GDPR

4 ways to fix digital privacy in Canada

We see a lot of headlines every day about the growing impact of cybercrime.  

Our CEO, David, is often in the media providing explanation and context. While the news isn’t good, there is hope and a way for a more secure digital future for Canadians and people around the world.  

With stories of recent major data breaches like Desjardins and Capital One hurting Canadians’ trust, their wallets, and even their identities, it's time for the country to crack down on cybercrime.  

Sounds like an insurmountable task, but there are tangible steps we can take in the short- and long-term future that could majorly cut down criminal activity online.  

1) Require multi-factor authentication

Any organization that handles sensitive financial info should be required by law to use multi-factor authentication — meaning an additional layer of security beyond the username and password.  

There’s a simple reason Canadian companies including banks, telecommunications providers and more haven’t done this: they’re afraid of introducing it and making it a requirement, assuming it will cost them customers who would move to a competitor that doesn’t ask for this advanced security. 

But if every firm with sensitive personal or financial information were doing it, MFA would quickly become the norm and raise our overall standard for digital safety.  

The Canadian government could get the ball rolling by applying this to federally regulated industries which include telecommunications, banking, transportation — some of the most important parts of a modern society.  

2) Pass new privacy laws with real teeth

This is a medium-term goal. Europe is doing privacy right; with the General Data Protection Regulation implemented in 2018, the E.U. is putting power over personal data in the hands of individuals, and fining companies that fail to protect it. We could essentially copy and paste the GDPR legislation into a Canadian framework to start taking privacy seriously.  

If our laws had real teeth, Capital One could be fined $1.2 billion for the breach that impacted six million Canadians. Right now, though, we’re toothless. 

3) Replace the SIN

We’re talking long-term ambitions, here, but the social insurance number has run its course as the primary digital identifier of Canadians. This dated approach to our digital economy is inadequate in today’s world. Reinventing it is not unrealistic — if tiny countries like Estonia can figure it out, so can we.  

The Canadian Banking Association has been urging the government to do this for a while now, in order to finally stop ID fraud. 

A proper, secure Digital ID is the foundation on which we can build an identity-fraud safer world. 

4) Radically rethink the internet

A longshot ambition, perhaps, but thinking big is how societies advance. 

Picture your digital identity as your driver’s licence. Currently, companies copy and store your licence and in doing so, risk losing that info to others who can then impersonate you online.   

new model, proposed by Tim Berners-Lee, the creator of the World Wide Web, would be more like showing your licence when you need to, but otherwise keeping it in your possession. Instead of having our personal info collected and stored by thousands of companies at their discretion, each person would control one “master copy” of their personal data and have the tools to secure it themselves. No more corporations copying and keeping sensitive info without consent, in other words.  

Part of the problem is the view that digital privacy issues have spiralled beyond our control, but if we tackle it piecemeal, we can make cybercrime a thing of the past.  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245 and check out our blog on 7 Reasons to Start Using a Password Manager Today! 

Canada's new digital charter: a step in the right direction

Last week, the Government of Canada announced its new “digital charter,” aimed at emphasizing Canadians’ control over their personal data and penalizing big internet companies that break the law, as well as combating online extremism, hate speech and fake news. 

According to a copy of the charter obtained by the Toronto Star, though, the federal government will not immediately impose regulations on huge transnational companies such as Google, Facebook and Amazon — which practically control life as we know it online.

What is the charter?

The charter is being described as a set of principles against which existing or future Canadian laws will be judged, but at present, with no real action being taken, there’s nothing stopping these companies from going about their business as usual. And letting these companies self-regulate is like letting a five-year-old do your grocery shopping — you'll end up with junk that’s not good for anyone.  

These companies have been allowed to run free and create technologies with no regard for consequences — it's always been about the bottom line. Take Amazon, for example: they will deliver any item almost anywhere in the world. No one has stopped to ask whether this is beneficial to society — it’s just assumed that if the business is profitable, it must be a good thing. Amazon’s Alexa feature has been involved in egregious privacy breaches where voice recordings were compromised and sent to the wrong users, but that fact hasn’t dissuaded many people from having an Echo in their homes. 

