#CyberFLASH: Can law enforcement legally access data on your smartphone in Canada?

mobile-securityThe debate over whether Apple should comply with a U.S. court order asking it to hack an iPhone belonging to one of the San Bernardino shooters has grown tense over the last week as tech executives, privacy experts and legal pundits weigh in.

The case has stirred up much debate – thanks to Apple’s concerns of creating a so-called backdoor into the iPhone – but it also has many people asking questions about what happens to smartphone data in criminal investigations.

Which got us thinking – can law enforcement agencies legally access data on your smartphone here in Canada? If so, what legal requirements have to be met?

“With respect to the case involving Apple, although raised in the U.S., this is an issue of universal importance. One principle to keep in mind is that companies need to be governed by the rule of law,” said Tobi Cohen, a spokesperson from the Office of the Privacy Commissioner of Canada.

“That being said, the issue of whether it is possible for tech companies ‎to comply with warrants without affecting the safeguards that protect all of us is something that must also be taken into account.”

When it comes to the legalities of this question in Canada, there are two important court rulings we must look at.

Read more here

#CyberFLASH: CSE can assist in ‘threat reduction’ without a warrant, documents show

csis.jpg.size.xxlarge.letterboxOTTAWA—Canada’s electronic spies can assist CSIS with the agency’s new mandate to disrupt security threats with little oversight from politicians or the courts, documents obtained by the Star show.

The Communications Security Establishment told Defence Minister Harjit Sajjan last November they can aid CSIS with new “threat reduction” efforts — a power granted to the agency under Bill C-51.

It’s not unusual for CSE to lend a hand to police or intelligence agencies; in addition to electronic espionage and cyber defence, assistance to law enforcement is one of the agency’s core mandates. But that assistance often requires a warrant.

But under C-51, CSIS can take action to reduce threats to national security without a warrant — so long as the agency’s efforts don’t violate Canadian law or charter rights. CSE confirmed that they do not necessarily need a court’s approval to assist CSIS in threat reduction.

The new power has opened the door for CSE to act as a “virtuous hacker” for CSIS, according to national security researcher Craig Forcese.

“This was the sleeper in C-51, because CSE is barely mentioned in C-51,” said Forcese, a vocal critic of the new terrorism law.

“CSE has been a watcher . . . . It has not been able to do things kinetically to people. But under the umbrella of CSIS assistance, it can now go kinetic.”

The power to reduce or “disrupt” threats to Canada’s national security was one of the most controversial aspects of the previous Conservative government’s anti-terrorism law.

Read more here

#CyberFLASH: There Has Been a ‘Sea Change’ in Privacy Rights in Canada, Warns Watchdog

Surveillance_610px

The man tasked with defending Canadians’ personal information, once decried as a government stooge, directly chastised the federal government over its efforts to track and surveil Canadians — and recommended that the new government put safeguards on how the government uses “big data” to spy on its citizens.

In his annual report, Daniel Therrien, the Privacy Commissioner of Canada, looked at three pieces of legislation that “taken together, these initiatives have resulted in what can only be described as a sea change for privacy rights in Canada.”

The first, C-44, allows Canadian spies to operate abroad and gives them more ability to obtain information without disclosing its origins; C-13, which creates new legal authority for cops and public servants to obtain Canadians’ personal data without a warrant; and C-51, the anti-terrorism legislation that opens the door for wide new intelligence-gathering and sharing.

All three bills, which are now law, were introduced by the Conservatives, but supported by the Liberals.

The Liberals have said they will change aspects of C-51, but have said little about the other two pieces of legislation.

In his report, released last week, Therrien recommended fixes for each bill — that the government include language to prevent CSIS from obtaining and using data that has been obtained through torture; that the law be updated to clarify when police are allowed to obtain Canadians’ data from their internet or cellphone companies without a warrant; and that legislation be introduced to toughen protections for Canadians’ privacy when departments want to share their information.

C-51 especially raised the ire of the commissioner.

