CSE and Five Eyes revealed to be targeting mobile browsers
Breaking: CSE and Five Eyes revealed to be targeting popular mobile browsers and mobile App Stores - leaving millions at risk of having their private data hacked
News comes one day after OpenMedia releases crowdsourced report recommending new rules to ban Mass Surveillance and create greater oversight for agencies like CSE
May 21, 2015 – Canadian spy agency CSE and its Five Eyes partners planned to compromise popular mobile App Stores to implant spyware on smartphones, and targeted a popular mobile web browser used by millions globally. Accordingly to reports published this morning by CBC News and The Intercept, CSE deliberately sought security vulnerabilities, but failed to inform companies or the public – leaving the private data of millions at risk.
The reports come just a day after OpenMedia released a pro-privacy action plan, crowdsourced from over 125,000 Canadians, that sets out strict new rules that would ban these kind of mass surveillance activities, place spy agencies like CSE under much tighter oversight, and ensure Canadian spy agencies comply with international human rights principles when it comes to privacy.
Responding to this morning’s news, OpenMedia’s communications manager David Christopher had this to say:
“Let’s be clear about one thing: CSE claims they will safeguard Canada’s security, but instead they deliberately left millions of innocent people at risk of having their private data hacked. These reckless activities weaken the Internet security Canadians rely on to conduct business and communicate online. CSE claims they don’t target Canadians, but there is no way they could have excluded Canadians from spying activities. Remember, they targeted people all around the world, including anybody who interacted with compromised devices.”
Christopher continued: “This news reinforces the need to rein in CSE. Canadians are clear about what’s needed: if taken up, our crowdsourced privacy plan would put a stop to these abuses, end mass surveillance, place CSE under desperately-needed effective independent oversight, and ensure they respect international human rights principles. It’s past time for decision-makers in Ottawa to implement these proposals and put a stop to these activities that are doing such harm to our democratic values and Canada’s reputation overseas.”
• CSE and its partners deliberately planned to hijack links to popular App Stores, including those run by Google and Samsung, to implant spyware on smartphones.
• Canada and its spying partners exploited weaknesses in one of the world's most popular mobile browsers, the UC Browser. This app is hugely popular in China and India, and its popularity is growing in North America.
• Spy agencies did not inform citizens or businesses of the weaknesses they unearthed in devices, leaving millions of users around the world (and all of those who interact with these users) at risk of having their information hacked.
• Canada worked closely with it’s Five Eyes intelligence alliance (the U.S., Britain, Australia and New Zealand) to find and compromise data vulnerabilities in servers used by Google and Samsung’s mobile app stores.
• Targeted app store servers were those users are directed to whenever they download or update an app from Google and Samsung stores. This would give spy agencies access to the data of millions of smartphones around the world.
Canadians are speaking out at PrivacyPlan.ca by sending the crowdsourced Canada’s Privacy Plan to Senators as they prepare for a crucial final vote on the government’s spy Bill C-51.
OpenMedia is a network of people and organizations working to safeguard the possibilities of the open Internet. We work toward informed and participatory digital policy.
OpenMedia has joined with over 75 major organizations and over two dozen academic experts to form the Protect Our Privacy Coalition, which is the largest pro-privacy coalition in Canadian history. The Coalition is calling for effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities.