“The Snowden docs demonstrate that CSE is active in identifying vulnerabilities,” Christopher Parsons, a post-doctoral fellow at Citizen Lab, told CBC.
“The fact that CSE identifies vulnerabilities and is not reporting them means users are not receiving patches in order to secure their networks.”
Parsons said this “creates a really dangerous scenario.”
“Canadians need to have a discussion about this. Do we want to live in a world in which we’re protecting our own citizens? Or should the priority of Canadian government organizations [like CSE] be first and foremost hacking foreign systems?”
Canadian politicians, judges, journalists and business leaders use smartphones vulnerable to the flaws now fixed by Apple — and to flaws still unknown. The country’s infrastructure is increasingly networked and vulnerable to sabotage by a foreign intelligence agency.
In such a world, Parsons wondered, does national security mean using security flaws against potential enemies? Or disclosing and fixing them?
“We haven’t had that debate in this country,” he said.
It’s increasingly looking like we are going to have the debate concerning whether the Canadian government should be stockpiling vulnerabiltiies or actively working to close identified vulnerabilties. Let’s hope that the debate tilts in favour of protecting the citizenry instead of leaving it vulnerable to domestic and foreign attackers.