Friday, February 23, 2024

Cyber ​​security: 33 million Canadians spied effortlessly

Must read

Maria Gill
Maria Gill
"Subtly charming problem solver. Extreme tv enthusiast. Web scholar. Evil beer expert. Music nerd. Food junkie."

We live in an increasingly digital world, and 2022 will not slow down the scale of this transformation. However, there is always a risk of slipping when you are spinning at full speed. This is absolutely true when it comes to digital transformation. Final article in this series: Lessons from COVID-19 in data management.

During 2021, Public Health Canada used location data of 33 million Canadians to determine the impact of confinement and mobility on the transmission of COVID-19. The Agency is now requesting the continuation of this study over the next five years. This does not fail to concern the experts.

To collect its data, the agency has specifically agreed with mobile phone service provider Telus under a program called Data in the Public Good. Telus has a large amount of very useful data […] “We make this information available without compromising our long-standing commitment to protecting the privacy of our customers,” the Vancouver Corporation explains on the program website. »

In concrete terms, Public Health Canada obtained aggregated and anonymized data from its suppliers, i.e. it does not contain any information about the identity of mobile device owners participating in this programme. It is said to be aggregated because it comes from several sources grouped together in one data bank.

Telus insists that its software has earned two special mentions that recognize the way its software respects the privacy of its customers. Therefore, in principle, the resource provided the federal agency with data that does not allow to identify anyone.

See also  More and more Quebecers are looking for deals

For his part, the Minister of Health, Jean-Yves Duclos, who supports the project, has contacted the Office of the Privacy Commissioner to ensure that Canadians’ privacy is best preserved. A spokeswoman for the agency said a task “Analysis and conclusions from mobility data have been regularly communicated to provinces and territories as a source of additional information to support policy decisions and assess their response to the epidemic.”

public notification

The problem is not there, experts agree. Rather, it is the fact that, over a period of about six months in 2021 and without their warning, a federal government agency spied several million Canadians. This came at the request of the Anglo-Canadian media last fall that the agency admitted to doing so.

“The government really needs to start acting with more transparency” in how it uses digital data about the behavior of its residents, McGill University professor Benjamin Fung laments. Mr. Fong is also the Director of the Canadian Research Chair in Data Mining for Cybersecurity.

In addition to this erroneous first step in non-disclosure, Benjamin Fung is concerned about the possibility of public health data being “re-identified” later. In other words, we find out who are the people from whom this data comes. In many cases, it is sufficient to combine information from two or three databases to be able to find out the identity of the subjects.

There are several ways to hide and aggregate public data. It is really essential at every stage of the study program, that security is at its utmost,” adds the Montreal expert, who remembers that it is not the federal agency itself that will do this, but that it only takes one leak of this data to get information on the movements of millions of people. Canadian citizens to fall into the hands of people with bad intentions.

See also  Watch out for dinosaur scam

“COVID-19 or not, the government must warn the public against such actions. Especially since we are likely to see more and more such analytical projects being implemented by the public sector over the next few years. »

What charade?

The use of large and anonymous data to better understand the behavior of the population is not a priority. It won’t be the last either. On December 17, the agency issued a new RFP to once again obtain location data from cell phone towers across Canada.

Without analyzing the case closely, Concordia associate professor of sociology and tech ethicist Martin French said all to see parallels with the data-collecting programs of tech giants like Google.

These issues raise the same questions about the public’s trust in privacy, he says, but they also touch on another, at first glance, less obvious issue: Even if big data is used respectfully in private life, is the public faithfully represented?

Because even if more than three-quarters of Canadians have a smartphone that allows them to be tracked unknowingly or not, the distribution of these devices among the different subgroups of the population may not be representative of the whole.

Could such a system, alone or when combined with others, end up benefiting or detrimental to certain segments of the population? asks Martin French. “Some areas that are not well served by mobility may not benefit from the results of this research. Or other areas will be over-represented, and this will ultimately have negative, rather than beneficial, effects on their population.”

See also  Paid overtime for senior managers in the health network

The agency says it uses this source of information in addition to its other work. For example, when [ces données] Analyzed using outbreak data, understanding population movement can help predict risks for other geographic areas,” in combination with other public health data, this data helps assess the effectiveness of measures such as mandatory confinement. It also helps to better understand how the population interacts with Public health advice and guidance.

All this will not stop Canadians from worrying that this program has been inadvertently tracked. This is a good example of the puzzle that public administrations will have to solve if they also want to take the digital turn. After all, people won’t feel safe if they don’t trust the system first.

In IT, it’s just the opposite: it’s called the best security lack of confidence, And his confidence level is zero. This approach promises more transparency in managing digital data and should inspire governments if they want to avoid offending the public.

Let’s see in the video

Latest article