#CyberFLASH: Should police see your data? Think about it says Goodale

goodale.jpg.size.custom.crop.1086x713OTTAWA—Canadians need to think about how far police should be allowed to go in accessing their electronic devices and communications, the federal public safety minister says.

A federal review of cybersecurity will provide a chance to discuss a proposal from Canada’s police chiefs for a new law that would compel people to hand over passwords with a judge’s consent, Ralph Goodale said Wednesday.

The Canadian Association of Chiefs of Police says the measure is needed to fight criminals in cyberspace who increasingly use tools to hide their identities and communications.

In the United States, there are literally thousands of smartphones and other digital devices “sitting on shelves” because authorities can’t get into them, said Terrence Cunningham, a police chief in Massachusetts and president of the International Association of Chiefs of Police.

“And we know that those devices hold the answers to the questions that we need so that we can hold people accountable and prosecute some of these cases,” Cunningham said during the Canadian chiefs’ annual conference this week.

After a speech Wednesday to the gathering, Goodale acknowledged that smartphones contain a wealth of personal data and can reveal much more about a person than an ordinary physical search might.

But he added that while Canadians value their privacy, they also want police to have the necessary tools to investigate crimes. “I think Canadians recognize the imperatives on both sides.”

Read more here

#CyberFLASH: Canada Pits Constitution Against Right to Be Forgotten

1297658073661_ORIGINALThe right to be forgotten may never make the leap across the Atlantic from the European Union to Canada.

Our neighbors to the north are willing to talk about reputational privacy and the right to be forgotten—the concept that individuals should be able to seek removal of online links to their personal data to protect their reputation. But any attempt to significantly regulate Internet speech will run smack-dab into the brick wall established by the freedom of expression guarantee in the Canadian Charter of Rights and Freedoms, privacy professionals told Bloomberg BNA.

Canadians may not be fully in synch with the U.S. populace’s general aversion to restrictions on personal liberty, but neither do they have the Europeans citizenry’s willingness to accept a strong national governance approach to privacy.

The back-and-forth between privacy and free speech rights is highlighted by the Officer of the Privacy Commissioner’s approach to the issue. In 2015, the privacy office named reputational privacy as on of it’s top priorities. To follow up, the privacy office conducted a national consultation regarding online reputational privacy. In January, the office published a discussion paper on reputational privacy.

Privacy Commissioner Daniel Therrien isn’t ready to publicly discuss the consultation’s results or how he will respond, as the process of reviewing submissions is still underway, agency spokesman Tobi Cohen said.

Read more here

#CyberFLASH: CSE Breach Triggered Mandatory Privacy Training, Email Reveals

1297516661469_ORIGINALOTTAWA — Canada’s electronic spy agency introduced mandatory privacy awareness training for all employees in March following an internal breach involving personal information.

When Greta Bossenmaier became chief of the Communications Security Establishment in February, the ultra-secret eavesdropping outfit was under intense public scrutiny over alleged spying on citizens.

But less than two months into the job, Bossenmaier was informing the spy agency’s staff of a privacy violation inside its own walls.

“I seriously regret that we are in this situation and never want it to be repeated,” Bossenmaier told employees in a March 20 email. “As such, we must use it as a learning opportunity so that we can prevent any further incidents from occurring.”

The Ottawa-based CSE, which employs about 2,000 people, uses highly advanced technology to intercept, sort and analyze foreign communications for information of intelligence interest to the federal government.

Documents leaked in 2013 by former American spy contractor Edward Snowden revealed the U.S. National Security Agency — a close CSE ally — had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.

As a result, civil libertarians, privacy advocates and opposition politicians have demanded assurances the CSE is not using its extraordinary powers to snoop on Canadians. The agency insists it scrupulously follows the law in protecting Canadians’ privacy.

On July 31, 2014, someone notified CSE’s corporate security officials that a file containing personal information related to security clearances was mistakenly given public-access permission markings, making it accessible to CSE personnel, according to Bossenmaier’s email to staff.