Read more here

#CyberFLASH: Warrantless access to internet subscriber data OK sometimes, privacy czar says

daniel-therrien-privacy-commissioner-20140603The federal privacy czar says there are instances when police may not need a warrant to obtain “very limited sets” of internet customer information.

There could be a way to meet at least some law-enforcement demands for warrantless access to information while respecting a key Supreme Court of Canada ruling, privacy commissioner Daniel Therrien said in an interview.

In June last year, the Supreme Court ruled police must have a judge’s authorization to obtain customer data linked to online activities.

The high court rejected the notion the federal privacy law governing companies allowed them to hand over subscriber identities voluntarily.

Police say telecommunications companies and other service providers — such as banks and rental companies — now demand court approval for nearly all types of requests from authorities for basic identifying information.

The Supreme Court judgment came amid mounting public concern about authorities quietly gaining access to customer data with little independent scrutiny.

Read more here

#CyberFLASH: David Fraser opposes warrantless access to internet users’ information

david-fraserA Halifax privacy lawyer says the head of the RCMP is either “ignorant or disingenuous” to call for warrantless access to internet users’ subscriber information.

“The Supreme Court of Canada says you and I have a right to anonymity online. We can choose to identify ourselves, we can choose not to identify ourselves,” David Fraser said Thursday. 

“The Supreme Court of Canada said you have a reasonable expectation of privacy associated with your internet activity. And that’s that.”

On Wednesday, RCMP commissioner Bob Paulson said a recent court ruling curtailing the flow of basic data about customers — such as name and address — has “put a chill on our ability to initiate investigations,” into child predators and other online criminals.

He told a security conference in Ottawa that police should have warrantless access to subscriber information, comparing it to using licence-plate data to find a vehicle owner’s name.

‘Ignorant or disingenuous’

Fraser rejected his comments.

“What I find really frustrating about this is that is either ignorant or disingenuous. You can’t be the chief of Canada’s federal police service and not understand what the Supreme Court of Canada has said about the most important law that we have in Canada, which is the Charter [of Rights and Freedoms]. “

Read mire here

#CyberFLASH: Social media powerful tool for terrorists, expert warns

the-radical-reality-canada-and-homegrown-terrorismPublic Safety Minister Ralph Goodale said Thursday he “looks forward” to talking to RCMP Commissioner Bob Paulson, after Paulson this week warned that online privacy laws are seriously obstructing the fight against runaway cyber crime.

“He and I have not had the chance to have this conversation yet and I’m looking forward to hearing the elaboration of his views,” Goodale said Thursday. “This issue has presented difficulties in the past, some very high-profile ones.”

Goodale, who is politically responsible for the Mounties, made the remark after spending nearly two hours sitting in the audience at a panel discussion on counter-terrorism at a Canadian Association of Defence and Security Industries conference in Ottawa.

A day earlier, in an address to the same gathering, Paulson said rocketing Internet crime, combined with laws restricting police online criminal investigations, means people should avoid the Internet or use it knowing the potential risks.

“And if something bad happens, hopefully we’ll be able to help you, but there’s no guarantee,” he said.

Read more here

#CyberFLASH: ‘We can’t protect public from cyber crimes': RCMP boss

n-ONLINE-PRIVACY-largeSpeaking to a security and defence industry conference in Ottawa, Paulson said an explosion in Internet crime, combined with laws restricting police online criminal investigations, means people should avoid the Internet or enter it knowing the potential risks.

“Your safety, your family’s safety, your financial integrity is at risk and so we need to start having the conversation now” about giving police reasonable, new and warrantless powers to collect evidence – often personal information – from online sources, such as basic subscriber data from telecommunication companies, he said.

“Because fundamentally, ladies and gentlemen, it’s hard to keep people safe on the Internet right now. The best advice we can give people is, ‘Don’t go (on the Internet),’ which is not really working, or ‘If you go, be really, really, really careful.’

“And if something bad happens, hopefully we’ll be able to help you, but there’s no guarantee.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.