Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Canada Encryption Privacy Security

'Ottawa Wants the Power To Create Secret Backdoors In Our Networks' (theglobeandmail.com) 39

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...]
"Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."
This discussion has been archived. No new comments can be posted.

'Ottawa Wants the Power To Create Secret Backdoors In Our Networks'

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Wednesday May 29, 2024 @07:35PM (#64508957)

    Use a VPN. Your traffic will be encrypted from your device to the VPN provider and all the compromised ISP will see is encrypted garbage.

    • by davecb ( 6526 )
      Regrettably, both ends have to be using the same VPN. The likelihood of my bank providing any kind of a VPN is roughly zero, meaning my bank accounts are protected by https only. My ISP could easily do a man-in-the-middle attack on that, with the 'guidance" of CSIS. And once that back door is in place, Bob's your uncle.
      • by MeNeXT ( 200840 )

        You connect with VPN to US provider and access your Canadian Bank.

        Canada has no human rights. Your rights are not withstanding.

        • by PPH ( 736903 )

          You connect with VPN to US provider and access your Canadian Bank.

          And then what the USA sees is a logon to a Canadian bank from a US address. Which trigger provisions of FATCA [wikipedia.org]. Your Canadian bank doesn't appreciate getting the full body cavity search from the US Treasury and they drop your account.

          Our capital controls work a bit differently than those around the rest of the world. In any other country, you ship your money out, your government comes after you. In the USA, we ship our money overseas and our government rapes the foreign banks/brokers. And the average US ci

      • Re: (Score:3, Insightful)

        by NFN_NLN ( 633283 )

        If it makes you feel any better the Canadian government doesn't need to compromise your network to steal your money. They already do that through excessive taxation and devaluing the dollar by increasing debt.

      • by unrtst ( 777550 )

        Maybe you can expound on your statements and they'll make sense, but I don't get any of what you're saying.

        Regrettably, both ends have to be using the same VPN.

        On the face of it, that's not how VPN's work - at least not the ones from normal VPN providers, as opposed to VPN's provided by your work for remote access to internal networks. You'd connect to the VPN and (almost) all of your traffic would go through the VPN and come out wherever it terminated (maybe another country), hopping over your local ISP.

        The likelihood of my bank providing any kind of a VPN is roughly zero, ...

        That style of VPN is like a VPN to access an internal w

    • by vbdasc ( 146051 )

      The public Internet is a hostile medium, by definition. Those who think that without this bill, the government can't and doesn't eavesdrop, are deluding themselves, IMHO.

    • All that does is change the 'who is snooping' from 'the government' to 'my VPN provider.'
  • All backdoors are eventually exploited. Drop charade and enforce HTTP only. This way we know not to send any personal info over the network.
  • I'll say! (Score:3, Insightful)

    by jenningsthecat ( 1525947 ) on Wednesday May 29, 2024 @08:16PM (#64509013)

    A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about.

    I'm Canadian, and this is the first I've heard of it. And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.

    I guess it's time to get serious about personal encryption. No, I don't have anything to hide, or at least nothing I can think of. But fuck'em - our communications belong to us, NOT to the people we pay to run the damn country!

    • by MeNeXT ( 200840 )

      If you have nothing to hide please respond with your Banking credentials for all to see.

    • Re:I'll say! (Score:5, Insightful)

      by Roger W Moore ( 538166 ) on Thursday May 30, 2024 @12:20AM (#64509319) Journal

      And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.

      Given Trudeau's track record and the fact that his government is introducing the bill I think we all know who is going to get to abuse it first.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      *And it sucks that our Liberal government is pushing a program which the most-probably-Conservative next government will almost certainly abuse.*

      You know, I thought the trucker convey was over the top, that they went too far. However, I still support the concept of protests I dislike, that's the nature of protest in a free country.

      Regardless, the Ottawa Police dropped the ball on that front, and the police (as shown from other actions across the country) could have so very easily dealt with the problem wit

    • Careful now; you don't want your bank account frozen.
  • I assume the author is upset about section 15.2(2)

    If the Minister Insertion believes on reasonable grounds that it is necessary to do so to secure the Canadian telecommunications system against any threat, including that of interference, manipulation, disruption or Insertion degradation, the Minister may, by order, ... (m)direct a telecommunications service provider to do a specified thing or refrain from doing a specified thing, other than a thing specified in subsection (1) or 15.1(1);

    That's a stretch that this could be used to intercept an individuals data or degrade an individuals privacy. This seems very narrow in saying the actions requested by the minister must be justified by protection the telecommunications system.

    • by Anonymous Coward

      Trudeau doesn't hesitate to use extraordinary powers anytime he likes. He already got shit for that from the courts for using a war time law to cease truckers and those who supported their cause bank accounts when they were protesting in Ottawa.

    • by MeNeXT ( 200840 )

      Why do you read what is not there?

      The minister just needs to believe that it is reasonable. Not that it is..

      Time and time again what we are asked to assume, is not how the courts interpreted it.

