Category: Internet

kaiamar:Thread on Net Neutrality from Cory Doctorow. The…













kaiamar:

Thread on Net Neutrality from Cory Doctorow. The internet was built with public money. It should be treated as a public utility. Instead greedy telcos like Comcast give us crappy service, fail to maintain the net, and demand more money for profit.

If you’re anywhere near Waterloo Region (Ontario) on Monday, December 4th, 2017, Doctorow will be giving talks at

Kitchener Public Library
3:00 pm to 4:00 pm
Central Branch Theatre
85 Queen Street, Kitchener
http://www.kpl.org/85-queen-afternoon-cory-doctorow-ticketed-event

University of Waterloo
Cheriton School of Computer Science
7:00 pm - 8:30 pm
The Theatre of the Arts ~ Modern Languages Building,
200 University Avenue West
Waterloo, ON N2L 3G1
https://cs.uwaterloo.ca/events/cory-doctorow

Although both events are free, you need to book tickets in advance.
(And seating is limited, so be sure to get there early.

Bill C-51 – The Antiterrorism Act 2015

Repeal Bill C-51 banner

 

Bill C-51, now known as the Anti-terrorism Act, allows Canada’s spy agency, CSIS, to disrupt real and perceived terrorist threats. It allows intelligence agencies to share Canadians’ personal information more widely. Authorities can detain someone for up to seven days if it’s believed a terrorist event may occur.

And the exercise of these new powers can take place without meaningful parliamentary oversight.

Promised changes to anti-terrorism law C-51 still months away: Liberals want to consult with Canadians over the summer to see what changes they want to C-51

CSIS was supposed to prevent the RCMP security service from engaging in unlawful activity.

 

In 1984, CSIS was created as a response to the McDonald Commission, which recommended a separation between national security policing and intelligence functions. National security intelligence would be limited to information gathering, and CSIS’ performance of its duties and functions would be subject to the review of the Security Intelligence Review Committee (SIRC). Unlawful disruption tactics, including barn burnings, property destruction, break-ins, thefts, and abusive investigation techniques by the RCMP were strongly condemned. In the aftermath of the McDonald Commission Report, the government created CSIS as a legally more constrained, domestic, civilian intelligence collection service. Indeed, later in that decade, an important reform removed the controversial area of “subversion” from the RCMP’s mandate.

– Voices-Voix update on Bill C-51: Anti-Terrorism Act, 2015

RCMP Musical Ride

The idea was to separate the intelligence gathering and security operations into two discrete branches of the service.   Giving CSIS the power to act on the intelligence it gathers, to make the sort of disruptions it was created to prevent the RCMP from undertaking makes no sense at all.   From all reports, Canadian security ~ and Canadians ~ have suffered serious consequences because the two branches of the service don’t communicate with each other.  Instead of rectifying such  serious problems that have come to light through the Air India Inquiry (2010) and the Arar Inquiry (2006), C-51 compounds them by granting the security service unprecedented “lawful access” to the personal information of all Canadian citizens.  What it does *not* do is compell CSIS to share information about imminent attacks.  This does not make Canadians safer.

The Canadian Civil Liberties Association has produced a wonderful primer:
UNDERSTANDING BILL C-51: THE ANTI-TERRORISM ACT, 2016

Although I am no lawyer, my understanding is that C-51 legalized a host of activities that were formerly illegal under Canadian law because they jeopardize or contravene the civil rights Canadians are supposed to be guaranteed under the Canadian Charter of Rights and Freedoms.  As near as I can tell, nothing at all is being done to end CSE’s bulk data collection — effectively spying on the digital activities of all Canadians 24/7.

Currently the only supervision of the activities of the security services are after-the-fact reviews, which means any and all improper Charter breaches will only come to light long after they have occurred, which is like closing the barn door after the horse has escaped.

Perhaps the most chilling part of all of this is the incredible lack of oversight to the services that have been given these incredible powers over our lives.  At least in the early part of the 21st Century the CSIS Inspector General provided actual supervision, to ensure Canadian spies don’t break the law.

Unfortunately that was one of the many non-budgetary items bundled into the Harper Government’s Omnibus “Black Mark Budget” in 2012; a few quiet strokes of a pen abolished the IG’s office, leaving only the SIRC review process, a part time agency that looks at only a tiny percentage of what CSIS actually does.

