#CyberFLASH: Video game companies are collecting massive amounts of data about you

tab-na-xmas-gamers19-101jpg.jpg.size.xxlarge.letterboxOTTAWA—For many of us unwrapping new video game systems this holiday season, the “terms and conditions” will be a vague memory between taking the console out of the box and finally getting to play Fallout 4.

But with more and more video game companies collecting ever greater amounts of data about their customers, privacy advocates are starting to warn about risks to gamers’ personal privacy — as well as the dangers in normalizing surveillance.

“A lot of people have argued in various circles that the fun applications of having your privacy invaded are actually, in a lot of ways, a gateway to getting used to sort of bigger changes,” said Alex Cybulski, a doctoral candidate at the University of Toronto studying technology and privacy issues.

“You would probably be a little weirded out if you found out how widely facial recognition systems are used in a lot of contexts, but a lot of people didn’t really bat an eyelash when they were getting facial recognition systems in Facebook or on a camera that recognizes people’s faces.”

“People see those playful contexts and I think it desensitizes them a bit.”

Before we get into the scope of the problem — and what gamers can do to protect their information — we need to understand what kinds of information companies are collecting.
Cybulski argued in a recent article that, far from being a new development, surveillance and video games have gone together since at least 2005 with the release of the Xbox 360.

Read more here

#CyberFLASH: IXmaps illustrates how your “local” data travels through the NSA’s jurisdiction

IXmapsA new online database called IXmaps has gone live, put together by University of Toronto researchers and funded by the .CA Community Investment Program, to help Canadians understand how their data traffic moves, particularly how it moves through nodes in the United States and therefore under the jurisdiction of the U.S. National Security Agency.

The project is also designed to offer Canadians a sense of agency, in that you personally can contribute to the project, adding to the 40,000 internet routes already crowdsourced in the IXmaps database.

The most concerning point made by the project, for those that didn’t know already, is the fact that even if you’re sending an email from Point A (Halifax, let’s say) to Point B (any other Canadian destination), the data will almost definitely pass through an American data traffic hub and swept into the NSA info dragnet.

“There is nothing inherently wrong with data moving unencumbered across an interconnected global Internet infrastructure,” says the University of Toronto’s Andrew Clement. “It is, however, critical that Canadians understand the implications of their data being stored on U.S servers and moving through U.S. jurisdiction. ISPs need to be transparent, privacy protective and accountable custodians of user information in this regard. Internet users should be fully informed consumers and citizens when making choices about their sensitive personal data.”

And even if you’re not sending an email, but merely using a service like Facebook, Google, YouTube or Amazon, these are American companies operating in American jurisdictions, so again, subject to data snooping and the hysterical overreach of the Patriot Act.

Read more here

#CyberFLASH: There Has Been a ‘Sea Change’ in Privacy Rights in Canada, Warns Watchdog


The man tasked with defending Canadians’ personal information, once decried as a government stooge, directly chastised the federal government over its efforts to track and surveil Canadians — and recommended that the new government put safeguards on how the government uses “big data” to spy on its citizens.

In his annual report, Daniel Therrien, the Privacy Commissioner of Canada, looked at three pieces of legislation that “taken together, these initiatives have resulted in what can only be described as a sea change for privacy rights in Canada.”

The first, C-44, allows Canadian spies to operate abroad and gives them more ability to obtain information without disclosing its origins; C-13, which creates new legal authority for cops and public servants to obtain Canadians’ personal data without a warrant; and C-51, the anti-terrorism legislation that opens the door for wide new intelligence-gathering and sharing.

All three bills, which are now law, were introduced by the Conservatives, but supported by the Liberals.

The Liberals have said they will change aspects of C-51, but have said little about the other two pieces of legislation.

In his report, released last week, Therrien recommended fixes for each bill — that the government include language to prevent CSIS from obtaining and using data that has been obtained through torture; that the law be updated to clarify when police are allowed to obtain Canadians’ data from their internet or cellphone companies without a warrant; and that legislation be introduced to toughen protections for Canadians’ privacy when departments want to share their information.

C-51 especially raised the ire of the commissioner.

Read more here

#CyberFLASH: Warrantless access to internet subscriber data OK sometimes, privacy czar says

daniel-therrien-privacy-commissioner-20140603The federal privacy czar says there are instances when police may not need a warrant to obtain “very limited sets” of internet customer information.

There could be a way to meet at least some law-enforcement demands for warrantless access to information while respecting a key Supreme Court of Canada ruling, privacy commissioner Daniel Therrien said in an interview.

In June last year, the Supreme Court ruled police must have a judge’s authorization to obtain customer data linked to online activities.

The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.

