Experts say that probably included many Canadians whose smartphone and laptop signals were intercepted without their knowledge as they passed through the terminal.
The above statement is misleading. A smartphone does not have signals that can be “intercepted,” a smartphone actively seeks out and asks for an IP address so it can check in wherever some app wants to check in. A lot of apps want to phone home and have access to a device’s network. Smartphones are always active participants in a network. The user of a smartphone has chosen to leave wifi active which means that user *wants* his device to scan for and connect to available bandwidth resources. This scanning is a feature not a bug.
The document shows the federal intelligence agency was then able to track the travellers for a week or more as they — and their wireless devices — showed up in other Wi-Fi “hot spots” in cities across Canada and even at U.S. airports.
They simply store and key off the device ID or MAC address. Every device has a unique MAC address, the layer 2 address used by local routers in the final leg of a route to send packets to the right device. This address does not leave the local subnet unless through surreptitious means like a malicious app.
This kind of sweep probably captures browsing metadata all keyed by device id. Not sure how useful any of that data will be to anyone. End to end encryption using SSL can protect content of a message data but not metadata, the where and how long one communicates. This kind of metadata could be useful nuggets in corporate espionage for all kinds of reasons. If you’re just using the open wifi at the airport to pass time none of this matters as long as they’re not attempting Man In The Middle attacks or 0-day exploits against you.