Facebook may be the worst offender, with multiple privacy violations; as punishment, they’ve been slapped with fines so minimal the company has had no reason to change their data-collecting and privacy-violating behaviours.   

Anti-trust and digital privacy

Anti-trust laws are a broad category of laws that are meant to keep businesses operating honestly and fairly. In the past, these laws in North America have been around protecting profit rather than data. 

Germany has been using anti-trust laws to limit that data gathering, but North America is at least a decade behind Europe’s GDPR (General Data Protection Regulation), which puts privacy at the forefront and imposes strict fines on companies that collect too much data, that use data in undisclosed ways or without users’ full consent.  

What can we do?

It is a good sign that Canada is starting to take digital privacy issues more seriously. We can certainly maintain hope that the government elected this fall will continue to uphold privacy and regulate the online world in a way that protects our data. As citizens, we need to read the party platforms and consider voting in politicians who understand the importance of digital privacy and who demonstrate a commitment to protecting our sensitive data by reining in these big companies. 

To get the right information at the right time, contact the Beauceron Security Team at info@beauceronsecurity.com or 1-877-516-9245.

In wake of scandal and tragedy, Facebook privacy crackdown needed

It’s been a year – long enough to have forgotten the details of that Cambridge Analytica story that was all over the news last March.  

A refresher: In early 2018, Canadian-born Christopher Wylie went public with allegations that the British consulting firm Cambridge Analytica harvested private information from more than 50 million Facebook users, and shaped that data into social media strategies to support Trump’s 2016 presidential campaign. The scandal was among the first privacy issues involving Facebook, but it certainly hasn’t been the last. 

A+ for promises, D- for action

Though we have seen some efforts from Facebook to promote transparency – such as a new app to be rolled out in June that will show who paid for political ads and whom they’re targeting – Facebook is well known for making big promises about user privacy and keeping none of them. Remember when they promised a “delete your history” button in May 2018, after the backlash from Cambridge Analytica? It’s still nowhere to be seen. And that lack of follow-through is oh-so typical of Facebook. 

A wasted year

In the last year, legislators in the States have at least started to have serious conversations about what a national privacy law might look like. The American focus is on trying to rein in the power of big tech. But fast-forward 12 months and Canadian politicians have failed to create anything resembling a national data strategy. Probably because they’re more focused on winning the upcoming election than on protecting citizens’ privacy.  

What politicians should do is take Europe’s General Data Protection Regulation and Canadianize it, effectively cracking down on rule-breakers like Facebook with major fines that would have a real impact on their practices.  

Tragedy broadcast on social media

A horrific tragedy unfolded in New Zealand last week, where a terrorist attacked a mosque in Christchurch. Because Facebook is still basically a free-for-all of information dissemination, videos of the deadly shooting were live-streamed millions of times – almost instantly – on social media.  

Once digital data is created and replicated, it’s nearly impossible to control; people have created more data in the last couple of years than in all human history, and criminals are swimming in a sea of personal information that can be easily exploited.  

Who’s accountable?

New Zealand internet service providers actually blocked areas of the internet that continued to host these reprehensible materials. This was one of the most aggressive actions taken by ISPs worldwide, and it raises some thought-provoking questions regarding who should be accountable for data that’s shared online: the platform, or the internet service providers, or solely the individuals sharing it? Is there such a thing as regulated free speech? 

And while we’re on the topic: Is it really necessary for every human being to have the capability to instantly broadcast anything with zero vetting? Facebook should restrict this live-streaming capability to verified news media and individuals, so this kind of thing can’t happen in the future. 

An encouraging reaction

It was heartening to see the numbers of people across the world who refused to watch or share these violent images, in a sort of moral protest. If we really want change, though, we should be pushing our legislators to create laws that crack down on big firms that handle and distribute data. 

Alexa, what are you doing with my data?

Alexa, what are you doing with my data?

Well, that didn’t take long. The Amazon Echo has been on the market a few short years and already unnerving stories of the smart speaker’s failings are cropping up worldwide, including in Germany, where an Amazon customer took advantage of the new EU General Data Protection Regulation (GDPR) that grants individuals access to their personal data.