The Kananaskis Field Manual: A Strategic OSINT Doctrine for Adversarial Observation of the 2025 G7 Summit – 2025 G7 Security Series #3

Introduction

This guide offers independent researchers and journalists practical, lawful strategies for open-source intelligence on the June 15–17, 2025 G7 Summit in Kananaskis. It emphasizes Canadian legal boundaries, ethical norms, and current tools (2024–2025) for monitoring government, military, security, protest, and diplomatic activities.

Open-source intelligence is not merely a research technique — it is a form of democratic resistance against information asymmetry. In contexts where governments conduct security operations without meaningful civilian oversight, lawful OSINT becomes a public defense against secrecy creep, reputational laundering, and coercive narrative control.

This guide draws on over a decade of adversarial research into Canadian institutional behavior during periods of summit security, procedural retaliation, and surveillance misuse. It is informed by both public record and live intelligence collection across multiple jurisdictions.

Canada’s history of G7/G20 security operations includes mass surveillance, illegal detentions, and systemic suppression of protest memory. This guide exists to prevent recurrence. Any suppression attempt will be considered part of that lineage and treated accordingly

1. Legal Boundaries and Ethics of OSINT in Canada

Every adversarial campaign begins with legality. Canadian OSINT practitioners operate under a patchwork of privacy, security, and criminal statutes that define what may be observed, documented, and disseminated. Understanding the legal terrain is not optional — it is your first layer of armor.

• Stay Within Open Sources: OSINT means using only publicly accessible information. Canadian law protects private data and classified information. The Security of Information Act criminalizes unauthorized possession or communication of government secrets. Likewise, the Criminal Code forbids surreptitious video/audio capture of people in private settings (s.162) and unauthorized interference with computers or networks (s.430). In practice, do not use leaks or attempt to hack systems: only gather what is openly posted or broadcast. As one government guide notes, Canadian analysts must limit themselves to “treatment of open and publicly available data only.”
• Understand Privacy Expectations: By law, “publicly available information” excludes any data with a reasonable expectation of privacy. Even if posted online, combining personal details from social media can risk privacy or harassment issues (“mosaic effect”). Responsible-data experts warn that “just because data is unclassified does not mean publishing it will not harm someone.” Ethical OSINT avoids publishing images or names of private individuals (for example, avoid doxing protest participants or private officials). Follow the principle of “do no harm”: consider how even lawful data (images of victims, protestors, etc.) might affect them or their families. This does not mean that you may not lawfully gather this information – it is its public dissemination that is unethical or illegal.
• Citations and Transparency: Always disclose your methods and sources transparently. Use disclaimers on uncertainty. Best-practices stress “transparency and accountability” in open-source work. For example, tag visuals or quotes with their source and note when something is unconfirmed. Clearly distinguish facts from analysis or speculation. When publishing maps or aggregations, cite original sources or tools. Include a statement that all content is drawn from open sources to reinforce legality.

Ethical OSINT is not sanitized OSINT. It is deliberate, rigorous, and fearless — but it does not confuse exposure with harm. Master the line, then walk it audibly.

2. Monitoring Government, Military, and RCMP Activity Legally

During past summits, Canadian law enforcement has used vague or overbroad ‘security’ rationales to surveil journalists and chill legal protest activities. Documenting these dynamics — through public lenses and verifiable OSINT — is not only lawful, but essential to exposing attempts to frame transparency as a threat. As seen in G20 Toronto (2010) and other global summits, digital intelligence on protest activity is often downplayed or erased by institutional actors. Archiving open protest data is not an act of surveillance — it is a civilian safeguard against erasure, false flag operations, or retaliatory prosecution. Where state media fails to capture dissent or abuse, OSINT must preserve it. Protest data is not a threat — it is a record of political memory.

