With contributions from all of Maple Bacon.
Background
On February 8 2024, the Ministry of Public Safety released a statement that, following the National Summit on Combatting Auto Theft, they intend to take various actions to discourage auto theft. This is in response to a large amount of auto theft, and there are various stories about cars being stolen in Canada and shipped overseas to be sold.
As part of these actions, the Government of Canada wishes to ban certain hardware development tools like the Flipper Zero that have been used to steal cars with faulty security design. These tools have many legitimate uses such as security evaluation, understanding interoperability, and learning about wireless communication.
Such cars have severe design flaws in the security of their keyless entry systems, comparable to having locks that could be opened with a normal screwdriver. The government wishes to do the equivalent of banning screwdrivers instead of holding auto manufacturers to account for their faulty security.
We, as the future generation of computer security professionals, engineers, and designers of car security systems, believe this is an extremely counterproductive course of action.
Maple Bacon is a competitive computer security “Capture the Flag” team at the University of British Columbia in Vancouver, which has won multiple international computer security competitions.
We at Maple Bacon are requesting that you help us write to our representatives to stop this.
Why is banning the Flipper Zero a bad idea?
When talking to politicans and officials, it’s important to explain, in a short and non-technical manner, why banning the Flipper Zero is a bad idea. Here are some ideas of points to bring up.
We request that you don’t copy-paste our blog post into letters, but feel free to take information and points in your own writing.
Banning the Flipper Zero harms the Right to Repair and Interoperability
Part of what the Flipper Zero does is allow individuals to intercept and analyze wireless signals transmitted from any device. This is vital in analyzing the information being sent over wireless signals, which is the first step in creating systems that allow interoperability between different electronic devices. It is also vital in analyzing and repairing broken systems and devices.
Every single Federal Party has annouced their support for Right to Repair and Interoperability. Bill C-244 (which supports the Right to Repair) and Bill C-294 (which supports Interoperability) both passed the House of Commons unanimously. It is important to hold the parties to account on their continued support of these key principles.
Banning the Flipper Zero harms public safety and national security
The Communication Security Establishment and the Canadian Center for Cybersecurity have both made it clear that Canada has a cybersecurity skills shortage. With foreign threats targeting everything from smart toothbrushes to water systems to our very democracy, Canada needs people with the skills to protect Canadians from cyber threats. However, this ban would take away from students and young people a valuable learning tool for developing the advanced technical skills needed to contribute to Canada’s security.
Remember that those engaging in criminal behavior will likely attempt to find ways around this ban, while law-abiding citizens will not. By taking away tools that allow law abiding experts to analyze and investigate devices ranging from cars to industrial control systems, the Government is allowing the “bad guys” to look for holes to exploit without letting the “good guys” do the same in order to fix them. If today’s youths are to develop the skills needed to protect Canada’s security tomorrow, the harm of this ban cannot be underestimated.
Banning the Flipper Zero does not help prevent car crimes (or any crimes)
The Flipper Zero is made out of generic chips costing less than $10, which are identical to the ones used in consumer products with wireless functionality such as smart light bulbs, and garage door openers. Criminals can make functionally identical devices using the same components for minimal cost.
It is very easy to build electronics these days, which is fantastic for innovation. But this also means that if something is insecure it can be exploited with simple hardware, such hardware is cheap to make. We estimate that a custom device with equivalent wireless functionality to the Flipper could be built as a one-off prototype for $150, and less in higher quantities.
The real issue with the current trend of car thefts is that the cars are insecure by design. Any car that can be stolen easily with a Flipper Zero can be compared to having locks that could be opened by any regular screwdriver. We shouldn’t ban screwdrivers, because the problem here is that the cars’ locks should not be so easy to open.
We cannot prevent people from building such devices by banning the chips either because they have a huge number of legitimate uses, and doing so would significantly hurt Canadian industry. Commercially availible consumer devices with the chips could equally be reprogrammed to send malicious data; there is no conceivable regulation scheme that would stop these from being used for stealing insecure cars.
It is impossible to craft a regulation to ban all SDR-capable devices without impacting vital systems
It will likely be proposed to use the Radiocommunications Act to regulate the chips in the Flipper Zero, otherwise known as Software Defined Radios (SDRs). SDRs are used in almost every aspect of our daily lives. From phones and drones to industrial control systems and access control systems, it would be impossible to craft amendments to the Radiocommunications Regulations that would stop the sale of so-called malicious products while allowing legitimate products, because there is no physical difference between them.
