#CyberFLASH: Why 2017 will be a make-or-break year for Internet freedom

internet_freedom

2017 is here, and it’s clear it will be a make-or-break year for Internet freedom. Around the world, our digital rights are under threat as never before. Let’s take a look at some of the big challenges ahead.

In Canada, the federal government will soon be publishing its response to the national security consultation that closed in December. It’s abundantly clear that Canadians want the government to repeal Bill C-51 and deliver strong privacy rules to make us safe — but will the government listen, especially against the backdrop of a full-on RCMP propaganda campaign calling for even more invasive spy powers?

Also in Canada, the government is under pressure from industry lobbyists pushing a costly new Internet tax, a proposal that expert Michael Geist has called a “digital tax on everything.” This is a terrible idea that will deepen the digital divide, and force even more Canadians offline, in a country where low-income and rural residents are already struggling to stay connected. If the government pursues this, expect a big fight ahead.

South of the border, we’re now just weeks away from Donald Trump’s inauguration on January 20. On that day, Trump will secure not just the keys to the Oval Office, but also sweeping new powers to shape the future of the Internet for generations to come.

Based on Trump’s statements, we can expect to see a dramatic expansion of NSA and FBI spying powers. Worryingly, there are very few oversight mechanisms or limitations on what Trump can do with this power. And, given that so much surveillance activity takes place under a veil of near-total secrecy, it will be extremely difficult for citizens to hold Trump effectively to account.

Read more here

#CyberFLASH: Flight booking systems lack basic privacy safeguards, researchers say

GettyImages-556421117Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.

Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.

The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.

The world’s three major global distribution systems (GDS) – Amadeus, Sabre and Travelport – manage a majority of travel reservations but face growing competition from airlines and corporate travel and online booking sites.

“While the rest of the Internet is debating which second and third factors to use, GDSs do not offer a first authentication factor,” researchers at Berlin-based Security Research Labs said in a statement.

Read more here

#CyberFLASH: Amendments To US Criminal Procedure May Threaten The Privacy Of Canadians

computer-gimbal

The explosion of modern communications technology is increasingly connecting Canadians to the world abroad. Geographical boundaries and distances are no longer as significant as they once were. Today, our phones, the device most of us carry in our pockets, enables us to access our private and confidential information from anywhere in the world, at any time. This same digital interconnectedness, however, makes our information vulnerable to hackers and other criminal enterprises. Indeed, for all its miraculous connectivity and convenience, this brave new world presents unprecedented challenges.

Like never before, lawmakers are having to grapple with the tension between safeguarding our privacy on the one hand, and maintaining our security on the other. Canadians entrust lawmakers, as part of our democratic society, to seek a delicate balance – allowing law enforcement to do its job while preventing undue intrusion into our private affairs. Crucially, if we disagree with their approach, we are free to voice our objections at the ballot box.

Canadian law, however, applies only within Canadian borders. And as cybersecurity becomes more of concern, hackers may not be the only parties interested in Canadians’ private information. If foreign governments enact laws effectively granting their agents access to this information, even in limited circumstances, Canadians have little say in the matter.

Read more here

#CyberFLASH: Security agencies must obey letter of law, Trudeau says amid surveillance fears

hacker-stolen-passwords

OTTAWA — Justin Trudeau says his government will ensure security and spy agencies follow the “letter and spirit” of the law, amid mounting concerns they have trampled the privacy of journalists and other Canadians.

In a roundtable interview this week with The Canadian Press, the prime minister stressed that national security agencies must protect Canadians but also safeguard the laws and values the public cherishes.

Trudeau’s words come as the Liberal government wraps up a national consultation on federal security policy and they follow two recent episodes that heightened public concern about unwarranted surveillance.

It emerged last month that the Montreal and Quebec provincial police forces had been tracking the communications of several journalists. Only days later, a Federal Court judge found the Canadian Security Intelligence Service had broken the law by keeping and analyzing information about the communications of innocent people — potentially revealing data that was collected during investigations into actual suspects.

There are also nagging questions about whether CSIS has used its considerable powers to monitor media members.

In the interview, Trudeau said the Liberals would “make sure that our security agencies and intelligence agencies obey the letter and the spirit of the laws that frame them.”

Read more here

#CyberFLASH: Canada’s ICT industry says no to more police powers to access subscriber data

computer-gimbalThe information and telecommunications industry has lined up almost solidly against suggestions police should have access without a warrant to basic subscriber information they hold.

That’s the take-away from a number of industry association and service provider briefs filed last week as submissions closed for Public Safety Canada’s search for citizen and private sector opinions for a new national security framework.

Public Safety Canada issued a green paper for discussion last September calling for opinions on potentially changing federal laws and policies on several issues including loosening police and intelligence agency access to basic subscriber information, forcing communications service providers to hold for a set period of time to subscribers’ metadata, forcing for all communications service providers to buy communications interception equipment police can use, and making developers of encryption solutions to build in backdoors so law enforcement can unscramble protected documents.

In a word, the answer to all from the industry was “no.”

On warrantless access to basic subscriber information

–Information and telecommunications Association of Canada (ITAC), which lobbies for most of the country’s ITC firms including Bell Canada, Rogers Communications, Telus, IBM, HP-Enterprise and others, said in its submission that improving and standardizing paperwork would speed up police access. It also called for “clear rules designed to avoid police “fishing expeditions” that could contravene judicial requirements and privacy laws.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.