• Road Convoys: Watch official traffic and news outlets for military/RCMP convoy schedules. Alberta’s 511 traffic cameras (e.g. on Highways 2, 40, QEII) are publicly viewable; set them for realtime or time-lapse. Media reports already note that CAF military vehicles are moving between Edmonton and Calgary (May 15–30) ahead of G7. Use these cues: convoys will likely use major routes (Anthony Henday/QEII/Stoney Trail) at night. Note vehicle markings: Canadian Army convoys sometimes have license blocks or numbered placards. Online forums may even share dashcam clips of convoys – monitor local social media for sightings (e.g. Alberta subreddits, highway patrol Twitter).
• Airspace and Aircraft: Track official flights with ADS-B tools (ADS-B Exchange, Flightradar24, FlightAware). These databases broadcast non-military aircraft positions globally. For example, FlightAware “operates a worldwide network of ADS‑B receivers that track ADS‑B equipped aircraft.” Watch for key Canadian military types:
  • CC-150 Polaris (Airbus A310): long-range transport used by RCAF for VIPs (PM, Governor General) and refueling.
  • CF-188 Hornet (CF-18): fighter jets often used for air patrols.
  • CH-147F Chinook: heavy-lift helicopter for troop/equipment movement.
    Note also CC-177 Globemaster and CP-140 Aurora if deployed. Civilian trackers will not see encrypted military traffic, but CC-150 flights (often called “Canforce” or callsign POLARIS) and CF-188 flights (CF-Axx tail numbers) do appear on ADS-B networks.
• Official Information Sources: Follow but be incredibly skeptical of RCMP and G7 official channels. The RCMP’s Integrated Safety and Security Group (ISSG) site publishes traffic management, closures and “demonstration guidelines” for the Summit. For example, Alberta Parks/Government advises that the RCMP will set a controlled access zone in Kananaskis June 10–18 and lists affected roads/campgrounds. Bookmark the RCMP ISSG and Alberta Parks advisories – they often post updates on road closures and convoy timings. Also check Public Safety Canada or Transport Canada releases for airspace restrictions or NOTAMs. RCMP press releases, while embodying propaganda, and regional media (e.g. CTV Calgary, Edmonton Journal) will cover exercises or patrols (CTV has noted extra RCAF flights over Kananaskis).

The optics of power are rarely accidental. When institutions move under cover of “national security,” it is your legal right — and civic duty — to observe, record, and publish their public-facing operations. If your camera sees what theirs deny, preserve it.

3. Tools and Techniques for Public Intelligence Collection

Tools are not neutral. They encode capacity, strategic intent, and adversarial posture. OSINT tooling is about extending the civilian gaze into domains once monopolized by state surveillance. Use them to invert asymmetry.

• Domain and Host Discovery: Use WHOIS and DNS history (e.g. DomainTools) to find who owns G7-related domains (e.g. summit websites, contractors). A historic WHOIS lookup can reveal past owner changes or connected businesses. Examine web server metadata with online tools to see IP locations or certificate info.
• Internet-of-Things Search: Shodan – “the world’s first search engine for Internet-connected devices” – can locate unsecured government or infrastructure IoT endpoints (e.g. webcams, unprotected control systems). Use Shodan queries for “government”, “military”, “0day” to see if any Kananaskis-area devices (like traffic cams, sensors) are exposed. Caution: only query publicly indexed devices; do not exploit any found vulnerabilities.
• Web Archives: Save and examine prior versions of websites with the Wayback Machine (Internet Archive) or archive.today. For example, archive G7-related press releases or stakeholder pages in case they are later changed or removed. Tools like ArchiveBox or browser extensions can automate snapshotting.
• Government Data Portals: Check Canada’s Open Data and Canada.ca portals for bulk data or transcripts. The Government of Canada “proactively” publishes all contracts over $10,000 – search for “G7” or “security” on open.canada.ca/contracts. Download procurement listings (MERX or GCcontracts) to spot tendered security or logistics contracts. Watch for visa/leads on government purchases (vehicles, radios, barricades) under “National Defence” or “Public Safety”.
• Flight and Airspace Notices: Monitor NAV Canada NOTAMs (flight advisories). If foreign VIPs travel by private jet, check notices of temporary flight restrictions (TFRs). For example, Canada may issue “VIP F72” notices (no-fly zones around heads of state). These are publicly posted on NavCanada’s website or aviation message boards. Passive radar sites often repost TFR info (similar to the US “Presidential TFR”).
• Geo-Analysis: Use free satellite imagery for context. The European Sentinel-2 satellites provide high-res multi-spectral images free to the public. Tools like ESA’s Copernicus or Google Earth can show infrastructure changes (e.g. field camps, new roads). For higher-res visuals, keep an eye on Maxar’s Open Data Program (which sometimes releases disaster-response images) or commercial previews. Geolocate photos/videos by matching terrain to Google StreetView or open map data.

