Sunday , November 10 2024
flag

Canadian police need warrant to obtain IP address

The Canadian Supreme Court ruled that police must have a warrant before asking for the internet protocol address of Canadians. The Supreme Court ruled 5-4 that Canadians have privacy rights protected by the Charter when police ask for information about their online activities.

“Personal privacy is vital to individual dignity, autonomy, and personal growth. Its protection is a basic prerequisite to the flourishing of a free and healthy democracy,” the majority ruling read.

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

Critical bug in Cisco UWRB access points to run commands as root

Cisco has fixed a critical vulnerability, CVE-2024-20418, that allowed unauthenticated remote attackers to gain root access on Ultra-Reliable Wireless Backhaul...
Read More
Critical bug in Cisco UWRB access points to run commands as root

“ToxicPanda” banking trojan from Asia hit Europe and LATAM

In late October 2024, Cleafy’s Threat Intelligence team noticed a surge in a new Android malware known as TgToxic. However,...
Read More
“ToxicPanda” banking trojan from Asia hit Europe and LATAM

(CVE–2023-46747)
Hacker exploit Critical F5 BIG -IP Vulnerability in Bangladesh: CIRT report

Cyber Threat Intelligence Unit of BGD e-GOV CIRT found evidence of compromise linked to the vulnerability in F5 BIG-IP systems...
Read More
(CVE–2023-46747)  Hacker exploit Critical F5 BIG -IP Vulnerability in Bangladesh: CIRT report

APT36 to attack Windows Systems Absuing Google Drive & Slack

ElizaRAT is malware that mainly targets Windows systems and acts as a remote access tool (RAT), allowing attackers to access...
Read More
APT36 to attack Windows Systems Absuing Google Drive & Slack

Google fixes two Android zero-days: Demand Immediate Patching

In its November 2024 security update, Google fixed 40 vulnerabilities in Android, including two that are actively exploited: CVE-2024-43047 and...
Read More
Google fixes two Android zero-days: Demand Immediate Patching

GitHub launched an AI tool to build apps without code

GitHub has launched an AI tool called 'Spark' that allows users to create apps using natural language, eliminating the need...
Read More
GitHub launched an AI tool to build apps without code

“The Internet requires that users reveal subscriber information to their ISP to participate in this new public square, and Canadians are not required to become digital recluses in order to maintain some semblance of privacy in their lives.”

The issue was a 2017 investigation by the Calgary police into fraudulent online purchases from a liquor store.

Police went to the liquor store’s payment processing company, Moneris, and requested internet protocol (IP) addresses related to the purchases. They did not get a warrant.

Moneris handed over two IP addresses used for the transactions, which the police used to obtain a court order requiring an internet service provider to turn over the names and addresses associated with the IP addresses.

The email you need for the day’s top news stories from Canada and around the world.
That led to a search of Andrei Bykovets’ residence, and to Bykovet’s arrest on charges of possessing other peoples’ credit cards and identification documents. Bykovet challenged the cops’ right to obtain his IP address from Moneris, arguing it violated his Charter rights against unreasonable search and seizure.

Both the trial judge and the Alberta Court of Appeal ruled that Canadians had no reasonable expectation of privacy for their IP address. The Supreme Court disagreed.

“Activity associated with the IP addresses can be correlated with other online activity associated with that address available to the state. An IP address can also set the state on a trail of Internet activity that leads directly to a user’s identity,” the decision read.

“Access to IP addresses without judicial pre-authorization poses intense privacy risks.”

Police agencies used to routinely request what they called “basic subscriber information” from telecommunications companies – information such as names, IP addresses, physical addresses and telephone numbers.

But the Supreme Court ruling does not stop police from accessing IP addresses – just requires them to get a court order first, a process that law enforcement agencies have said takes time particularly for urgent cases.

The BC Civil Liberties Association, which intervened in the case, welcomed the court’s majority decision Friday and said it was “heartened” by the court’s recognition that privacy has become “ever more important” in the digital age.

“The reality today is that in order to engage in society to any degree, we really have to be able to go online. And so if the police have easy access to all of our online activity, which website we’re going to, who we’re talking to online, that creates a huge chilling effect on people’s behaviour,” Vibert Jack, the BCCLA’s director of litigation, told Global in an interview.

“Privacy rights are obviously implicated, but our freedom of expression, freedom of association, those rights would all be curtailed if we know the police could be watching us while we’re online.”

While the Supreme Court decision notes that the determining a reasonable expectation of privacy under the Charter is an “exercise in balance,” it also noted that the internet has vastly expanded the amount of personal information

“The intensely private nature of the information an IP address may betray strongly suggests that the public’s interest in being left alone should prevail over the government’s interest in advancing its law enforcement goals,” the decision read.

Police used to regularly ask telecommunications companies for “basic subscriber information,” which includes names, IP addresses, physical addresses, and telephone numbers.

The Supreme Court ruling doesn’t prevent police from accessing IP addresses. It just requires them to get a court order first, which law enforcement agencies have said takes time, especially for urgent cases.

The BC Civil Liberties Association, which participated in the case, is pleased with the court’s decision. They are encouraged by the court’s acknowledgment that privacy is increasingly crucial in the digital era.

“The reality today is that in order to engage in society to any degree, we really have to be able to go online. And so if the police have easy access to all of our online activity, which website we’re going to, who we’re talking to online, that creates a huge chilling effect on people’s behaviour,” Vibert Jack, the BCCLA’s director of litigation, told Global in an interview.

“Privacy rights are obviously implicated, but our freedom of expression, freedom of association, those rights would all be curtailed if we know the police could be watching us while we’re online.”

While the Supreme Court decision notes that the determining a reasonable expectation of privacy under the Charter is an “exercise in balance,” it also noted that the internet has vastly expanded the amount of personal information

“The intensely private nature of the information an IP address may betray strongly suggests that the public’s interest in being left alone should prevail over the government’s interest in advancing its law enforcement goals,” the decision read.

Check Also

man in phone

Unprotected UN Database Exposes 228GB of Gender Violence Victims’ Data

Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN …

Leave a Reply

Your email address will not be published. Required fields are marked *