Top News

Protecting your digital identity in the era of mass surveillance – before it’s too late

San Francisco has just become the first U.S. city to ban facial recognition technology, to prevent discrimination and the inevitable curtailing of civil liberties that attends this type of artificial intelligence used by municipal agencies. Other cities are following suit, but despite this progress, the tech’s use is growing.   

If you frequent airports, sports stadiums, malls or grocery stores, facial recognition technology may soon be a big part of your life — whether you like it or not.   

Rather than check individual tickets, some airports are now using A.I. to scan faces as people pass the gates; if you’re paid up and your identity checks out, you’re allowed to board your flight.  Convenient, right?  

However, when the private sector uses our biometric data to discriminate their marketing tactics, we enter dangerous territory when it comes to the protection of your digital identity.  

Malls have been caught using facial recognition cameras to guess your age, gender and even mood to advertise accordingly, luring you to certain stores or kiosks where you’re likely to spend money.   

Even grocery stores can identify you in the aisles by your age and gender, displaying products on screens based on your marketing demographic. 

What is biometric data?

Biometric data — fingerprints, retinal scans, gait recognition (the way you walk), voice recognition, DNA, facial scans — are unique to the person, and aim to quickly confirm your identity.   

For individuals, the main benefits of using biometric data such as facial recognition are speed and convenience. You can avoid rummaging in your pockets for your concert or game tickets at a stadium. You can skip the lines, and just walk past scanning tech that can do the work instantly.   

For corporations, the benefits are more to do with the ability to sway purchasing behaviour. And for governments, they get to monitor and control populations by combining biometric and other surveillance data with artificial intelligence. 

Privacy concerns amid surveillance

The convenience of these technologies comes at a steep cost, especially regarding privacy. The most extreme example is China, where the government is known for abusing biometric data collection: they publicly shame people who jaywalk; they can capture facial scans and recognize citizens’ gaits to prevent those with a low social score from flying or from purchasing real estate; they can track anyone’s location at any time, often unfairly targeting ethnic or religious minorities.   

Closer to home, Toronto has been piloting the Sidewalk Labs project, a data-driven smart city initiative that facilitates things like snow removal and traffic planning, and can curb crime by way of sophisticated security cameras. But because Sidewalk Labs have refused to de-identify people, privacy expert Dr. Ann Cavoukian and others have denounced it as little more than a data mine that could cause harm if that data is leaked or abused.  

Glaring flaws in biometrics

Beyond surveillance, biometric identification has a major flaw: you can replace a compromised credit card, but if there’s a breach of your biometric data, you can’t change your face. Not easily, anyway!   

There’s a big possibility of false positives, too. In London last year, the Metropolitan Police misidentified and fingerprinted a 14-year-old black boy, and figures reveal this kind of mistake is no anomaly; in fact, facial recognition software wrongly identified members of the public as criminals 96% of the time.  

In its current iteration, facial scanning can also be racist and sexist; these technologies are prone to error when it comes to recognizing women and people of colour.  

Yet another issue: It can be used to advertise to you without your permission in malls and grocery stores, even in taxis. And with all facial recognition in the public sphere, the individual can never be sure when or how their sensitive data is being used, or whether or where it’s being stored.

The cost of convenience

While there are obvious pros to facial recognition — such as increasing border security and facilitating police efforts to track down dangerous criminals — as a society we need to ask how much of our personal data we’re willing to sacrifice in the name of safety and convenience. If it’s becoming too much, we need to call on legislators to stand up for citizens’ privacy before we become even more accepting of surveillance tech and all the risks that go along with it.   

Awareness training is the first step towards protecting your digital identity. Reach out to the Beauceron team to get informed on how our learning content can support your organization, info@beauceronsecurity.com

Verified.Me app makes proving your identity easy

Last week, banks in Canada announced the launch of Verified.Me, a free app that helps you prove your identity online.   

Because practically every online service requires a different username and password, it can be tough to prove who you are when you’re logging into your various accounts. Not only do you need to remember dozens of these credentials, but you often need to answer security questions, show physical identification — and it’s all getting too complicated.

