‘Growing concerns how the president is using his power' as Trump's marks army's 250 birthday
Watch
CTV News U.S. political analyst Eric Ham breaks down the mood, the $40 million cost, and the contrast with nationwide 'No Kings' rallies.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CBC
an hour ago
- CBC
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach
The head of Canada's cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power. The utility's computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that. About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver's licences, social insurance numbers and banking information. On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity. The attack and its aftermath have sparked many questions about the security of the company's IT systems. Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves. This interview has been edited for length and clarity: Can you explain a bit about your agency and what it does? The Canadian Centre for Cyber Security is really Canada's cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada. We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WWII. We report to the minister of national defence. What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers? We don't comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that's what's really important and kind of sad to understand as well, that this is happening so often in terms of cyber-criminal organizations comprising critical infrastructure organizations in Canada. Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we're seeing and it was incredibly impactful to system operators within Canada. In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice? What we always do is we provide advice and guidance to organizations and we say, "it's a business decision," because we're not the ones operating their business, and we don't know their exact context, say if it's a threat to life or something else. But we always say, 'Hey there's a lot of downside to paying the ransom.' First of all, you're funding these criminal organizations. So, the more ransom is paid, the more we're going to proliferate this sort of behaviour. At the same point in time, you're paying this ransom to criminals. What's that contract worth in the end anyway? Is there really any guarantee that they're either not going to share the confidential information, or they're actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense. Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]? The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We've seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there's still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us. And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada. Did they share with you the extent of the breach? We wouldn't go into any details in that sense, but they did notify us of the breach. Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is. I wouldn't comment on that. There's various groups and they often change shapes and forms as they get disrupted. Unfortunately it's an ever-evolving group of cyber criminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cyber criminal activity in Canada as well that kind of points to the groups that we've seen as active. About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed? I couldn't speak to the seriousness of that type of information, but what I will say is that this is exactly what cyber criminals go after. And depending on the type of information, it'll fetch a different price on the dark web. Organizations will collect personal information, whether it's SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It's kind of a not very positive circle that exists on the dark web. The way this actually works in terms of what we call "cybercrime as a service" is that it's a whole ecosystem of criminal entities that actually work together. And because it's typically run out of operations that are beyond the legal borders — often in Russian speaking countries where law enforcement won't necessarily prosecute — it's very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it's fairly easy for them to kind of reconstitute themselves. What are some of the risks when this personal information is shared on the deep web or dark web? Once that information is out there, that often just spurs the next cycle of fraud. Whether it's spear phishing emails that are using that information, whether it's leveraging information about an organization or their clients to actually further compromise them. That's why it's really important to take note for everyone to be mindful of the things they can do to protect themselves. Be extra vigilant of understanding what's being mailed to you and double checking those links and making sure it's coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you're actually accessing applications as well. What would be your advice to Nova Scotia Power? Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place. The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security's most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this? One of the things that we've been very mindful of … as the world gets more hostile, we're worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they're becoming more exposed to threat actors from around the world. Normally your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the Internet, you're pretty much opening a lot of this up to people from anywhere. We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.
