#CyberFLASH: CSE acting like it’s above the law

1297806634517_ORIGINALWhat the rest of the country calls accountability, Canada’s electronic spies, the Communications Security Establishment (CSE), paints as a threat to security. It’s a tried and true tactic for intelligence agencies here and abroad when public scrutiny begins to stir.

According to the Star’s Alex Boutilier, Federal Privacy Commissioner Daniel Therrien is in a protracted battle with the CSE to make them comply with laws mandating the reporting of material privacy breaches by government agencies. Predictably, the CSE has played the national security card: they are above the laws everyone else follows because accountability could betray their methods to the nation’s adversaries.

The history of organizations in Canada that believe they are above the law is not a happy one for either citizens or the organizations themselves. Just ask the RCMP about its defunct Security Service. They were shut down after being discovered to have perpetrated a string of break-ins, acts of vandalism and other crimes out of fealty to the paranoid mission of the day during the early 1970s: defeating communism and separatism.

Doubtless, the Security Service probably wouldn’t have thought too much of meddlesome privacy commissioners either, especially if reporting requirements meant exposing the scale of its nefarious activities.

Indeed, scale has always been a sore point for the CSE, too. Perhaps the number and type of material privacy breaches is a distant but somewhat reasonable proxy for the magnitude of invasive surveillance ordinary Canadians are subjected to every day on the Internet by way of metadata collection programs.

Read more here

#CyberFLASH: Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance

stingray.jpg.size.xxlarge.letterboxCanada’s privacy watchdog says it will investigate a privacy complaint about the alleged use of “stingrays” by the RCMP.

Office of the Privacy Commissioner spokesperson Valerie Lawton said the organization has opened an investigation into the RCMP’s refusal to admit whether or not it usesthe surveillance technology known as stingrays, formally called International Mobile Subscriber Identity (IMSI) catchers.

During the course of an investigation, the privacy commissioner typically determines if any privacy laws have been broken and makes recommendations on future policy.

The complaint was filed by Laura Tribe, a digital rights specialist for free speech advocate OpenMedia, after she read a story in the Star about the RCMP’s refusal to answer questions about the devices.

“If these invasive technologies are not in use, then these agencies should have no problem confirming that their surveillance activities remain within the confines of the law. If these StingRay technologies are being used in Canada however, the public has a right to know,” said her complaint, filed in December.

The RCMP did not immediately return the Star’s request for comment.

The Mounties have remained tight-lipped about the tech, which mimics a cellphone tower and collects information such as identifying data, text messages and phone calls from people’s cellphones. The device casts a wide net that doesn’t distinguish between suspects in criminal cases and ordinary citizens.

In December, when the Star used the Access to Information Act to request policies related to the RCMP’s use of the technology, the RCMP wrote back that those records were exempt from disclosure. The OPP also wouldn’t comment on whether they used the devices.

Read more here

#CyberFLASH:​ BlackBerry skirts RCMP decryption claims in privacy defence

image-3BlackBerry has released a statement defending its core corporate and ethical principles, saying it has been focused on protecting customer privacy.

In a blog post, BlackBerry executive chairman and CEO John Chen highlighted that BlackBerry’s guiding principle has been about doing what is right for its customers, within legal and ethical boundaries.

“We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good,” he said.

The statement released by Chen comes days after reports claiming the Royal Canadian Mounted Police (RCMP) obtained BlackBerry’s master encryption key, which enabled the Canadian police to intercept and decrypt around 1 million messages used by BlackBerry’s proprietary messaging technology.

The court documents relating to a Montreal crime syndicate case revealed BlackBerry and cellular network Rogers cooperated with law enforcement.

While it’s unclear how RCMP gained access to BlackBerry’s encryption key, it is believed BlackBerry “facilitated the interception process”.

BlackBerry is long known to have used a master encryption key, used on every device to scramble messages. This gives the company access to all communications over its systems, and would permit it to hand over data to law enforcement when asked. But since the Edward Snowden revelations it was widely assumed that at least one of the Five Eyes governments colluding in mass surveillance — of which Canada is a member — had acquired the keys.

Read more here

#CyberFLASH: There Has Been a ‘Sea Change’ in Privacy Rights in Canada, Warns Watchdog

Surveillance_610px

The man tasked with defending Canadians’ personal information, once decried as a government stooge, directly chastised the federal government over its efforts to track and surveil Canadians — and recommended that the new government put safeguards on how the government uses “big data” to spy on its citizens.

In his annual report, Daniel Therrien, the Privacy Commissioner of Canada, looked at three pieces of legislation that “taken together, these initiatives have resulted in what can only be described as a sea change for privacy rights in Canada.”

The first, C-44, allows Canadian spies to operate abroad and gives them more ability to obtain information without disclosing its origins; C-13, which creates new legal authority for cops and public servants to obtain Canadians’ personal data without a warrant; and C-51, the anti-terrorism legislation that opens the door for wide new intelligence-gathering and sharing.

