#CyberFLASH: Online privacy tool Access My Info now empowers Canadians to learn how dating and fitness apps use their data

GettyImages-556421117“Access My Info empowers individual Canadians to easily exercise their legal right to understand what data is out there about them, whether that information is shared and, if so, with whom,” said Andrew Hilts, Executive Director of Open Effect and researcher at the Citizen Lab at the Munk School of Global Affairs, University of Toronto, the groups that created Access My Info.

He continued: “This will help consumers make informed choices, and help companies assess whether their policies and practices are meeting the needs of their customers while also complying with the law.”

Under the Personal Information Protection and Electronic Documents Act, Canadians can request complete records of the personal information held about them by the companies providing them services. They can ask a company questions and get answers about their data, and correct misleading or false information. But Hilts says knowing the right questions to ask is critical.

“It’s hard to know what to ask about your data without first knowing what is being collected about you,” said Hilts. “With Access My Info, you can spend a few minutes and create a custom-made letter that asks careful questions of your telco, your dating app, or your fitness tracker about how data is collected and used.” The letters were written by policy experts working at the Citizen Lab, where Access My Info is part of the Lab’s Telecommunications Transparency Project. The project investigates how telecommunications data is monitored, collected, and analyzed for commercial, state security, and intelligence purposes.

“Access to information is a fundamental human right. Yet, research has shown most Internet users are either ignorant of, or apathetic about, the data they give away and what companies and governments do with it. When faced with lengthy and confusing terms of service, most users simply click ‘I agree’,” said Professor Ronald Deibert, Director of the Citizen Lab.

Read more here

#CyberFLASH: University of Toronto researchers show how Canadian data can be vulnerable to US state surveillance

Canada cyber security newsWhile Edward Snowden leaked documents exposing the wide breadth of National Security Agency surveillance in 2013, the repercussions of those documents still inform conversations around online privacy concerns. And University of Toronto researchers have created an interactive database to show how NSA surveillance can even have an impact on Canadians.

The IXMaps database helps Canadians understand how their internet traffic moves—specifically, it helps Canadians understand how certain traffic routes, known as boomerang routes, move data into the United States and into the jurisdiction of the NSA before the data returns to Canada. The tool is funded by the .CA Community Investment program, which is dedicated to funding initiatives “keep Canadians at the forefront of the digital age,” according to its website.

“IXmaps highlights just how much of our Canadian web traffic is unnecessarily being routed through the U.S. and back againwithout our knowledge. The biggest concern about our data moving into the NSA’s jurisdiction is that Canadians do not have the same protections from NSA surveillance that Americans do, so our information is more vulnerable.” says Laura Tribe, digital rights specialist at Open Media. “ And as the Snowden revelations have highlighted, the amount of information being shared between the Five Eyes governments (Canada, U.S., U.K, Australia and New Zealand), means that our information doesn’t likely stop with just the NSA.”

Many of the major Internet providers in Canada have networks that favour north – south connections, pushing Canadian data flows toward key American routing hubs in New York, Chicago, Seattle, or California, and popular sites like Google, Facebook, YouTube, and Amazon leaves Canadian data vulnerable to American mass surveillance.

Read more here

#CyberFLASH: Toward the quantum Internet

2016-01-07-Helmy-sizedAfter terror attacks last year in Europe and Africa, speculation swirled that the plotters may have been using smartphone apps to encrypt their communications.

Now, Professor Amr Helmy of the University of Toronto’s Faculty of Applied Science and Engineering is leading research that could break open such encryption while ensuring the security, privacy and confidentiality of legitimate communications.

Helmy’s work is supported by a Connaught Global Challenge Award. The award, funded by U of T’s Connaught Fund, was established in 2011 to support interdisciplinary approaches to problems of global significance. Proposals come from the U of T research community, involve large teams from multiple disciplines and are subjected to the highest level of international peer review.

As more people and businesses move crucial operations online, digital security has become a challenge of global significance. Modern encryption ciphers can only be broken with powerful computers, much faster than those commercially available today. Quantum computing and quantum cryptography harness the physical laws of quantum mechanics to provide both speed and security improvements many orders of magnitude better than today’s state-of-the-art.

“A technological platform that provides a significant leap forward is sorely needed,” says Helmy. “My personal vision is for a quantum Internet that can go farther beyond quantum-based security – that can afford distributed quantum information processing, where quantum computers are connected by quantum communications.”

Read more here

#CyberFLASH: Toward the quantum internet: Amr Helmy wins funding from Connaught Global Challenge Award

1297516661469_ORIGINALThe Connaught Global Challenge Award — funded by the University of Toronto’s Connaught Fund — was established in 2011 to support interdisciplinary approaches to problems of global significance. . As more people and businesses move crucial operations online, digital security has become one of these key challenges.

Moderns encryption ciphers can only be broken with powerful computers, much faster than those commercially available today. Quantum computing and quantum cryptography harness the physical laws of quantum mechanics to provide both speed and security improvements many orders of magnitude better than today’s state-of-the-art.

“A technological platform that provides a significant leap forward is sorely needed,” says Helmy. “My personal vision is for a quantum Internet that can go farther beyond quantum-based security — that can afford distributed quantum information processing, where quantum computers are connected by quantum communications.”

Read more here

#CyberFLASH: When it comes to cyberspace, should national security trump user security?

Apple Hosts Event At Company's Town HallRon Deibert is the director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs.

Imagine if the government had knowledge of a critical vulnerability in a heart pacemaker, but decided to keep the information secret in order to exploit it as a weapon. Would that be okay? What about flaws in the electronic controls of a 747 that could be manipulated remotely to cause the plane to crash? Or a nuclear enrichment facility? Should they publicly disclose these vulnerabilities in the interests of user safety? Or should they keep them classified in case they provide comparative advantage in matters of national intelligence or warfare?

Whatever each of us may think about these questions, it appears the world’s most powerful spy agencies have already resolved on an answer: for them, national security trumps user security.

Today, the University of Toronto’s Citizen Lab is publishing a report documenting major security and privacy vulnerabilities in one of the world’s most widely used mobile applications: UC Browser. Chances are if you are a North American reading this, you have never heard of UC Browser. But if you live in China or India, it’s probably as familiar as Microsoft Explorer. In fact, UC Browser is used by over 500 million people, and is the fourth most popular mobile browser in the world.

Popularity aside, UC Browser has fundamental problems (problems the company is working to repair after our notification): it leaks a huge torrent of highly detailed personally identifiable data about its users. Those leaks include the unique identification number hard-baked into the device (IMEI), personal registration data on the user’s SIM card (IMSI), any queries sent over the browser’s search engine, a list of the names of any WiFi networks to which the device has recently connected, and the geolocation of the device. Some of this data is sent entirely “in the clear” without encryption; others are sent using weak encryption that could be easily decrypted. Some of it is sent the moment the application is turned on, in an “idle state.” None of it is sent with the explicit permission of its users.

Read more here

FinFisher Surveillance malware spreads to smart phones

University of Toronto researchers say a commercial cyber-espionage program marketed as a way for governments to spy on criminals is being used for broader surveillance and can now take over a range of smart phones and other mobile computing devices.

“People are walking around with tools for surveillance in their pockets,” said researcher John Scott-Railton, a doctoral student at the University of California Los Angeles’ Luskin School of Public Affairs, and the founder The Voices Feeds, which helped activists get around Internet blockages during the Arab Spring.

“These are the tools that can be used to turn on your microphone and turn your phone into a tracking device,” Scott-Railton added.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.