CTV News
an hour ago
- CTV News
Points-based immigration system favours single PR applicants over married couples, experts say
Canada's points-based immigration system can give a slight boost to applicants who are single. To get an edge, some married permanent residency candidates are saying their spouse won't accompany them to score as many as 40 extra points out of a possible 600. Immigration lawyer Matthew Jeffery says the points system only benefits married applicants if their spouse is well-educated, proficient in English or French, and has the right work experience. 'However, if the spouse does not have these things, it can result in a lower score for the primary applicant,' Jeffery said. 'To avoid losing points as a result of a poorly qualified spouse, an applicant can list their spouse as non-accompanying. This means that they will not immigrate to Canada at the same time as the primary applicant, but will remain in the home country.' Calgary-based immigration consultant Mandeep Lidher describes the practice as fairly common. He says married applicants face a 'systemic disadvantage' under the current points system for skilled workers. 'This structural imbalance incentivizes the lawful use of the non-accompanying spouse option,' Lidher told 'This is a lawful and system-sanctioned pathway for applicants who may otherwise be disadvantaged by their spouse's limited language scores, education, or lack of Canadian work experience.' Instead of applying at the same time, it can therefore be beneficial for only one person to apply for permanent residency, then sponsor their spouse to accompany them later through family reunification channels. 'No, this is not manipulation,' Lidher explained. 'An applicant only breaches the law if they engage in misrepresentation … that is, by withholding their marital status or falsely declaring a spouse as non-accompanying, when they actually intend to immigrate together.' 'To game the system' Ottawa is aware of the practice and has warned some applicants about misrepresenting their situation. Lidher provided a copy of an April 2025 'procedural fairness letter' that was sent to a permanent residency applicant. In it, a Canadian immigration processing officer expressed 'serious concerns' over the married applicant declaring themselves unaccompanied, despite already living in Canada with their foreign spouse. 'It appears that you have decided to include your spouse as 'non-accompanying' to meet the minimum required score because you earn more points if you don't have a spouse or common-law partner or if they are not coming with you to Canada,' the officer wrote. 'It also appears you would not have met the minimum required score if your spouse was included in your application as an accompanying dependent.' Canada's points-based immigration system has become increasingly competitive, especially since Ottawa announced in October that it would reduce permanent residency targets by at least 20 per cent from 500,000 to 395,000 permanent residents in 2025, 380,000 in 2026 and 365,000 in 2027. The minimum number of points needed to be able to apply for permanent residency has been edging upwards. While numbers can fluctuate, the lowest-ranked candidate on June 12 under the Canadian experience stream had a total of 529 points – that's up from the 368-point cutoff recorded four years earlier on June 10, 2021. When someone applies to be considered for permanent residency through the Express Entry online system for skilled workers, profiles are scored through what's known as the Comprehensive Ranking System (CRS), which awards points based on factors like age, education, work experience and language skills. 'Canada's Express Entry system is designed to select skilled immigrants who will thrive, but honesty is paramount,' Toronto-based immigration consultant Kubeir Kamal told 'Declaring a spouse as non-accompanying, if such circumstances exist, is a valid option if done transparently, but actually misrepresenting marital status to game the system risks severe consequences, including application refusal and bans.' In a statement to a spokesperson from Immigration, Refugees and Citizenship Canada said the department is committed to protecting against fraud and misrepresentation. 'Misrepresentation includes providing false information or withholding information,' the IRCC spokesperson said. 'If a spouse is declared as not accompanying while the intent is for the spouse to come with the principal applicant, an officer may find that the applicant misrepresented themselves to get more CRS points.'
CBC
2 hours ago
- CBC
How the trade war with the U.S. could fix Canada's internet
When life hands you tariffs, fix the internet. At least, that's what Cory Doctorow hopes might happen. Because, he says, Canada's internet is in desperate need of saving. "We created a policy environment that rewards companies and executives who do things that are bad for the internet and bad for internet users, and that does not punish them when they do things that harm us," said Doctorow, a tech journalist, activist, and host of the CBC podcast Understood: Who Broke the Internet?. He believes that the current trade troubles could actually free Canada to fix how it polices the internet — more in line with the rest of the world, but less restrictive than the U.S. That's because the current state of Canada's internet policy is directly connected to trade pressure — specifically tariff threats — surrounding internet and copyright law from the United States decades ago. But since free trade with our southern neighbours is already in turmoil, Doctorow says it's time to unlock our internet by removing laws that benefit big tech companies, and opening up access for users. The start of internet laws Like many countries, Canada's