An edited version of her classified message was obtained by The Canadian Press under the Access to Information Act.

Read more here

#CyberTRAX: A slow clap for Anonymous

10712553“Greetings citizens of Canada, we are Anonymous. Today, this 17th of June, 2015, we launched an attack against the Canadian Senate and Government of Canada websites in protest against the recent passing of Bill C-51.”

That was the opening to a video the online activist group posted Wednesday, as federal government websites fluctuated in and out of operation.

“Stand for your rights, take to the streets in protest this 20th of June, 2015,” the Anonymous video continued. “Disregard these laws, which are unjust, even illegal.”

Throughout the afternoon, dozens of government of Canada websites went down, including canada.ca, the site for Transport Canada and the page for the Department of Foreign Affairs. The outage also seemed to affect government Blackberrys, though Public Safety Minister Steven Blaney said no private information was compromised. Though the source of the attack was initially unclear, Anonymous eventually claimed responsibility and posted the video.

The irony of launching a cyber-attack to protest an anti-terrorism law was surely lost on this gaggle of virtual legionnaires. This attack — which took the form of a distributed-denial-of-service, or DDoS, attack — is not particularly sophisticated in nature and acts as more of a nuisance than a real security breach. Essentially, “attackers” flood the server with requests at such an overwhelming volume that it forces them to crash.

Read more here

#CyberFLASH: Privacy Commissioner announces funding for independent privacy research

B97375091Z.120141001155319000GS36SSNI.11GATINEAU – Independent research and knowledge translation projects supported through the Office of the Privacy Commissioner of Canada’s 2015-2016 Contributions Program will explore a wide range of emerging privacy issues, such as fitness tracking devices, lawful access and children and privacy policies.

“The projects selected this year will help build a greater understanding of new risks to privacy and also provide individuals and organizations with information about how to better protect personal information in a constantly evolving environment,” says Privacy Commissioner of Canada Daniel Therrien.

The Commissioner also announced today that the Contributions Program has been renewed for another five years following an independent evaluation of the Program.

“The Contributions Program is considered to be one of the foremost privacy research funding programs in the world and has made a significant contribution to developing privacy knowledge in Canada and beyond. We are very pleased that the Program will continue to support this important work,” says Commissioner Therrien.

The Contributions Program funds not only research but also its application in ways that have a real impact of Canadians. Some examples of this year’s projects include:

Privacy and fitness tracking devices – This project will examine the relationship between the data collection and transmission practices of fitness tracking devices, the cloud services they integrate with, and how third parties may access their personal information from the providers of these services.

Lawful access – This project will explore the implications of the Edward Snowden revelations regarding the relationships between government signals intelligence authorities and private sector telecommunications companies over access to and sharing of metadata and private communications.

Read more here

#CyberFLASH: University of Guelph professor highlights Internet privacy issues

images-126GUELPH — As “Data Privacy Day” approaches, a University of Guelph professor is urging people to be aware of the “digital footprint” they are leaving online.

Rozita Dara, an assistant professor with the school of computer science at the University of Guelph, studies privacy and “big data,” and is a former employee of the Office of the Information and Privacy Commissioner of Ontario.

She says most people are not aware of how much personal information they may be scattering online though sites such as Google, Facebook and YouTube, and just what that information is being used for.

“We have to consider that our data is kind of currency, it has value, but it’s ours. So we have to be very careful about how we share it,” said Dara in a recent interview.

“What (people) put out there has value to the government for surveillance purposes, or to industries that can make money from it.”

These issues will be under the spotlight during “Data Privacy Day,” on Jan. 28.

Tola St. Matthew-Daniel, a spokesperson for the U.S.-based National Cyber Security Alliance, wrote in an email that the day is designed to “help consumers better understand how to protect their personal information and encourage businesses to be more transparent about how they collect and use consumer data.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.