The annual Communications Security Establishment Canada report for 2024 to 2025 mentions Toronto a few times but mostly as an afterthought. I still think it’s worth a look though. You can download the report here or read it online.

It begins with an assurance by current Chief Caroline Xavier (she/her) that:

Equity, diversity, inclusion and accessibility inform everything we do and are essential to helping us deliver our mission.

Thank goodness I’m not running the place because my decisions would likely be informed by shit like effectiveness and adherence to/promotion of the Establishment’s mission:

The Communications Security Establishment Canada is Canada’s agency responsible for foreign signals intelligence, cyber operations, and cyber security.

We gather foreign signals intelligence to defend Canada’s national security. We keep the Government of Canada’s information secure. We work with industry and academia to protect Canadians from cyber threats.

Oddly, on page 46 under the sub-heading “Inclusivity in our external representation” (part of the “CSE is Growing and Learning” section), it is noted that:

We worked hard this year to embed EDIA into every facet of our work … including pronouns and a land acknowledgement

Yet there’s nary a land acknowledgement to be found in the entire report! Begs the question, if CSIS can do it then why can’t CSEC?

But not to worry, out of the 56 page report (of which 17 pages are fluff like full-page photos, decorative graphics, and section titles), CSEC has dedicated 4 full pages (plus generous sprinklings elsewhere), to advertising its initiatives on equity, diversity, inclusivity, and accessibility.

So if an acknowledgement or two slip through the cracks then … you know … shit happens. But I can see how shit like this can happen when I read things like:

Our diversity—whether in our backgrounds, skills, talents or motivations—is our strength.

Bringing in people with differing backgrounds, skills, and talents at a superficial level seems like a good idea but am I the only one to suspect that differing “motivations” could be somewhat problematic? Like, would it be considered a sufficiently diverse motivation if an applicant openly wished to destroy CSEC from within?

Maybe a uniquely diverse dearth of motivation is what produced the dearth of land acknowledgements in the report.

But let’s put all that aside for a moment and summarize what else the Establishment gets up to in their spare time. In late 2024 the report claims that CSEC detected and disrupted a foreign ransomware group within 48 hours. Also in 2024 CSEC boasts of helping to take RT off the air in Canada and of assisting in thwarting some botnets. In addition they spent some time providing intel for the military:

This year, we delivered timely intelligence for many named operations, including operations UNIFIER, REASSURANCE and HORIZON.

A number of the same foreign targets of CSEC are the same as those entities targeted by CSIS, namely:

• the PRC’s expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies
• Iran uses its cyber program to coerce, harass and repress its opponents, while managing escalation risks

While CSEC openly assists the governments of Ukraine and Latvia, domestically they seem more interested in keeping tabs on people:

In 2024 to 2025, following a series of cyber incidents targeting northern institutions, and with the Minister’s authorization, the Cyber Centre began proactively deploying sensors to territorial government IT assets in Yukon, the Northwest Territories and Nunavut. These sensors detect malicious cyber activity in devices at the network perimeter and in the cloud. They are one of the Cyber Centre’s most important tools for defending systems of importance to the Government of Canada

Some people will say that these actions only target government infrastructure and help to increase security but those same people must also admit that simultaneously spreading the attack surface decreases security:

CSE operates Canada’s Top Secret Network (CTSN), a secure IT network used to collaborate and communicate at the Top Secret level. This year, CSE supported major site expansions for existing CTSN clients, including the National Security and Intelligence Review Agency (NSIRA), PCO, Justice Canada and the RCMP, resulting in a 20% increase of deployed endpoints. In the upcoming year, CSE will onboard 3 new government departments to CTSN:

• Environment and Climate Change Canada
• Public Prosecution Service of Canada
• Office of the Commissioner of Canada Elections

Why does Environment and Climate Change need access to top secret information? Maybe it’s for the same reasons that the government Covid jab contracts remain mostly secret.

Other than producing a lot of digital paperwork and giving presentations, it doesn’t seem like CSEC is very involved in most operational matters. Given how often the government ignores even this diminished function of the Establishment does not paint a rosy picture.

Between CSIS’ covert complaints and CSEC’s diverse distractions I don’t think it’s any wonder that Canada’s secret security apparatus relies heavily on the Five Eyes.

That being said, I’m pretty sure that it’s not the priority of the US, UK, Australia, or New Zealand to keep Canadians safe so I don’t find these or other partnerships reassuring. Something to keep in mind as the summer simmers and international intrigues increase.

Sorry for the interruption.

Hopefully it’s at least revealing to know that even as I write these lines I’m in a precarious situation (whatever income I do have is entirely spoken for), so please don’t mistake me for some well-to-do bohemian philosopher. And I know I’m not getting that seized money back so now I have to decide which bills aren’t getting paid.

