#CyberFLASH: Security agencies must obey letter of law, Trudeau says amid surveillance fears


OTTAWA — Justin Trudeau says his government will ensure security and spy agencies follow the “letter and spirit” of the law, amid mounting concerns they have trampled the privacy of journalists and other Canadians.

In a roundtable interview this week with The Canadian Press, the prime minister stressed that national security agencies must protect Canadians but also safeguard the laws and values the public cherishes.

Trudeau’s words come as the Liberal government wraps up a national consultation on federal security policy and they follow two recent episodes that heightened public concern about unwarranted surveillance.

It emerged last month that the Montreal and Quebec provincial police forces had been tracking the communications of several journalists. Only days later, a Federal Court judge found the Canadian Security Intelligence Service had broken the law by keeping and analyzing information about the communications of innocent people — potentially revealing data that was collected during investigations into actual suspects.

There are also nagging questions about whether CSIS has used its considerable powers to monitor media members.

In the interview, Trudeau said the Liberals would “make sure that our security agencies and intelligence agencies obey the letter and the spirit of the laws that frame them.”

Read more here

#CyberFLASH: National electronic intelligence agency executive calls for ‘rational debate’ on encryption

cse-headquarters-file-jpg-size-custom-crop-1086x722OTTAWA–Canadians are being encouraged to ask more questions about the security of their electronic devices from an unlikely source — an executive at the country’s electronic intelligence agency.

Scott Jones, the deputy director of IT security at the Communications Security Establishment, said Canadians need to start taking a greater interest in how their electronic devices protect personal information.

“We should be asking when we go and buy the stuff we have at home, OK, tell me how it’s being protected,” Jones said in an interview.

“If it’s my cellphone, does it have encryption if I lose it? Can somebody just read the data off of it or not? We need to start asking questions like that … We need to start helping each other, and helping citizens, helping businesses, helping the government when we’re buying these products they need to be secure by default.”

It may come as a bit of a surprise to hear an employee at CSE counselling Canadians to protect private information. The agency, which has largely operated in secret since its creation at the end of the Second World War, was thrust into the spotlight after U.S. whistleblower Edward Snowden’s disclosures.

CSE is part of the Five Eyes security alliance, which includes spy agencies in the United States, the United Kingdom, Australia and New Zealand. Snowden’s disclosures revealed the mass surveillance programs used by those countries, including programs that scooped up their own citizens’ data.

Jones’ comments also come as law enforcement agencies in the U.S. and Canada are forcefully arguing for the need to limit encryption — calling for so-called “back doors” that would let authorities decode citizens’ data.

Read more here

#CyberFLASH: Prepare for threat of quantum computing to encrypted data, Canadian conference told

feature-quantum-computing-quantum-information-science-620x250The race to create new cryptographic standards before super-fast quantum computers are built that can rip apart data protected by existing encryption methods isn’t going fast enough, two senior Canadian officials have warned a security conference.

“I think we are already behind,” Scott Jones, deputy chief of IT security at the Communications Security Establishment (CSE), responsible for securing federal information systems, told the fourth annual international workshop on quantum-safe cryptography in Toronto on Monday.

Quantum computing – or more accurately, computers that use quantum mechanics – is not a dream, Jones and others told the conference of business executives, crypto academics, IT companies and government officials. One prediction is there’s a one in seven chance that by 2026 a quantum computer will exist that can break RSA-2048 encryption. It may take longer — or, if there’s an advance, shorter.

“Quantum represents a fundamental change and challenge to encryption for all of us,” Jones said, noting that encrypted transactions are the backbone of security and trust on the Internet.

His comments were backed by David Sabourin, CSE’s manager of cryptographic security, who said that if the 2026 prediction is right “we’re in trouble.” Speaking on a panel of government experts, Sabourin noted the U.S.-based National Institute of Standards and Technology (NIST) will close its call for proposed new and more quantum-secure public key encryption algorithms next year. Then it will take a couple of years of review, which means products that can use new crypto standards might be released in 2025 – and then start to be implemented around the world. So 2026 will be “messy,” he concludes, with organizations rushing to install new solutions.

Read more here

#CyberFLASH: Federal spies suddenly intercepting 26 times more Canadian phone calls and communications

five_eyes_spies_20160603OTTAWA — Interception of Canadians’ private communications by the federal electronic spy agency increased 26-fold last year, for reasons authorities won’t fully explain.

And despite commitments between Canada and its intelligence-sharing allies to respect the privacy of each nation’s citizens, the volume of information on Canadians collected by allied intelligence agencies and informally shared with Canada’s spies has grown to the point that it now requires a formal mechanism to cope with all the data.

At least one intelligence expert is concerned the change sidesteps the spirit of Canadian privacy laws.

Details are contained in the latest annual report by the independent, external oversight organization that reviews activities of the Canadian Security Establishment (CSE), Ottawa’s super-secret foreign signals intelligence agency. Quietly tabled in Parliament July 20, the report concludes CSE’s 2015-16 activities were lawful.

