#CyberFLASH: Security vs. privacy: Technology changes, rights don’t

cpt107-securityprivacy201The stakes are considerable, which is why the folks who run the national security apparatus have quietly and not-so-quietly been laying down markers as Ottawa reviews their powers. The argument goes they need more tools, and more leeway, to do their important work.

Maybe. Maybe not.

Canada’s federal Privacy Commissioner Daniel Therrien and his provincial and territorial counterparts are sounding a much-needed note of caution in a joint brief submitted as part of the ongoing security review.

“It is important that we not forget the lessons of history. One of these lessons is that once conferred, new state powers are rarely relinquished,” the document reads.

That’s true, as is the fact the expansion of state powers of surveillance over the past 15 years has resulted in “too many cases of inappropriate and sometimes illegal conduct by state officials,” including violations of privacy and other civil rights.

If Bill C-51, the former Conservative government’s anti-terrorism legislation, was an overreach, the attempt to fix it ought not to make things worse.

Mr. Therrien and his colleagues rightly raise the alarm over Ottawa’s apparent willingness to widen, rather than restrict, things like the collection of metadata. They argue that authorizations to gather metadata ought to meet elevated standards and require judicial, not merely administrative, sign-off. They’re right.

The privacy commissioners’ submission also points out that increased monitoring of online activities has a “potential chilling effect” that could defeat the purpose of having more powerful snooping tools; when people think they’re being watched, they go further underground. We could end up diminishing the freedom of many, without increasing security against the violent few. It’s an important consideration in online anti-radicalization efforts.

Read more here

#CyberFLASH: Canadian Cyber Threat Exchange ready to start membership push

computer-passwords

After months of planning the country’s first national IT threat service has issued its first threat report to a few early members and is ready to launch a campaign to expand its numbers, including lowering its fee for small businesses.

”We didn’t want cost to be a barrier to people being able to get in,” Robert Gordon, executive director of the Canadian Cyber Threat Exchange (CCTX) said Wednesday in explaining why the introductory fee for a small business was cut from $5,000 to $2,000 a year.

“Part of this is to raise cyber resiliency [among Canadian firms] as broad as we can.”

For the lower fee members will still get threat reports, but won’t be allowed to download electronic data feeds into their systems. Gordon said it was felt small companies wouldn’t benefit from that service. The exchange will discuss with these companies if there are other services that can be added.

Mid-size businesses can join for $20,000 a year and will be allowed to exchange threat data electronically (when it goes live early next year) and named access to the exchange’s proprietary knowledge database.

Gordon also said the exchange’s first monthly report was shown Wednesday at a closed symposium in Toronto for companies that have already signed up or are in the process of becoming paying members. Eventually that report will be issued weekly to members. Also, by the second week in February the exchange will have a portal the sharing of electronic threat data and an online collaboration space for members.

Read more here

#CyberFLASH: Privacy watchdog to look at electoral reform survey amid privacy concerns

daniel-therrien-privacy-commissioner-20140603

Canada’s privacy watchdog intends to look into the Trudeau government’s new online survey on electoral reform after concerns have been raised about invasion of privacy.

Canadians must be willing to disclose detailed personal information if they want their views on electoral reform to be included in the results of the online questionnaire.

The MyDemocracy.ca survey does not ask respondents to reveal their names but it does ask them to disclose gender, age, highest level of education attained, occupational work area, combined household income, first language learned, level of interest in politics and current events and whether they identify as a member of a specific minority group.

Respondents are also asked to provide their postal codes so that their region of residence can be determined — a request that’s particularly raising eyebrows.

In many instances, supplying a postal code would be enough to identify the individual, according to Ottawa University technology law expert Michael Geist, the Canada Research Chair in Internet and E-commerce law.

A spokeswoman for privacy commissioner Daniel Therrien said Tuesday that his office can’t comment because it hasn’t yet looked into the survey in detail.

Read more here

#CyberFLASH: Carleton University says it didn’t pay hacker’s ransom after cyberattack

hi-istock-computers-852

Carleton University confirms its IT network was attacked by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment — but said it didn’t pay any ransom.

Systems are coming back online little by little after the problem appeared Tuesday morning, Roseann O’Reilly Runte told CBC News on Wednesday.