Security AND speed

The goal of the app is to speed up the process of authentication while maintaining security and privacy. Logging into accounts and juggling passwords and identities is a pain, and people tend to sacrifice security in favour of convenience. Verified.Me aims to provide both. 

sign-in partner.PNG

This kind of service is already used by federal agencies like Canada Revenue Agency where you can log into your personal or business tax account through your bank, also known as a “sign-in partner.”  

How does Verified.Me work?

Think of any online service that requires you to create a username and password; instead, you log into your bank account only, through the Verified.Me app. If the bank deems that particular service to be trustworthy, you can log in automatically.  

You’ve already proven your identity at the bank; it’s the most important — and most tedious — step when opening your account. There are strict regulations in place, you need to show government-issued I.D. and open a real account as the real you. Of all the online entities, banks truly know who you are as a person. 

One identity to rule them all

The idea of a “federated identity” — a way of linking your identity and attributes, stored across multiple identity management systems — is coming up more and more these days, as identity becomes increasingly complex.   

“Single sign-on" (SSO) lets users log in to one service with a single ID and password to gain access to several sites and accounts. SSO is a good idea that has been mismanaged in the past by Google and Facebook and others — companies that have shown they can’t be trusted to manage and secure our digital identities. 

Facebook’s SSO was hacked in 2018, when it was revealed that it had fallen victim to an attack that breached 50 million user accounts. Google’s SSO has issues, too — if someone breaches your Google account, for example, they then have access to your passport information in Expedia, private messages on Tinder, location data on Uber — literally any site or service you access through the Google single sign-on.   

Why trust the banks?

Banks spend more on cybersecurity than any other organization in the country. They’re dealing with huge amounts of money so it makes sense that they have a vested interest in verifying their customers' identity and protecting against fraud.  

Unlike Facebook or Google, their entire business relies on being secure. 

How to get started

Download the Verified.Me app on your phone, open it and choose your bank from the list of options (Scotiabank, RBC, CIBC, TD or Desjardins). You’ll then be redirected to your bank’s app or website, where you can log in using your username or card number and password. Once you’re in, you can add “Connections” to your personal list and use the app to log into all those services.   

You’re in control of how and when your personal information is used, and no personal info is stored in the app — it's a win from all angles!  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245.  

My McD’s app hack points to importance of securing accounts

It’s not the first “Hamburglar” hack and it probably won’t be the last, but a recent McDonald’s app attack has some lessons to teach us about securing our accounts in the age of digital loyalty programs. 

What happened

A tech writer in Toronto who used the McDonald’s app learned that a scammer had broken into his My McD’s account and purchased more than 100 meals — racking up around $2K in charges. The app was linked to his debit card, and he was oblivious to it all, receiving no notifications from McDonald’s or the bank. 

It’s safe to say that no one could eat that much McDonald’s and survive, so chances are the victim’s username had been reused or compromised, the hacker guessed it or otherwise accessed it, then traded it on the dark web to be exploited by multiple criminals.   

A PR nightmare for Mickey D’s

This looks bad on McDonald’s — especially since similar things have happened in other areas including Quebec and Nova Scotia involving the same app. It’s likely not a widespread issue for McDonald’s specifically, though, but an illustration of what will inevitably happen more and more as these loyalty and rewards programs become more common.

Rewards apps = easy targets

Loyalty programs and apps are attractive targets for cybercriminals: they’re easy to hack, highly profitable, and — let's face it — police don’t care about a $2K McDonald’s bill, so fraudsters can get away with it. We’re seeing many issues with rewards campaigns and users’ accounts being drained  

What should companies do?

Companies could allow users to load the app with a certain amount of money, and set limits, to remove the possibility of a thief racking up a steep bill.  

Corporations could also set up two-factor authentication on their apps, meaning any time someone logs in from a new device that wasn’t previously using the app, it would require them to prove they are who they say they are, and not allow transactions if they can’t validate their identity.   

2FA? We’re lovin’ it!

Two-factor authentication often isn’t built into apps – even though it would be easy enough for these corporations to do – because companies are not subject to any regulatory requirements around security, and because customers just aren’t asking for 2FA.  

The best way to get companies to change their behaviour in Canada is to voice your concerns.  

