#CyberFLASH: Government use of surveillance devices must be restricted: privacy experts

smartphone-2Canada must acknowledge, and then constrain, the government’s use of portable surveillance devices that can indiscriminately dredge data from people’s smartphones without them knowing, privacy experts say.

Everything that is known or suspected about the government’s use of these machines – called “IMSI catchers,” “cell-site simulators” or “Stingrays” – is chronicled in a comprehensive, first-of-its-kind, 130-page report written by privacy experts and released to The Globe and Mail.

Federal police have used these devices for more than a decade, but the practice was confirmed only this year in a series of stories in The Globe. Now, researchers Christopher Parsons and Tamir Israel say it’s time for civil society to debate the pros and cons of IMSI catchers, even if many government agencies still won’t discuss them.

“This ongoing secrecy has the effect of delaying important public debates,” the report says.

The report was commissioned by the Telecom Transparency Project and the Canadian Internet Policy & Public Interest Clinic. They received grants from the Open Society Foundation, privacy activist Frederick Ghahramani, a Social Sciences and Humanities Research Council Postdoctoral Fellowship Award, and the Munk School of Global Affairs at the University of Toronto.

Read more here

#CyberFLASH: Ottawa should create cyber threat advisory committee, says security lawyer

keyboardThe federal government should follow Washington’s lead and create an advisory committee of experts on national cybersecurity — announced yesterday — including both the public and private sector, says a security lawyer.

“I do believe that Canada would benefit from a similar setup where the Minister of Public Safety, the Minister of Defence and the Prime Minister could get input and recommendations from a panel made up of experts/stakeholders from the private, public, law enforcement and academic sectors,” Imran Ahmad of the firm Cassels Brock, who also sits on the advisory board of the Canadian Advanced Technologies Alliance’s (CATA) Cyber Security Council, said in an interview.

Ottawa “would benefit from a holistic view on cybersecurity threats to Canada that are affecting Canadians on a daily basis and that go beyond a narrow national security lens.

His view was echoed by Kevin Wennekes, CATA’s chief business officer, who said creating a public-private sector advisory committee is “long overdue,” he said. The security industry “is the the first to know of the threats,” he said.

Satyamoorthy Kabilan, director of national security and strategic foresight at the Conference Board of Canada, said such a commission could be a good idea here. But he added, it wouldn’t be as easy as in the U.S. or Britain, where the public and private sectors are closer. Before coming to Canada Kabilan helped develop the U.K.’s National Counter Terrorism Strategy and has worked on security with other allies and knows how this country compares. “We haven’t even broken the ground to enable looking at the potential for something like that, because those relationships and the ability of the private sector to be a part of all of these discussions and part of the input into policy and decisions in the security sphere is not quite as well developed in Canada.”

Read more here

#CyberFLASH: Canada not doing enough to protect critical infrastructure: Expert

Energy-power-electric-imageJust before security consultant Ray Boisvert stood to address a Toronto conference on cyber security and Canadian critical infrastructure, the building’s fire alarm went off and filled the room with a warning siren.

It was the perfect prequel for his speech, which warned governments, utilities and financial institutions aren’t doing enough to defend critical infrastructure for online attacks.

In an interview Boisvert — former assistant director of intelligence at the Canadian Security Intelligence Service (CSIS) and currently president of consultancy I-Sec Integrated Strategies, rated the country’s efforts as only B-, although he admitted no country yet has an A. However, he believes the U.S. and Western European countries are ahead of us.

While the federal government has developed a national cyber security strategy for critical infrastructure and pushed provinces and 10 sectors to form groups for sharing information, Boisvert dismissed it as mainly “process” with little action.

At the local level, civic governments “are left to their own devices,” he said. Some hydro systems owned by cities or townships “are really, really vulnerable. They have no funds, and very little awareness of cyber security.”

Provincially, Ontario, New Brunswick and Alberta are the leaders, he said. As for the federal government, it needs a cyber czar with deputy minister authority to lead the charge at that level.