All three bills, which are now law, were introduced by the Conservatives, but supported by the Liberals.

The Liberals have said they will change aspects of C-51, but have said little about the other two pieces of legislation.

In his report, released last week, Therrien recommended fixes for each bill — that the government include language to prevent CSIS from obtaining and using data that has been obtained through torture; that the law be updated to clarify when police are allowed to obtain Canadians’ data from their internet or cellphone companies without a warrant; and that legislation be introduced to toughen protections for Canadians’ privacy when departments want to share their information.

C-51 especially raised the ire of the commissioner.

Read more here

#CyberFLASH: New RCMP cyber unit to target global hackers, online scammers

Digital Life Tech Tips Double Layer PasswordsThe move comes as part of a five-year policing strategy unveiled today in Ottawa.

“What has been missing is a directed focus and effort towards cybercrime,” RCMP Chief Supt. Jeff Adam told CBC News in an interview at the force’s highly restricted data forensics labs, part of its technical investigations services branch in Ottawa.

“As cybercrime has evolved over time, and the technology has evolved very quickly … we’ve been kind of left doing it ad hoc, unformalized, unplanned,” he said.

The RCMP’s official Cybercrime Strategy promises “new policing measures to keep pace in a digital era.”

It’s an acknowledgement the Mounties, and indeed police around the globe, are struggling to deal with a vast array of emerging online crimes ranging from petty email scams and child exploitation to national security threats and highly organized hacking operations.

‘Fundamental change’

The RCMP will spend $30.5 million over the next five years to assign 40 staff, both police officers and civilians, to a new, dedicated investigations unit. It will include intelligence analysts, trainers, highly specialized technical staff and more than two dozens investigators from its national division.

Read more here

#CyberFLASH: David Fraser opposes warrantless access to internet users’ information

david-fraserA Halifax privacy lawyer says the head of the RCMP is either “ignorant or disingenuous” to call for warrantless access to internet users’ subscriber information.

“The Supreme Court of Canada says you and I have a right to anonymity online. We can choose to identify ourselves, we can choose not to identify ourselves,” David Fraser said Thursday. 

“The Supreme Court of Canada said you have a reasonable expectation of privacy associated with your internet activity. And that’s that.”

On Wednesday, RCMP commissioner Bob Paulson said a recent court ruling curtailing the flow of basic data about customers — such as name and address — has “put a chill on our ability to initiate investigations,” into child predators and other online criminals.

He told a security conference in Ottawa that police should have warrantless access to subscriber information, comparing it to using licence-plate data to find a vehicle owner’s name.

‘Ignorant or disingenuous’

Fraser rejected his comments.

“What I find really frustrating about this is that is either ignorant or disingenuous. You can’t be the chief of Canada’s federal police service and not understand what the Supreme Court of Canada has said about the most important law that we have in Canada, which is the Charter [of Rights and Freedoms]. “

Read mire here

#CyberFLASH: Social media powerful tool for terrorists, expert warns

the-radical-reality-canada-and-homegrown-terrorismPublic Safety Minister Ralph Goodale said Thursday he “looks forward” to talking to RCMP Commissioner Bob Paulson, after Paulson this week warned that online privacy laws are seriously obstructing the fight against runaway cyber crime.

“He and I have not had the chance to have this conversation yet and I’m looking forward to hearing the elaboration of his views,” Goodale said Thursday. “This issue has presented difficulties in the past, some very high-profile ones.”

Goodale, who is politically responsible for the Mounties, made the remark after spending nearly two hours sitting in the audience at a panel discussion on counter-terrorism at a Canadian Association of Defence and Security Industries conference in Ottawa.

A day earlier, in an address to the same gathering, Paulson said rocketing Internet crime, combined with laws restricting police online criminal investigations, means people should avoid the Internet or use it knowing the potential risks.

“And if something bad happens, hopefully we’ll be able to help you, but there’s no guarantee,” he said.

Read more here

#CyberFLASH: ‘We can’t protect public from cyber crimes': RCMP boss

n-ONLINE-PRIVACY-largeSpeaking to a security and defence industry conference in Ottawa, Paulson said an explosion in Internet crime, combined with laws restricting police online criminal investigations, means people should avoid the Internet or enter it knowing the potential risks.

“Your safety, your family’s safety, your financial integrity is at risk and so we need to start having the conversation now” about giving police reasonable, new and warrantless powers to collect evidence – often personal information – from online sources, such as basic subscriber data from telecommunication companies, he said.

“Because fundamentally, ladies and gentlemen, it’s hard to keep people safe on the Internet right now. The best advice we can give people is, ‘Don’t go (on the Internet),’ which is not really working, or ‘If you go, be really, really, really careful.’

“And if something bad happens, hopefully we’ll be able to help you, but there’s no guarantee.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.