Archive for Canada

Canada Post Pwned…. 4500 Cannabis Customers Had Their Data Swiped

Posted in Commentary with tags , on November 8, 2018 by itnerd

Cannabis has been legal in Canada for the last few weeks. And if you live in Ontario, the only way to buy Cannabis legally is online via a government run store who will deliver your stash to you via Canada Post. Too bad Canada Post had to announce that they got pwned:

The postal service said in a statement that someone had used its delivery tracking tool to gain access to personal information of 4,500 customers of the Ontario Cannabis Store but declined to identify the information.

And it seems that the Ontario Cannabis Store is accusing Canada Post of being slow to act:

In a statement on Wednesday, the Ontario Cannabis Store said it referred the matter to the province’s privacy commissioner. The statement also said the store had “encouraged” Canada Post to take immediate action to notify its customers.

“To date, Canada Post has not taken action in this regard,” the store said in its statement. “Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.

So if you bought some weed from the Ontario Cannabis Store, you might have someone reaching out to you.

Now my first thought upon reading this, beyond my usual reaction of “I hope that someone slaps the relevant parties silly for this data breach”, is that this is a huge problem. For example, one could be barred from traveling to the US or to other companies if it became known that you smoked the stuff. Thus there needs some serious questions answered by both Canada Post and the Ontario Cannabis Store.

Advertisements

Toronto Needs To Say No To Sidewalk Labs

Posted in Commentary with tags , on November 2, 2018 by itnerd

Two years ago Alphabet via its Sidewalk Labs arm was given planning permission to develop 800 acres of Toronto waterfront into a car-free, data-driven neighborhood called Quayside. The vision was as follows:

By combining people-centered urban design with cutting-edge technology, we can achieve new standards of sustainability, affordability, mobility, and economic opportunity.

That sounds great right? Well, some say not so much. Former BlackBerry co-CEO Jim Balsillie called it “a colonizing experiment in surveillance capitalism” and pretty much said that Toronto should deep six the idea. Then Saadia Muzaffar and John Ruffalo who were volunteer members of an advisory committee quit the project. Both indicated that their departures had to do with a lack of public trust. To top it all off Ann Cavoukian who was Ontario’s privacy commissioner and a leading privacy expert quit citing privacy concerns.

Clearly all is not well with Quayside.

When one of the leading privacy experts in the country, as well as two others with very strong business and tech backgrounds, along with the former CEO of a company that has security at the forefront of everything they do all say that this project is a bad idea, perhaps the City Of Toronto should listen and pull the plug on this. Now Sidewalk Labs put out a really pretty blog post that says that everything is fine and people in Toronto have nothing to worry about because they take privacy seriously. But consider this. We are talking about Alphabet which is also known as Google. A company known for slurping up massive amounts of data and using it to make piles of cash. Can the be trusted?

I’m going to go with no.

If I were the City of Toronto, I would run away from this project. It’s not worth it. Seriously. It’s time to say no to Sidewalk Labs and Quayside.

 

New Rules Will Force Canadian Companies To Disclose Data Breaches

Posted in Commentary with tags on November 1, 2018 by itnerd

From the “it’s about time” department comes news that new rules kick in today that force Canadian companies to disclose data breaches:

Under the new regulations for organizations subject to the Personal Information Protection and Electronic Documents Act, which come into force November 1, organizations must:

  • Report to the Privacy Commissioner’s office any breach of security safeguards where it creates a “real risk of significant harm;”
  • Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm;
  • Keep records of all breaches of security safeguards that affect the personal information under their control; and
  • Keep those records for two years.

The Office of the Privacy Commissioner of Canada has published guidance to help businesses comply with the new requirements as well as a new reporting form.

Now by no means is this perfect and even the Privacy Commissioner admits that, but it is a step in the right direction as companies need to be fully transparent and held fully accountable for any data breaches that may take place. It may also force them to take steps to avoid being on the wrong side of a data breach headline as well.

Some Actual Competition From Canadian Cell Phone Carriers Would Be Nice

Posted in Commentary with tags , on August 20, 2018 by itnerd

Now I am aware that in Canada we have an oligopoly when it comes to cell phone carriers in Canada as I’ve written extensively on the subject for years. But over the weekend I was reminded of that fact when my wife wanted to switch carriers in preparation for getting the Apple Watch Series 4 or whatever Apple is going to call the next Apple Watch. Now my wife is with Rogers, and Rogers doesn’t offer Apple Watch support because they don’t support the eSIM standard. Nor is there a timetable for that support other than to say that it’s coming in 2018. Thus tired of not having any clarity on that front from Rogers, my wife tried to switch from Rogers to Telus as I have my business cell phone and Apple Watch with Telus.

That’s where the fun began.

Now the easiest part of this exercise was to get her iPhone 6 which was locked to Rogers unlocked. So she backed up the device to iCloud and called Rogers. After they asked her why she was unlocking the phone which according to the agent was a requirement for them to ask (she said that she wanted an Apple Watch) and for her IMEI number, it was unlocked. I was able to confirm that by trying my Telus SIM in it which worked. Total time invested: 10 minutes.

