#CyberFLASH: National electronic intelligence agency executive calls for ‘rational debate’ on encryption

cse-headquarters-file-jpg-size-custom-crop-1086x722OTTAWA–Canadians are being encouraged to ask more questions about the security of their electronic devices from an unlikely source — an executive at the country’s electronic intelligence agency.

Scott Jones, the deputy director of IT security at the Communications Security Establishment, said Canadians need to start taking a greater interest in how their electronic devices protect personal information.

“We should be asking when we go and buy the stuff we have at home, OK, tell me how it’s being protected,” Jones said in an interview.

“If it’s my cellphone, does it have encryption if I lose it? Can somebody just read the data off of it or not? We need to start asking questions like that … We need to start helping each other, and helping citizens, helping businesses, helping the government when we’re buying these products they need to be secure by default.”

It may come as a bit of a surprise to hear an employee at CSE counselling Canadians to protect private information. The agency, which has largely operated in secret since its creation at the end of the Second World War, was thrust into the spotlight after U.S. whistleblower Edward Snowden’s disclosures.

CSE is part of the Five Eyes security alliance, which includes spy agencies in the United States, the United Kingdom, Australia and New Zealand. Snowden’s disclosures revealed the mass surveillance programs used by those countries, including programs that scooped up their own citizens’ data.

Jones’ comments also come as law enforcement agencies in the U.S. and Canada are forcefully arguing for the need to limit encryption — calling for so-called “back doors” that would let authorities decode citizens’ data.

Read more here

#CyberFLASH: Former CSIS head says Canada should have its own cyber-warriors

richard-faddenCanada’s former top spymaster says the country’s military should have the legal authority and capability to not only defend itself, but also to go on the attack in cyberspace as well.

Richard Fadden, the former director of the Canadian Security Intelligence Service and the ex-national security adviser to prime ministers Stephen Harper and Justin Trudeau, says he’s argued in the past that the threat in the online world is as serious as terrorism in the physical world.

At the moment, the Canadian military’s nascent cyber capability is restricted from going on the offensive to protect itself. Documents obtained by CBC News show that National Defence appears to be struggling to develop even a defensive stance.

“If we are going to allow that we’re going to have Canadian Forces abroad and they are facing cyberattacks, either communications or other, I think it’s totally reasonable to think seriously about whether or not we should give them the capacity to reach out and suppress before they are used against them,” Fadden told CBC Radio’s The Current on Wednesday.

The issue is partially framed in the Liberals’ defence policy review statement, which asks the public what sort of role the military should play in the online battle space.

Debate over whether Western militaries should adopt an offensive, or defensive, posture in cyberspace has been raging for months, particularly in the halls of NATO. The military alliance struggled to come up with a clear, coherent policy in the aftermath of Russia’s annexation of Crimea.

Read more here

#CyberFLASH:​ BlackBerry skirts RCMP decryption claims in privacy defence

image-3BlackBerry has released a statement defending its core corporate and ethical principles, saying it has been focused on protecting customer privacy.

In a blog post, BlackBerry executive chairman and CEO John Chen highlighted that BlackBerry’s guiding principle has been about doing what is right for its customers, within legal and ethical boundaries.

“We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good,” he said.

The statement released by Chen comes days after reports claiming the Royal Canadian Mounted Police (RCMP) obtained BlackBerry’s master encryption key, which enabled the Canadian police to intercept and decrypt around 1 million messages used by BlackBerry’s proprietary messaging technology.

The court documents relating to a Montreal crime syndicate case revealed BlackBerry and cellular network Rogers cooperated with law enforcement.

While it’s unclear how RCMP gained access to BlackBerry’s encryption key, it is believed BlackBerry “facilitated the interception process”.

BlackBerry is long known to have used a master encryption key, used on every device to scramble messages. This gives the company access to all communications over its systems, and would permit it to hand over data to law enforcement when asked. But since the Edward Snowden revelations it was widely assumed that at least one of the Five Eyes governments colluding in mass surveillance — of which Canada is a member — had acquired the keys.

Read more here

#CyberFLASH: Trudeau must defend cyberspace: PM’s advisers

CPT101318547_ContentOTTAWA — Defending and advancing a free, open and secure cyberspace is essential to Canada’s prosperity as well as its commitment to human rights and democracy, advisers have told Prime Minister Justin Trudeau.

The next several years will bring steady progress in the development of international frameworks for the digital realm, including Internet norms, agreements and governance arrangements, says a briefing note presented to Trudeau when he took office in November.

Repressive regimes want to harness communication networks to silence criticism, control information and limit access — threatening to undermine the open and connected nature of the Internet, warns the note obtained by The Canadian Press under the Access to Information Act.

“There is a window in which Canada, drawing on its diplomatic strengths, could help preserve the openness, resiliency and security of cyberspace on which Canadians and people across the globe have come to rely.”

The note stresses the role of the Internet — with three billion users, and another billion expected by 2017 — in driving economic growth and creating opportunities for social and democratic progress.

Canada is working closely with its Five Eyes partners — Britain, the United States, Australia and New Zealand — as well as Sweden, France, Germany, the Netherlands, the European Union and Mexico to sway emerging powers and other developing countries that have yet to take a firm stance on cyberspace issues, the note says.

Read more here

#CyberFLASH: Canada uses NSA Search Engine which Taps Into Global Comms to Intercept, Well, Everything

edward-snowden.jpg.size.xxlarge.letterboxEdward Snowden has once again provided fodder for the surveillance fears of American citizens: New leaked documents show that the National Security Agency’s (NSA’s) XKeyscore search engine hoovers up vast amounts of private communications information, to the tune of 700,000 voice, fax and video files every day.

According to a report in The Intercept, XKeyscore doesn’t bother with intercepting last-mile telephone calls and the like. Oh no. It drinks directly from the hose: it taps into the billions off bits that are carried on the long-haul fiber-optic cables that make up the global communications network, including data on people’s internet searches, documents, usernames, passwords, emails and chats, pictures, voice calls, webcam photos, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, VOIP streams taken from Skype sessions, etc. etc.

In other words, it absorbs everything.

XKeyscore is used by NSA intelligence agents as well as spooks in Canada, New Zealand and the UK (and possibly other allies) to target people by location, nationality and browsing histories. The NSA itself calls it “a fully distributed processing and query system that runs on machines around the world” with “the ability to scale in both processing power and storage.”

Read more here

#CyberFLASH: CSE says Snowden leaks eroding spy agency’s long-term advantage over terrorists

snowden-onlinedatabase-20150304Canada’s electronic spy agency says leaks by former U.S. intelligence contractor Edward Snowden have “diminished the advantage” it enjoyed over terrorists and other targets, both in the short term and — of more concern — well into the future.

In newly released briefing notes, the Communications Security Establishment says Snowden’s disclosures about CSE’s intelligence capabilities and those of its allies “have a cumulative detrimental effect” on its operations.

The Ottawa-based CSE monitors foreign communications of intelligence interest to Canada, and exchanges a large amount of information with partner agencies in the United States, Britain, Australia and New Zealand.

The notes, obtained by The Canadian Press under the Access to Information Act, were among the briefing materials prepared for CSE chief Greta Bossenmaier’s March 25 appearance before the House of Commons committee on national defence.

Canada spying

Documents Snowden handed to the media revealed the U.S. National Security Agency — the CSE’s American counterpart — had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.

The documents also suggest Canada helped the United States and Britain spy on participants at a London G20 summit and that the CSE devised a sophisticated spy operation against Brazil’s ministry of mines and energy.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.