TORONTO -- Tax season can be a particularly precarious time for Canadians.

Not only is there pressure to file your tax return accurately and on-time, youre doling out vast amounts of sensitive personal information online while doing so.

Practising good personal data protection etiquette online should be top of mind for consumers year-round. But it becomes increasingly important during tax season, when cybercriminals tend to prey on consumers who are more likely to fall for scams that ask for their personal information.

Here are some important security measures to keep in mind while handling your personal information online this tax season:

BE WARY OF SCAMS

Canadians have faced an influx of online scams and robocalls purporting to be from federal organizations including the Canada Revenue Agency (CRA) over the last few years.

These scams often threaten consumers with the imminent threat of arrest or lawsuit before asking for a litany of personal information, such as social insurance numbers.

In 2019, Canadians lost more than $1.4 million to CRA scams, according to numbers provided to CTVNews.ca by the Canadian Anti-Fraud Centre (CAFC). In fact, as of Feb. 2, the CAFC had confirmed 34 successful instances of CRA fraud in 2020, costing consumers over $10,000 total.

A lot of the scams take place over email and SMS, Christine Beauchamp, director of the Canadian Centre for Cyber Security, told CTVNews.ca in a telephone interview.

They have a variety of messages that make them seem very legitimate and professional. You might not be able to tell right away whether or not theyre legitimate.

When it comes to online scams in particular, the CRA says it will never:

Beauchamp adds that users should never click on links included in suspicious emails, especially if its not a secure link.

Sites with a secure connection will display a lock symbol in the left hand side of the URL bar in your web browser. Secure sites will also start with https (the s stands for secure).

USE SECURE PASSWORDS

Your income tax return contains a wealth of incredibly sensitive personal information -- perfect for anyone who wants to steal your identity.

If there is one password you want to keep incredibly strong and unique, I would say its definitely the one thats associated with your tax return file, Beauchamp said.

Whether you are filing online through the CRAs website, or using a third-party program to help you with your return, make sure that you use a password that is eight to 10 upper- and lower-case letters mixed with numbers. Thats the formula experts say is most secure.

When choosing numbers to add to your password, be sure not to use anything that is easily identifiable, such as your address or date of birth.

If you have a hard time remembering your passwords, Beauchamp suggests stringing together three or four random words youll remember, which is often as strong as an alphanumerical password.

SAVE YOUR FILES SECURELY

When filing your taxes online, be mindful of where you save the PDF copy of your return and any supporting documents.

If possible, Beauchamp recommends storing these files on an encrypted external hard drive or a secure drive in the documents section of your computer. Files that are saved on your computers desktop are not as protected as those stored in the documents folders.

Experts dont recommend storing these kinds of personal documents in the cloud.

Keep in mind that you should be filing your return from a secure internet connection and not from a public Wi-Fi connection.

Public Wi-Fi networks are highly susceptible to Man-in-the-Middle-style attacks, which allow eavesdroppers to intercept data transmissions and read them.

EDUCATE YOURSELF

The CRA has an entire website dedicated to helping Canadians protect themselves against fraud, including information about the most common scams.

The governments Get Cyber Safe websitehas additional information about filing your taxes online safely.

CTVNews.ca will have stories on tax season every Money Monday. Look for it in our 5 Things to Know.

See the original post:
How to protect your personal information online during tax season - CTV News

The Chinese professor Xu Zhangrun, who published a rare public critique of President Xi Jinping over Chinas coronavirus crisis, was placed under house arrest for days, barred from social media and is now cut off from the internet, his friends have told the Guardian.

Xus passionate attack on the governments system of controls and censorship, Viral Alarm: When Fury Overcomes Fear, was published this month a rare, bold expression of dissent from the liberal camp under Xis rule.

A friend of Xus who spoke on Sunday on the condition of anonymity to avoid reprisals said police placed Xu under house arrest soon after he returned to Beijing from his lunar new year break at his home town in Anhui province.

They confined him at home under the pretext that he had to be quarantined after the trip, the friend said. He was in fact under de facto house arrest and his movements were restricted.

During those days, at least two people stood guard in front of his house around the clock and a car with a signal box was parked in front of his residence. Security agents also went into his house to issue warnings to him, the friend said.

Those restrictions were lifted late last week, but his internet connection has been cut off since Friday, the friend added.

He tried to get it mended but found out that his IP [internet protocol address] has been blocked. He lives on the outskirts of Beijing and is far away from shops and other services. Under the current [coronavirus] situation, things are very difficult for him.