Supersize your password

If you’re using an app like this, make sure to secure your account by creating long, strong passwords, never reusing passwords, using a password manager, and using two-factor authentication where the app supports it.   

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245 and check out our blog on 7 Reasons to start using a password manager today

Five ways your organization can reduce burnout across your IT team

Beauceron Security ‘s mission is to empower people.

When we do that well, people help their organizations proactively reduce their cyber risk while also improving their ability to respond and recover from cyber incidents.  

Part of that mission involves helping people manage ever-increasing workloads and corresponding stress.

Competing priorities, constant change and financial constraints can create stress in the workplace. When left unaddressed, burnout — long-term, unsolvable job stress — can take over, and that’s bad news for your people and your bottom line.  

Information technology (IT) professionals are no strangers to workplace stress. Small teams of experts are facing increased security risks. In that context, it’s easy to see why so many organizations around the world struggle to build and maintain traditional security awareness programs - they just take too much time in an already too-busy workday.

That’s why we’ve designed a platform that leverages the best aspects of technology to do what computers do best - automate routine tasks and calculate data into meaningful metrics - while letting people focus on what they do best - connecting with other people.

When an organization becomes human-centric, it focuses on connecting and empowering its people and becomes more proactive, reducing the number of incidents and reactive issues teams have to deal with.

That results in less stress for leaders and employees.

Here are some of our tips on how to move to a human-centric approach.

1. Recognize it’s an issue

You can’t solve a problem until you acknowledge it. A  2019 study  that delved into Chief Information Security Officer (CISO) stress levels found that, across 408 CISOs in the United Kingdom and United States, 91 per cent reported to suffer from moderate or high levels of stress. In Canada, the inability to unplug after work hours is reaching pandemic proportions.   

Putting in place the right plan, maximizing the effectiveness of your human and technology resources and prioritizing risk areas are all ways to manage security stress.

When we designed the Beauceron platform, we looked for ways to help security leaders do all of those things through our powerful dashboards, metrics and through engaging every one in an organization to play a greater role in security.

2. Educate and empower your entire team

An educated team throughout your organization will stop security threats before they escalate to your IT department. Beauceron’s library of multilingual courses teaches employees about the important role they play in protecting their organizations.

Employees learn how to identify and report potential attacks, such as phishing e-mails. They also learn steps they can take to protect themselves including account hygiene practices such as using multi-factor authentication and password managers.

If a would-be threat never has the chance to materialize, the potential stressors on already overworked IT professionals can be minimized.  

3. Determine where your risks are

Many CISOs struggle to keep up with ever-changing risks. This can make it tough to pinpoint and address problems.

Beauceron identifies the risky people in your organization and helps them overcome weak points in knowledge and training to better the company’s overall risk score. Assessments are visual and easy-to-understand, helping high-risk employees change their behaviour quickly.  

Beauceron's pioneering approach goes far beyond employee training.

It’s unique scoring system and risk advisor feature helps identify risks not just in people, but in culture, process and technology, providing the world’s most comprehensive human-centric approach to managing cyber risk.

4. Rewarding and recognizing employees

The Beauceron platform comes with built-in rewards and a gamification system designed to get everyone engaged in managing their cyber risk. When education is gamified, people are more motivated to learn, their risk scores are lowered — and your stress is reduced!

Of course, a technology can only do so much. When you’re not spending time doing routine, repetitive tasks, you have time to think about additional proactive ways to help your team.

At Beauceron, we leverage our own technology and others that enable automation so that we can focus on additional ways to reward and recognize our team. That includes professional development opportunities and implementing improved benefits programs such as employee assistance programs (EAPs) that provide counselling and advice on legal, financial and mental health matters.

5. Promote flexibility and fun

 Recognize that individuals within your company have distinct personalities and need different tools in order to succeed.

Some may do their best work remotely, while others need more face-time and collaboration with co-workers.

Some may feel recharged after playing with a furry friend, (did we mention we’re supporting a “Canine Comfort Zone” run by St. John Ambulance?) Therapy dogs are on-site at Atlantic Security Conference in Halifax this month! Show your employees that their uniqueness is valued, and they’ll work harder for you.  