But let’s not dwell.

I’d like to explain what I was getting at earlier. Because I really do have faith in something, and that something is technology.

Oh, don’t get me wrong — I know my computer isn’t going to hug or feed me tomorrow. It’ll barely keep me warm in the winter. In the summer, it does a shitty job of keeping me cool. It never encourages me, and frankly, it barely acknowledges my presence. But it does provide access to something: digital privacy and anonymity.

Privacy

Of course government surveillance means that my expectations should be restrained, but based on everything I know about encryption, surveillance, and data collection, I believe that what governments are doing amounts to basically data warehousing — until they can figure out a way to crack some of the heavily encrypted stuff. And that’s proving very challenging.

So that’s a great place to start, for example, by learning how to encrypt your email. See if your friends can read them, just for shits and giggles. This took me a few moments to set up for the first time so I’d recommend giving yourself some time to absorb the instructions.

Don’t rush — misunderstanding is often as dangerous as sheer ignorance. The Khan Academy does a great job of explaining how you and another person can communicate privately when you’re constantly being listened in on (the ideas are initially explained using colours — no math!):

If you stuck around for the math in the second half, you may have noticed that this (the big number stuff), seems like something computers would be good at. Right? And the underlying concepts have many real-world analogues too.

One might opine that it’s almost as if God weaved these mathematical tidbits into the fabric of the universe for us to discover and use.

If you’re not really familiar with practical encryption, it’s a good idea to peruse the more general material. Take your time because encryption by itself isn’t enough. There are many ways that you can inadvertently reveal your personal information (stuff like writing your password on a sticky on your work PC), so an education in encryption is 50% technology and 50% human. Keep in mind that security is often also compromised via “rubber-hose cryptanalysis“.

So we’re also aiming for is anonymity. With everything now living in “the cloud” (a fancy term for “somebody else’s computer”), our anonymity can be ephemeral. If we can be both private and anonymous (eavesdroppers know neither what’s being said nor who’s saying it), then maybe there’s a chance that private exchanges between individuals (outside of the government’s gaze), are possible.

The privacy is done through encryption. Anonymity is provided by something like the Tor network.

Anonymity

Tor is the current crème de la crème of what is lovingly called “The Dark Net”. You know…

Yup, this stuff is out there. Big shock. I mean, don’t we know by now that when something is illegal, a black market will spring up? So law helps to stoke the fires, and government swoops in with a leaky, overpriced, corrupt bucket of water. And that such a market should exist online is equally as un-shocking. That doesn’t mean Tor is all bad — it’s all in how you use it. All it’s designed to do is to keep you anonymous.

How qualified am I to be dolling out Tor advice? Well, I wrote the library for controlling and communicating through Tor using Adobe Flash and AIR, so I’d say I’m fairly well qualified.

On this topic, I’ve written a pretty buggy and totally not-ready-for-public Tor application that you can play with (it launches whatever version of IE, Chrome, or FireFox that you may have installed in “Tor mode”): http://www.torontocitylife.com/downloads/BreakOutBox.exe

I’ll be releasing this as open-source as soon I’ve cleaned it up a bit. Feel free to write me to get your hands on it earlier, or with any of the obvious (or not so obvious) problems you encounter.

Update (July 1): I urge caution when using BreakOutBox at this point — it doesn’t correctly reset your browser’s proxy settings so you’ll probably have to reset them yourself after closing the program. I’ll try to have this fixed in the next version. Also, if you downloaded BreakOutBox before July 1st, it won’t work (I forgot to include the Tor binary!). Download and install again to fix.

Open-Source

What I’ve discussed so far is not that new. They’ve actually been around for a while, and they’ve been open-sourced for nearly as long.

That “open-source” thing is tossed around a lot, and often in totally bullshit ways.

All that “open-source” means is that the author has released the source code, the instructions they wrote to produce the software, for anyone and everyone to look at, use, adapt, and enjoy.

You have to teach yourself that particular programming language to use it, true, but you don’t have to depend on them telling you what their finished software does — you can build (and change) that software for yourself. Naturally, for any popular piece of open-source software there’s a community picking it apart to see if it breaks.

Proprietary or “closed-source” software, on the other hand, depends on you trusting the organization’s motives because they’re not about to share their “trade secrets” with you.

So it’s a choice between someone eager to share their work (in detail), and having equally eager people openly test it for stability and security — or what the corporation tells you is good for you. That’s how come open-source is so popular. It can be quirky — sometimes it takes a while to get used to a unique user interface and shortcuts — but it is, after all, made by individuals.

