#CyberFLASH: LEGER: Pull back veil on national security

1327675873067_ORIGINAL

The mere mention of the term “royal commission” is enough to trigger eye-rolling cynicism in many Canadians, even the public-spirited. It conjures an image of paper gathering dust in archives across the country.

Maybe it’s the word “royal” in the phrase that connotes irrelevance or a certain lack of rigour. Perhaps it’s because commissions take so long to do their work and produce so few concrete results. Royal commissions have an image problem.

They are usually set up because some public problem has flummoxed the sitting government. Not know what else to do, governments often use them to park unsettling issues out of the glare of day-to-day politics.

When commissions do report, prime ministers have the option of ignoring inconvenient conclusions. In fact, many such panels are established precisely so they can be ignored by the government of the day.

Read more here

#CyberFLASH: Travelling officials easy prey for foreign hackers: federal records

dynamic_resize-4

Canadian government officials are regularly targeted on their BlackBerrys and other electronic devices by foreign states and businesses, posing serious security risks and potentially “disastrous” consequences for federal organizations.

Internal federal government memos from three sources – the prime minister’s national security adviser, the Communications Security Establishment Canada (CSEC), and the deputy minister of natural resources – warn senior government officials that their BlackBerrys, tablets, laptops and other devices can easily be compromised when they are travelling internationally.

Various “threat actors” abroad — including foreign states — might target Canadian officials by delivering malicious code to electronic devices; accessing the device to track their location; activating the microphone on a smart phone to eavesdrop; and intercepting voice and data communications sent electronically, according to the memos obtained by the Citizen.

Read more here

#CyberFLASH: Telecom giants worried about “antagonizing” feds on lawful access: documents

rogers1.jpg.size.xxlarge.promo

OTTAWA—Bell, Rogers and Research In Motion pushed to hold back details on how often customer data is being handed over to law enforcement agencies, recently released documents show.

The companies were concerned about “antagonizing” the federal government and police if they shared too much information about authorities snooping their customers’ personal data, according to correspondence obtained by the Toronto Star and Halifax Chronicle Herald.

In 2011, Canada’s privacy watchdog asked 14 companies how often they were asked by law enforcement to share customers’ data, including subscriber names, Internet protocol addresses, telephone numbers and email addresses.

Nine companies responded, with an aggregate total of 1.2 million requests per year.

Read more here

#CyberFLASH: 12 Things Harper Doesn’t Want You To Know About Spying On Canadians

slide_349495_3739937_free

Ever since Edward Snowden’s trove of NSA documents began leaking last year, a steady stream of news has filtered in about Canada’s involvement in the NSA’s efforts, as well as its own efforts at electronic surveillance.

The latest is the revelation earlier this week that the NSA gave Canada’s federal government somewhere between $300,000 and $400,000 in 2012 to develop electronic spying capabilities. But if news reports are to be believed, Canada’s involvement in global electronic surveillance goes far deeper than that.

The Snowden leaks come amid ongoing efforts by the Harper government to pass laws updating law enforcement’s access to private citizens’ communications. The latest efforts focus on the Tories’ anti-cyberbullying bill and their so-called “Digital Privacy Act,” both of which are causing concerns among privacy advocates for what they see as an expansion of the government’s ability to snoop.

Here are 12 uncomfortable revelations, allegations and facts the Harper government would rather you not talk about as it goes about reforming Canada’s digital laws:

Read more here

#CyberFLASH: For Canada’s Spies, Your Data Is Just a Phone Call Away

9020272

To access an unlimited trove of personal information, all a government spy has to do in Canada is pick up a phone and call your internet provider—no written request required.

That revelation, brought to light by three different Canadian lawyers who’ve dealt directly with the Canadian Security Intelligence Service, the Royal Canadian Mounted Police, regional police, and the Communications Security Establishment Canada, comes amid a string of startling revelations on the privacy front in Canada. This comes just weeks before Bill C-13 will make it easier for police to access online information without judicial authorization.

While there has been much debate about Bill C-13 and the Harper government’s plans to aid data collection, it’s already relatively easy for law enforcement to collect data. Under Canadian voluntary disclosure law, police are free to request, obtain, and use personal data. ISPs are free to provide it. Bill C-13 promises to expand law enforcement’s data collection power while providing the ISPs with immunity from lawsuits and criminal charges.

Read more here

#CyberFLASH: Canadian Law Enforcement Asking For ISP Subscriber Data Every 27 Seconds; Pending Legislation Looking To Up That Number

image-9

Canada’s image as the The Most Polite Nation In The World would seem to be a front that masks a malignant nastiness under the surface. If these numbers are to be believed, Canada is little more than a criminal organization masquerading as a constitutional monarchy.

Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant)… 

According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher.

Every 27 seconds. And that number is two years out of date. If Canada is anything like the USA, these requests have increased at a pace far exceeding the birth rate. And much like the US, most of the information is gathered without a warrant or government oversight.

Read more here

#CyberFLASH: RCMP charge 19-year-old man in Heartbleed privacy breach

image-12

A 19-year-old man from London, Ont., has been charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency website.

The RCMP announced Wednesday that Stephen Arthuro Solis-Reyes was arrested at his home Tuesday without incident. He has since been released and is staying with his parents in London’s north end.

Solis-Reyes faces charges related to one count of unauthorized use of a computer and one count of mischief in relation to data.

He’s the son of a computer science professor at Western University, CTV News has confirmed.

The CRA shut down public access to its online services on April 8 after learning its systems were vulnerable to the Heartbleed bug. Then on Monday, the agency announced that the Social Insurance Numbers of about 900 taxpayers were taken from the CRA systems over a six-hour period by someone who had exploited the Heartbleed bug

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts

image-11

The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.