InfoSecBulletin Cybersecurity for mankind
The Canadian Supreme Court ruled that police must have a warrant before asking for the internet protocol address of Canadians. The Supreme Court ruled 5-4 that Canadians have privacy rights protected by the Charter when police ask for information about their online activities.
“Personal privacy is vital to individual dignity, autonomy, and personal growth. Its protection is a basic prerequisite to the flourishing of a free and healthy democracy,” the majority ruling read.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
“The Internet requires that users reveal subscriber information to their ISP to participate in this new public square, and Canadians are not required to become digital recluses in order to maintain some semblance of privacy in their lives.”
The issue was a 2017 investigation by the Calgary police into fraudulent online purchases from a liquor store.
Police went to the liquor store’s payment processing company, Moneris, and requested internet protocol (IP) addresses related to the purchases. They did not get a warrant.
Moneris handed over two IP addresses used for the transactions, which the police used to obtain a court order requiring an internet service provider to turn over the names and addresses associated with the IP addresses.
The email you need for the day’s top news stories from Canada and around the world.
That led to a search of Andrei Bykovets’ residence, and to Bykovet’s arrest on charges of possessing other peoples’ credit cards and identification documents. Bykovet challenged the cops’ right to obtain his IP address from Moneris, arguing it violated his Charter rights against unreasonable search and seizure.
Both the trial judge and the Alberta Court of Appeal ruled that Canadians had no reasonable expectation of privacy for their IP address. The Supreme Court disagreed.
“Activity associated with the IP addresses can be correlated with other online activity associated with that address available to the state. An IP address can also set the state on a trail of Internet activity that leads directly to a user’s identity,” the decision read.
“Access to IP addresses without judicial pre-authorization poses intense privacy risks.”
Police agencies used to routinely request what they called “basic subscriber information” from telecommunications companies – information such as names, IP addresses, physical addresses and telephone numbers.
But the Supreme Court ruling does not stop police from accessing IP addresses – just requires them to get a court order first, a process that law enforcement agencies have said takes time particularly for urgent cases.
The BC Civil Liberties Association, which intervened in the case, welcomed the court’s majority decision Friday and said it was “heartened” by the court’s recognition that privacy has become “ever more important” in the digital age.
“The reality today is that in order to engage in society to any degree, we really have to be able to go online. And so if the police have easy access to all of our online activity, which website we’re going to, who we’re talking to online, that creates a huge chilling effect on people’s behaviour,” Vibert Jack, the BCCLA’s director of litigation, told Global in an interview.
“Privacy rights are obviously implicated, but our freedom of expression, freedom of association, those rights would all be curtailed if we know the police could be watching us while we’re online.”
While the Supreme Court decision notes that the determining a reasonable expectation of privacy under the Charter is an “exercise in balance,” it also noted that the internet has vastly expanded the amount of personal information
“The intensely private nature of the information an IP address may betray strongly suggests that the public’s interest in being left alone should prevail over the government’s interest in advancing its law enforcement goals,” the decision read.
Police used to regularly ask telecommunications companies for “basic subscriber information,” which includes names, IP addresses, physical addresses, and telephone numbers.
The Supreme Court ruling doesn’t prevent police from accessing IP addresses. It just requires them to get a court order first, which law enforcement agencies have said takes time, especially for urgent cases.
The BC Civil Liberties Association, which participated in the case, is pleased with the court’s decision. They are encouraged by the court’s acknowledgment that privacy is increasingly crucial in the digital era.
“The reality today is that in order to engage in society to any degree, we really have to be able to go online. And so if the police have easy access to all of our online activity, which website we’re going to, who we’re talking to online, that creates a huge chilling effect on people’s behaviour,” Vibert Jack, the BCCLA’s director of litigation, told Global in an interview.
“Privacy rights are obviously implicated, but our freedom of expression, freedom of association, those rights would all be curtailed if we know the police could be watching us while we’re online.”
While the Supreme Court decision notes that the determining a reasonable expectation of privacy under the Charter is an “exercise in balance,” it also noted that the internet has vastly expanded the amount of personal information
“The intensely private nature of the information an IP address may betray strongly suggests that the public’s interest in being left alone should prevail over the government’s interest in advancing its law enforcement goals,” the decision read.