She then walked into a Telus store with her newly unlocked iPhone 6 and gave them the use case. Then she made life difficult for them by saying that Rogers had her on a retention plan that had her paying $65 for 5GB. This was a plan that was offered up a Christmas time a couple of years ago which my wife took advantage of. All the people in the store could do when they heard that was to show her a photocopied sheet with their in-market plans. The same ones on their website. When she pressed them on any other options, they didn’t have any. That meant that if she wanted to join Telus, her costs for her cell phone would skyrocket. Needless to say that didn’t appeal to her because why would she want to pay more for her cell phone bill seeing as Canada’s cell phone costs are among the most expensive in the world?

That’s when I got involved and Tweeted Telus:

A few direct messages back and forth and Telus got my wife in touch with a text chat agent who she explained the situation to. But the text chat agent was no better than the people in the store at offering up a plan to come close to or ideally match what Rogers was giving her. That wasn’t possible. Now, one of the things that Telus told me to do was to ask for retentions. My wife didn’t do that as she was really discouraged at this point. Thus she ended the chat session. And as I type this, she’s still a Rogers customer. Though she still wants to leave them if the right deal comes around.

Here’s the bizarre part of all this. Over the last couple of years, Telus, Bell, and Rogers have participated in short lived price wars where they all settled on a price for a certain amount of GB. Say $65 a month for 10GB which was a big deal last Christmas. My guess is that this was a defensive position to ensure that their customers didn’t leave for the other guys. But it does illustrate that if these companies really did want to compete with each other, they’re capable of doing so. They are just choosing not to. That’s a shame as in this case, all my wife wants is for a cell phone company that offers support for the Apple Watch to either match or come close to what she’s paying now.

Now this story sounds like I am bashing Telus. To be clear, I’m not doing that. Because you could substitute Telus for one of the other two of the “big three” being Bell and Rogers and we’d likely still be here talking about this. That illustrates that despite Freedom Mobile and some other entrants, Canada’s wireless industry still lacks real competition. That has to change as Canadians deserve better.

The Canadian Government Has Failed Canadians By Not Taking The Potential Threat That Huawei Is Seriously

Posted in Commentary with tags on June 20, 2018 by itnerd

Chinese company Huawei has been in the news along with Chinese company ZTE because of the potential of both companies being a national security threat. The United States has taken a really hard line against both companies. But so far, the Canadian Government hasn’t done or said much of anything against either company. This despite US lawmakers raising this as an issue with the Canadian Government.

So let’s walk through this. Are these companies threats to Canada? I can’t answer that. But the evidence is there that suggests that they might be. And that evidence comes from people who should be in the know. Thus if I were the Canadian Government, I would at least look at the evidence to see if there’s anything there. And if there is, I’d take immediate action. But saying nothing and doing nothing is not an option. At least not in this day and age because not only is this a potential threat to Canada, but a threat to our allies as well. The Canadian Government has a responsibility to protect Canadians from these threats. At the moment it doesn’t seem like they’re interested in doing so. Thus they’ve failed Canadians on this front.

I for one hope they wake up and take this issue seriously before it’s too late.

BMO and CIBC-owned Simplii Financial Pwned…. Tens Of Thousands Of Customers At Risk

Posted in Commentary with tags , on May 29, 2018 by itnerd

The CBC is reporting that CIBC-owned Simplii Financial has warned on Monday morning that hackers had accessed the personal and account information of more than 40,000 of the bank’s customers. Then Bank of Montreal revealed that hackers had stolen data on up to 50,000 of the bank’s customers.

That’s not good. but it is actually worse than that.

The hackers have now gone to the media with threats of leaking the data that they stole when the banks apparently did not pay up a $1 million ransom for the data. CBC managed to take some data that the hackers served up to them and confirmed that it is real. So as a result, all these customers are now under threat of being pwned in epic fashion. This is not good to say the least that two banks in Canada have been pwned like this. These banks have a lot of explaining to do. And you have to wonder if other banks can be pwned like this.

 

Are Canadian Carriers Sharing Location Data With LocationSmart?

Posted in Commentary with tags , on May 19, 2018 by itnerd

You might recall that I brought you a story about LocationSmart yesterday and the fact that not only four US carriers were sharing data with them, but they had a bug that allowed anyone to see any cell phone’s location. Well it seems that the “Big Three” cell phone carriers in Canada, as in Rogers, Bell, and Telus may be sharing data with this company according to Global News:

Privacy officials in Canada plan to look into reports over the past week that Canadian telecom companies share location data on subscribers with third-parties, a practice that, in at least one case, appears to have allowed similar data on Americans to be accessed by police without a warrant.

Bell, Rogers and Telus were named in an article on ZDNet.com, a technology website owned by a subsidiary of CBS Corp., as among the North American telecom companies selling real-time location data on subscribers to a company called LocationSmart.

If that’s true, then that’s very troubling. I expect better from the “Big Three” carriers in Canada. I would expect that all of the big three to explain whatever relationship that they have with this company and do it now. Because all three of these companies aren’t exactly loved by the public. And this isn’t going to help their public image.