So what’s with open-source licenses? If you dig in, you realize that they actually turn the standard software licenses on their heads:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without imitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Translation: Our software MUST remain free  for you to do with as you damn well please with one exception; we will sic copyright law on you if you try to claim exclusive ownership over it or its derivatives. If you want to sell this software, even as-is, then as long as you include the copyright notice we’re cool!

Sounds a little strange, even contradictory, but what it actually means is that while you’re free to profit off of open-source work (in most cases), you agree that it is open-source and that you will not violate other’s access to the same open-source material. What you do with that material, as long as you give a little nod via the license, is up to you — just as it is for others.

Now that’s a software license I can get behind.

Such licenses are all pretty much the same, more or less, and that same philosophy applies to non-software too (that little Creative Commons tag at the bottom of this site, for example).

And this model (giving stuff away for absolutely nothing), runs directly counter to every inbred economic instinct, and yet has proven to be profitable in very standard economic ways.

So now you have privacy, anonymity, and a some discretion in software (etc.) choices.

Now it starts to get interesting.

Cryptocurrrency

Many people have problems with this concept, so don’t feel bad if you have been labouring under the same misunderstandings.

When we talk about Cryptocurrencies, we often talk about one big example: Bitcoin, but there are quite a few more out there.

The “coin” part of the name is unfortunate because there are really no coins involved, electronic or otherwise. Bitcoin is more of a massive, peer-to-peer, public ledger into which transactions between individuals can be placed and verified. The BTC (Bitcoin) unit is simply a representation of worth to the parties involved, and the Bitcoin network makes it possible for these transactions to be done securely and honestly using strong cryptographic techniques.

Sounds kind of arbitrary, but it’s really not. Let’s say I decide that 1 BTC is $1. Do you agree with that? Great — when I want to send you payment for something, and we both agree that that something is worth $20, I’d send you 20 BTC. As long as I honour the BTC’s worth, you can then use it to exchange for another $20-worth of goods or services. Think of it as an IOU (which is basically what money used to be).

That’s fine for the both of us, but what if Bob down the street wants in on the action? Well, we can agree that $1 is 1 BTC, or maybe we can re-jigger our values to make it more accurate for all of us. So Bitcoin — the unit representation of community-derived worth — is more or less what people make of it. The Bitcoin network enables them to do that, and then use that agreed-upon “currency” for exchange.

This is a bit of a simplification, but that’s the gist of it.

Ultimately, using Bitcoin isn’t much more different than using money, and there are plenty of places where you can do exactly that. The transaction isn’t unlike using a debit or credit card in many ways, but the big difference is that you own your own account (usually stored on your device). If you lose access to it or someone hacks it, tough titties; it’s very much like cash in that way.

Bitcoin is pretty easy to integrate with Tor but needs a little help to be safely anonymous. Your Bitcoin wallet address might look like random data (and it mostly is), but without Tor and some additional protections, transactions may still be traced directly back to you, and with enough such information it’s feasible that you could be discovered. You may not think that selling good old-fashioned lemonade would bring the wrath of government down on you, but yeah, it will — they’ll fuck your life over good.

So protect yourself from these criminals as best as you can.

You may have read about some large Bitcoin and Tor-related site busts which, despite the rhetoric, were done using old-fashioned detective work — the technology remains pretty solid. Just don’t forget about the human part of the security and anonymity equation.

Keeping It Real

Having the ability to purchase physical goods and services using a cryptocurrency is great, but most likely those are going to be delivered via the government-owned post office. “And why exactly do you need all these lemons, Mister Bay?”

Unfortunately, it’s not looking like I’ll be able to replicate a bushel of lemons at home any time soon, but there are many real-world, physical objects which can be transferred digitally (and privately and anonymously), and reconstructed on increasingly cheap devices like 3D printers (and they’re not just for plastic trinkets). Star Trek-style gizmos, it turns out, aren’t that far-fetched.

Now do you suppose that with these nifty new 3D printers people will just stop everything and say, “Done! No more innovation!”? I doubt it.

Of course, this technology also has questionable applications, but these come with the territory.

We shouldn’t minimize the import of such uses, but we also shouldn’t focus unduly on what amounts to a drop in an ocean. We also can’t become complacent because the state is constantly working to put us under their thumb, but at the same time we shouldn’t get too paranoid about their capabilities.

There are many good people working hard to make all of this a reality. Some of those evil hackers that the teleprompter readers warn you about are some of the same people building these systems — you’ll need to discern for yourself what their true intentions are.