Friends say that since publication, Xus account has been suspended on WeChat, a Chinese messaging app, and many have been unable to get in touch with him for days. His name has been scrubbed from Weibo, a Twitter-like microblog, with only articles from official websites several years ago showing up on the countrys biggest search engine, Baidu. Calls to his mobile phone went unanswered on Sunday.

Phone calls to the Ministry of Public Security also went unanswered on Sunday. The staff member who answered the phone at Changping branch of Beijing Public Security Bureau said she had no knowledge of Xu.

Another friend who also spoke on the condition of anonymity had managed to correspond with him through text messages but said his situation was worrying. I fear he might be under surveillance, said this friend. He has not directly responded (to my queries) but just told me not to worry.

When Xu published his essay, he warned that he was likely to be punished. He said he had already been suspended from teaching and had freedoms curtailed over critiques published nearly a year earlier.

I can now all too easily predict that I will be subjected to new punishments; indeed, this may well even be the last piece I write, he wrote at the end of his latest essay.

Xus criticism of the countrys leadership came shortly before a widespread debate on freedom of speech convulsed the country. The death on 7 February of whistleblowing doctor Li Wenliang, who had tried to warn colleagues about the virus but was reprimanded and silenced by security forces, triggered an outpouring of grief and anger and an unusual public discussion about censorship.

Lis death has thoroughly exposed the ills of the partys governance and control; this has a huge impact on peoples minds, said Hong Zhenkuai, an independent historian who is currently working outside China, as a visiting scholar at Tokyo University.

The mechanisms that normally constrain Chinese journalists have also eased slightly, with some of the most powerful stories about life in quarantined Wuhan and the latest news about the evolution of the outbreak coming from mainland newsrooms like that of magazine Caixin.

But public anger over censorship, and the particular circumstances of a national emergency, should not be mistaken for any fundamental change within the Chinese Communist party, which has been honing its ability to control the national conversation for decades, activists and intellectuals say.

In a further reminder of the governments strict controls, two citizen journalists who were reporting from the epicentre of Chinas coronavirus outbreak have vanished this week, apparently detained.

The Chinese military surgeon who exposed the governments cover-up of the Sars outbreak in 2002-2003 has been under de facto house arrest since last year, the Guardian revealed this month. Detention came after he wrote to the top leadership asking for a reassessment of the 1989 Tiananmen Square pro-democracy movement.

There is no space for speech freedom in China now, said Hong. The impacts on the individuals are multi-faceted. Economically, they would cut off your livelihood [academics get fired, writers cant publish and no one dares hire you]. You would get sidelined by mainstream society, youd lose friends and, worse than that, you might lose your personal freedoms, so a number of intellectual elites have chosen to leave China.

Since he took power in late 2012, Xi has tightened ideological control and suppressed civil freedoms across the nation, reversing a trend under his predecessor to give Chinese media some limited scope to expose and report regional corruption and lower-level officials misdeeds.

Even within the Communist party, cadres are threatened with disciplinary action for expressing opinions that differ from the leadership.

Under Xis crackdown on speech and academic freedoms, a number of prominent liberal intellectuals, journalists, rights lawyers and NGO workers have either been silenced, jailed or escaped abroad.

The rest is here:
This may be the last piece I write: prominent Xi critic has internet cut after house arrest - The Guardian

By: New York Times | Published: February 10, 2020 8:44:47 am Nearly half that traffic now flows through a new connection in Russia, avoiding the Norths longtime dependency on a single digital pipeline through China.

Written by David E. Sanger

North Korea has vastly expanded its use of the internet in ways that enable its leader, Kim Jong Un, to evade a maximum pressure U.S. sanctions campaign and turn to new forms of cybercrime to prop up his government, according to a new study.

The study concludes that since 2017 the year President Donald Trump threatened fire and fury like the world has never seen against the country the Norths use of the internet has surged about 300%. Nearly half that traffic now flows through a new connection in Russia, avoiding the Norths longtime dependency on a single digital pipeline through China.

The surge has a clear purpose, according to the report released Sunday by Recorded Future, a Cambridge, Massachusetts, group known for its deep examinations of how nations use digital weaponry: circumventing financial pressure and sanctions by the West. Over the past three years, the study concluded, North Korea has improved its ability to both steal and mine cryptocurrencies, hide its footprints in gaining technology for its nuclear program and cyberoperations, and use the internet for day-to-day control of its government.

What this tells you is that our entire concept of how to control the Norths financial engagement with the world is based on an image of the North that is fixed in the past, said Priscilla Moriuchi, a former National Security Agency analyst who directed the study and has long focused on North Korea and Iran. They have succeeded at an easy-to-replicate model of how to move large amounts of money around the world, and do it in a way our sanctions do not touch.