Stress is contagious.

If employees have their needs met, they’ll be more productive and won’t be passing stress along to the higher-ups whose jobs are demanding enough as is.   

Let Beauceron help you educate and empower your team — and reduce stress and burnout!  

Visit our booth at Atlantic Security Conference on April 24 and 25 or reach out to our team to learn more: info@beauceronsecurity.com or 1-877-516-9245. 

 

Seven reasons to start using a password manager today

1) You aren’t alone

If you’re not sure what a password manager is, you’re not alone. And if you’re familiar with password managers but haven’t gotten around to using one, unfortunately you’re in the majority there, too.  

Good news — The Pack Has Your Back. Here’s the rundown! 

2) It’s easier than you think

Think of it as a diary where you’ve written all your secrets. But unlike any diary you kept as a kid, this one has a nearly impenetrable lock, and only you hold the key. In this case, the key is a strong, secure “master password.”  

Most people have weak passwords and use the same passwords on multiple sites and services. (And no, using the same password with a “1” after it does NOT count as a new password!) A password manager does the dirty work for you by generating random, strong passwords for all your logins, and storing them in one place that’s easy for you to access.

3) Less stuff to remember

With a password manager, you only have to remember that one master password. Period. Without a password manager, you have to remember dozens for all of your online accounts and services: phone and internet services, social media pages, banking sites, work and personal email accounts — everything these days requires a password!   

4) We’ve narrowed down the choices

LastPass is widely trusted and offers its best features — like a secure and searchable password “vault” where you can store all passwords, access on all devices, multi-factor authentication, and secure “notes” for files and information beyond just your passwords — for free.  

Other good options include 1Password, Dashlane or Keeper.

Some are free, some come with a small fee. Do your research and see which one best suits your needs. 

5) It’s safer than what you’re doing now

The obvious question people have about password managers is: what if that one master password gets hacked? Then the hacker would have access to all my online services and life as I know it would come to an end!   

Of course no security measure online or in real life is 100% infallible, but your “last password ever” is highly secure. It’s long, it’s complex, it’s got letters, numbers, and other characters that would be almost impossible to crack.   

It’s a lot safer than writing them down on a piece of paper or logging them away in a Google Doc, right? A password manager offers the best combination of security and convenience.

6) Who doesn’t like a good story?

What if I forget my master password? How to beat it: make your password into a story — a memorable phrase or a catchy song lyric.   

Many people don’t realize that a longer password is tougher to crack than a random one. So, for example (don’t use this one!) the password “afd%#T”, though complex and involving symbols as well as upper- and lower-case characters, would be easier to hack than something that tells a story, like “mydog8theblackcat@midnighT.” There are recognizable words in the second one, but it’s longer and therefore harder to crack.   

Make it personal to you.  

7) It’s free and quick

Go to LastPass.com (if that’s the one you choose), click the “Get LastPass Free” button, and enter your email, the master password, and an optional reminder. That’s the basic version. You can add services such as a GB of encrypted file storage and priority tech support if you pay a minor monthly fee.   

Then you just install the extension in your browser — it'll walk you through it, don’t worry — in order to capture and store passwords into its vault as you go about life online.   

It takes seconds. Okay, maybe a minute. But that’s really it!
   

If you want to learn more about how you can reduce your cyber risk at home and at work, contact Beauceron Security to learn more! info@beauceronsecurity.com 

In wake of scandal and tragedy, Facebook privacy crackdown needed

It’s been a year – long enough to have forgotten the details of that Cambridge Analytica story that was all over the news last March.  

A refresher: In early 2018, Canadian-born Christopher Wylie went public with allegations that the British consulting firm Cambridge Analytica harvested private information from more than 50 million Facebook users, and shaped that data into social media strategies to support Trump’s 2016 presidential campaign. The scandal was among the first privacy issues involving Facebook, but it certainly hasn’t been the last. 

A+ for promises, D- for action

Though we have seen some efforts from Facebook to promote transparency – such as a new app to be rolled out in June that will show who paid for political ads and whom they’re targeting – Facebook is well known for making big promises about user privacy and keeping none of them. Remember when they promised a “delete your history” button in May 2018, after the backlash from Cambridge Analytica? It’s still nowhere to be seen. And that lack of follow-through is oh-so typical of Facebook. 

