Ottawa is banning the use of the China-based WeChat instant messaging app and Russian-based Kaspersky security products on the mobile devices of federal civil servants, although it isn’t clear how widely they are being used.
This morning, Treasury Board president Anita Anand announced a ban on the use of WeChat and the Kaspersky suite of applications on government-issued mobile devices.
The Government of Canada is committed to keeping government information and networks secure, the statement says. Effective October 30, 2023, the WeChat and Kaspersky suite of applications will be removed from government-issued mobile devices. Users of these devices will also be blocked from downloading the applications in the future.
Background on WeChat from UofT’s Citizen lab
The Chief Information Officer of Canada determined that WeChat and the Kaspersky suite of applications present an unacceptable level of risk to privacy and security, the statement adds.
“We are taking a risk-based approach to cyber security by removing access to these applications on government mobile devices,” Anand said in the statement. “The Government of Canada continuously works to safeguard our information systems and networks to ensure the privacy and protection of government information. We will continue to regularly monitor potential cyber threats and take immediate action when needed.”
Kaspersky products haven’t been on the PCs of federal employees for years. In 2017, Shared Services Canada, which oversees many government networks, told IT World Canada that it didn’t have any Kaspersky software deployed on desktop computers or servers in its inventory. That statement came after the U.S. banned Kaspersky products from federal networks after Bloomberg News alleged the company works with Moscow to scan the computers of targets around the world.
The allegation was denied by company founder Eugene Kaspersky. In response, in 2020 the company moved its data centre from Russia to Switzerland and opened a Transparency Centre in the U.S..
Canadian MPs and federal civil servants would have known Chinese apps are under the microscope since February, when Ottawa banned employees from using TikTok.
“The ban makes sense to me,” said David Swan, an Alberta-based cyber intelligence consultant. “Both applications are owned by foreign powers who are actively interfering in Canadian politics. Denying those powers access to any activity or information on Canadian officials is a smart move – if long overdue.”
As for why make the announcement now, he admitted it’s difficult to say. Recently there has been a surge in cyber attacks on Canadian targets, he pointed out, including governments at all levels. “The combination of renewed attacks and work by the ‘Five Eyes’ leadership to counter Chinese espionage may have been enough to get Canadian politicians to pay attention to their security briefings,” he said.
“I have not seen anyone suggest that Kaspersky products can or have been leveraged by the Russian government,” he added. But the ban “is a prudent cautionary move that helps ensure the security of government networks.”