#CyberFLASH: Canada’s ICT industry says no to more police powers to access subscriber data

computer-gimbalThe information and telecommunications industry has lined up almost solidly against suggestions police should have access without a warrant to basic subscriber information they hold.

That’s the take-away from a number of industry association and service provider briefs filed last week as submissions closed for Public Safety Canada’s search for citizen and private sector opinions for a new national security framework.

Public Safety Canada issued a green paper for discussion last September calling for opinions on potentially changing federal laws and policies on several issues including loosening police and intelligence agency access to basic subscriber information, forcing communications service providers to hold for a set period of time to subscribers’ metadata, forcing for all communications service providers to buy communications interception equipment police can use, and making developers of encryption solutions to build in backdoors so law enforcement can unscramble protected documents.

In a word, the answer to all from the industry was “no.”

On warrantless access to basic subscriber information

–Information and telecommunications Association of Canada (ITAC), which lobbies for most of the country’s ITC firms including Bell Canada, Rogers Communications, Telus, IBM, HP-Enterprise and others, said in its submission that improving and standardizing paperwork would speed up police access. It also called for “clear rules designed to avoid police “fishing expeditions” that could contravene judicial requirements and privacy laws.”

Read more here

#CyberFLASH: Canadians aren’t up for mass surveillance

mobile-securityWhen Ralph Goodale and David McGuinty headed to the UK and France last January to get ideas about overseeing national security issues in Canada, it seemed like an intelligent thing to do.

But did our public safety minister and his MP colleague go to the wrong place?

The Liberals, after all, are trying to amend Bill C-51, a controversial piece of anti-terrorism legislation that Canadians don’t like. No wonder. What’s to like about a government—sanctioned police state law?

Under Harper-era legislation, the Canadian Security Intelligence Service (CSIS) was empowered to operate outside the Charter of Rights, which gave it authority to violate citizens’ constitutional rights. And Canada’s cyber intelligence agency, the Communications Security Establishment (CSE) was allowed to conduct mass collection of information on Canadians without a specific target.

Based on their attitudes towards mass surveillance, Britain and France are hardly the countries to help Canada rein in the excesses of Bill C-51.

According to a YouGov survey of 15,000 people reported this week by Amnesty International, citizens of Britain, France and the Philippines were most comfortable with government eavesdropping. Britain was one of three countries out of 13 surveyed where more people favoured surveillance of all people — British citizens, foreigners, and foreign countries, than favoured monitoring none of them.

Read more here

#CyberFLASH: Can law enforcement legally access data on your smartphone in Canada?

mobile-securityThe debate over whether Apple should comply with a U.S. court order asking it to hack an iPhone belonging to one of the San Bernardino shooters has grown tense over the last week as tech executives, privacy experts and legal pundits weigh in.

The case has stirred up much debate – thanks to Apple’s concerns of creating a so-called backdoor into the iPhone – but it also has many people asking questions about what happens to smartphone data in criminal investigations.

Which got us thinking – can law enforcement agencies legally access data on your smartphone here in Canada? If so, what legal requirements have to be met?

“With respect to the case involving Apple, although raised in the U.S., this is an issue of universal importance. One principle to keep in mind is that companies need to be governed by the rule of law,” said Tobi Cohen, a spokesperson from the Office of the Privacy Commissioner of Canada.

“That being said, the issue of whether it is possible for tech companies ‎to comply with warrants without affecting the safeguards that protect all of us is something that must also be taken into account.”

When it comes to the legalities of this question in Canada, there are two important court rulings we must look at.

Read more here

#CyberFLASH: Awareness campaign and challenge to Canadian “security” bill C-51

160121_cv1cx_rci-m-portest_sn635

It’s known more commonly as “the anti-terrorism act” and was passed into law last year by the former Conservative government.

Bill C-51’s official, long and complicated name is, “An Act to enact the Security of Canada Information Sharing Act and the Secure Air Travel Act, to amend the Criminal Code, the Canadian Security Intelligence Service Act and the Immigration and Refugee Protection Act and to make related and consequential amendments to other Acts”.

The group, Canadian Journalists for Free Expression (CJFE) has launched a publicity campaign called “#my privacy campaign” and along with the Canadian Civil Liberties Association (CCLA) has also launched a legal challenge saying the law contravenes aspects of Canada’s Charter of Rights and Freedoms.

The public awareness campaign is to push the current Liberal government to follow up on their election promise to repeal what they deem the “problematic elements” of the bill, and the government’s recently announced intention to hold a broad consultation process.

Bill C-51, now law, was inspired by several indirect threats and two high-profile killings of soldiers in Canada in 2014, labelled jihadist-inspired terrorist actions.

