Security News

Public Safety Minister Vic Toews’s right as a parliamentarian to do his job free from intimidation and threats was violated by a series of online videos, a Commons committee has concluded, but it won’t be Parliament that seeks the identity of the minister’s antagonist.

Instead, the RCMP will continue to track the person or people behind the videos, posted by the online hacker community Anonymous in the wake of the government’s tabling of its controversial online surveillance bill.

But the committee included a warning to parliamentarians in its report released Wednesday: don’t think this won’t happen again.

“The threats made against (Toews) were unprecedented in the medium that was used,” the committee wrote in its report.

The confidential tax files of almost 2,700 Canadians are missing after a Canada Revenue Agency worker took them home and let a friend download them onto a laptop.

The laptop has disappeared, the agency is scrambling to rewrite its security protocols and the privacy commissioner is asking why no one alerted her to the breach in confidentiality.

“Our office was not informed about this incident,” said Anne-Marie Hayden, spokeswoman for Jennifer Stoddart, privacy commissioner of Canada. “We will be following up with CRA for further information on the issue.”

The investigation report, along with related documents, was obtained by The Canadian Press under the Access to Information Act.

The major breach occurred in early 2006, when an auditor in the agency’s Toronto office asked a government computer technician to download 37,488 of her emails and 776 documents onto 16 CDs. The confidential material covered the years 2000 to 2006, and was not encrypted as required by agency rules.

The woman took the CDs home, and allowed a male friend to copy at least one of them to a laptop.

The breach only came to light when the woman produced the CDs during a grievance hearing before the Public Service Labour Relations Board in 2008. She wanted the panel to read a key 2005 email on one of the CDs, in support of her grievance that the CRA had not accommodated her health problems.

“She was upfront at the hearing that the CDs contained taxpayer information and advised (CRA senior official) Tracey O’Brien to safeguard the information,” says an internal report into the privacy breach. “This caused a disruption in the hearing.”

The woman employee, who suffers from fibromyalgia which causes chronic body pain, eventually won her grievance and was awarded $6,000 for pain and suffering. Two of her supervisors were required to take training in how to accommodate workers with disabilities.

But the privacy breach uncovered at the hearing triggered a wide-ranging internal probe into why the confidential material was poorly safeguarded — and whether it could be retrieved. The woman was sent a letter in early 2009, asking her to produce the friend’s laptop.

“He (the friend) told her that he would not provide the laptop and was unco-operative,” says the investigation report.

The agency eventually recovered the 16 CDs from the employee, but still has not recovered the laptop.

“The laptop was the property of a private company and was no longer available at the time of the administrative investigation,” CRA spokesman Philippe Brideau said when asked about the incident.

“However, the facts gathered during the investigation determined reasonable grounds to believe that the information copied to the laptop had been erased in such a way that an average user could not access through a normal operating system.”

Brideau confirmed the agency’s policy requires that personal information copied onto CDs or any other removable storage device must be encrypted, but there was a “gap in awareness training and procedures.”

He said CRA is currently drafting a guideline to prevent further breaches in confidentiality.

The internal probe found at least 2,660 instances of confidential taxpayer information on the single CD that the employee said she had given to her friend to download. All 16 CDs contained much more confidential information, but the investigation did not indicate how many more taxpayers were involved.

The heavily censored report notes, however, that “a limited number of taxpayer accounts was reviewed. At that point, there did not appear to be any income tax implications such as requested adjustments or unusual refunds.”

Treasury Board policy “strongly” recommends that institutions inform the privacy commissioner soon after learning of any breach if it “involves sensitive personal data such as financial ... information.” The CRA probe determined that the CDs contained exactly such financial information.

But Brideau said the incident was judged to be “low risk,” and the decision taken not to inform the privacy commissioner.

He added that he could not comment on any sanctions taken against the offending employee because of privacy rules.

“All CRA employees are subject to a strict Code of Ethics and Conduct,” he said. “The CRA takes all allegations concerning the conduct of its employees very seriously and takes immediate action to have all allegations investigated.”

“Any employee who violates this code may face disciplinary action up to and including termination of employment.”

The laptop incident is among dozens in which tax agency workers have breached security rules, many of them snooping on other Canadians, including ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.

Source: http://www.thestar.com/news/canada/politics/article/1082212--2-700-personal-tax-files-downloaded-on-missing-laptop

As fallout from Mississauga's judicial inquiry continued Wednesday, Councillor Bonnie Crombie surprised observers by accusing a long-time city watchdog of "cyber-stalking" her teenage children.

