Canadian Police Want New Internet Surveillance Tools

danomac writes "Police agencies in Canada want to have better tools to do online surveillance. Bill C-30 was to include new legislation (specifically Section 34) that would give police access to information without a warrant. This can contain your name, your IP address, and your mobile phone number. This, of course, creates all sorts of issues with privacy online. The police themselves say they have concerns with Section 34. Apparently, the way it is worded, it is not just police that can request the information, but any government agent. Would you trust the government with this kind of power?"

Signed Sealed Delivered - Gov Whitelisting Galore!

[Anonymous Coward]

"It sound like some people I know who "Keep getting all these virus things no matter what I do!""

Remember the Sony BMG root kit?
Remember how no Antivirus detected it? Not even Anti root kit scanners?
Remember how only one tool initially detected it?

Now consider for a moment how many other government software/firmware moles/rootkits may be lingering within millions of people's proprietary systems (hardware/software-OS).

Wikileaks published a lot of information on companies willingly selling rootkits to governments and organizations. And do I really need to bring up HBGary?

So many fools using multiple proprietary scanners on their systems, the makers of which could all be in bed with big bro, the programs and/or updates could contain rootkits, and seriously, what the fsck is up with Microsoft and Flash both having so many remote exploits being patched all of the time?

The very products you trust, imo, could be the very e-poison from which you e-drink from.

To this day I laugh inside when twits tell me their system is "clean" because they scanned it with several proprietary tools.

Face it, even on Linux the quality of the root kit scanners are piss poor. You have to boot into a separate environment (like Remnux) to evaluate the malware, but most people won't do it, they'll wipe and reinstall and rely only on signatures which can be compromised. And when they find out they have an APT which continues to reinfect their computer(s)? Would they be intelligent enough to consider a firmware (PCI/BIOS) infection which survives hard drive wipes? Do they also have infected thumb drives laying around they plug into other computers around home and/or friends/family/work?

Chkrootkit has a function to list the strings of binaries, but it's up to you to determine whether or not the content of the strings are malicious. I've tried several root kit scanners on Linux and all of them are, imo, crippled pieces of trash. The crowd will yell back at you, "But most of these require root to exploit!" No, not at all, there are hundreds of ways to exploit a Linux box, many not requiring root, but a particular program/version. I won't even bite down on the subject of ways to subvert package managers. Heck, how many Linux repositories use SSL? SSH? Torrents with established "good" check sums for thousands of packages?

And I've not mentioned Flash and Adobe Reader for Linux and the past problems with those... and the NVidia driver for Linux, had in the past, one or two severe security issues whereby a remote exploit could take over the system! (Google it. The news of one exploit was in 2006.)

Our proprietary hardware and software are both at risk, and likely subverted world wide on millions of computers by governments and select organizations. The fact it takes years until a researcher trips over a particular piece of malware which none of the antivirus companies are detecting is inexcusable.

Were I head of a commercially developed antimalware company, I'd develop a website similar to Virus Total, but instead of the users uploading single files one by one, I'd give them a FOSS program which checked every part of their hardware, embedded and manually inserted, checksum the firmware (of all media drives, graphics cards, anything with firmware) and BIOS and tear apart the results, funneling them into separate result pages, each result for each component going to its own page for comparative results, rather than building a profile on one user's system. I would offer the users the option of publishing a one page result for their unique computer, but it would be opt-in only. Yes, checksum the firmware, including the router, and demand companies publish checksums and use GPG to sign their firmware, all of this information would go to the site as described. A massive database of important, but anonymously pulled and published information.

It's just going to get worse.

On the side, I've been saying to myself for years, IMO, "When Microsoft finally starts to show signs of

Think of the cost...

[Anne Thwacks]

A story not many minutes old //yro.slashdot.org/story/12/10/28/0531250/cash-strapped-states-burdened-by-expensive-data-security-breaches [slashdot.org] tells us that the majority of US states cannot afford to keep data secure, and also cannot afford the cost of keeping it insecure.

The obvious conclusion is that keeping data is very expensive and you should be trying to find ways not to keep more, not finding reasons to hold more!

Do not want

[Anonymous Coward]

This law comes up for debate about once every year or two and, to date, Canadians keep shouting it down. Hopefully people up here continue to do so. I'm fine with the RCMP having access to this information with a warrant, but warrantless access by anyone is a bad idea.

C-30 will not rise from the dead.

[arthurpaliden]

The police are still pissed off that the Government basically scrapped Bill C-30 after a national outcry about it. It seems that we Canadians just did not like the idea of warrantless wire taps and that the government wanted to gain access to all our internet data stored by our ISP, again with out a warrant, and without even requiring those getting the data to be law enforcement officials. .