By Laura Tribe
December 16, 2015
Canadian Internet traffic is travelling through the U.S. – making Canadians even more vulnerable to NSA surveillance
Have you ever wondered where your Internet traffic actually goes, between your computer and the sites you’re visiting? Much more often than you think, the answer turns out to be: the United States.
There have been countless revelations of U.S. mass surveillance over the past few years, and it can be easy for Canadians to think that those problems don’t impact us – but they do. A substantial amount of our daily activities online are actually routed through the U.S. – even when we’re accessing Canadian content from within Canada. When added to the battles against mass surveillance we’re already fighting here in Canada, this only further increases significant risks to our sensitive digital information.
Boomeranging our data: To America and back again
When accessing a U.S.-based website, like Facebook, which houses many of its primary servers in the U.S., it doesn’t seem surprising for your data travel through the U.S. and back again. But what about when you access the Government of Canada website? Or when you do your online banking? Check the news at cbc.ca? Donate to a political cause? Or communicate with your lawyer?
A boomerang route is when your data packets – the pieces of information exchanged between your computer and the sites you are visiting – are sent through exchange points in the U.S. before returning to Canada. New York, Chicago, and Seattle are the three principal U.S. cities for Canadian carriers to hand off data to other carriers for delivery back to Canada, and all are sites of National Security Agency (NSA) listening posts. This unnecessarily exposes your information to capture by U.S. authorities, working under security and surveillance laws such as the Patriot Act, which grant Canadians no legal rights.
Here is one example, showing the route that data took when someone from their home in Toronto communicated with the Toronto Star’s website. Despite being hosted only a few kilometers away from the user, the data traveled through New York City and Chicago, both cities where the NSA has installed surveillance facilities in the large Internet traffic exchanges, before returning to Toronto.
The map above shows the route the data took, simply to access a site within the same city. The red and blue icons in the image above indicate sites of NSA interception. There are thousands of other examples of boomerang routes in the IXmaps.ca database, which you can view on its Explore page.
IXmaps: Mapping your Internet traffic
Yes, the Internet is based on interconnectivity, and one of its greatest assets is the ability to quickly cross national borders and access information globally. But what if you don’t want to send your data through the U.S.? Now you can find out the specific routes your data takes.
IXmaps, a research project based out of the University of Toronto, is mapping the geographic routes that data takes when accessing different websites, to better understand if, when, and how, our information is made vulnerable to U.S. surveillance practices. The project began in 2009, in the wake of the first whistleblower reports that the NSA was conducting mass domestic surveillance. The goal was to see if it was possible to determine if the NSA was intercepting one’s personal Internet communications. The research found that if your data travelled through the U.S., the answer was almost certainly yes. The subsequent revelations by Edward Snowden confirmed this conclusion.
And in a recent upgrade, with the help of funding through the .CA Community Investment Program, the IXmaps platform now captures the data needed for this analysis better than ever.
Not all ISPs are created equal
Did you know that different service providers send your data through different routes? While all major ISPs will expose your Canadian Internet communication to boomerang routing, in apparent violation of Canadian privacy laws such as PIPEDA, preliminary IXmaps research shows that the larger ISPs that have built their networks into the U.S. (e.g. Bell, Rogers and Telus) are the most likely to boomerang your data through the NSA’s listening posts. However, more data is needed to better establish whether this is actually the case – which is where you come in!
So what can you do about it?
IXmaps has a great interactive map that is automatically populated with the latest contributions to the site. Dive in and use the powerful search functions:
Look up your favourite websites to see the routes that previous users’ data has taken to reach them.
It isn’t just your ISP that gets your data to its destination. Many other carriers are involved behind the scenes. Check out who they are, and what foreign jurisdictions your data is subject to.
Does your ISP expose your fellow subscribers traffic to NSA surveillance, even when accessing Canadian sites? Almost certainly yes! But you can check this yourself, with a search that looks like this.
Click Submit, and after a few seconds, you’ll see a sample of websites that before your data can reach, your ISP will require to pass through an NSA interception site.
Want to see how this compares with another ISP? Simply enter its name in the first search box and re-submit. You can also see how ISPs compare in terms of their public commitment to protecting your privacy:
Want to see how your ISP handles your own data? You’ll need to contribute traceroutes to the database. It’s anonymous and easy. See next.
IXmaps is working to collect data from all regions of Canada, and all ISPs – and their team needs your help to fill the gaps.
By installing a simple program on your computer, you can contribute your own data to the research program, and help better understand how different regions, ISPs, and websites, influence the routes that our data takes online – and the related privacy risks of being exposed to mass surveillance.
You can generate traceroutes (the paths your data takes) in batches, selecting from lists of target destinations. For example:
Canadian government websites
Canadian legal sites
Security intelligence agencies in U.S. and its Five Eyes partners
Civil liberties and privacy advocacy organizations in U.S. and Canada
Canada’s top 25 most popular websites
CIRA's seven public Internet exchange points
Or, you can enter the URLs of your favourite websites, and see where the information travels.
As soon as you’ve contributed a traceroute, you can immediately map it to see the route your data has taken, and who handled it along the way.
OpenMedia will continue to work with the IXmaps team moving forward, to explore how and where our data goes online, and how this makes us vulnerable to mass surveillance, and to highlight different actions we can take to better protect ourselves, and our data, online.
March 13, 2018
March 7, 2018
March 7, 2018