This article is more than 1 year old

Snowden reveals LEVITATION technique of Canada’s spies

If you MUST build naughty spy tool... it's, er, pretty sweet

Canada's very own intel agency has a program designed to track millions of downloads, according to the latest revelations from the Edward Snowden document leaks.

The "Levitation" system gives analysts at the Communications Security Establishment (Canada's NSA) data on between 10-15 million uploads and downloads of files from free websites every day.

Canadian spies can access data from 102 free file upload sites, but only three file-host companies (Sendspace, Rapidshare and the now-defunct Megaupload) are actually named in the leaked PowerPoint document, which was created in 2012.

Sendspace told CBC News that "no organization has the ability/permission to trawl/search Sendspace for data". The firm said it wouldn't disclose user identities unless legally mandated.

The leaked documents said that access to data comes from a "special source", terminology used elsewhere in the Snowden docs to refer to co-operation with telecom carriers and ISPs. This source is codenamed Atomic Banjo.

File-sharing websites are used to share photos, videos and other documents. Cyber-lockers might also be used to share copyrighted-protected content, such as music and movies.

Extremists also use file-sharing sites to exchange propaganda and training materials. So, analysing file uploads and downloads offers a potential mechanism to pinpoint previously unidentified terrorist suspects or plots.

To identify this needle in the haystack, spies are obliged to sift through a vast volume of irrelevant material, including the inevitable episodes of Glee, according to the leaked documents.

Analysts find 350 "interesting download events" each month which are subjected to further scrutiny, including metadata analysis. Data harvested by Levitation is cross-referenced with other databases set up by the "Five Eyes" spying alliance in order to link identities to IP addresses.

Levitation enabled the discovery of a German hostage video through a previously unknown target as well as an uploaded document that gave an insight into the hostage strategy of a terrorist organisation up until 2012, according to two successes cited in the leaked documents.

Megaupload kingpin Kim Dotcom latched onto the leak as something that might help in the ongoing copyright infringement case against his defunct cyber-locker service. "Our lawyers will seek orders from Canadian Courts to get access to CSE ‪#Megaupload‬ spy reports. Exculpatory evidence for our criminal case," he said on Twitter.

Canada is generally seen a junior partner in the Five Eyes spying partnership, which includes the US, UK, New Zealand and Australia. The country has been a guest star in the ongoing Snowden files with the NSA and GCHQ being the main players.

CSE has previously featured, with revelations last year that it slurped airport passengers' Wi-Fi data.

According to the leaked docs Canada apparently shares data from its upload surveillance tool with other allies (Spain, Brazil, Germany and Portugal) beyond the usual suspects. CSE is supposed to mask the identities of untargeted Canadians caught up in its file-sharing surveillance dragnet before sharing the data with its foreign intelligence partners and law enforcement agencies.

The leaked documents date from 2012. The move by file-locker services to crypto-by-default https connections would drastically reduce the efficacy of an unmodified Levitation if it was operating today.

The Intercept's take on the Levitation leak can be found here.

Even critics of mass surveillance in general were prepared to give the design of Levitation some credit. "Global surveillance represents a danger to democracy, but if you are going to build it, LEVITATION is a good example of how to use it well," said University of California at Berkeley computer scientist Nicholas Weaver in a Twitter update. ®

More about

More about

More about


Send us news

Other stories you might like