A wasted year

In the last year, legislators in the States have at least started to have serious conversations about what a national privacy law might look like. The American focus is on trying to rein in the power of big tech. But fast-forward 12 months and Canadian politicians have failed to create anything resembling a national data strategy. Probably because they’re more focused on winning the upcoming election than on protecting citizens’ privacy.  

What politicians should do is take Europe’s General Data Protection Regulation and Canadianize it, effectively cracking down on rule-breakers like Facebook with major fines that would have a real impact on their practices.  

Tragedy broadcast on social media

A horrific tragedy unfolded in New Zealand last week, where a terrorist attacked a mosque in Christchurch. Because Facebook is still basically a free-for-all of information dissemination, videos of the deadly shooting were live-streamed millions of times – almost instantly – on social media.  

Once digital data is created and replicated, it’s nearly impossible to control; people have created more data in the last couple of years than in all human history, and criminals are swimming in a sea of personal information that can be easily exploited.  

Who’s accountable?

New Zealand internet service providers actually blocked areas of the internet that continued to host these reprehensible materials. This was one of the most aggressive actions taken by ISPs worldwide, and it raises some thought-provoking questions regarding who should be accountable for data that’s shared online: the platform, or the internet service providers, or solely the individuals sharing it? Is there such a thing as regulated free speech? 

And while we’re on the topic: Is it really necessary for every human being to have the capability to instantly broadcast anything with zero vetting? Facebook should restrict this live-streaming capability to verified news media and individuals, so this kind of thing can’t happen in the future. 

An encouraging reaction

It was heartening to see the numbers of people across the world who refused to watch or share these violent images, in a sort of moral protest. If we really want change, though, we should be pushing our legislators to create laws that crack down on big firms that handle and distribute data. 

Tracking your health with an app? Facebook is too

You don’t even have to be a Facebook user for the social media platform to collect data on you – and highly personal data, at that! 

If you’re using a phone app that tracks things like your menstrual cycle, heart rate, exercise habits and calories burned, chances are good that that app is sending that information along to – you guessed it – Facebook.  

Fuel for advertising

A Facebook-provided analytics tool called “App Events” lets app developers track and store user data, then send it right to Facebook, who then use it to fuel their advertising algorithms. Developers use App Events to track how and when people used their apps, and to gain insights for their own advertising purposes.  

The social media platform was caught acquiring sensitive data from Flo Period & Ovulation Tracker, and around 30 other apps so that information could be used for hyper-targeted ads. People were willingly inputting this info into their apps, but they had no idea what would happen to the data beyond the primary function of the app. 

An example: Say a woman is trying to get pregnant, so she’s tracking her periods, ovulation and sexual activity in the Flo Period app. The app sends that information to Facebook, who then hit her with ads for maternity clothing, prenatal vitamins, diapers and daycares in her area.  

The goal of most tech is to slurp up information and turn it into profit, no matter how private the data. And it doesn’t get much more private than bodily functions! 

Feigning ignorance

Facebook claims it requires apps to tell users what info is shared and forbids apps from sending intimate data. But it did nothing to stop the flow of that sensitive data.  

Given their lax attitude toward data privacy, it’s not hard to imagine Facebook selling private information to health insurers, who would pay a premium for it and even use it to decide who they’ll cover. Free health apps have already been known to give up sensitive information to insurance companies – why wouldn’t Facebook do it?  

Digital gangsters

Wall Street Journal investigation found that many of these apps didn’t disclose that they would be sharing this information with third parties, or with Facebook specifically. Shortly after the Journal story broke, New York Governor Andrew Cuomo called for further investigation into this invasion of privacy. 

This all comes on the heels of a scathing report out of the U.K. that essentially called Facebook digital gangsters who are abusing the power of their platform. And it’s not just Facebook; Google and Amazon have a scary amount of data on every one of us, which means we need to be taking this seriously.  

