'Ottawa Wants the Power To Create Secret Backdoors In Our Networks' (theglobeandmail.com) 39
An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.
There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.
It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."
"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."
There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.
It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."
"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."
Encrypt one layer up, problem solved (Score:3)
Use a VPN. Your traffic will be encrypted from your device to the VPN provider and all the compromised ISP will see is encrypted garbage.
Re: (Score:3)
Re: (Score:3)
You connect with VPN to US provider and access your Canadian Bank.
Canada has no human rights. Your rights are not withstanding.
Re: (Score:2)
You connect with VPN to US provider and access your Canadian Bank.
And then what the USA sees is a logon to a Canadian bank from a US address. Which trigger provisions of FATCA [wikipedia.org]. Your Canadian bank doesn't appreciate getting the full body cavity search from the US Treasury and they drop your account.
Our capital controls work a bit differently than those around the rest of the world. In any other country, you ship your money out, your government comes after you. In the USA, we ship our money overseas and our government rapes the foreign banks/brokers. And the average US ci
Re: (Score:3, Insightful)
If it makes you feel any better the Canadian government doesn't need to compromise your network to steal your money. They already do that through excessive taxation and devaluing the dollar by increasing debt.
Re: (Score:3)
Maybe you can expound on your statements and they'll make sense, but I don't get any of what you're saying.
Regrettably, both ends have to be using the same VPN.
On the face of it, that's not how VPN's work - at least not the ones from normal VPN providers, as opposed to VPN's provided by your work for remote access to internal networks. You'd connect to the VPN and (almost) all of your traffic would go through the VPN and come out wherever it terminated (maybe another country), hopping over your local ISP.
The likelihood of my bank providing any kind of a VPN is roughly zero, ...
That style of VPN is like a VPN to access an internal w
Re: (Score:2)
The public Internet is a hostile medium, by definition. Those who think that without this bill, the government can't and doesn't eavesdrop, are deluding themselves, IMHO.
Re: (Score:2)
neighter secure nor private (Score:2)
I'll say! (Score:3, Insightful)
A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about.
I'm Canadian, and this is the first I've heard of it. And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.
I guess it's time to get serious about personal encryption. No, I don't have anything to hide, or at least nothing I can think of. But fuck'em - our communications belong to us, NOT to the people we pay to run the damn country!
Re: (Score:2)
If you have nothing to hide please respond with your Banking credentials for all to see.
Re:I'll say! (Score:5, Insightful)
And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.
Given Trudeau's track record and the fact that his government is introducing the bill I think we all know who is going to get to abuse it first.
Re: (Score:2, Insightful)
*And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.*
You know, I thought the trucker convey was over the top, that they went too far. However, I still support the concept of protests I dislike, that's the nature of protest in a free country.
Regardless, the Ottawa Police dropped the ball on that front, and the police (as shown from other actions across the country) could have so very easily dealt with the problem wit
Re: (Score:2, Offtopic)
MAGA, Trudeau-like liberals, same sh!t actually. Different clothes, same sh!t.
Re: (Score:2)
Re: (Score:2)
That's not how I read the act (Score:2)
If the Minister Insertion believes on reasonable grounds that it is necessary to do so to secure the Canadian telecommunications system against any threat, including that of interference, manipulation, disruption or Insertion degradation, the Minister may, by order, ...
(m)direct a telecommunications service provider to do a specified thing or refrain from doing a specified thing, other than a thing specified in subsection (1) or 15.1(1);
That's a stretch that this could be used to intercept an individuals data or degrade an individuals privacy. This seems very narrow in saying the actions requested by the minister must be justified by protection the telecommunications system.
Re: (Score:1)
Trudeau doesn't hesitate to use extraordinary powers anytime he likes. He already got shit for that from the courts for using a war time law to cease truckers and those who supported their cause bank accounts when they were protesting in Ottawa.
Re: (Score:3)
Why do you read what is not there?
The minister just needs to believe that it is reasonable. Not that it is..
Time and time again what we are asked to assume, is not how the courts interpreted it.
Re: (Score:3)
You make it sound as if "reasonable" is a clear definition where in fact it is the opposite. Reasonable can accommodate many interpretations and is more about how the judge feels at a given moment and the skill of a lawyer to spew the BS.
Point is they don't have to make a definition. They just have to make a reasonable argument if ever someone has the will to take it to court. There are seldom consequences and the minister will never have to take responsibility.
Re: (Score:2)
I don't know if that's the section people are referring to or not, but the concept of "reasonable" is a legal term, with literally thousands of years of depth to it. It has nothing to do with that the minister thinks, and everything to do with what is deemed reasonable by "the common man", aka common law.
Point is, the minister cannot make up a definition of reasonableness, and this is not an act draped in emergency and expediency. Telecom providers can go to court over an order, get an injunction or what not, pausing the minister's order until it is heard in court. There are options in such cases.