This person would be the “spokesperson in chief to drive the agenda amongst the agencies, because in my estimation there isn’t great co-ordination between agencies in Ottawa, even for those who have the money.”

Read more here

#CyberFLASH: Anonymous leaks another high-level federal document as part of vendetta against government

anonymous-analyticsAs part of their vendetta against the Canadian government, hackers with Anonymous have leaked another high-level federal document — about the redevelopment of Canada’s key diplomatic centres in Britain — that the National Post has confirmed is an authentic and official confidential document.

This is the second document leaked by a cell of the shadowy hacktivist group, raising serious questions about how Canada’s secure infrastructure was breached and whether more secrets are at stake.

The latest document, designated “secret” and marked “confidence of the Queen’s Privy Council,” discusses government cost overruns — but an eventual anticipated profit — from the Department of Foreign Affairs’ selling, relocating and refurbishing of Canada’s diplomatic buildings in London, one of its last major acts under former minister John Baird.

The Treasury Board of Canada document is dated Feb. 6, 2014, the same as one released in July by the same group. The first document revealed the closely guarded secret of the specific size of Canadian Security Intelligence Service’s network of foreign stations and problems with their outdated cyber security.

Both documents have now been confirmed as authentic by a knowledgeable government source.

The Post also confirmed the federal government has mounted an internal investigation to determine how the documents got into the hands of activists.

Read more here

#CyberFLASH: Federal government privacy breaches soar to record high

0925 DND payments

The federal government reported breaching the privacy of individuals more than 5,000 times last year — an all-time high, according to new figures.

The data are only for six departments, so the 5,237 privacy breaches they reported in 2014 are likely just a glimpse at what happened across government. Even so, the figure is almost as many as had been reported in the previous 11-year period, including instances where a taxpayer’s or organization’s information was incorrectly released, lost or compromised.

Figures provided to Parliament last year showed federal departments and agencies reported 3,763 breaches of data between April 1, 2013 and Jan. 29, 2014. During the previous 10-year period, the government reported slightly more than 3,000 breaches.

Those numbers, however, didn’t include the Department of National Defence, which had said it couldn’t release the information for national security reasons. The current crop of figures is the first time DND has publicly reported the number of privacy breaches within its department, giving Canadians a more fulsome picture of how their government handles sensitive information.

Read more here

#CyberFLASH: Government right to fire civil servant for abusing Internet, privacy breach: tribunal

marc-gravelle-fired-rulingA labour relations tribunal has upheld the firing of a civil servant who used his government computer to indulge his car obsession, complain about his job, store electronic music files, and attempt to cheat on staffing competitions.

In a recent decision, the Public Service Labour Relations Board said the government had just cause to fire Marc Gravelle, a human resources assistant in the Department of Justice, in July 2011.

Gravelle had argued that the government did not prove its case against him and that his abrupt dismissal ignored the principle of progressive discipline.

Adjudicator Renaud Paquet, however, concluded that Gravelle had severed the bond of trust that must exist between the government and one of its employees.

“As a human resources assistant, he had access to confidential documents related to competitive processes,” Paquet ruled.

“He used that privilege for his own purposes and sent confidential documents to his home address. That constitutes a lack of integrity and very serious misconduct.”

Read the full story in the Ottawa Citizen

Every click you make: Feds consider how closely they’ll watch Canadians online


OTTAWA — The federal government is restricting how closely it watches Canadians online.

New rules are now in place governing the use of data that’s gathered when Canadians visit government websites, the first comprehensive guidelines since Ottawa went online nearly 20 years ago.

But the rules don’t cover the data available to the government via social media sites that are set up by individual departments, which operate beyond the bounds of federal policy.

Read more here

GoC agencies caught advertising on sex sites

CANADA — At least two federal government agencies spent money advertising on websites featuring soft pornography, files obtained by QMI Agency show.

The National Film Board was prepared to spend up to $5,000 a day advertising on photoforum.ru and photo.net, websites with graphic photos of naked women — some appearing to be less than 18 years old.

Read more on CNEWS

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.