internet laws can be traced back to two treaties from the UN's World Intellectual Property Organization (WIPO) in 1996. It asked signatories to protect copyrights online. Canada signed the two treaties, but wouldn't ratify them until over a decade later. But the U.S. moved quickly and ratified its version of copyright laws in 1999, the Digital Millennium Copyright Act (DMCA). Michael Geist, a law professor at the University of Ottawa and Canada Research Chair in internet and e-commerce, says the American act heavily favoured copyright holders, but held few protections for users. And the U.S. wanted other countries to follow their lead. "They then oftentimes either use direct bilateral trade pressure or trade agreements to try to take that U.S. position and make it the standard for how you implement a treaty that was otherwise very flexible in nature," said Geist. In 2007, Stephen Harper's Conservative government introduced a bill that Geist says was basically a Canadian version of the DMCA. Geist said that for decades, copyright laws in Canada protected the copyright holder, without limiting how a person could use a product. But the new bill allowed for digital locks on software, which are technologies used to protect copyrighted content and prevent people from tinkering with the program. "This idea that you could use technology, now aided by legislation, to effectively remove or lock users out of what is their rights struck me as enormously problematic," said Geist. What are digital locks, and why do they matter? One example of a digital lock, says Doctorow, is how Apple prevents iPhone users from downloading third-party apps onto the device. Apple says it's for your protection, as it vets the apps in its store to prevent you from downloading anything harmful. But because of the digital lock, Apple is also able to take 30 per cent of the cost of every purchase made on its app store without any competition. And Doctorow says its argument of security doesn't exactly check out. "This is no longer about you trusting Apple and choosing Apple. This is about Apple requiring you to trust them," said Doctorow. "Any time someone puts a lock on something that belongs to you and doesn't give you the key, that lock isn't there for your benefit." Following pushback from Geist and others on the initial proposed bill, the government introduced a new version. But much to Geist's disappointment, it still had those digital locks he was concerned about. The reason? The U.S. threatened that if locks weren't included, Canada could say goodbye to tariff-free trade with the United States. "The U.S. had been clear that it wanted copyright reform, but even more than just any old copyright reform, it wanted U.S.-style legal protections for these digital locks," said Geist. "If there was one thing this legislation was going to do, it was going to remove this ongoing trade irritant with the United States." The bill was pushed through and labelled Bill C-11. And its impact was felt quickly. Doctorow says people working on accessibility software to programs they didn't own, such as screen readers for ebooks, had to stop, because they were worried about what digital locks might be waiting for them. A group that was building tools to access public government data had to halt their work because their lawyers advised them it could get them in trouble. "What happened was you saw a procession of extremely abusive technologies creating the opportunities for extremely high margins at the expense of Canadian consumers. And no Canadian company stepped up to bypass or correct these market failures," said Doctorow. That's because, thanks to digital locks, they legally couldn't. James Moore, the heritage minister at the time, told CBC in an email that he still agrees and supports the bill, saying "Canada has obligations to our trading partners to protect [intellectual property]." What can be done Canada's trade relationship with the U.S. is now more uncertain than ever, thanks to President Donald Trump's unpredictable regime of tariffs. But even though it's a bad situation, Doctorow says, it's an opportunity for Canada to do something it should've done before. Since it was trade pressure that pushed Canada to go above and beyond what the WIPO treaties required, and that trade situation is in flux, Doctorow says Canada has the chance to change its digital copyright laws to something more in line with the rest of the world, and isn't as restrictive as the U.S.'s laws. "We could change our law so that it was only illegal to break a digital lock if you also infringed someone's copyright. You don't have to infringe anyone's copyright to install your own app store on your iPhone," said Doctorow. The European Union moved in this direction in April, by fining Apple 500 million euro ($788-million Cdn) for not allowing third-party app stores on its phones. The fine was issued under the EU's Digital Markets Act, designed to give consumers and businesses more choice and prevent big tech companies from cornering digital markets. This wouldn't just give you more freedom on your phone, says Doctorow. It also means a company like Apple would have to compete with other companies to earn your business. Tinkerers and innovators in Canada could build ways to improve all aspects of how we use the internet, says Doctorow, converting the internet from a walled garden to a public space. But Geist isn't so confident it will happen. "I fear that … in our zeal to deal with the very real threats that we see from Trump on tariffs and on a number of other things with respect to Canada, we'll give on some issues simply because the hope will be that that will be enough to address some of these other concerns that are ultimately seen as even more significant," said Geist.