Classes are happening as regularly scheduled and Wi-Fi is available on campus, she said.

No ransom was paid, according to university spokesperson Don Cumming.

The university is expected to make a statement at 4 p.m. ET.

A graduate student at the university emailed CBC Tuesday to say the attackers asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files — the latter equalling nearly $38,941 at today’s rate on the popular Bitcoin exchange Coinbase.

Students, employees warned Tuesday

On Tuesday morning, students and employees were warned that any Windows-based system accessible from the main network may have been compromised after an external group apparently attempted to hack the school’s IT network.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and Facebook page.

On Wednesday, the university’s IT department said work is continuing to restore email services.

Read more here

#CyberFLASH: Melanie Joly’s Tough Choice on Canadian Content: New Thinking or New Taxes

27521603693_5eda2af096_k-780x350Canadian Heritage Minister Mélanie Joly launched her surprise national consultation on Canadian content in a digital world last April with considerable excitement for the possibilities of revolutionizing policies born in an analog era. Joly spoke enthusiastically about the potential for Canadian creators to use digital networks to reach global audiences and for all stakeholders to rethink the cultural policy toolkit.

My Globe and Mail op-ed notes that submissions to the consultation closed last week and despite the hope for new, innovative thinking, many of Canada’s largest cultural groups placed their bets on extending a myriad of funding mechanisms to the Internet. Rather than overhauling older programs, the groups want those policies expanded by mandating new fees, costs or taxes on Internet services, Internet service providers, Internet advertisers, and even the sale of digital storage devices such as USB keys and hard drives.

Netflix is the top target, as the streaming giant is on the receiving end of demands to extend sales taxes and implement a Cancon contribution tax on foreign online video providers. For its part, Netflix highlighted its investment in Cancon in its submission, noting that Canada is now one of the top three locations worldwide for its commissioned original productions and pointing to dozens of Canadian programs that it has licensed or helped finance.

Yet groups such as ACTRA, the Writers Guild of Canada, the Canadian Media Producers Association, and the Directors Guild of Canada remain unconvinced, arguing that the government should require Netflix to contribute a percentage of its revenues toward the creation of Canadian content.

If implemented, such a Netflix tax could have far reaching effects. For example, ACTRA recommends that any online video service that distributes broadcast content with more than 2,000 subscribers be required to contribute 5 per cent of its gross revenue toward independent Cancon creation funds. The proposal could mean that many services block Canadian subscribers to avoid the mandated payments, resulting in decreased online video competition in Canada. In fact, the Directors Guild of Canada wants even more, running into the hundreds of millions of dollars annually.

Read more here

#CyberFLASH: Hackers say the Canadian government doesn’t want their help

cybersecurity-casino-rama

The U.S. Department of Defence has turned to well-intentioned hackers and independent security researchers to help the government agency find software bugs and vulnerabilities in its computer systems.

But in Canada, the government appears to still have no formal policy or public guidelines, which makes it difficult for those who do find flaws to know what to do, or how the government might respond.

“There’s no formal process,” says Imran Ahmad, a partner at the law firm Miller Thomson who works with clients on cybersecurity related issues. In the absence of such a process, he says, those who find flaws “just don’t know how the government’s going to react, and they just want to protect themselves.”

“My advice to anyone who finds a flaw in a government website at this time would be to forget they ever saw it,” wrote web developer and security researcher Kevin McArthur in an email.

In the past, companies and governments often threatened security researchers and coders who found and published details about vulnerabilities in software with litigation, prompting the adoption of an informal process called “responsible disclosure.”

Read more here

#CyberFLASH: Carleton U warns students of hacker attack on IT network

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscale

Carleton University is warning students and employees after an external group apparently attempted to hack the school’s IT network.

The school warned that any system accessible from the main network that is Windows-based may have been compromised.

The school’s IT security unit is attempting to secure the network from further attacks.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and its Facebook page.

Ransomware messages demand bitcoin payments

The school said people may see ransomware messages appear on their screens, demanding payments in bitcoins.

“Users are asked to ignore all messages seeking a payment and are encouraged to report these messages to the CCS Help Desk at ext. 3700 or ccs.service.desk@carleton.ca,” the school said in a statement.

David Kenyi, a volunteer at the International Students Service Office, said he got a push notification on his phone of the system shutdown.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.