Ottawa defends spy agency, says collection of Canadians’ data ‘incidental’ @ CBC News

Posted on January 24, 2014

0


The future when it comes to the tech sector is #cybersecurity ….I keep saying the digital game will change and now that we know our information and data is being tracked, we don’t have digital endpoint rights when it comes to our privacy either and we all utilize technology devices, join multiple Internet platforms, utilize cloud application and live in the digital age with our gadgets, so what is the solution ? I believe “cyber security” will win at the end and more technology users will want to keep their data protected and will look for new solutions as times evolves ..many though will ignore their privacy and a percentage will look for solutions, when it comes to the world of “cloud computing” I suppose.

Below is a debate on citizen security to privacy, and increased surveillance

On a post on Washington’s Blog
“Making Us All Less Safe In the Process” Norway’s largest newspaper (Aftenposten) reports today that British spies pressured the developers of cellphone standards in the 1980s to intentionally weaken the cellphone’s encryption:

The British argued that the key length had to be reduced [the longer the key length, the stronger the encryption]. Among other things they wanted to make sure that a specified Asian country should not have the opportunity to escape surveillance.

*** We are still now having an encryption that is about 1000 times weaker than originally planned.

That means that it probably would have taken longer time for NSA and others to crack the encryption, and a certain amount of eavesdropping would have been avoided.

In other words, hackers can break into cellphone calls much more easily because the British spied intentionally made the encryption 1,000 times weaker than it otherwise would have been.

This isn’t the only example of Western spy agencies destroying security.

The NSA paid leading encryption company RSA $10 million to weaken its encryption algorithm. Many other encryption companies have probably also accepted a deal with the devil. As ProPublica reports:

The N.S.A. has been deliberately weakening the international encryption standards adopted by developers.

New Scientist reports:

The internet is full of holes. The spy agencies in the US and UK have forced technology suppliers to deliberately weaken security measures in the online computing systems that everyone uses. As a result they may have compromised everybody’s security – since the vulnerabilities can be exploited by anybody who discovers them.

***

One of the leaked documents reveals that the NSA and GCHQ aim to “insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets”. An “endpoint communications system” simply means a computer, tablet or cellphone.

A top expert in the ‘microprocessors’ or ‘chips’ inside every computer – having helped start two semiconductor companies and a supercomputer firm – says:

He would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.

***

[The expert] said when he learned the NSA had secured “pre-encryption stage” access to Microsoft’s email products via the PRISM leaks, he recognised that “pretty much all our computers have a way for the NSA to get inside their hardware” before a user can even think about applying encryption or other defensive measures.

Documents leaked by Edward Snowden show that the NSA targeted:

Firewalls from Juniper Networks, hard drives from Western Digital, Seagate, Maxtor and Samsung, networking gear from Cisco and Huawei, and servers from Dell [as well as other equipment.]

NSA also encourages large internet companies to delay patching vulnerabilities, to allow the NSA time to exploit them. See this and this. In other words, the NSA encourages companies to allow vulnerabilities to remain unfixed.

And the NSA started building in backdoor access to all Windows software by 1999.

Whenever the NSA or GCHQ creates a “backdoor”, it allows all sorts of bad guys in to exploit it.

Spying makes us vulnerable to hackers and other bad guys:

IT and security professionals say spying could mess up the safety of our internet and computer systems

The Electronic Frontier Foundation notes:

“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’”

Schneier provides details:

“[NSA spying] breaks our technical systems, as the very protocols of the Internet become untrusted.

***

The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.

***

We need to recognize that security is more important than surveillance, and work towards that goal.”

Another expert on surveillance and cybersecurity – Jon Peha, former chief technology officer of the FCC and assistant director of the White House’s Office of Science and Technology – says that the NSA’s spying program “inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes”

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

The inventor of the World Wide Web agrees

The stakes are high:

“A team of [10] UK academics specialising in cryptography has warned … that ‘by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies‘….

The biggest risk, they imply, is that civilian systems and infrastructure – perhaps including physical systems such as the power grid – could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same ‘backdoors’ in software that have been planted there by the western agencies.”

And the NSA’s big data collection itself creates an easy mark for hackers. Remember, the Pentagon itself sees the collection of “big data” as a “national security threat” … but the NSA is the biggest data collector on the planet, and thus provides a tempting mother lode of information for foreign hackers

The NSA and GHCQ’s mucking about has made us all less safe …

#cybersecurity  will play a major role in the future for many users of technology @mymulticast

#cybersecurity will play a major role in the future for many users of technology @mymulticast

US judge says NSA phone data snooping probably illegal
A US judge struck a first blow against the National Security Agency’s bulk collection of phone records Dec. 16, ruling it breaches citizens’ privacy to an “almost Orwellian” degree that is probably unconstitutional.

The scathing ruling by a federal judge in Washington was stayed pending appeal, but if upheld it could lead to the spy agency being barred from indiscriminately gathering metadata on millions of private calls.

While not a final judgment, the ruling put the administration on the back foot at the start of what will no doubt be a protracted series of legal challenges to the NSA’s global surveillance network.Data Snooping Probably Illegal NSA

The government says it’s impossible to know whether a foreign target may be communicating with someone in Canada, which means a “small” number of communications from Canadians has be collected. (CBC)

The B.C. Civil Liberties Association filed a lawsuit last fall, alleging Canadians’ communications were being illegally swept up by the Communications Security Establishment Canada, or CSEC.

The group’s lawsuit targeted the spy agency’s monitoring of foreign communications, as well as the collection of metadata, which reveals technical information but not the content of electronic communication.

But Ottawa has filed a statement of defence that says CSEC follows strict rules that prevent the agency from specifically targeting Canadians and its activities are monitored by an independent commissioner.

The government says it’s impossible to know whether a foreign target may be communicating with someone in Canada, which means a “small” number of communications from Canadians has be collected.

As for the collection of metadata, the statement of defence says it plays a vital role in identifying and thwarting cyber threats.

Related Info sharing between CSIS and CSEC concerns security watchdog – Politics – CBC News
In “Canada”CSEC & B.C. Civil Liberti Ottawa defends Spy Agency says collection of Canadians data incidental

A civil liberties watchdog is suing Canada’s electronic spy agency for allegedly breaching the constitutional rights of Canadians.

The British Columbia Civil Liberties Association says Communications Security Establishment Canada violates the Charter of Rights by intercepting Canadians’ private communications.

The organization filed the lawsuit in the Supreme Court of British Columbia.

Ottawa-based CSEC monitors foreign communications — from email and phone calls to faxes and satellite transmissions — for intelligence of interest to Canada.

CSEC says it operates within all Canadian laws, including the charter, the Criminal Code, the Canadian Human Rights Act and the Privacy Act.

The National Security Agency, CSEC’s American counterpart, is at the centre of a storm of leaks from former contractor Edward Snowden that document the U.S. agency’s vast reach into cyberspace.
CSEC

Advertisements
Tagged: