Of course, announcing my vacation plans on my blog is partly what got me to be a “Critical Threat to Olympics Infrastructure” in the first place, but honestly I think that the RCMP is already really pissed off at what happens when I show “Leadership”. I can’t guarantee that I am going, but I will do my best to try to get there.

As usual, I do a best effort to try and disclose all the documents that I receive. Below are the two letters with their SHA1SUMs included:

• defence.pdf – First CSE response – SHA1SUM: 96944b65e87f49683a24ae2fe1595d834abced8f
• rcmp_wl.pdf – RCMP denies having any documents on WikiLeaks or WikiLeaks supporters – SHA1SUM: e244c6a3464e305c425839f61bc0240a7f3dc58a

One of the funny things that you can see when you have the RCMP IP address is their edits on Wikipedia. The RCMP edits on Wikipedia a lot. Now, of course this is workforce of over 30,000 people, and over the years it appears that the RCMP has a very poor reputation on Wikipedia for posts like this:

Yes, the RCMP really did edit this article and put in “MY Bum Hurts!!!”. Honestly, you should go get that checked out! Anyway, the RCMP has a LOT of vandalism warnings, if you look at their talk page here, you can see them! They have numerous complaints of unproductive edits, and the Wikipedia admins threaten to ban them from Wikipedia altogether.

Now, most of these edits are valid, even though some of them do silence people who’s only outlet to reach the RCMP is by vandalizing their Wikipedia page.

The thing is that this fact is true, the RCMP did kill a lot of First Nations people, but of course it doesn’t belong in this part of the Wikipedia article. What is truly a testament to the resisliency of Wikipedia is the Robert Dziekanski Wikipedia page. The RCMP tried to edit the page, and the Wikipedia Community reverted it back because they felt it was POV. I don’t know if they knew that it was the RCMP doing it, but honestly their anal-retentive nature pays off for once.

While I’m unimpressed with what they did to the CSIS article, I’m definitely impressed that they caught the RCMP trying to re-write history, even if it’s something mundane. It’s nice to the RCMP not get away with that edit. This is a really short post, but I’d figure the whole 10 people reading my blog (including CSIS), would appreciate it.

I asked the RCMP about my requests, and currently all but three of them are under review. For those of you who are new to this blog, and the process of the Access to Information and Privacy Act, I will explain what review is. When you send in an ATIP request to the RCMP, or any other organization, the organization will try to get all the documentation that it can first, usually with good faith. I say usually, because I have no idea what happens at CSIS! Then once the organization gets the data, the begin the process of figuring out what they can give you. There are various exemptions that they can do to the data. For example, if the data has personal information, they can pull that out. If it has information that may endanger their case, they can pull that out. They can also pull information that may be a “national security risk”.

Now, unlike CSIS, who as we saw before will just flat out deny you the information, the RCMP will actually provide you with the info that you requested. However, in certain cases, they will use their discretion to hold data back, and usually in the RCMP’s case, this is done by a commanding officer acting under the authority of the Commissioner of the RCMP. You can tell this if you look at the Privacy Act requests that I filed. Sometimes these will make perfect sense, and other times they will make no sense whatsoever, since they will redact a single word.

The problem with reviews is that they take time, and your request can sit their for months before you actually get the damned thing back. The case in point with the first request I did. The work was all done in 30 days, and it took another 30 days for the RCMP to hear back from CBSA, and the CBSA just said “Everything looks good here!”. Honestly, these delays must drive the ATIP people absolutely crazy, since they have this thing that they want to get out of their hair so that they can make their stats better, and someone in another department is taking their time for some reason or another.

In other news, I got my Intake Letter from the BC Freedom of Information. It basically states that they received the request that I filled out with their insecure web form, and that they will look into it within a certain timeframe. It’s pretty routine, and they state that I will probably have to pay money for the materials. I made a pretty broad search, so I expect the fee to be fairly hefty.

I did NOT get a response to my e-mail asking about their lack of SSL on the form. I expect that I’m going to get ignored. As usual, the link to the PDF is below, with the SHA1SUM included.