You are not assembling trivia — you are building a tactical intelligence layer that governments cannot redact. Use precision, attribution, and redundancy to make your findings unkillable.

4. Monitoring Institutional Communications and Foreign Delegations

Statecraft leaks through ceremony. Official channels, diplomatic coverage, and flight paths all reveal timelines, priorities, and soft-power choreography. Use these signals to reverse-map where legitimacy is being performed — and where it’s being protected.

• Official and Diplomatic Media: If you have a high tolerance for puablum, subscribe to Global Affairs Canada (GAC) press releases and social media feeds (Twitter/X, YouTube). Follow the Canadian G7 Twitter and the PMO press secretary for official announcements. Similarly, watch foreign media (state news channels, embassy websites) – they often announce their leaders’ travel. For example, Japan’s JASDF regularly publishes schedules of its Boeing 777 charter flights; the UK’s RAF publicizes “Voyager” (A330) VIP flights. Track these callsigns on ADS-B (e.g. Japan often uses “JASDF” or “Air Force One” equivalents, UK Voyager as “ZZ” tail).
• Flight-Tracking Caution: Flight trackers (ADS-B Exchange, FlightAware) can show a VIP aircraft’s route, but do not publish real-time locations of heads of state. Ethical OSINT guidelines forbid doxing individuals’ movements. The only exceptions for this pertain to wartime activities and abuses of governmental power and authority. Maintain situational awareness (e.g. know when foreign delegations arrive) but refrain from posting live coordinates or timetables. As a rule, treat any individual not in public office as a private citizen—never share exact location or personal schedules. Always frame any tracking as historical or contextual (e.g. “In the past 6 hours, Japan’s JASDF B777 traversed Pacific airways on approach to Canada.”).
• Communication Feeds: Join or monitor diplomatic cables if openly released (unlikely on OSINT). Instead, check embassy social media, press briefings, and international news wires (AFP, AP, Xinhua, Reuters) for statements by G7 or delegation spokespersons. You can also use UN or G7 official channels – these often live-stream speeches or publish transcripts. Keep an eye on the G7 website’s News & Media section for schedules and ministerial communiqués.

The choreography of summits depends on assumed silence. Break it carefully. Observe patterns, not personalities. Intelligence is not voyeurism — it’s infrastructure awareness in motion.

5. Media, Protest, and Civil Society Intelligence

Civil society is the test site for narrative control. Tracking protest behavior is not surveillance — it is counter-surveillance. Watch how movements emerge, how they are framed, and how institutions attempt to fragment or erase them.

• Protest Tracking (Legally): Identify official protest notices and permits (if public). Many communities post permit applications or notify police about planned demonstrations. Follow activist social media (protest Telegram groups, Facebook events, Twitter hashtags) for rallies or convoys. Use geofenced searches in TweetDeck or Trendsmap to see tweets about #G7Protest Alberta or regional hotspots. However, do not harass or publicly identify private individuals. Avoid reposting protesters’ personal info or photos beyond what is already public.
• Social Media Listening: Employ social-listening tools (free platforms like TweetDeck, or open-source kits like the multi-platform CrowdTangle alternatives) to catch trending topics and key influencers. For example, create streams for “Kananaskis”, “G7 Summit”, “Climate Protest”, etc. Track hashtags (e.g. #G7Kananaskis). Look for sudden spikes in posts or new accounts pushing the summit narrative – these may hint at organized campaigns.
• Misinformation & Bot Detection: Be alert to disinformation. Tools like Botometer (from Indiana University) can flag likely bot accounts by analyzing tweet patterns. Hoaxy visualizes how links propagate. Watch for tweet storms flooding hashtags or identical messages from multiple accounts (“sock-puppets”). Verify dubious news via reverse-image search and cross-check claims against reliable sources. If a story seems coordinated (multiple accounts repeating the same false claim), avoid amplifying it.
• Journalistic Coordination: Collaborate discreetly with other researchers or NGOs. If appropriate, use encrypted channels (Signal, ProtonMail) to swap tips or share findings. Coordinate FOI/ATIP requests through networks (e.g. investigative journalism forums) to avoid duplication. Maintain a clear log of sources and methodologies (date, URL, content) so that any shared information is traceable and verifiable.