The allegation came after Ursula Keuper-Bennett, who maintains a critical blog called MississaugaWatch, raised questions about council's response to the recently concluded inquiry, which found Mayor Hazel McCallion acted improperly by advocating for her developer son.

"What qualities do you possess to make you an authority on ethical behaviour?" Ms. Crombie demanded.

After Ms. Keuper-Bennett, appearing to be caught off guard, conceded she was not an ethics expert, the Ward 5 councillor unleashed a tirade.

"Is it ethical to create a video on a 14-year-old child?" Ms. Crombie demanded. "Is it ethical to cyber-stalk a minor [and] to go after politicians' children in videos?"

She was referring to an online video compilation featuring Facebook photographs of her three children that was uploaded by "MississaugaWatch" this past August. The video primarily focuses on Alex Crombie, now 22, contrasting picture of his vacations and parties with a Facebook site he created to support his political ambitions.

But the video also highlights photographs of 14-yearold Natasha Crombie and 18year-old Jonathan Crombie. The children were younger in some of the featured photographs, Ms. Crombie said.

Ms. Keuper-Bennett says she looked the children up after discovering the Crombie sons' names on a 2009 petition urging the city to cancel the inquiry.

"You have breached every code of conduct that I can imagine by going after my family on a personal level," Ms. Crombie fumed.

Ms. Keuper-Bennett disputed the cyber-stalking allegation, suggesting Ms. Crombie was merely trying to avoid the inquiry discussion.

"She's been trying to sweep the inquiry under the rug," Ms. Keuper-Bennett said, noting her video aimed to underscore Ms. Crombie's "hypocrisy" as a public figure who sent her children to private school.

Ms. Keuper-Bennett also pointed to Ms. Crombie's public Web presence, which includes photos of her children posing with Liberal MP Justin Trudeau.

The unexpected exchange took the focus squarely off Ms. Keuper-Bennett's council presentation, which called into question the city's response to the $7-million inquiry. She replayed clips from last week's fiery general committee meeting, during which pro-inquiry Councillor Nando Iannicca lashed out at his pro-McCallion colleagues: "If you did not vote for the inquiry, if you do not agree with its findings and if you are not appalled at what happened, you are not fit for public service."

Source:http://www.canada.com/nationalpost/news/toronto/story.html?id=65dcd18b-590a-4a2e-b537-c844ede81fd3

More than 150 parents and community members rallied outside a Mississauga elementary school Tuesday to voice concerns over death threats that were sent from the school to a parent.

Protesters at Oscar Peterson Public School, many of whom chanted “Get that predator out,” told the Star they are still shocked about the early-October threats.

They asked why they only learned of them after a story appeared in the Star on Friday.

“Was it a coincidence that they sent a letter home with my son on Friday, after the cat was out of the bag?” asked Yuvi, who did not give his last name. “If the predator knows who I am, my son will be the next one targeted.”

The emailed threats were sent over the course of two weeks to Ashoak Grewal, whose two children have since been pulled out of the school. The last, sent the second week of October, targeted his daughter.

Grewal, who had complained about teachers at the school in the past, earlier told the Star he does not think the threats came from a student. The Peel District School Board confirmed police had traced the source of the emails to a board computer or computers at the school.

Parents, calling the unknown perpetrator a pedophile, circulated a copy of the last threatening email sent to Grewal. It states: “good to see you going to school today. you daughter is beautiful. can’t wait to touch her and make her moan...school cannot help”.

“A pedophile is a pedophile,” said one woman, who said she has nieces and nephews at the school. “They need to get this person out of the school.”

Others said there have been complaints about discrimination by teachers at Oscar Peterson, whose student body reflects the diverse, predominantly non-white community that surrounds it.

Board spokesperson Brian Woodland said the death threats, which have been investigated by police, are not a broad community issue. “This is a specific issue related to individual parents.”

He said the letter informing parents of the threats wasn’t sent out earlier “out of respect for the police investigation.”

A letter from the principal that will be distributed to families Wednesday explains that police were called to the protest to guarantee everyone’s safety, and repeats that the matter, which relates to an individual family, can’t be discussed publicly because of privacy laws.

On Tuesday afternoon, Peel police kept a watchful eye over demonstrators chanting “We want justice.” They grew increasingly loud but remained peaceful.

By the time the final school bell rang around 3:30 p.m., protesters had lined the sidewalk in front of the school and wrapped around the corner.

“I’m going to wait one more week, then I’m pulling my son out if they haven’t found this person,” Yuvi said. “It’s unfortunate because the school is French immersion. I’ll just have to find another school.”