In one, a man used his car to run down two soldiers, killing one. He was chased by police and when his car crashed, police shot him as he approached carrying a knife. In the other, a lone gunman shot a soldier on honourary guard duty at the Tomb of the Unknown Soldier before running across the street to the Parliament buildings where a shootout occurred and that gunman killed.

The former Conservative government then proposed the omnibus bill as a way to increase Canadian security.

Read more here

#CyberFLASH: University of Toronto researchers show how Canadian data can be vulnerable to US state surveillance

Canada cyber security newsWhile Edward Snowden leaked documents exposing the wide breadth of National Security Agency surveillance in 2013, the repercussions of those documents still inform conversations around online privacy concerns. And University of Toronto researchers have created an interactive database to show how NSA surveillance can even have an impact on Canadians.

The IXMaps database helps Canadians understand how their internet traffic moves—specifically, it helps Canadians understand how certain traffic routes, known as boomerang routes, move data into the United States and into the jurisdiction of the NSA before the data returns to Canada. The tool is funded by the .CA Community Investment program, which is dedicated to funding initiatives “keep Canadians at the forefront of the digital age,” according to its website.

“IXmaps highlights just how much of our Canadian web traffic is unnecessarily being routed through the U.S. and back againwithout our knowledge. The biggest concern about our data moving into the NSA’s jurisdiction is that Canadians do not have the same protections from NSA surveillance that Americans do, so our information is more vulnerable.” says Laura Tribe, digital rights specialist at Open Media. “ And as the Snowden revelations have highlighted, the amount of information being shared between the Five Eyes governments (Canada, U.S., U.K, Australia and New Zealand), means that our information doesn’t likely stop with just the NSA.”

Many of the major Internet providers in Canada have networks that favour north – south connections, pushing Canadian data flows toward key American routing hubs in New York, Chicago, Seattle, or California, and popular sites like Google, Facebook, YouTube, and Amazon leaves Canadian data vulnerable to American mass surveillance.

Read more here

#CyberFLASH: Warrantless access to internet subscriber data OK sometimes, privacy czar says

daniel-therrien-privacy-commissioner-20140603The federal privacy czar says there are instances when police may not need a warrant to obtain “very limited sets” of internet customer information.

There could be a way to meet at least some law-enforcement demands for warrantless access to information while respecting a key Supreme Court of Canada ruling, privacy commissioner Daniel Therrien said in an interview.

In June last year, the Supreme Court ruled police must have a judge’s authorization to obtain customer data linked to online activities.

The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.

Police say telecommunications companies and other service providers — such as banks and rental companies — now demand court approval for nearly all types of requests from authorities for basic identifying information.

The Supreme Court judgment came amid mounting public concern about authorities quietly gaining access to customer data with little independent scrutiny.

Read more here

#CyberFLASH: David Fraser opposes warrantless access to internet users’ information

david-fraserA Halifax privacy lawyer says the head of the RCMP is either “ignorant or disingenuous” to call for warrantless access to internet users’ subscriber information.

“The Supreme Court of Canada says you and I have a right to anonymity online. We can choose to identify ourselves, we can choose not to identify ourselves,” David Fraser said Thursday. 

“The Supreme Court of Canada said you have a reasonable expectation of privacy associated with your internet activity. And that’s that.”

On Wednesday, RCMP commissioner Bob Paulson said a recent court ruling curtailing the flow of basic data about customers — such as name and address — has “put a chill on our ability to initiate investigations,” into child predators and other online criminals.

He told a security conference in Ottawa that police should have warrantless access to subscriber information, comparing it to using licence-plate data to find a vehicle owner’s name.

‘Ignorant or disingenuous’

Fraser rejected his comments.

“What I find really frustrating about this is that is either ignorant or disingenuous. You can’t be the chief of Canada’s federal police service and not understand what the Supreme Court of Canada has said about the most important law that we have in Canada, which is the Charter [of Rights and Freedoms]. “

Read mire here

#CyberFLASH: ‘We can’t protect public from cyber crimes': RCMP boss

n-ONLINE-PRIVACY-largeSpeaking to a security and defence industry conference in Ottawa, Paulson said an explosion in Internet crime, combined with laws restricting police online criminal investigations, means people should avoid the Internet or enter it knowing the potential risks.

“Your safety, your family’s safety, your financial integrity is at risk and so we need to start having the conversation now” about giving police reasonable, new and warrantless powers to collect evidence – often personal information – from online sources, such as basic subscriber data from telecommunication companies, he said.

“Because fundamentally, ladies and gentlemen, it’s hard to keep people safe on the Internet right now. The best advice we can give people is, ‘Don’t go (on the Internet),’ which is not really working, or ‘If you go, be really, really, really careful.’

“And if something bad happens, hopefully we’ll be able to help you, but there’s no guarantee.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.