About canux

#CyberFLASH: Why 2017 will be a make-or-break year for Internet freedom

internet_freedom

2017 is here, and it’s clear it will be a make-or-break year for Internet freedom. Around the world, our digital rights are under threat as never before. Let’s take a look at some of the big challenges ahead.

In Canada, the federal government will soon be publishing its response to the national security consultation that closed in December. It’s abundantly clear that Canadians want the government to repeal Bill C-51 and deliver strong privacy rules to make us safe — but will the government listen, especially against the backdrop of a full-on RCMP propaganda campaign calling for even more invasive spy powers?

Also in Canada, the government is under pressure from industry lobbyists pushing a costly new Internet tax, a proposal that expert Michael Geist has called a “digital tax on everything.” This is a terrible idea that will deepen the digital divide, and force even more Canadians offline, in a country where low-income and rural residents are already struggling to stay connected. If the government pursues this, expect a big fight ahead.

South of the border, we’re now just weeks away from Donald Trump’s inauguration on January 20. On that day, Trump will secure not just the keys to the Oval Office, but also sweeping new powers to shape the future of the Internet for generations to come.

Based on Trump’s statements, we can expect to see a dramatic expansion of NSA and FBI spying powers. Worryingly, there are very few oversight mechanisms or limitations on what Trump can do with this power. And, given that so much surveillance activity takes place under a veil of near-total secrecy, it will be extremely difficult for citizens to hold Trump effectively to account.

Read more here

#CyberFLASH: Flight booking systems lack basic privacy safeguards, researchers say

GettyImages-556421117Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.

Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.

The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.

The world’s three major global distribution systems (GDS) – Amadeus, Sabre and Travelport – manage a majority of travel reservations but face growing competition from airlines and corporate travel and online booking sites.

“While the rest of the Internet is debating which second and third factors to use, GDSs do not offer a first authentication factor,” researchers at Berlin-based Security Research Labs said in a statement.

Read more here

#CyberFLASH: Amendments To US Criminal Procedure May Threaten The Privacy Of Canadians

computer-gimbal

The explosion of modern communications technology is increasingly connecting Canadians to the world abroad. Geographical boundaries and distances are no longer as significant as they once were. Today, our phones, the device most of us carry in our pockets, enables us to access our private and confidential information from anywhere in the world, at any time. This same digital interconnectedness, however, makes our information vulnerable to hackers and other criminal enterprises. Indeed, for all its miraculous connectivity and convenience, this brave new world presents unprecedented challenges.

Like never before, lawmakers are having to grapple with the tension between safeguarding our privacy on the one hand, and maintaining our security on the other. Canadians entrust lawmakers, as part of our democratic society, to seek a delicate balance – allowing law enforcement to do its job while preventing undue intrusion into our private affairs. Crucially, if we disagree with their approach, we are free to voice our objections at the ballot box.

Canadian law, however, applies only within Canadian borders. And as cybersecurity becomes more of concern, hackers may not be the only parties interested in Canadians’ private information. If foreign governments enact laws effectively granting their agents access to this information, even in limited circumstances, Canadians have little say in the matter.

Read more here

#CyberFLASH: Security agencies must obey letter of law, Trudeau says amid surveillance fears

hacker-stolen-passwords

OTTAWA — Justin Trudeau says his government will ensure security and spy agencies follow the “letter and spirit” of the law, amid mounting concerns they have trampled the privacy of journalists and other Canadians.

In a roundtable interview this week with The Canadian Press, the prime minister stressed that national security agencies must protect Canadians but also safeguard the laws and values the public cherishes.

Trudeau’s words come as the Liberal government wraps up a national consultation on federal security policy and they follow two recent episodes that heightened public concern about unwarranted surveillance.

It emerged last month that the Montreal and Quebec provincial police forces had been tracking the communications of several journalists. Only days later, a Federal Court judge found the Canadian Security Intelligence Service had broken the law by keeping and analyzing information about the communications of innocent people — potentially revealing data that was collected during investigations into actual suspects.

There are also nagging questions about whether CSIS has used its considerable powers to monitor media members.

In the interview, Trudeau said the Liberals would “make sure that our security agencies and intelligence agencies obey the letter and the spirit of the laws that frame them.”

Read more here

#CyberFLASH: Canada’s ICT industry says no to more police powers to access subscriber data

computer-gimbalThe information and telecommunications industry has lined up almost solidly against suggestions police should have access without a warrant to basic subscriber information they hold.

