#CyberFLASH: Police chiefs want law that would force people to reveal passwords

iStock_63192683_MEDIUMCanada’s police chiefs want a new law that would force people to hand over their electronic passwords with a judge’s consent.

The Canadian Association of Chiefs of Police has passed a resolution calling for the legal measure to unlock digital evidence, saying criminals increasingly use encryption to hide illicit activities.

There is nothing currently in Canadian law that would compel someone to provide a password to police during an investigation, RCMP Assistant Commissioner Joe Oliver told a news conference Tuesday.

Oliver said criminals — from child abusers to mobsters — are operating online in almost complete anonymity with the help of tools that mask identities and messages, a phenomenon police call “going dark.”

“The victims in the digital space are real,” Oliver said. “Canada’s law and policing capabilities must keep pace with the evolution of technology.”

The police chiefs’ resolution comes as the federal government begins a consultation on cybersecurity that will look at issues including the best way to balance online freedoms with the needs of police. The consultation runs until Oct. 15.

Police demands for access to online communications and the concerns of civil libertarians about privacy rights have created tensions around the globe in recent years.

Read more here

#CyberFLASH: How much do we really know about the Canadian intelligence community?

csis.jpg.size.xxlarge.letterboxLast year American whistle-blower Edward Snowden proclaimed that Canadian intelligence agencies have the “weakest oversight” in the Western world and compared the Canadian government’s Bill C-51 to George W. Bush’s post-9-11 U.S. Patriot Act.

Canada became a surveillance state under the Stephen Harper Conservatives. In 2014, for example, it came to light that the Government Operations Centre was monitoring residents of Newfoundland and Labrador, including Indigenous Peoples, residents of the Island’s west coast who opposed fracking, and fishermen who were protesting shrimp quotas. This ongoing problem is further complicated by multiple transnational intelligence sharing agreements, in place since World War II, that remain largely unknown to the general public.

Indeed, the rise of the surveillance state is a global phenomenon that cannot be separated from the rise of the internet. But in Canada, because of the lack of any credible oversight, it has played out in a very specific way. This has everything to do with what the Canadian public knows—and more importantly, does not know—about Canadian intelligence agencies.

Canada’s new and highly invasive so-called anti-terror legislation came into force last year with the support of then-Opposition Leader Justin Trudeau and the Liberal caucus. The Trudeau Liberals knew that in order to win the election they would need to undo—or at least promise to undo—much of the damage done by their predecessors. They would have to address the alienation felt by Canadians from having a government that used national security as an excuse to trade away its citizens’ freedom and civil liberties.

Unfortunately, they have yet to repeal or even reform Bill C-51, and recent terrorist attacks in Europe, the U.S, and here at home in Canada have provided the perfect backdrop against which to further delay the process. On August 10, for example Aaron Driver, a 24-year-old Canadian citizen who was allegedly plotting a terrorist attack in the southern Ontario town of Strathroy, died in a confrontation with police who were following up on a tip from the FBI.

Read more here

#CyberFLASH: U.S. law can’t force American service providers to turn over foreign data: Court

Close up of wooden gavel at the computer keyboardOrganizations worried about the ability of American law enforcement agencies to get at electronic data in foreign data centres have at least some temporary relief after a U.S. federal appeal court ruled the government can’t force Microsoft to turn over a customer’s email held in Ireland.

In a decision released Thursday the court said a search warrant issued under the Stored Communications Act (SCA), which obliges U.S.-based service providers to hand over electronic records under certain circumstances, cannot apply to data held outside the United States and its territories.

Neither the SCA, nor its sister legislation, the Electronic Communications Privacy Act, implicitly or explicitly envision the application of warrants overseas, the appeal court ruled.

A lower court held Microsoft in contempt for refusing to obey the warrant following a long court fight that began in 2013 when the government sought email of a suspected narcotics dealer.

However, while the appeal court decision stands for now, the Obama administration could take the fight to the U.S. Supreme Court. And in an interview Halifax privacy lawyer David Fraser noted Congress could also amend the SCA to specifically say its warrants and subpoenas apply outside the U.S.

The ruling “is one which with I am pleased,” said Fraser, who acts for a number of U.S. technology companies in Canada who intervened in the case. “This is a very important case for determining some very important questions for determining, at least in this case, how far the United States government can reach through the Internet but outside the territory of the United States to compel access to content. But in the big picture it also relates to an will likely have an effect on the extent can other countries do the same sort of thing.”

He noted a growing number of privacy lawyers and professionals are watching this case, particularly after the revelations of former NSA contractor Edward Snowden on the electronic data gathering power of a number of countries, including Canada.

Read more here

#CyberFLASH: Canadians aren’t up for mass surveillance

mobile-securityWhen Ralph Goodale and David McGuinty headed to the UK and France last January to get ideas about overseeing national security issues in Canada, it seemed like an intelligent thing to do.

But did our public safety minister and his MP colleague go to the wrong place?

The Liberals, after all, are trying to amend Bill C-51, a controversial piece of anti-terrorism legislation that Canadians don’t like. No wonder. What’s to like about a government—sanctioned police state law?