    • Directed not to change the passwords monthly Directed not to install firmware patches Directed no to apply best practice to the firewalls Directed not to revoke expired/compromised certificates The good news is that hackers will test these reported flaws afresh and in combinations. And then the telco will be sued for foreseeable negligence and misfeasance. There is one thing you can do - run traceroute on both ends and compare transit times and # hops and key exchange times. Or use a layer above like Applet
  • by Big Hairy Gorilla ( 9839972 ) on Wednesday May 29, 2024 @09:50PM (#64509157)
    SS7 and that ecosystem is largely about interoperability, like email, these are systems bolted together over a period of decades... They are public systems and what I'm getting out of this story is the legislation would allow the government to have "input" shall we say into the way the telco system and national standards are defined. I saw nothing about altering encryption standards. Like email, or the internet, the addresses or phone numbers have to be public or there would be no way to route it over heterogeneous public infrastructure.

    I don't think it's unreasonable for a national government to have say in the running of public infrastructure. Who defines what "the National Interests" are is another thing, but I do see how a government could abuse it, we would need at least a stab at some limitations.

    I think it's disturbing however that politicians aren't all that motivated to "clean up" social media.. I think THEY think they are net beneficiaries, so ummm, why change it just because it's destroyed a generations of kids and arguably democracy itself. I don't consider that sarcasm. I'm pretty sure Deibert is pointing there too...I'm pretty interested to see how the school board suit vs. social media goes.
    • by sjames ( 1099 )

      SS7 was designed with the assumption that all of the switching equipment was internal and that there would be no external exposure of control systems.

      That has become a problem now that anyone can connect a switch.

  • by upuv ( 1201447 ) on Wednesday May 29, 2024 @11:52PM (#64509287) Journal

    Governments around the world are well known for abusing powers.

    The recent Canadian example of locking the bank accounts of truckers protesting at the border. A war time measure enacted during peace time for a non-violent event.

    A back door is going to be abused. It's simply a matter of time. Now the abuser may not actually be the Canadian government in this case. It could easily be a criminal or another state.

    Not to mention the abuse that Canadian police forces will do with it. Even if the police only sensibly apply the powers. What happens to the copies of the data the police scoop up? How is it stored, pass around for analysis etc. Raising even more possibilities that the data leaks out and is used for nefarious purposes.

    The track record on this sort of legislation is horrible. Love Canada and all, but this is a horrible idea. This will do more harm than good. A lot more harm.

  • Banks and other financial institutions, hospital/medical records, government and many other services require consumer confidence.

    They all tell us that their systems are as secure as can be and still they get broken. If there's a suggestion that secure communications can legally be intercepted and decrypted by anyone other than the intended recipient, consumer confidence will fly out the window.

    Customers will stop using their phone apps for banking and EFTPOS and will revert to cash and in-person banking, or

    • by unrtst ( 777550 )

      Hospitals will have to face reversion to paper record-keeping. Doctors will have to fax or mail your referrals.

      HAHHAHhahaha! As someone who just had to fax a bunch of medial records from one hospital network to a doctor in another one, both in the same city, I found that kinda funny. Worse still, had to physically go to the test facility, have them burn a cd with MRI results, then physically transport that to the other doctor so they could review the results. They could mail it, but they'd only do it via the cheapest method - so 1-2 weeks, which is way later than this emergency requires.

      Maybe reverting to 100% paper

  • by Impy the Impiuos Imp ( 442658 ) on Thursday May 30, 2024 @01:01AM (#64509359) Journal

    I swear to god, if houses and walls had been invented today, politicians would pass laws you have to have cameras inside so they can see what you're doing. Heaven forfend you be somewhere they cannot watch!

    Online is moving into a virtual space. Screw these asses who want to build 1984-like tools of tyranny, of a panopticon.

  • Every single time I see an article about Canada in the 2020's, it's either about a horrendeous violation of free speech, privacy or something related to those - it's never about increasing security or freedoms, it's always the polar opposite.

    What on earth is going on over there?

    • You do realize your government is spying on you already - No matter where you live
      and likely several other governments as well

    • Every single time I see an article about Canada in the 2020's, it's either about a horrendeous violation of free speech, privacy or something related to those - it's never about increasing security or freedoms, it's always the polar opposite.

      What on earth is going on over there?

      Canada's jealousy of the United States is showing. We're extra innovative in trampling rights in the name of security theater. We perfected it after 9/11. Anything for that warm fuzzy the word "safety" and the word "security" brings to some people's minds. Why being trampled with a horde of government officials carrying a banner that says "SECURITY TEAM" gives people a warm fuzzy, I have yet to understand, but it seems to be working for enough people that it keeps happening.

  • That's the excuse always trotted out for these backdoors...

    https://youtu.be/phSxxVJCZsc [youtu.be]

  • This is certainly good, but there are problems. Essentially this is access to encrypted data. When I was studying this, I read about the network security key, I used https://moonlock.com/network-security-key [moonlock.com] for this. A useful thing for many. In general, this is a controversial issue.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...