Public Safety Minister says telecoms need to improve privacy protections

bill c-51 ralph goodale

Following a CBC report that brought a telecom network vulnerability to public attention, Public Safety Minister Ralph Goodale has stated that Canadian telecoms must do more to protect customer privacy.

“According to the information in the public domain today, the companies need to improve their level of performance in protecting the privacy of their customers,” said Goodale in an interview during CBC News Network’s Power & Politics.

“It would appear that in a number of cases they have not been as proficient as they should.”

His comment comes in response to the CBC‘s report on the telecom network vulnerability caused by Signalling System No. 7 (SS7). SS7 refers to the signalling protocols responsible for establishing mobile phone calls, text messages and other services.

German cybersecurity expert Karsten Nohl showed the CBC just how easy it is to exploit SS7 and hack into phone calls, access voicemail or track someone’s location by testing it out on consenting NDP MP Matthew Dubé.

“It would appear that in a number of cases they have not been as proficient as they should.”

After seeing how his movements and phone calls were tracked, Dubé took to the floor in the House of Commons on November 23rd, 2017 to call on the government to do more concerning this issue.

Goodale stated that Canada’s digital spy agency — the Canadian Security Establishment — has been working closely with industry to “correct the problem,” adding: “And if the telecoms need a little bit more encouragement we’d be pleased to give it to them.”

He also promised new initiatives during the winter that would show the government’s commitment to cybersecurity.

In response to MobileSyrup‘s request for comment following the SS7 vulnerability news, Rogers stated it “actively [works] with global industry partners and law enforcement to introduce world-leading security standards.”

It also added: “On SS7, we have already introduced and continue to implement the most advanced technologies but we are unable to share specific details for security reasons.”

Bell also responded, stating: “It is important to note that SS7 attacks do require privileged access to a carrier’s network from another mobile carrier. Bell is always updating its network architecture to manage these potential risks, and no network is more secure. We cannot comment on the specific steps we are taking to protect our networks.”

Update 27/11/17: Telus responded to MobileSyrup‘s request for comment:

“Protecting our customers’ privacy is vitally important to Telus. We are well aware of the threats and vulnerabilities associated with the global telecommunications infrastructure that relies on the SS7 protocol, and we are actively investing in new capabilities to mitigate the risk. TELUS continues to participate in national and international security groups that share information and best practices regarding these threats and vulnerabilities as they arise.”

Source: CBC