Data privacy should be an election issue

While the issue of data privacy is finally starting to be a high priority in the States, with investigations into breaches and tougher policies mirroring those or Europe, in Canada we’re just not there yet. We need to push for stricter privacy legislation and make it an election issue. We need to demand accountability from these data-hoarding corporations. 

Cybercriminals: Living large on the lam

Cyberattacks may seem like an ambiguous threat – happening to someone else, somewhere else. But serious cybercrime is hitting close to home, with attacks from North Korea now targeting Canadian retail banking customers.  

Security expert Christopher Porter highlighted this threat at a House of Commons meeting earlier this month. He noted that top Canadian financial institutions were exposed to state-sponsored cybertheft from North Korea just one year ago, in February 2017. 

What they want

The attack redirected people to malicious downloads that would subsequently take control of their computers, accessing their bank accounts. These criminals are funding the North Korean nuclear program through stolen money, by targeting financial institutions, companies and retail customers. These cyberattacks show a level of sophistication that was once only seen among nation states’ intelligence groups like the NSA, according to Porter. 

How they’re getting it

"Man-in-the-middle" attacks involve an attacker covertly relaying or changing the communication between two parties who believe they’re communicating directly.  

In this case the “man in the middle” hacks into your device, imitates your banking sign-on page, and lures you to enter your private information. When you’re done banking, the hacker logs on with your credentials and steals your money.  

Why they’re successful

The perpetrators of cybercrime are the same groups known for organized crime like weapons and human trafficking, drugs, et cetera. Cyber represents a booming growth industry for them.   

Cyberattacks are relatively easy to accomplish and extremely tough to police. In Canada, despite their efforts, cops can only identify a suspect in 7% of cases. Criminals are going where the police are not; so their odds of getting away with these crimes are much higher than traditional strategies.  

In addition to the anonymity cyber provides criminals, decades ago, when our telecoms structures were designed, they were done without much consideration to cybercrime. These same structures haven’t adapted as quickly as criminals have. Ahead of our outdated safety measures, criminals are even bypassing newer security methods like multi-factor identification.   

Tom Cruise and the A.I. myth

One way of staying ahead of criminals is to stop them before they have the chance to commit a crime.  

In the 2002 Sci-Fi film Minority Report, police were able to predict and arrest criminals before they offended. That movie feels less like science fiction today, considering real police units in the U.K. are now using algorithms to direct officers to patrol specific high-crime areas. Unfortunately, these areas are disproportionately over-policed as it is. 

In Canada, we’re also experimenting with artificial intelligence (A.I.) to accelerate bureaucratic processes. One well intended effort is the use of A.I. with immigration applications. However, concerns about algorithms with built in biases and inevitable abuses by authorities are being raised by this attempt to use technology to serve immigrants more effectively. 

We may be introducing more problems than we’re solving by using algorithms and A.I. to tackle complex social problems. One of the biggest myths about A.I. is that a computer removes subjectivity, and therefore can’t be biased. But the data fed into these computers are inherently flawed, because the people who’ve created them are flawed. 

How can we respond?

Protecting ourselves from cyberattacks starts with awareness. The more people become knowledgeable about their cyber risks and what simple steps they can take to reduce it, the more time our IT and security professionals will be able to dedicate to putting out the big fires. 

Amazon: now in the business of tracking babies

The demand for smart products for the home is growing, and it was only a matter of time before the purveyors of smart tech turned their attention to a booming market: babies. Enter Hatch Baby, a smart nursery company launched by Amazon’s Alexa Fund

The company was up and running in 2014, by 2016 made its way to Shark Tank, and its offerings are now among the top 100 baby products (of more than 200,000) on the Amazon marketplace. Hatch Baby sells a smart changing pad that can track your baby’s weight; for older kids, there’s a smart nightlight/sound machine. These devices are connected to an app that lets parents control them and track their kids’ interaction with them.  

Amazon and Google are known for collecting and storing way too much data on their customers, and now that’s starting literally from birth.  

If the product testimonials are to be believed, these kid-tracking gadgets are not only life-changing, but necessary. Amazon promises “peace of mind.” Make no mistake: companies such as Google and Amazon are not in the business of helping parents raise their children. They’re in the business of securing market share, killing the competition, and dominating all our time and money.  