Our sanctions system needs a radical update, she concluded.

The report helps solve the mystery of why the countrys economy appears to have survived, and in some sectors actually grown, as the United States and its allies have talked about their success in choking off oil supplies and cracking down on North Koreas skillful production of counterfeit U.S. currency.

It also further complicates the Trump administrations paralysis in dealing with the North. Sanctions have remained in place, though Trump does not like to talk about them, even as his personal diplomacy with Kim sputters.

An expected resumption of intercontinental ballistic missile tests, which North Korea appeared to threaten at the end of 2019, has not materialized. But even if the situation remains in a quiet stalemate, the report suggests that Kim is poised to take advantage: Just as he is continuing to invest in his nuclear program, he is also pouring resources into a cyberprogram that is both a potent weapon and a revenue generator.

Moreover, the report, titled How North Korea Revolutionized the Internet as a Tool for Rogue Regimes, concludes that other nations are watching the North Korean model, and beginning to replicate it.

Iran has begun to pursue cryptocurrencies as a method for facilitating international payments and circumventing U.S. financial controls, it notes.

Moriuchi, who left the National Security Agency in 2017, began tracking the internet use of the North Korean elite 2 1/2 years ago, a period that encompassed Trumps confrontational approach to the North, the countrys missile launches and then the stalled diplomacy that has followed the presidents three meetings with Kim.

In 2017, Moriuchi could easily see the content of the North Korean elites searches, most of which appeared to be for leisure: While ordinary North Koreans have access only to a restricted, in-country version of the internet, the countrys leaders and their families downloaded movies, shopped and browsed the web on nights and weekends.

But that has changed. Internet use has surged during office hours, suggesting the leadership is now using its internal networks the same way the West does: conducting daily government and private business. Now the country has developed its own version of a virtual private network, a technique to tunnel through the internet securely that has long been used by Western businesses to secure their transactions.

Meanwhile, the countrys efforts to encrypt data and hide its activities on the web have become far more sophisticated. And through a network of students, many in China and India, the North has learned how to exploit data that could improve its nuclear and missile programs.

The largely home-built effort to hide traffic, the report concluded, was being used to steal data from the networks of unsuspecting targets, or as a means of circumventing government-imposed content controls. Such methods have long been used by Chinese and Russian hackers, often working for intelligence agencies.

The North has managed to surprise the world before with its digital savvy: In November 2014, its devastating cyberattack on Sony Pictures Entertainment in an effort to kill The Interview, a comedy about two bumbling journalists sent by the CIA to kill Kim, exposed U.S. digital vulnerabilities. That was followed by a bold effort to steal nearly $1 billion from the Bangladesh central bank through the international financial settlement system called SWIFT. Other central bank attacks followed.

North Koreas most famous cyberattack, using code called WannaCry, disabled the British health care system for days and created havoc elsewhere. It was based on vulnerabilities that had been stolen from the National Security Agency, and published by a group that called itself the Shadow Brokers. U.S. officials have never publicly acknowledged their inadvertent role in fueling the attacks.

But the report suggests the North has now moved on. It has figured out more effective ways to steal cryptocurrencies. And it has begun to produce, or mine, its own, chiefly through Monero, a lesser-known alternative cryptocurrency to Bitcoin that advertises that it obfuscates sending and receiving addresses as well as transacted amounts. In short, it is perfect for any nation and its financial partners seeking to avoid United Nations and U.S. sanctions.

The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest World News, download Indian Express App.

Go here to read the rest:
North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The Indian Express

MUNICH Facebook chief executive Mark Zuckerberg called on Western governments to provide regulatory guidance for how social media companies can identify the boundaries of what discourse should be allowed on their platforms.

There should be more guidance and regulation from the states on basically take political advertising as an example what discourse should be allowed? Zuckerberg told an assembly of Western leaders Saturday at the Munich Security Conference. Or, on the balance of free expression and some things that people call harmful expression, where do you draw the line?

Facebook has faced accusations of mismanagement since Russia launched a series of high-profile election interference operations against Western countries, most notably the 2016 U.S. presidential campaign. Sen. Josh Hawley, a Missouri Republican, said federal legislation is necessary to counteract anti-conservative political censorship, while European Union officials are mulling antitrust proposals targeting Facebook.

There are a lot of decisions in these areas that are really just balances between different social values, Zuckerberg said. It's about coming up with an answer that society feels is legitimate and that they can get behind and understand that you drew the line here on the balance of free expression and safety. It's not just that there's one right answer. People need to feel like, OK, enough people weighed in, and thats why the answer should be this, and we can get behind that.