• Intake_Letter.pdf – SHA1SUM: fe749d304065766883bea7ff6a59b9485a3973c6

These days, I find myself trying to fill gaps in knowledge about secret clandestine tactics used by the Canadian Government against the Canadians. I signed out a few books from the library based on a tip in the Wikipedia article. Unfortunately, one of those books was “Inside Canadian Intelligence“. This book was a rather painful read, not because it was poorly written, but because of the extreme Right-Wing slant that it took where it talked about Terrorism, and how Canada needs to protect its borders, etc, etc.

The book itself was written by four authors, Dwight Hamilton, Kostas Rimsa, John Thompson and Robert Matas. Of these four authors, only two of them have actually served time in military intelligence. John Thompson is from a Right Wing think tank called the Mackenzie Institute, which was one of the targets of a mail-bombing campaign by an Anarchist Collective that was in Vancouver called Militant Direct Action Task Force, that appears to have ties to the Animal Liberation Front and Earth Liberation Front. Anyway, this is an interesting read, since they do describe Anarchists as being a threat to security, but mostly focus on the main threat to them, which is, of course Al Queda.

The book isn’t a terrible read when you realize that the author is someone that you have the urge to kick squarely in the nuts, and it has two interesting piece of information that is directly relevant to the modern era, where we have things such as WikiLeaks.

In the 1970s, there was a Magazine called Covert Action that apparently had the names of various CIA operatives who were later executed. The magazine was described as an underground magazine, and the book stated that people had the right to know. What I want to know is where is this copy of Covert Action, and what did happen with it? Surely if something like this actually happened in the 1970s, we would have heard it mentioned as precedent when the WikiLeaks Afghan War Diaries, or the Iraq War Logs came out. However, we haven’t heard anything about this, which makes me think that this is probably a load of bullshit. If anyone has any leads on this, please feel free to let me know, so that I can look into it.

The 2nd piece of information is about what happened at the Ottawa Citizen, and exposes the mindset of the authors. It talks about the case of when the home of Juliet O’Neill, a journalist with the Citizen, was raided by the RCMP because of a leaked document related to the Maher Arar case. The Citizen’s offices were also raided in connection with this case. Eventually, when this went to the Supreme Court of Ontario, certain sections of the infamous Security of Information Act were struck down, namely those sections that, if they stood today, would make WikiLeaks mirrors, and Canadian Clones of WikiLeaks, such as QuebecLeaks, illegal operations.

That being said, I’m going to issue a clear warning about this to any overzealous organizations out there what the stakes are in this. The Security of Information Act is serious business, and more serious than killing Internet Dragons! This is a piece of legislation that was put in place after 9/11. While any confidential information that is received by an organization can be made anonymous, protecting the source, soliciting this information could be considered counselling or inciting the offence. This means that if you plan on doing something like purchasing a set of USB keys with Incognito or TAILS to give to various government workers so that they can blow the whistle, you’re going to go to jail and be charged with this. If you show a wide audience, you aren’t doing it.

Personally, I believe in personal responsibility. I’ve had friends who were investigated for Counselling Mischief even though they explicitly were not. In my opinion, the fact that sharing ideas can be considered counselling mischief means that there’s a lot of fucking Thought Crime legislation in this country! If you think that it’s OK for certain technical concepts, or ideas to be spoken out loud because someone might go out and try them, then I would say that you’re a fascist. This is why I believe that Byron Sonne should be freed, and also why I believe that the conspiracy charges against the various people who are still charged because of the G20 should be dropped.

At any rate, I’m going to be looking at some different books about the RCMP, CSIS and CSE, this time from a more radical perspective. It’s about time too, if I had to read one more fucking book about how the RCMP didn’t learn anything from the “Litton Bomber Terrorists“, I was going to fucking puke! Although, I do look forward in reading the 2nd Edition of this book and seeing if the section about the CSE is updated with more info than “ZOMG HACKERS WE’RE DOOMED”.