Surveillance and censorship

If you’ve seen Black Mirror, you probably recall the “Arkangel” episode in which a woman opts to have a chip implanted into her daughter that allows the mom to track all her movements, to see everything in her daughter’s line of sight, and to pixelate all images that could be disturbing to her child. While the chip technology is at first useful for ensuring the daughter’s safety, as she gets older, the daughter rebels against the constant tracking and surveillance. The mom is addicted to spying on her daughter, and the daughter despises her for it.

It’s easy for us to predict the disastrous implications when we’re watching this fictionalized narrative, so why can’t we foresee the ill effects of real-life tracking tech such as Hatch Baby? 

Resilience versus convenience

As our lives become more convenient and efficient, we become less resilient. With Amazon and Google devouring every aspect of our lives and selling us almost everything we buy, the small- and medium-sized businesses that are the backbone of the Canadian economy suffer. We’re setting ourselves up for economic failure.  

Amazon has been caught, according to a Bloomberg report, strong-arming other home smart-tech companies into letting their devices communicate with Alexa. Alexa collects data from smart light-switches about when a light has been turned on or off, so Amazon knows when the customer is home; smart TVs report what channels customers watch; smart locks let Amazon know whether the front door is bolted.  

They see you when you’re sleeping

This means Google and Amazon know when you’re asleep, when you’re awake, when you’re home, what shows you’re watching and when, the current temperature in your living room, when you’re eating, what you’re buying – everything. They demand this data without our informed consent, then appease us with the lie that it’s all for our convenience.  

Who is it all for?

Where Hatch Baby is concerned, parents need to put themselves in their children’s shoes and ask whether their kids’ lives being tracked is really to their benefit. We need to think about whether we need it – we've gotten by without this kind of “smart” tech till now, and we can continue to do so.  

Mass transit system or tool for mass surveillance?

Here’s one for our Upper Canadian readers: Metrolinx, the Crown agency that manages public transit in Toronto and surrounding areas, has made the news again for sharing passenger data stored on Presto fare cards with law enforcement – without asking for customer consent or insisting on warrants from police.   

In 2018, there were 22 cases related to criminal investigations or suspected offences where the agency revealed card users’ information without a court order. 

Accountability is everything

This raises the question: Could Presto become a surveillance tool?  

The ease with which card data is being disclosed should be concerning. We’re a country based on the rule of law. Unless it’s a life-and-death situation requiring police to act quickly with Metrolinx, we need to prevent this type of immediate access to data. Even in an emergency, Metrolinx and police should have to thoroughly explain why the normal process of acquiring data was subverted.  

In a criminal investigation, police hate to do the paperwork involved – who wouldn’t? Especially when they have a proven track record of asking the agency to hand over the information they have. But due process is a crucial aspect of retaining the privacy rights of citizens.  

Information is power

Systems like Presto – where information is accumulated online in mass quantities and stored – can be hacked. And travel information could be very valuable for a hacker who wants to blackmail and extort their victim(s).  

Imagine a man who’s having an affair tells his wife he’s one place, but his Presto card information proves otherwise. Or an employee calls in sick to work when they were really at a job interview, and their transit data shows precisely where they went. The scariest example of this is stalking – when people flee bad relationships, the last thing they need is another layer of surveillance to combat, when their phones, cars and other tech may already be tracking them. 

As with many tech advancements, the promised convenience seems to outweigh the risk at first: with Presto cards, passengers get perks such as avoiding lineups by being able to add funds to cards online; they can simply tap a card rather than fumble in their wallet for tokens before their morning commute. The only perk they’re giving up is arguably the best one of all: anonymity! 

Proper people, processes, and technology

Metrolinx, just like many businesses or organizations offering speed and convenience, probably aren’t as mature as they need to be when it comes to handling people’s private information. They’re simply doing the best they can with the limited resources they have.  

It’s hardly just the TTC who are falling short – there have been cases thrown out of court when due process isn’t followed, or when warrants aren’t gathered to get critical evidence.  

Unless the proper people, processes and technology are in place, there’s no way to keep up with the complex issue of privacy rights.