That argument gives a preview of the charm offensive that Zuckerberg will attempt during his meetings next week with European Union officials. His meeting in 2018 with members of the European Parliament backfired, as Zuckerbergs performance left European Union leaders stewing that he had avoided giving specific answers to their most pressing questions. This time, he is prepared to argue that regulations are necessary to preserve free speech and privacy rights from authoritarian rule-makers.

We need to make sure that the internet can continue to be a place where everyone can share their views openly and where the legal framework around this is one that encodes democratic values, he said. I do think that as part of that, we've got to move forward on regulation. Hopefully, we move forward quickly before a more authoritarian model gets adopted in a lot of places first.

Excerpt from:
'More guidance and regulation': Zuckerberg requests government rules on 'what discourse should be allowed' - Washington Examiner

Health data paints a rich picture of our lives. Even if you remove your name, date of birth and NHS number to anonymise yourself, a full health history will reveal your age, gender, the places where you have lived, your family relationships and aspects of your lifestyle.

Used in combination with other available information, this may be enough to verify that this medical history relates to you personally and to target you online. Consequently, whenever the NHS shares health data, even if it is anonymised, we need to have confidence in who it goes to and what they can do with it.

Recent Observer coverage raises big questions over the transparency and claims of anonymity in NHS data transfers through the research scheme used by the health service. It appears that individual-level UK medical data ends up being sold to American drug companies and there appears to be little transparency or accountability around the process.

Society has largely lost control over how our personal data is collected and shared. The effects of this may feel creepy when they lead to an unexpectedly appropriate online recommendation, for example when I received ads for dog grooming, apparently as a consequence of posting pictures of dogs. But when data about us influences a credit rating, a hiring decision or a reoffending risk assessment in a probation case, we are unlikely ever to find out a breach has occurred. The University of Maryland law professor, Frank Pasquale, calls this the black box society.

When data about us influences a credit rating or a hiring decision, we are unlikely ever to find out

Much of what happens is likely to be illegal, but the volume of internet data collection and sharing is such that existing wide-ranging data protection laws, such as the GDPR, are impossible to enforce at scale and across jurisdictions.

For the internet giants, we have little information to go on beyond what they wish to tell us, which historically has not always been accurate and never complete. Most people will feel that this surveillance capitalism is unethical, crossing the boundaries of their rights and expectations, but financial profit remains the determining driver.

This story is not new. We have heard it in terms of our online buying behaviour and the internet advertising market. In recent years, the Observer has covered extensively how the surveillance of online behaviour and profiling can be used to influence our political position, for example through social media.

It is clear that the black box society does not only feed on internet surveillance information. Databases collected by public bodies are becoming more and more part of the dark data economy. Last month, it emerged that a data broker in receipt of the UKs national pupil database had shared its access with gambling companies. This is likely to be the tip of the iceberg; even where initial recipients of shared data might be checked and vetted, it is much harder to oversee who the data is passed on to from there.

Health data, the rich population-wide information held within the NHS, is another such example. Pharmaceutical companies and internet giants have been eyeing the NHSs extensive databases for commercial exploitation for many years. Google infamously claimed it could save 100,000 lives if only it had free rein with all our health data. If there really is such value hidden in NHS data, do we really want Google to extract it to sell it to us? Google still holds health data that its subsidiary DeepMind Health obtained illegally from the NHS in 2016.

Although many health data-sharing schemes, such as in the NHSs register of approved data releases], are said to be anonymised, this offers a limited guarantee against abuse.

There is just too much information included in health data that points to other aspects of patients lives and existence. If recipients of anonymised health data want to use it to re-identify individuals, they will often be able to do so by combining it, for example, with publicly available information. That this would be illegal under UK data protection law is a small consolation as it would be extremely hard to detect.

It is clear that providing access to public organisations data for research purposes can serve the greater good and it is unrealistic to expect bodies such as the NHS to keep this all in-house.

However, there are other methods by which to do this, beyond the sharing of anonymised databases. CeLSIUS, for example, a physical facility where researchers can interrogate data under tightly controlled conditions for specific registered purposes, holds UK census information over many years.

These arrangements prevent abuse, such as through deanonymisation, do not have the problem of shared data being passed on to third parties and ensure complete transparency of the use of the data. Online analogues of such set-ups do not yet exist, but that is where the future of safe and transparent access to sensitive data lies.

Prof Eerke Boiten is director of the Cyber Technology Institute at De Montfort University, Leicester, which is recognised by the National Cyber Security Centre and EPSRC as an academic centre of excellence in cyber security research

Read the original:
Our personal health history is too valuable to be harvested by the tech giants - The Guardian