Under Harper-era legislation, the Canadian Security Intelligence Service (CSIS) was empowered to operate outside the Charter of Rights, which gave it authority to violate citizens’ constitutional rights. And Canada’s cyber intelligence agency, the Communications Security Establishment (CSE) was allowed to conduct mass collection of information on Canadians without a specific target.

Based on their attitudes towards mass surveillance, Britain and France are hardly the countries to help Canada rein in the excesses of Bill C-51.

According to a YouGov survey of 15,000 people reported this week by Amnesty International, citizens of Britain, France and the Philippines were most comfortable with government eavesdropping. Britain was one of three countries out of 13 surveyed where more people favoured surveillance of all people — British citizens, foreigners, and foreign countries, than favoured monitoring none of them.

Read more here

#CyberFLASH: Canada lags U.S. privacy rules for ISPs

web-na-bell-hacker13nw1As the U.S. communications regulator unveiled a plan last week to hold Internet providers to a higher standard on customer privacy, Canadians might have felt a sense of déjà vu.

The Federal Communications Commission (FCC) announced a proposal on Wednesday that, if finalized, would require U.S. broadband Internet service providers (ISPs) to obtain “opt-in” consent from customers before sharing their information with third parties such as advertisers.

Under the proposal, ISPs could still use customer information for their own billing and marketing purposes – for example, an ISP that sees a customer is streaming a lot of data would be permitted to offer that customer an upgraded service package. However, broadband providers would have to expressly ask for consent before they share customer data. “When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy,” the FCC said in a statement.

It’s an issue that already came to the fore in Canada after BCE Inc.’s targeted online-advertising program, which tracked cellphone users’ browsing habits, app usage and phone calls to provide information to third-party advertisers and display specially tailored ads. That program sparked an investigation by the federal Office of the Privacy Commissioner (OPC) and a complaint to the Canadian Radio-television and Telecommunications Commission (CRTC).

The OPC inquiry concluded last April that BCE should have given its users the chance to opt-in to having their behaviour tracked rather than automatically tracking them. The federal privacy watchdog had no power to impose an order on BCE that would have forced it to change its approach (which did allow users to opt-out from consent), but the OPC said it was considering taking the matter to court. BCE eventually said it would withdraw its “Relevant Ads” program.

Internet users are often asked to surrender a certain amount of personal information – such as location data, browsing habits and demographic details – in exchange for using a “free” service such as Google’s e-mail platform or an app such as Facebook. But the BCE targeted-ads case raised the difficult question of why Internet users should sacrifice some of their privacy to a service provider they are already paying.

Read more here

#CyberFLASH: Awareness campaign and challenge to Canadian “security” bill C-51

160121_cv1cx_rci-m-portest_sn635

It’s known more commonly as “the anti-terrorism act” and was passed into law last year by the former Conservative government.

Bill C-51’s official, long and complicated name is, “An Act to enact the Security of Canada Information Sharing Act and the Secure Air Travel Act, to amend the Criminal Code, the Canadian Security Intelligence Service Act and the Immigration and Refugee Protection Act and to make related and consequential amendments to other Acts”.

The group, Canadian Journalists for Free Expression (CJFE) has launched a publicity campaign called “#my privacy campaign” and along with the Canadian Civil Liberties Association (CCLA) has also launched a legal challenge saying the law contravenes aspects of Canada’s Charter of Rights and Freedoms.

The public awareness campaign is to push the current Liberal government to follow up on their election promise to repeal what they deem the “problematic elements” of the bill, and the government’s recently announced intention to hold a broad consultation process.

Bill C-51, now law, was inspired by several indirect threats and two high-profile killings of soldiers in Canada in 2014, labelled jihadist-inspired terrorist actions.

In one, a man used his car to run down two soldiers, killing one. He was chased by police and when his car crashed, police shot him as he approached carrying a knife. In the other, a lone gunman shot a soldier on honourary guard duty at the Tomb of the Unknown Soldier before running across the street to the Parliament buildings where a shootout occurred and that gunman killed.

The former Conservative government then proposed the omnibus bill as a way to increase Canadian security.

Read more here

#CyberFLASH: Toward the quantum Internet

2016-01-07-Helmy-sizedAfter terror attacks last year in Europe and Africa, speculation swirled that the plotters may have been using smartphone apps to encrypt their communications.

Now, Professor Amr Helmy of the University of Toronto’s Faculty of Applied Science and Engineering is leading research that could break open such encryption while ensuring the security, privacy and confidentiality of legitimate communications.

Helmy’s work is supported by a Connaught Global Challenge Award. The award, funded by U of T’s Connaught Fund, was established in 2011 to support interdisciplinary approaches to problems of global significance. Proposals come from the U of T research community, involve large teams from multiple disciplines and are subjected to the highest level of international peer review.

As more people and businesses move crucial operations online, digital security has become a challenge of global significance. Modern encryption ciphers can only be broken with powerful computers, much faster than those commercially available today. Quantum computing and quantum cryptography harness the physical laws of quantum mechanics to provide both speed and security improvements many orders of magnitude better than today’s state-of-the-art.

“A technological platform that provides a significant leap forward is sorely needed,” says Helmy. “My personal vision is for a quantum Internet that can go farther beyond quantum-based security – that can afford distributed quantum information processing, where quantum computers are connected by quantum communications.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.