That’s the take-away from a number of industry association and service provider briefs filed last week as submissions closed for Public Safety Canada’s search for citizen and private sector opinions for a new national security framework.

Public Safety Canada issued a green paper for discussion last September calling for opinions on potentially changing federal laws and policies on several issues including loosening police and intelligence agency access to basic subscriber information, forcing communications service providers to hold for a set period of time to subscribers’ metadata, forcing for all communications service providers to buy communications interception equipment police can use, and making developers of encryption solutions to build in backdoors so law enforcement can unscramble protected documents.

In a word, the answer to all from the industry was “no.”

On warrantless access to basic subscriber information

–Information and telecommunications Association of Canada (ITAC), which lobbies for most of the country’s ITC firms including Bell Canada, Rogers Communications, Telus, IBM, HP-Enterprise and others, said in its submission that improving and standardizing paperwork would speed up police access. It also called for “clear rules designed to avoid police “fishing expeditions” that could contravene judicial requirements and privacy laws.”

Read more here

#CyberFLASH: One quarter of Canadian online traffic vulnerable to NSA sweeps: researchers

leaked_data_focus_455234A large amount of Canadian internet traffic is being routed through the United States, leaving it vulnerable to collection and probing by the National Security Agency.

And most Canadians have no idea of how exposed they are to American data sweeps, say the researchers behind a new tool that aims to show Canadians what path their internet traffic takes to connect to the websites they want to visit.

In a new online project launched Thursday, researchers from the University of Toronto and York University have partnered with Open Media to create a tool to show the paths Canadians’ internet data take when they access websites or send online communications.

While past estimates have suggested roughly 90 per cent of Canadian internet traffic is routed through the United States — particularly in cases where a Canadian visits an American or foreign website — the new data gathered so far by the researchers build on that and suggest that even when both the origin and destination of the traffic are in Canada, there’s still a one-in-four chance it goes through the U.S.

“I think most Canadians would be really surprised to learn that quite so much of our internet traffic, even our domestic Canada-to-Canada traffic, actually ends up being routed through the U.S.,” said David Christopher, spokesperson for Open Media.

“Canada’s lack in sufficient internet exchange points within our borders is really a big reason why so much of our traffic does travel through the U.S. I think nowadays a lot of people think of the internet as almost like a cloud and I think a lot of people don’t put a lot of thought into what happens when we visit a website on the other side of the country.”

Read more here

#CyberFLASH: Next year’s Ontario literacy test will be paper-only as investigation into cyber attack continues

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscaleAfter widespread technical issues forced the cancellation of the first-ever online Ontario literacy test earlier this year, the agency tasked with administering the exam says next year’s version will be paper only.

The Education Quality and Accountability Office (EQAO) said Friday it would be temporarily shelving the online version of the test after its October launch was marred by a cyberattack. The organization said it still hasn’t successfully completed a large enough trial of the system since the attack and doesn’t know when the online version will be ready to use.

“Given the considerable frustration and anxiety that resulted from the cyberattack, EQAO feels that it would be irresponsible to put students at risk of any further issues without having completed a successful large-scale online trial,” the agency said in a news release.

The announcement comes after a brand new system for administering the test online crashed in October, leaving many students unable to complete the test.

The EQAO said the network was the target of an “intentional, malicious and sustained” cyberattack involving a “vast set of IP addresses around the globe.”

Most of the province’s 900 secondary schools — representing some 147,000 students — had signed up to participate in the test, which was a technical trial run before the first official test scheduled next year.

Read more here

#CyberFLASH: Google, B.C. firm duel over free speech, copyright in Supreme Court battle

google-logo-jpg-size-custom-crop-1086x714OTTAWA—A legal fight between Internet giant Google and a British Columbia technology company unfolds today in the Supreme Court of Canada, where they will duel over competing free speech and copyright infringement issues.

At issue is whether Canadian courts have the jurisdiction to make sweeping orders to block access to content on the Internet beyond Canada’s borders.

Google is challenging a 2015 ruling by the British Columbia Court of Appeal that ordered it to stop indexing or referencing websites linked to a company called Datalink Technologies Gateways.

The B.C. appeal court granted that injunction at the request of Equustek Solutions Inc., which won a judgment against Datalink for essentially stealing, copying and reselling industrial network interface hardware that it created.

Equustek wanted to stop Datalink from selling the hardware through various websites and turned to Google to shut down references to them.

Initially, Google removed more than 300 URLs from search results on Google.ca, but more kept popping up, so Equustek sought — and won — the broader injunction that ordered Google to impose a worldwide ban.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.