I wrote about this all in March of last year, before C-51 became law, in Liberal Leader Gets Bill C-51 Wrong.  Unfortunately it looks as though our Liberal Government has no intention of dismantling this dreadful law.  It seems the best we can hope for is some sort of parliamentary oversight.

Unfortunately that is more likely to end up being a rubber stamp than anything else.

What Canadians Can Do

Before Bill C-51 became law, there were protests across Canada, including three in Waterloo Region, on a very cold March day, on a much nicer day in April, and another in May.

NDP MP Randall Garrison Moves To Repeal Anti-Terror Bill C-51

CCLA AND CJFE MOUNT CHARTER CHALLENGE AGAINST BILL C-51

Today is the last day for Canadians to make submissions to the Federal Government’s National Security Consultation.  Although there was a component of This is an online consultation, and they’ve provided plenty of reading material, which naturally supports the idea this legislation is a good thing. It’s not. At least not if you think the Canadian Charter of Rights and Freedoms is important.     Privacy Is Not A Crime

The government has broken the consultation down into categories spread out over multiple web pages, asking for our input on any or all of the 10 topic areas for the consultation. Each page also asks us to identify ourselves, although, unlike the electoral reform consultation, it is not explicitly necessary.

Online Consultation on National Security

We also have the option of making an Email submission: ps.nsconsultation-consultationsn.sp@canada.ca

I’ll say it again: Today ~ December 15th, 2016 ~ is the LAST DAY to participate in the consultation.  Please do.  Even if all you do is go to any or all of the Consultation web pages and comment “Repeal C-51” you will help.  Anonymous comments won’t be taken as seriously as comments connected with our real names, so I strongly recommend filling in the contact info.  The reality is that, so long as C-51 is in place, there is no way for Canadians to enjoy online anonymity.  (Even encrypted activity is being recorded and stored against the day the security services can break the encryption.)

Even if you read this after the consultation deadline, you can still call your MP to account for this.  Canadians used to have civil rights.  We used to have privacy.  Law enforcement agents were required to produce some evidence of probable cause that would convince a judge to issue a warrant before our Charter protections of our privacy could be legally breached.   Privacy is the citizen’s only protection from potential over-reach of the powerful state.  This is why the UHDR and the Canadian Charter of Rights and Freedoms seek to protect our privacy.  Sacrificing citizen privacy does not make us safer, it puts us at risk.

C-51 ushered in a powers and laws that threaten Canadian privacy, freedom of speech and other Charter protections without actually substantively dealing with problems of prosecution of terrorism, and without any meaningful oversight of Canada’s booming national security industry.

After you make your submission, you can Sign the Petition:

 

We are at a disheartening moment in federal politics. Despite all the powerful and thoughtful critiques of the government’s anti-terrorism bill, it has now become law.”
– Ed Broadbent

Repeal Bill C-51

If you buy only one book this year, don’t buy my novel, get yourself a copy of False Security: The Radicalization of Canadian Anti-terrorism, by By Craig Forcese and Kent Roach. Better yet, get copies for all your family and friends.  Because this must change if we don’t want our lives, and our kids and our grandkids lives to be lived in an Orwellian dystopia. This is the stuff of fiction, this is reality.

Bill C-51 has been Canadian law for...

click to go to the live clock


President Obama Tells FCC Chairman He Expects Real Net Neutrality

WASHINGTON — During a question-and-answer session in Santa Monica, Calif., on Thursday, President Barack Obama voiced his strong support for Net Neutrality and his opposition to the sort of pay-for-priority plan put forward by his appointed chair to the Federal Communications Commission. The remarks were the strongest statement yet from the president against the FCC’s […]

Be Safe Online

hackers or crackers

First, I’m sick of people blaming “hackers” for online security breaches. Hollywood may think that “hackers” are the people breaking online security, but I know too many computer peeps who call themselves hackers, and say a “hack” is a creative solution, not a criminal activity. They call the badguys “crackers.”

Crackers maliciously “crack” open your security, sometimes for fun, the way vandals find vandalism fun, but more often for profit. This is a large part of identity theft; this is the growth are of the crime world.

safe or not

Too often the websites and institutions that are supposed to be keeping us safe online are just making it look safe.

Debit/Credit Cards: I am so tired of the new “chip cards” that are being foisted on us. Supposedly they are supposed to bring increased security. I haven’t figured out how, exactly. What it does is make the transaction take longer. I have to leave the card in until it is finished. A merchant told me that increases the incidence of forgotten cards. This new technology costs the merchants more (in effect costing us more, too) but does it actually improve our security? Don’t think so.

the appearance of security?