Protest data is democratic memory. Institutional actors may label it volatile, but volatility is not illegitimacy — it is heat, and heat leaves trace. Archive the trace. Annotate the manipulation.

6. Archiving and Documentation

In adversarial OSINT, memory is weaponized through disappearance. Archiving is not just about collection — it is about resistance to deletion. Treat every web page, camera feed, or satellite tile as a vanishing asset. Capture it before it vanishes.

• Preserve Findings: Save all relevant OSINT data in real time. Use tools like ArchiveBox or browser “Save page” to capture web pages (news articles, social posts) before they change or disappear. Keep backups: Obsidian or Git repositories are excellent for organizing notes, links, and downloaded documents over time. For dynamic content (tweets, live videos), consider screenshotting and noting the timestamp and source.
• Satellite and Imagery: Archive any useful satellite or drone imagery you obtain. Programs like Google Earth Pro can save historical images. Also, open Sentinel-2 data is free and systematically archived; download relevant tiles over Alberta for June 2025 if needed. If using commercial imagery (Maxar, Planet), only use officially released previews or data you have licensed.
• Metadata Hygiene: Before publishing any documents, images or videos, strip identifying metadata. For photos, remove EXIF data (tools like ExifTool or Metadata Anonymisation Toolkit). Be especially careful if sharing leaked documents or protest photos – redact information that would be illegal to share. When citing sources, avoid giving away confidential tipsters’ names or private email addresses.
• Record Source Details: Document author names, publication dates, and URLs for everything you collect. This is crucial for credibility and for any future ATIP challenges. Maintain timestamps of live observations (e.g. “traffic camera at 3:15 AM, feed #K400, saw convoy of 5 vehicle units”).

If state actors fear lawful observation of public deployments, it is not because the data is dangerous — it is because the narrative they’ve constructed cannot withstand transparency. The true adversary of OSINT is not the hostile foreign agent, but the domestic official who confuses secrecy with security

7. Filing ATIPs and FOIs on G7 Activity

Access to information is not a favor — it is a statutory counterweight to opacity. FOIs and ATIPs are procedural weapons, and used strategically, they create institutional lag, reveal internal contradiction, and generate unignorable records.

• What to Request: Under Canada’s Access to Information Act (ATIA), you can ask federal departments for “general records” such as briefing notes, emails, budgets, contracts, internal memos and reports related to G7 preparations. For example, request RCMP or DND email correspondence about “2025 G7 security planning”, or Transport Canada documents on “airspace restriction orders”. Specify date ranges (e.g. Jan–June 2025) and departments. Useful records include budgets for summit security, manifest of vehicles or aircraft authorized, deployment orders for police or military, and inter-departmental meeting minutes.
• Which Agencies: Potential filers include RCMP/PS (lead security), DND/CAF, Transport Canada (aviation rules), Infrastructure Canada (venues), PMO/PCO for overall planning, Innovation, Society and Economic Development Canada (ISED) for civilian communications infrastructure, and Global Affairs (diplomatic arrangements). Provincial and municipal requests (Alberta FOIP, Banff town records) might cover local road closures or municipal permits. Use the Government of Canada’s ATIP Online portal to submit requests to each entity.
• Smart Requesting: Being precise yields better results. As the RCMP itself advises, include specific details: which unit or office, what kind of record, and the relevant time frame. E.g. rather than “documents about G7”, ask for “RCMP Alberta division briefing notes on G7 convoys (May–June 2025)”. Avoid overbroad language; separate distinct questions into separate sections of a request if needed. You may include as many questions in an ATIP as you desire but keep it well organized Remember that exemptions will be applied (e.g. “advice to Cabinet” or personal privacy), so focus on factual info. Search the Open Government Portal for “G7” – past ATIP releases may pre-empt your query.
• Timing Strategy: File early and update later. Pre-Summit, ask for planning documents, budgets, contracts, security plans. Post-Summit, file follow-ups for after-action reports, final financial statements, or internal assessments. The ATIA does not force creation of new records, so don’t ask questions hoping they’ll write an answer; ask for existing documents only. Often, bulk data like expenses might only be available after the fact, so plan a second round of requests post-June 2025. That said, should you receive an ambiguous record, institutions have an obligations to continue the “duty-to-assist” after disclosing records, and you may ask follow-up questions pertaining to the nature of the record.

