#CyberFLASH: One quarter of Canadian online traffic vulnerable to NSA sweeps: researchers

leaked_data_focus_455234A large amount of Canadian internet traffic is being routed through the United States, leaving it vulnerable to collection and probing by the National Security Agency.

And most Canadians have no idea of how exposed they are to American data sweeps, say the researchers behind a new tool that aims to show Canadians what path their internet traffic takes to connect to the websites they want to visit.

In a new online project launched Thursday, researchers from the University of Toronto and York University have partnered with Open Media to create a tool to show the paths Canadians’ internet data take when they access websites or send online communications.

While past estimates have suggested roughly 90 per cent of Canadian internet traffic is routed through the United States — particularly in cases where a Canadian visits an American or foreign website — the new data gathered so far by the researchers build on that and suggest that even when both the origin and destination of the traffic are in Canada, there’s still a one-in-four chance it goes through the U.S.

“I think most Canadians would be really surprised to learn that quite so much of our internet traffic, even our domestic Canada-to-Canada traffic, actually ends up being routed through the U.S.,” said David Christopher, spokesperson for Open Media.

“Canada’s lack in sufficient internet exchange points within our borders is really a big reason why so much of our traffic does travel through the U.S. I think nowadays a lot of people think of the internet as almost like a cloud and I think a lot of people don’t put a lot of thought into what happens when we visit a website on the other side of the country.”

Read more here

#CyberFLASH: Next year’s Ontario literacy test will be paper-only as investigation into cyber attack continues

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscaleAfter widespread technical issues forced the cancellation of the first-ever online Ontario literacy test earlier this year, the agency tasked with administering the exam says next year’s version will be paper only.

The Education Quality and Accountability Office (EQAO) said Friday it would be temporarily shelving the online version of the test after its October launch was marred by a cyberattack. The organization said it still hasn’t successfully completed a large enough trial of the system since the attack and doesn’t know when the online version will be ready to use.

“Given the considerable frustration and anxiety that resulted from the cyberattack, EQAO feels that it would be irresponsible to put students at risk of any further issues without having completed a successful large-scale online trial,” the agency said in a news release.

The announcement comes after a brand new system for administering the test online crashed in October, leaving many students unable to complete the test.

The EQAO said the network was the target of an “intentional, malicious and sustained” cyberattack involving a “vast set of IP addresses around the globe.”

Most of the province’s 900 secondary schools — representing some 147,000 students — had signed up to participate in the test, which was a technical trial run before the first official test scheduled next year.

Read more here

#CyberFLASH: Google, B.C. firm duel over free speech, copyright in Supreme Court battle

google-logo-jpg-size-custom-crop-1086x714OTTAWA—A legal fight between Internet giant Google and a British Columbia technology company unfolds today in the Supreme Court of Canada, where they will duel over competing free speech and copyright infringement issues.

At issue is whether Canadian courts have the jurisdiction to make sweeping orders to block access to content on the Internet beyond Canada’s borders.

Google is challenging a 2015 ruling by the British Columbia Court of Appeal that ordered it to stop indexing or referencing websites linked to a company called Datalink Technologies Gateways.

The B.C. appeal court granted that injunction at the request of Equustek Solutions Inc., which won a judgment against Datalink for essentially stealing, copying and reselling industrial network interface hardware that it created.

Equustek wanted to stop Datalink from selling the hardware through various websites and turned to Google to shut down references to them.

Initially, Google removed more than 300 URLs from search results on Google.ca, but more kept popping up, so Equustek sought — and won — the broader injunction that ordered Google to impose a worldwide ban.

Read more here

#CyberFLASH: Security vs. privacy: Technology changes, rights don’t

cpt107-securityprivacy201The stakes are considerable, which is why the folks who run the national security apparatus have quietly and not-so-quietly been laying down markers as Ottawa reviews their powers. The argument goes they need more tools, and more leeway, to do their important work.

Maybe. Maybe not.

Canada’s federal Privacy Commissioner Daniel Therrien and his provincial and territorial counterparts are sounding a much-needed note of caution in a joint brief submitted as part of the ongoing security review.

“It is important that we not forget the lessons of history. One of these lessons is that once conferred, new state powers are rarely relinquished,” the document reads.

That’s true, as is the fact the expansion of state powers of surveillance over the past 15 years has resulted in “too many cases of inappropriate and sometimes illegal conduct by state officials,” including violations of privacy and other civil rights.

If Bill C-51, the former Conservative government’s anti-terrorism legislation, was an overreach, the attempt to fix it ought not to make things worse.

Mr. Therrien and his colleagues rightly raise the alarm over Ottawa’s apparent willingness to widen, rather than restrict, things like the collection of metadata. They argue that authorizations to gather metadata ought to meet elevated standards and require judicial, not merely administrative, sign-off. They’re right.

The privacy commissioners’ submission also points out that increased monitoring of online activities has a “potential chilling effect” that could defeat the purpose of having more powerful snooping tools; when people think they’re being watched, they go further underground. We could end up diminishing the freedom of many, without increasing security against the violent few. It’s an important consideration in online anti-radicalization efforts.

Read more here

#CyberFLASH: Canadian Cyber Threat Exchange ready to start membership push

computer-passwords

After months of planning the country’s first national IT threat service has issued its first threat report to a few early members and is ready to launch a campaign to expand its numbers, including lowering its fee for small businesses.

”We didn’t want cost to be a barrier to people being able to get in,” Robert Gordon, executive director of the Canadian Cyber Threat Exchange (CCTX) said Wednesday in explaining why the introductory fee for a small business was cut from $5,000 to $2,000 a year.

“Part of this is to raise cyber resiliency [among Canadian firms] as broad as we can.”

For the lower fee members will still get threat reports, but won’t be allowed to download electronic data feeds into their systems. Gordon said it was felt small companies wouldn’t benefit from that service. The exchange will discuss with these companies if there are other services that can be added.

Mid-size businesses can join for $20,000 a year and will be allowed to exchange threat data electronically (when it goes live early next year) and named access to the exchange’s proprietary knowledge database.

Gordon also said the exchange’s first monthly report was shown Wednesday at a closed symposium in Toronto for companies that have already signed up or are in the process of becoming paying members. Eventually that report will be issued weekly to members. Also, by the second week in February the exchange will have a portal the sharing of electronic threat data and an online collaboration space for members.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.