It is letting automobile manufacturers off the hook while harming the Right to Repair movement that they have spent decades fighting
This ban lets auto manufacturers get away with having bad security while banning tools that would allow individuals to repair and modify their vehicles outside of the manufacturer monopoly, something the manufacturers have been fighting for decades.
This ban will impact Vancouver’s role as a technology hub, as well as other Canadian cities
Vancouver is internationally recognized as a place for collaboration on technology and cybersecurity. Pwn2Own, a world-renowned international cybersecurity challenge held annually at the CanSecWest conference in Vancouver for the past 15 years, is just one example of how Vancouver plays a leading role in cybersecurity innovation. Banning the Flipper Zero, which is commonly used by attendees at Pwn2Own in Vancouver and by cybersecurity experts in general, will put pressure on this conference and others to leave Canada for the United States, and further accelerate the brain drain of Canadian talent.
Party specific messaging
Here is some messaging that connects to the platforms and views of each party.
Conservatives
I know that you are well aware that banning tools used by law abiding citizens across this country through heavy handed cabinet regulation does not keep Canada safe. Instead of focusing on common sense policing measures or fixing the broken criminal justice system, the Trudeau-Liberal-NDP government instead looks to find something to ban.
NDP
Instead of forcing automobile manufacturers to step up and build cars that are actually hard to steal, Liberals would rather follow the lead of the automobile manufacturers and ban a tool that allows ordinary hobbyists analyze and understand the digital components of cars and trucks so they can safely and effectively repair and modify their vehicles, bypassing the manufacturer monopoly.
How to send messages to the Government
The ideal way to send messages to the government is writing letters. They are much harder to ignore and imply more effort. You do not need to be a citizen to send letters to the government. It is possible to email as well.
We kindly ask that you minimize the usage of ChatGPT or similar tools in writing letters to politicians. Although sheer volume of letters is appreciated and important, we are writing to human beings and it’s most effective to write quality letters.
Recommendation: write a letter that is relevant to multiple MPs and send copies to multiple MPs.
No postage is required to send letters to Parliament.
Who to send letters to
- Your local MP. For Vancouver, these are:
- Vancouver Centre: Hedy Fry (Liberal)
- Vancouver East: Jenny Kwan (NDP)
- Vancouver Quadra: Joyce Murray (Liberal)
- Vancouver Granville: Taleeb Noormohamed (Liberal)
- Vancouver South: Harjit S. Sajjan (Liberal)
- West Vancouver Sea-To-Sky: Patrick Weiler (Liberal)
- North Vancouver: Jonathan Wilkinson (Liberal)
- Vancouver Kingsway: Don Davies (NDP)
- Richmond Centre: Wilson Miao (Liberal)
- Steveston—Richmond East: Parm Bains (Liberal)
- Delta—Richmond East: Kerry-Lynne D. Findlay (Conservative)
- Otherwise, find your MP by postal code at OurCommons.ca
- Ministers (MPs) responsible for the initiative, please send them letters if you can:
- Hon. François-Philippe Champagne, Minister of Industry, Science and Economic Development: ministerofisi-ministredeisi@ised-isde.gc.ca
- Hon. Dominic LeBlanc, Minister of Public Safety: ps.ministerofpublicsafety-ministredelasecuritepublique.sp@canada.ca
- Ryan Turnbull, Parliamentary Secretary to the Minister of ISED: Ryan.Turnbull@parl.gc.ca
- Jennifer O’Connell, Parliamentary Secretary to the Minister of Public Safety (Cybersecurity): jennifer.oconnell@parl.gc.ca
- Civil servants (harder to mail, probably should email)
- Eric Dagenais, SADM, Spectrum and Telecommunications, ISED: eric.dagenais@ised-isde.gc.ca
- Helene Payette, DG, Governance Policy Coordination, and Planning Branch, Spectrum and Telecommunications ISED: Helene.Payette@ised-isde.gc.ca
- Marc Levesque, President, Communications Research Centre Canada: marc.levesque@ised-isde.gc.ca
- Political advisors
- Boyan Gerasimov, Director (Policy), Office of the Minister of ISED: Boyan.Gerasimov@ised-isde.gc.ca
Address of any MP in the House of Commons (free postage)
[NAME OF MP]
House of Commons
Ottawa, Ontario
Canada
K1A 0A6