Again I have no idea if that's the clause, doesn't seem like it.
If it's so easy to clearly differentiate between reasonable and unreasonable BEFORE triggering the provision, not AFTER the damage has already been done when 7 years later a court case on behalf of the people is finally adjudicated - then define the boundaries of those clear, reasonable differentiations in the statutes.
It's simple game theory and choice-architecture. The provision, as written, establishes an architecture which explicitly incentivizes and ensures abuse. All the benefits of the abuse come now
Re: (Score:2)
Not an accurate portrayal (Score:3)
I don't think it's unreasonable for a national government to have say in the running of public infrastructure. Who defines what "the National Interests" are is another thing, but I do see how a government could abuse it, we would need at least a stab at some limitations.
I think it's disturbing however that politicians aren't all that motivated to "clean up" social media.. I think THEY think they are net beneficiaries, so ummm, why change it just because it's destroyed a generations of kids and arguably democracy itself. I don't consider that sarcasm. I'm pretty sure Deibert is pointing there too...I'm pretty interested to see how the school board suit vs. social media goes.
Re: (Score:2)
SS7 was designed with the assumption that all of the switching equipment was internal and that there would be no external exposure of control systems.
That has become a problem now that anyone can connect a switch.
Re: (Score:2)
Back doors in encryption == abuse. (Score:5, Insightful)
Governments around the world are well known for abusing powers.
The recent Canadian example of locking the bank accounts of truckers protesting at the border. A war time measure enacted during peace time for a non-violent event.
A back door is going to be abused. It's simply a matter of time. Now the abuser may not actually be the Canadian government in this case. It could easily be a criminal or another state.
Not to mention the abuse that Canadian police forces will do with it. Even if the police only sensibly apply the powers. What happens to the copies of the data the police scoop up? How is it stored, pass around for analysis etc. Raising even more possibilities that the data leaks out and is used for nefarious purposes.
The track record on this sort of legislation is horrible. Love Canada and all, but this is a horrible idea. This will do more harm than good. A lot more harm.
Re: (Score:1)
They also locked people's bank accounts and seized their assets without warrant or jury conviction. The foreign funding was a false pretext, they found no evidence of that, now years later, they finally had to admit and ruled in favor of the defendants, but that is 3 years without a job, without ability to pay your attorney, your mortgage, food etc.
Consumer confidence (Score:2)
Banks and other financial institutions, hospital/medical records, government and many other services require consumer confidence.
They all tell us that their systems are as secure as can be and still they get broken. If there's a suggestion that secure communications can legally be intercepted and decrypted by anyone other than the intended recipient, consumer confidence will fly out the window.
Customers will stop using their phone apps for banking and EFTPOS and will revert to cash and in-person banking, or
Re: (Score:2)
Hospitals will have to face reversion to paper record-keeping. Doctors will have to fax or mail your referrals.
HAHHAHhahaha! As someone who just had to fax a bunch of medial records from one hospital network to a doctor in another one, both in the same city, I found that kinda funny. Worse still, had to physically go to the test facility, have them burn a cd with MRI results, then physically transport that to the other doctor so they could review the results. They could mail it, but they'd only do it via the cheapest method - so 1-2 weeks, which is way later than this emergency requires.
Maybe reverting to 100% paper
To hell with you, buddies! (Score:4, Insightful)
I swear to god, if houses and walls had been invented today, politicians would pass laws you have to have cameras inside so they can see what you're doing. Heaven forfend you be somewhere they cannot watch!
Online is moving into a virtual space. Screw these asses who want to build 1984-like tools of tyranny, of a panopticon.
Blame Canada? (Score:2)
Every single time I see an article about Canada in the 2020's, it's either about a horrendeous violation of free speech, privacy or something related to those - it's never about increasing security or freedoms, it's always the polar opposite.
What on earth is going on over there?
Re: (Score:2)
You do realize your government is spying on you already - No matter where you live
and likely several other governments as well
Re: (Score:2)
Every single time I see an article about Canada in the 2020's, it's either about a horrendeous violation of free speech, privacy or something related to those - it's never about increasing security or freedoms, it's always the polar opposite.
What on earth is going on over there?
Canada's jealousy of the United States is showing. We're extra innovative in trampling rights in the name of security theater. We perfected it after 9/11. Anything for that warm fuzzy the word "safety" and the word "security" brings to some people's minds. Why being trampled with a horde of government officials carrying a banner that says "SECURITY TEAM" gives people a warm fuzzy, I have yet to understand, but it seems to be working for enough people that it keeps happening.
Will nobody think of the children (Score:2)
That's the excuse always trotted out for these backdoors...
https://youtu.be/phSxxVJCZsc [youtu.be]
Study (Score:1)