Canada Bans WeChat, Kaspersky Apps On Government Devices (reuters.com) 33
Citing an "unacceptable level of risk to privacy and security," Canada banned Chinese messaging application WeChat and Russian antivirus program Kaspersky on government-issued mobile devices. Reuters reports: The ban was announced after an assessment by Canada's chief information officer that Tencent-owned WeChat and applications made by Moscow-based Kaspersky "present an unacceptable level of risk to privacy and security," the Treasury Board of Canada, which oversees public administration, said in a statement. Kaspersky said it was surprised and disappointed, and that the decision was made without warning or an opportunity for the firm to address the government's concerns. "As there has been no evidence or due process to otherwise justify these actions, they are highly unsupported and a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky's products and services," the company said in a statement.
The Treasury Board said it has no evidence that government information has been compromised, but the collection methods of the applications provide considerable access to a device's contents, and risks of using them were "clear." "The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that government of Canada networks and data remain secure and protected and are in line with the approach of our international partners," the statement said. The applications will be removed from government-issued mobile devices on Monday, and users will be blocked from downloading them in the future.
The Treasury Board said it has no evidence that government information has been compromised, but the collection methods of the applications provide considerable access to a device's contents, and risks of using them were "clear." "The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that government of Canada networks and data remain secure and protected and are in line with the approach of our international partners," the statement said. The applications will be removed from government-issued mobile devices on Monday, and users will be blocked from downloading them in the future.
ANYTHING foreign (Score:4, Insightful)
Any foreign application should be considered a security risk to a country that depends on its computerized infrastructure.
Re: (Score:1)
So then... the US should ban Linux? (Finnish / Swedish origin). And Canada should ban MS Windows? How's that going to work in practice?
Re: (Score:3, Insightful)
Windows is a security risk for any country, so saying it should be banned in Canada is only a start.
Re: (Score:2)
Fun part: windows source code is available for governments to vet. It's called their "Government Security Program".
Re: (Score:2)
And yet the true content KFC's "11 herbs and spices" remain hidden to all.
Re:ANYTHING foreign (Score:4, Interesting)
Linux isn't really a foreign bit of software, given that it's open source and easily reviewed. You can make your own any time you want, you can review it any time you want.
And while Canada should definitely consider Windows as a security threat (and an economic one), generally speaking the US is more friendly than adversarial with us... which means it could be considered a risk, but an acceptable risk. Running a Russian or Chinese OS as the standard desktop would be extremely foolish and would qualify as an unacceptable risk.
If you're serious about security, you should have your own hardware and software... which is really only possible for about 10 countries right now. Canada has sufficient educated people and the economic power to kick start its own semiconductor industry and we really ought to. Rolling our own flavour of Linux would be child's play in comparison.
After that we should segregate our social media. There's a war on right now over who owns information, and the US is winning it. Arguably they're also losing it because of how they're using it.
Re: (Score:3)
Yeah, I agree. I took issue with the OP who said all "foreign" software should be banned. The appropriate approach is to evaluate on a case-by-case and country-by-country basis.
Re: (Score:2)
All Government of Canada systems must use OpenBSD!
Who's getting paid off by whom? (Score:3)
This is blatant security theater in the name of someone making a profit by stifling their competitors.
Re:Who's getting paid off by whom? (Score:5, Interesting)
Not sure about Kaspersky and how relevant it is in the West at this point, but Canada is utterly penetrated by CCP officials, as it's been one of if not the most favorite destination to hide assets in. The problem is that those people still act as CCP members, and on rare occasion that they don't, there's a massive diaspora to put them back in line. And Wechat is the primary methodology for pretty much all organizing among Chinese mainlanders nowadays. Many of whom are also Canadian government officials.
In this regard, it certainly would add some security both at personal and device level. Banning Kaspersky on the other hand is just good general practice, since it's a security suite from a hostile nation.
Re: (Score:2)
"It doesn't solve the whole problem at once, so this is a wrong action".
Said the chicom operator.
Thank you for sharing that your bosses believe this to be an effective enough action for you to speak against it.
Re: (Score:1)
Re: (Score:1)
I'm not sure how to explain this to someone this exceptionally naive. I'll do my best with an analogy.
You know how a barrel holding a lot of water can indeed hold a lot of water? Do you know that just a tiny part of barrel missing makes it unable to hold any water?
State officials are like that. You don't need "a lot" of hostile officials to have a subverted bureaucracy. You just need a few.
Ok to be spied on (Score:2)
Re: (Score:2)
Re: (Score:3)
It is okay for Canada to be spied on, but only by US.
Welcome to the 5 eyes.
It would be illegal for you to spy on your own citizens. If we spy on your citizens (and then share the information with you) that is just the way it is...
#workingasintended
The problem is location (Score:4, Insightful)
The problem is not necessarily the companies themselves but the jurisdictions they operate under. If "China" or "Russia" tells WeChat/Kasperky to put something in their software then they absolutely will have no choice regardless of their own integrity. If they don't do it then they will be removed and someone else will. In any case no one will know.
Basically, using this software allows an inside connection directly in to your most sensitive systems by hostile foreign governments. Probably not a good idea.
Re: (Score:1)
"USA" should be placed in that category too. It's insane how many people forget about programs like PRISM.
They need to correct the injustices of the past and finally allow women to stare at goats too!
Why should this be news? (Score:3)
Re: (Score:2)
Re: (Score:2)
It's news that it took them so long.
Sound reasoning (Score:2)
Kaspersky has access to the devices it is installed on. Even worse, it has root access, it is expected to monitor all data on the device, and it has an encrypted command&control channel for phoning home and receiving new instructions.
Of course the same is true for every virus scanner. So by that reasoning they should not only ban Kaspersky, but also McAffee, Avast, Defender, all those root kit rackets that are sold as "protection" or "security".
I don't know what they think WeChat is doing. The biggest
Oh dear! (Score:2)
Why don't they just whitelist apps? (Score:4, Interesting)
Why are they allowing random apps to be installed in government devices?
Shouldn't they have a whitelist of apps that can be installed and block / ban everything, with some form of penalty for installing unauthorised apps?
Do they allow employees to install random software on government computers - with only certain software banned?