But the watchdog Office of the Commissioner of the Communications Security Establishment notes CSE intercepted 342 private communications in 2014-15, compared to just 13 for the previous year.

By law, CSE can only target communications of foreign entities outside Canada. If one end of that communication is in Canada, making it a “private communication,” it requires a written authorization from the minister of national defence, responsible for the CSE, and only if it is essential for “international affairs, defence or security.”

Read more here

#CyberFLASH: How much do we really know about the Canadian intelligence community?

csis.jpg.size.xxlarge.letterboxLast year American whistle-blower Edward Snowden proclaimed that Canadian intelligence agencies have the “weakest oversight” in the Western world and compared the Canadian government’s Bill C-51 to George W. Bush’s post-9-11 U.S. Patriot Act.

Canada became a surveillance state under the Stephen Harper Conservatives. In 2014, for example, it came to light that the Government Operations Centre was monitoring residents of Newfoundland and Labrador, including Indigenous Peoples, residents of the Island’s west coast who opposed fracking, and fishermen who were protesting shrimp quotas. This ongoing problem is further complicated by multiple transnational intelligence sharing agreements, in place since World War II, that remain largely unknown to the general public.

Indeed, the rise of the surveillance state is a global phenomenon that cannot be separated from the rise of the internet. But in Canada, because of the lack of any credible oversight, it has played out in a very specific way. This has everything to do with what the Canadian public knows—and more importantly, does not know—about Canadian intelligence agencies.

Canada’s new and highly invasive so-called anti-terror legislation came into force last year with the support of then-Opposition Leader Justin Trudeau and the Liberal caucus. The Trudeau Liberals knew that in order to win the election they would need to undo—or at least promise to undo—much of the damage done by their predecessors. They would have to address the alienation felt by Canadians from having a government that used national security as an excuse to trade away its citizens’ freedom and civil liberties.

Unfortunately, they have yet to repeal or even reform Bill C-51, and recent terrorist attacks in Europe, the U.S, and here at home in Canada have provided the perfect backdrop against which to further delay the process. On August 10, for example Aaron Driver, a 24-year-old Canadian citizen who was allegedly plotting a terrorist attack in the southern Ontario town of Strathroy, died in a confrontation with police who were following up on a tip from the FBI.

Read more here

#CyberFLASH: BCCLA says warrantless spying on Canadians must end

computer-closeupThe B.C. Civil Liberties Association is in federal court seeking access to government documents it says it needs for its ongoing court case on the alleged illegality of Canada’s spying program.

Special post-9/11 powers allow the Communications Security Establishment (CSE) to collect phone, email and internet-use details from Canadians communicating with other countries and share that information with other Five Eyes countries.

Five Eyes is an intelligence alliance consisting of Australia, Canada, New Zealand, the U.K. and the U.S.

In a lawsuit originally launched in 2013, the BCCLA maintains the collection of this data violates the Charter of Rights and Freedoms and should be stopped — but it needs more documentation to make its case.

“The CSE is engaged in what is surely one of the largest warrantless surveillance activities directed at Canadians,” the BCCLA’s litigation director, Grace Pastine, told On The Coast guest host Michelle Eliot.

“We’re seeking information that will tell us what kind of information the CSE is collecting, how they are storing it, who they are sharing it with and how long they’re keeping it for. We believe Canadians have a right to know what one of their federal spy agencies is doing and the privacy protections that are in place.”

Read more here

#CyberFLASH: CSE acting like it’s above the law

1297806634517_ORIGINALWhat the rest of the country calls accountability, Canada’s electronic spies, the Communications Security Establishment (CSE), paints as a threat to security. It’s a tried and true tactic for intelligence agencies here and abroad when public scrutiny begins to stir.

According to the Star’s Alex Boutilier, Federal Privacy Commissioner Daniel Therrien is in a protracted battle with the CSE to make them comply with laws mandating the reporting of material privacy breaches by government agencies. Predictably, the CSE has played the national security card: they are above the laws everyone else follows because accountability could betray their methods to the nation’s adversaries.

The history of organizations in Canada that believe they are above the law is not a happy one for either citizens or the organizations themselves. Just ask the RCMP about its defunct Security Service. They were shut down after being discovered to have perpetrated a string of break-ins, acts of vandalism and other crimes out of fealty to the paranoid mission of the day during the early 1970s: defeating communism and separatism.

Doubtless, the Security Service probably wouldn’t have thought too much of meddlesome privacy commissioners either, especially if reporting requirements meant exposing the scale of its nefarious activities.

Indeed, scale has always been a sore point for the CSE, too. Perhaps the number and type of material privacy breaches is a distant but somewhat reasonable proxy for the magnitude of invasive surveillance ordinary Canadians are subjected to every day on the Internet by way of metadata collection programs.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.