The Internet has happened so fast, most of us don’t understand it. But we need to start taking responsibility for our own security.

After people find themselves victimized by a breach of an email account or a highjacking of a domain name, they start thinking about security. The first thing we look at is the password. Suddenly we think this isn’t enough.

That’s why banks and sites have started adding “security questions.” Not to make us more safe, but to make us feel more safe.

passwords

I’ve heard it said that a username and password is fine if the password is good, and if you keep it secure.

But if your password is “password” or anything:

  1. easily guessable (your birthdate, middle name, dog’s name, etc.) or
  2. simple enough that password cracking software can breach it
  3. a password you use in more than one place
  4. a password stored “in the cloud”

then you are playing with fire.

Any public information is insecure. One thing that would help enormously with online security would be if we were to stop giving out personally identifiable information everywhere we go.

Lie

When I walk into WalMart, I don’t have to show the greeter ID, or tell them where I live. If they asked that, customers would turn around and walk out.

So why should I have to tell a website I visit my name and post code? None of their business. But if they ask, it usually means you can’t get into the site without giving the information. Rule of thumb: if they don’t have the right to ask for the information in real life, they don’t have the right online.

If you buy something from the site, obviously you need to give them the real info. But if you are just shopping, or doing price comparisons, it is none of their business who you are or where you live. The only thing to do is lie.

Find a post code located far away, tell them a made up name. If you’re feeling really adventurous, change your age or your gender. There are also places where you can get disposable email addresses if you need to validate. Like Mailinator.com

The more people with access to your personal information means there is more chance that your personal security will be breached.

public = anyone can find out

Once you have given it out, used it anywhere, online, EVER, it is not secure. Online anonymity is only as anonymous as you make it. The Electronic Frontier Foundation says in most cases all it takes is three personally identifiable pieces of information to find you.

questioning the questions

Adding a “second layer” doesn’t help when the question is “mother’s maiden name” or “elementary school” as the question. Seems to me those “security questions” are rubbish, only giving the appearance of security. When the answer to “security” questions are publicly identifiable information, you end up using public personally identifiable information which identity thieves can use to crack your account.   #FAIL

You can get around this by answering a different question, so the question and answer no longer make sense. Mother’s Maiden Name: Pepperoni Pizza … but then you have to keep track of the question and answer, too, so instead of keeping one password per site you have to keep track of username, password, question, answer and perhaps another question and answer. So now instead of one reasonably secure password, you need a book or file to keep track of it all. This makes it much easier for the bad guys to grab hold of this. So this “security” nonsense can end up being even less secure.

Funny story: I forgot my bank question thing, but was able to get online access back, over the phone, by telling them my mother’s maiden name. This is my BANK. You know, the ones pushing the chip cards.   #FAIL

real security

Better security can be achieved by keeping out malware. Start with a trusted virus protection program. AVG is good. Check for spyware periodically too.

Don’t open suspect email. If anyone you know has had their identity stolen or sitejacked, don’t open email from their old account. Don’t open attachments. Or apps.

I use the Firefox Browser. Before I click a link on a webpage I am new to, I can hover over it with the curser arrow, and the link’s URL appears in the lower right corner of my screen. This way I can see that the link will take me where the site says it will take me.

One of the ways malware find itself onto people’s computers is through security holes in FLASH which allows crackers entry to *your* computer when you upgrade (don’t do it!) or, my personal favorite: javascript.

I use NoScript because when you allow javascript free reign on your computer, you run the risk allowing executable code on your computer. This means that the java script can have a trojan horse in it, it can start a program to do all kinds of things to your computer. Nowadays they don’t usually turn your computer into a brick, at least right away. Usually they will suck information on your family and friends or record your keystrokes and so find your passwords. Malware, viruses etc.

When I come across a website that is broken without forcing me to load Flash, or worse, that has been javascrippled, I leave. The security risks are simply too high.

passwords

Just so you know: if you use your mother’s maiden name as your password, it doesn’t take a cracker to crack it. The seven year old two doors down the block could likely manage it for a laugh.

Internet bad guys just use a different set of tools. Think of your email password as the lock to your front door. Who would you share the combination with?

If you give the combo to the builders, after they’ve done the job, it is time to change it. The beauty of passwords is that they are much easier to change than physical locks are.

When in doubt, change it.

Keep it secret. Keep it safe.