Police say telecommunications companies and other service providers — such as banks and rental companies — now demand court approval for nearly all types of requests from authorities for basic identifying information.

The Supreme Court judgment came amid mounting public concern about authorities quietly gaining access to customer data with little independent scrutiny.

Read more here

#CyberFLASH: TTC allowing data collection of riders at subway stations

smartphone-2TORONTO — Free Wi-Fi may come at the cost of privacy for riders at TTC stations across Toronto. For the month of December, passengers who want to go online will have to do so using a Twitter account.

This grants Internet service provider BAI Canada access to riders’ tweets, personal information, and a list of their followers.

Privacy advocates say this isn’t a good direction for a publicly funded transit system.

“People tend to underestimate the value of privacy,” said Ann Cavoukian, Executive Director of Ryerson’s Privacy and Big Data Institute.

“I always tell both public sector and private sector companies, ‘You will be mistaken if you make that error,’ because increasingly, every survey shows this, the public is becoming much more distrustful of organizations that attempt to collect their identifiable data.”

The TTC says they are not forcing riders to use their service, and the current sign-in protocols are only for the month of December.

Read more here

#CyberFLASH: Paris attacks put Canada’s Internet privacy laws at risk

spy_eye_648As the world grapples with the recent terrorist attacks in Paris, the policy implications for issues such as the acceptance of refugees and continued military participation in the fight against ISIS have unsurprisingly come to the fore. The attacks have also escalated calls to reconsider plans to reform Canadian privacy and surveillance law, a key election promise from the Trudeau government.

Despite the temptation to slow the re-examination of Canadian privacy and surveillance policy, the government should stay the course. The Liberals voted for Bill C-51, the controversial anti-terror law, during the last Parliament, but promised changes to it if elected.

Even in the face of a renewed terror threat, those changes remain essential and should not have an adverse impact on operational efforts to combat terror threats that might surface in Canada.

The Liberals promised to establish an all-party review mechanism similar to those found in many other countries that will bring members of Parliament into the oversight process.

The Conservatives’ opposition to increased oversight was always puzzling since oversight alone does not create new limitations on surveillance activities. Rather, it helps ensure that Canada’s surveillance and police agencies operate within the law and restores public confidence in those entrusted with Canadian security.

The other Liberal commitments would similarly address oversight without curtailing surveillance powers. For example, the party promised to increase the powers of the Privacy Commissioner of Canada and to add a mandatory three-year review provision to the law.

Read more here

#CyberFLASH: Homeland Security helps Canadian cops nab criminals

computer-laptop-keyboard-852They received no acknowledgement in court on the day of sentencing, but U.S. Department of Homeland Security personnel helped track down an Ontario man suspected by the Royal Newfoundland Constabulary and local RCMP of child luring.

Brian Donald’s case is not the only occasion where the U.S. agency has helped Canadian law enforcement, specifically by obtaining and using administrative subpoenas to gather information from U.S.-based Internet companies.

Why the collaboration? Because U.S.-based social media companies with U.S.-based records operate under U.S. jurisdiction.

The now-common and accepted Canada-U.S. interactions allow for more effective policing. But they also tie in with the ongoing and important discussion about governments’ and law enforcement’s access to web user data.

There is a need for the public and lawmakers to know more about how police on both sides of the border work, when they are working within their laws, plus exactly how and why they interact.

In 2014, in R vs. Spencer, the Supreme Court of Canada indicated warrants are generally required when police go to telecom companies in Canada (Shaw, Bell, Rogers, etc.) seeking to compel the release of identifying information for an online account, based on an Internet Protocol (IP) address.

Read more here

#CyberFLASH: Researchers to study big data collection used on Canadians

91910728A group of prominent researchers has signed on to study what information is being collected about Canadians and what it’s being used for, saying the public remains largely in the dark on the mass accumulation of personal data.

The five-year project, which will be led by the Surveillance Studies Centre at Queen’s University in Kingston, Ont., will examine the use of what’s known as “big data.”

The B.C. Civil Liberties Association, University of Victoria and B.C.’s privacy commissioner are among the organizations that have joined the project as partners.

Micheal Vonn, the civil liberties association’s policy director, said Tuesday that big data consists of massive, complex data sets. The decisions made from such data, she said, can adversely affect individual rights and threaten privacy – though much about the collection of the data and its use is unknown.

“Big-data surveillance is one of the leading human-rights issues of the 21st century,” Ms. Vonn said in an interview.

Among other things, she said, the project will examine how organizations track individuals’ activities and social media use.

“We have one stream that is devoted to looking at big data in the context of national security. Another stream is devoted to what’s called marketing, but will also include things that many people don’t see in marketing, like … political parties’ databases and how they go about targeting the electorate,” she said.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.