Source: http://www.thestar.com/news/article/1079604--protest-held-at-school-over-anonymous-threats

Days before three teenage sisters from Montreal and their father’s first wife were found dead in a car submerged in canal locks in eastern Ontario, someone was conducting searches on the family computer for tips on murder.

The Crown alleges the girls, and the woman who was like their surrogate mother, were killed by their parents and older brother because they thought the teens were dishonouring them by having boyfriends.

Tooba Mohammad Yahya, 41, her husband, Mohammad Shafia, 58, and their son, Hamed Mohammad Shafia, 20, have each pleaded not guilty to four counts of first-degree murder.

They’re charged in the deaths of Shafia daughters Zainab, 19, Sahar, 17, and Geeti, 13, as well as Rona Amir Mohammad, 50, Shafia’s first wife who lived with the family in a polygamous relationship.

The Montreal family was on their way back from a trip to Niagara Falls on June 30, 2009, when the bodies and sunken car were discovered at the bottom of a canal in Kingston. The accused staged the scene to look like an accident, the Crown alleges.

The months leading up to the deaths were not happy ones in the Shafia household, court has heard. Zainab ran away for a couple of weeks and the other two girls were contacting authorities, saying they wanted to be removed from the home because of violence, the Crown said in its opening statement.

Const. Derek Frawley, a Kingston police officer who analyzed the family laptop mostly used by Hamed, testified Thursday about searches of note that he came across.

They began on June 3, when Hamed and his father were in Dubai on business and most of the Google searches were routed through the United Arab Emirates’ Google page, with queries about prisoners and “Montreal Jail,” court heard. Several variations of “can a prisoner have control over his real estate” were searched, Frawley testified.

Then there were multiple searches for bodies of water, including one map time-stamped June 15 of the Kingston area, centred right on a road adjacent to the site where the deaths occurred, Frawley said.

Frawley also singled out searches for boat rentals in Montreal, various queries for metal boxes or “huge” boxes in Montreal and searches for visiting “Indian reserves.”

On June 16 someone searched for “facts and documentaries on murders.” Four days later someone searched “where to commit a murder.” Ten days after that the three sisters and Rona Amir Mohammad were dead.

The cause of death for all four victims was drowning, but it isn’t possible to say for certain that they drowned in the canal where they were found, the jury has heard. Three of them had bruising on the crowns of their heads. The jury has also heard testimony that despite the driver’s window being open, it didn’t appear as though anyone tried to escape the car as it was plunging into the water or after it was submerged.

Hamed’s lawyer, Patrick McCann, suggested Thursday when cross-examining a witness from the day before that no one can say for sure how the “non-swimmers” would react in a panicked situation, teetering over the edge of the locks, then “water gushing through the window.”

Source: http://www.therecord.com/news/canada/article/616065--searches-on-murder-found-on-laptop-of-accused-in-shafia-family-deaths-jury-told

CALGARY — Calgary Stampeders officials expect to explain Wednesday whether Henry Burris’s Twitter account was hacked or the quarterback himself tweeted crude remarks about women.

The sexual remarks appeared on Burris’s account about 5 p.m. on Tuesday and were promptly removed after Stampeders staff saw the tweet in their Twitter feeds and notified the player.

Shortly after, an apology appeared on Burris’s Twitter page.

“I got word some weird tweet was on my page! If anyone saw that, I don’t know where that came from and I’d never tweet that! Apologies!”

It is not clear whether Burris deleted the tweet himself, given that he later explained to followers that he did not see the crude remarks or had record of them, but understood them to be unacceptable.

Burris was not available for comment, a spokesman for the club said.

But the president and COO said officials will get to the bottom of it “expeditiously,” but it is possible the player’s account was hacked and Burris deserves the benefit of the doubt in the meantime.

“We are aware of the situation and there remains a possibility that Henry’s account was compromised,” Lyle Bauer said in a statement.

“Regardless, our players and staff are fully aware of the consequences of any inappropriate social media activities.”

In an interview, Bauer said the football team takes its position in the community seriously and any behaviour that is detrimental to the organization is “dealt with.”

“One thing that is important is the reputation our players have in the community, so it’s very important that they behave in a manner that is associated with the Stampeders and the professionalism of the club,” he said.

Bauer and head coach John Hufnagel are expected to address the issue of social media with all players and staff again this morning, said spokesman Chris Jurewicz.

“The club takes these issues very seriously and they are dealt with in a corresponding manner,” said the president.

“I am not going to give you any of the details, but we take it very seriously.”