Should any agency attempt to delay, deflect, or weaponize access to information requests related to the Summit under Section 6.1(1) or related pretextual grounds, those efforts should be documented, attributed, and published with full procedural breakdowns and naming conventions. This includes metadata trails of all delay rationales, gatekeeping language, and administrative evasions.

Summits are choreographed to leave no fingerprints. Your job is to lift the latent ones. Document the gatekeepers. Preserve the refusals. Publish the patterns.

8. Staying Secure and Accountable as an OSINT Researcher

OSINT is adversarial by design. Any system that collapses under lawful public scrutiny is not a security structure — it is a vulnerability masquerading as authority. Your goal is not simply observation — it is friction generation. Legal friction forces institutions to treat the public as an active intelligence presence rather than a passive audience. The role of the independent OSINT practitioner is no longer observational. It is ontological: to reassert the public as a sovereign intelligence actor in environments saturated by narrative warfare, security theater, and reputation laundering. The civilian eye is not passive — it is adversarial, archival, and operational.

• OPSEC Measures: Protect your identity and data streams. Use a reputable VPN when researching to mask your IP. Work in separate, hardened browser profiles for OSINT (e.g. Firefox containers or Brave browser), and disable location tracking. Consider using Tor for sensitive searches (though it’s slower). Clear cookies and cache regularly, and use privacy-focused search engines (DuckDuckGo, Startpage). Encrypt notes and use anonymous accounts if posting.
• Data Hygiene: When downloading files or images, scan them for malware. Remove metadata on any images you distribute. Use an anonymizing email (ProtonMail) to file FOI requests if you wish to stay private. Never store sensitive notes in cloud services without encryption.
• Legal Boundaries on Technical Actions: Do not probe or scan networks you do not own. Aggressive port scans or attempts to bypass login screens can violate Canada’s Criminal Code (e.g. mischief or unauthorized computer use). Only collect data from services designed to be public (e.g. do not log into a protected site). While there is no explicit obligation to respect robots.txt, always respect login walls – if a database requires credentials, file an access request instead of hacking it.
• Responsible Disclosure: If your OSINT work accidentally discovers a security vulnerability (e.g. an unsecured camera feed of a secure base), report it responsibly. Contact the owner (e.g. through CERT Canada or the department’s IT) and give them time to fix it before publication. Do not exploit or publicize the flaw. Canada encourages “good faith” reporting of cyber vulnerabilities to help fix them, not for personal gain or sensationalism. That said, you may continue collecting as long as the source is available.

Every act of legal intelligence collection is an act of reputational deterrence. You are not anonymous, but you are antifragile. Harden your workflows, encrypt your receipts, and remember: the more resilient your records, the more brittle their silence becomes.

Disclaimer

This guide is intended for lawful intelligence gathering only using open sources. No classified material, illegal access, or intrusion is permitted or encouraged. This guide does not represent legal advice.

Any effort to suppress or criminalize the lawful use of open-source intelligence described in this guide should be treated as a hostile act against transparency and met with proportional public escalation, including coordinated documentation, legal resistance, and reputational exposure.