And that, ultimately, is what it comes down to … freedom. Conscious freedom to choose who you talk to, who you do business with, and to do what you want to do. Of course, with freedom comes responsibility, though most of us probably know that. If only government & friends could get a hint. But forget those fools because there are even more interesting things out there…

At the company party last week, a fairly new employee (a superfluous fourth nipple of a teenager, the son of the third nipple, my supervisor), asked me, “Why would anyone want to learn to program Flash?”,  or something to that effect. The “why would anyone” part stuck with me as a particularly brazen thing to say coming from a kid who doesn’t know an object from a pointer. That’s programmer lingo for he’s wet behind the ears, the little shit.

And as I told him, I grew tired of all the low-level nonsense that his pop still likes to muck around in. It’s unseemly. I mean, I’ve done it too – every good programmer should rip apart their computer in every which way. But I put aside childish things when I decided to actually get some work done. Seriously, it’s like going back to the frickin’ Stone Age.

I like Flash because there’s a big creative aspect to it – half of the software is geared specifically for drawing and animation. Programming is fun, don’t get me wrong, but staring at computer instructions all day kinda sucks. It’s nice to work in a  piece of software where I can also draw a doodle of the CTO, animate it in some obscene way, add programming to it for interactive fun, and email it to friendly coworkers. And it all looks like legitimate work.

But the reason I brought all of this up wasn’t to go over my portfolio. This situation jumped to mind while I was strolling home and listening to Spark, a CBC Radio podcast about technology. That Zune that you see in the TCL header has a number of ultra-geeked-out podcasts on regular rotation but Spark stands out from the crowd; it looks at the human implications of gadgets and websites rather than the gadgets and websites themselves.

The episode I was listening to, for example, was going into detail about how to operate the iPhone (curse Apple!), with gloved hands. The touch-screen requires human flesh (not my word), to maintain a certain level of conductivity – to operate the phone, in other words. Gloves act as insulators, so the iPhone’s a brick with winter gear on (Ha! I can operate my Windows Mobile phone with mitts and a toque!) In the episode they came up with the solution of sewing some conductive thread through the tips of the glove; not that it’ll affect me directly but it’s neat to see someone thinking about this. After all, in Canada it’s a genuine problem for half the year, and I don’t see Apple using their “genius” to solve the problem. I don’t like Apple.

Nora Young, Spark’s host, has that perfect mix of nerdy affinity and enthusiasm for what technology could be. In fact, all of the podcasts I listen to are done by folks why have genuine interest and enthusiasm in the subject matter, and the fact that some of them are learning as they go along makes the shows accessible. Plus, the topics are approached from an angle that most in the industry wouldn’t think to consider. The third and fourth nipples sure wouldn’t.

Obviously, creativity counts for a lot with me. So when I found the advertisement for Wind Mobile on King Street, I was impressed:

Yes, the ad is the statue. Already intriguing, no? I stooped over to read the plaque, took a few pictures, even had a brief conversation with a passing girl who happened to be editing a video for some Wind Mobile spot – talk about effective advertising! The thing that really struck me was that this particular campaign doesn’t rely on flashing lights and loud noises, it just stands politely to the side and invites your attention. Well.

Unfortunately, Wind needs a new copywriter – the statue idea is absolutely brilliant but the plaque makes an unkind insinuation:

It reads:

The statue commemorates Flippy, Mr Ideas, FlowerGal and the thousands of other Canadians who rose up against an unresponsive mobile industry. It was upon the immortal thoughts of this community – who made proclamations like, “No contracts… do this and I will be your customer forever,” and, “it would be nice to NOT have limits” – that a movement was born. Their brave ideas gave rise to the dialogue which gave rise to Wind Mobile – the first wireless company to be led by the people and a testament to the truth that conversations always make things better. WINDMobile.ca

WIND
the power of conversation

The insinuation is that I will be Wind’s bitch if only they would do away with contracts. Not likely. Plus, if I don’t like contracts, I’m probably not going to commit to “forever”. But their putting statues on street corners (there’s another at University and Richmond), if nothing else, indicates a level of creativity that’s lacking in the older carriers. Here’s how Rogers tries to snag my business:

Granted this is for the cable TV and internet packages that Rogers offers, but it’s still pretty pathetic. A sad kid and a teddy bear — “We miss you”; I can’t imagine giving less of a toss. And while it’s rare that I buy something without going deep into technical specs, I consider a company’s advertising campaign to be a part of that specification. It doesn’t necessarily mean that the company or its products are currently any good, but at least they’re thinking (or at least willing to think), differently. Many companies claim to do this but few actually do.

Asking why anyone would want to learn to program in Flash is basically the same as asking why anyone would want to broaden their horizons. It’s kinda sad to hear a student ask that question, and especially in a mocking way. He’ll end up at the Rogers of the world, hopelessly out-of-date  before he even graduates, and the real world doesn’t take kindly to inflexible youngsters. I know I won’t, the little shit.