Bill S-4 – (The not quite) Digital Privacy Act ?

I had originally wanted to wait until the Privacy Commissioner of Canada released a report on Bill S-4 before commenting but decided that I should just go ahead and post something about this senate bill.

This bill was proposed to help in the cases of security breaches, to help control identity theft. But unfortunately it may also cause individuals to have their information given to third parties without their consent or knowledge.

“an organization may disclose personal information without the knowledge or consent of the individual if

(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and

(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.” – Bill S-4, Section 10.2 (3)

Furthermore warrants may not be required under Bill C-13 and the costs associated to the infrastructure required to keep records of your online activities would be passed onto either consumers and/or taxpayers.

Are to believe this bill is meant to improve our situation ? We would be paying more for internet and give more private information to a government that was just hacked because of the Heartbeat Bug.

I think this bill needs to be re-written. And if you do too I think you should sign the Open Media petition on Privacy.

Thank you.

Important Message For PC Users

Microsofticon will be ending their support for XP on April 8th, 2014.

This means that you have a month to upgrade to retain support for your PC.

Their will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates for this operating system so upgrading to Windows 7icon or Windows 8icon is recommended.

Please note that an upgrade to Windows 8.1icon is provided free to those upgrading from XP or Vista to Windows 8icon and that file backups are recommended prior to upgrading.

Microsoft Store

Adobe Hacked

Adobe had been breached and have issued a consumer security alert.

Those of you with accounts at Adobe have probably received emails asking you to reset your password. You may also want to keep an eye out for Phishing attempts by fraudsters claiming to be Adobe and unusual activity on the credit cards you’ve used on Adobe. 

For additional details, consult the consumer security alert linked above.

More Information Added

I’ve decided to add a Security/Online Storage listing because I think it’s quite important for people to secure their computers and backup their most important files.

Many malicious programs are handled by Microsoft and Apple but there are a multitude of software packages that help protect computers from malware, spyware and viruses. And if your computer fails because of these programs or a hardware issue, it’s always great to have backups of your content.

I’ve backed up documents, photographs and videos online on Google Drive and Microsoft SkyDrive, both of which offer free storage. And I’m currently considering getting more space for my future needs from a paid service.

By the way, you may already have access to the aforementioned free services if you have email accounts on either gmail, hotmail or yahoo. And Google currently offers 15 gigs storage for free whilst Microsoft offers 7 gigs and Yahoo offers 2 gigs storage for free.

Privacy Threats Not Limited To The United States ?

Everyone has heard about the Verizon data mining performed by the United States government in the name of national security. But are you aware that it might be happening in Canada as well ?

Communications Security Establishment Canada is a security agency that collects various information to protect national interests and according to Ronald Diebert there is a possibility that they are collecting data right now.

Like in the United States this data is likely just cross referenced because it would take an enormous effort to listen to every call or read every email, for example. But we should ask ourselves if this information is stored securely enough so that it cannot be accessed by someone else and how long this data remain accessible, waiting to be abused.

A June 13th, 2013 press release from Commissioner Robert Décary of the Communications Security Establishment Canada addresses some of the issues and he states that the “CSEC does not direct its foreign signals intelligence collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada.” But he also confirmed that the CSEC may “unintentionally intercept a communication that originates or terminates in Canada” and that metadata is being collected by the CSEC “for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government”.

We’ve already had serious security breaches with data stored on hard drives and USB sticks within the past six month courtesy of Human Resources and Skills Development Canada, who managed to loose a hard drive containing data on over half a million Canadians in January and a USB key containing private information on an additional 5000 Canadians in December. And in 1999 we had sensitive top secret documents stolen from a CSIS agent’s car while he was at a Toronto Maple Leafs game so Canadians should know what is being stored and by whom.

If you are concerned about this issue contact your local Member of Parliament and/or sign this petition.

Thank you.

The Road To Hell Is Paved With Good Intentions

Today you will notice many sites have gone dark in opposition to a law proposed in the United States House Of Representatives called CISPA.

The Cyber Intelligence Sharing and Protection Act enables private companies and the United States government to exchange information related to internet security issues including private information to prevent cyberattacks, without public disclosure or the need for warrants. And this is of course where the idiom in the subject line of this post comes in.

In order to prevent cyberattacks and attacks against the national security of the United States everyone’s information would be exchanged and stored on multiple computers for analysis, opening this information up to misuse, abuse or theft.

This bill enables the distribution of information that you don’t want made public, from private posts and email to your internet browsing information, without your knowledge or consent. And it also contains an exemption from liability, reducing an individual’s ability to sue if something were to go wrong during this exchange of information.

The proponents of the bill are also relying on people’s inability to understand that the definitions used in this bill may extend the coverage of this bill beyond “cyber attacks”, the term “national security of the United States” having been linked to that country’s commercial interests in past legislation.

Your choice to purchase something outside of the United States could cause your information to be taken under the premise that the purchase was a threat to the American intellectual property owners because the product might not be authentic or authorized by an American company.

Having unfortunately been subjected to counterfeit DVDs in the past via eBay, my personal, private information could be collected and distributed. And because of this, an act beyond my control, I could face further victimization without legal recourse to prevent it.

Yes, some intellectual property provisions have been removed from the bill but what’s to stop them from re-introducing them ? They have no qualms re-introducing warrantless searches, over and over again and warrants do not significantly impede their current efforts to stop crime on the internet. And I have yet to see and evidence substantiating the claim that privacy is a hindrance to law enforcement, so why are these sentiments remaining in Government ?

I suspect internet security firms want to be funded by the public and are doing their best to present these bills as solutions to politicians that have no idea of what is involved.

Vic Toews, for example, is proof positive that politicians can be severely illiterate when it comes to technology.

In February 2012 this Canadian politician had introduced a bill in Parliament that he had not read in its entirety, claiming that it would address child pornography. And he had been so well convinced that it would that he actually accused opponents of this legislation of standing with child pornographers, in the House of Commons of all places.

Even joint statements from the Privacy Commissioner of Canada and her provincial counterparts had failed to convince him that there were serious issues with the bill and it took a severe public backlash to get him to actually review what he was proposing.

This isn’t the time for half-baked, open ended legislation that can be exploited by the very criminals that these bills are trying to address. And it is rather stupid to believe criminals would not use arguments about the constitutionality of these laws in their defense.

Opposition has been strong within the United States and a White House petition has apparently convinced the President to threaten to veto the bill, “as currently crafted” in a April 16th, 2013 statement (pdf).

Another petition for Americans and non American alike is also available at Avaaz. There are currently over 800,000 signatories on this petition.