https://saveflipper.ca/ SaveFlipper.ca Banner Version francaise en bas English Version Vehicle thefts - Insecure vehicles should be banned, not security tools like the Flipper Zero Sign Find and contact your MP Vehicle theft is an issue that affects us all collectively. As cybersecurity and technology professionals, we recognize the importance of acting rapidly to reduce its impact on Canadians. That being said, we believe the federal government's proposal, particularly the prohibition of security research tools, is ill-advised, overbroad and most importantly, will be counterproductive. Innovation, Science and Economic Development Canada (ISED) will pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies. We believe this policy will not work because it rests on a misunderstanding of the underlying technology This policy is based on outdated and misinformed technological assumptions, making it unfeasible to implement and enforce. Security tools like Flipper Zero are essentially programmable radios, known as Software Defined Radios (SDRs), a technology which has existed for years, and in some cases can be built using open-source or simple over-the-shelf-components. These radios are also fundamentally the same as those used in numerous devices across various sectors, including smart household appliances, drones and aerospace technologies, mobile phones and networks, as well as industrial control systems. Consequently, prohibiting such functionality is virtually impossible and could stifle the Canadian economy significantly. We believe this policy will degrade national security, by incentivizing manufacturers to design insecure products, as security research is criminalized and right-to-repair is penalized This policy fails to recognize that these tools are not the enemy, rather, insecure products are. Unlike decades ago when the industry relied on security through obscurity as a strategy, we now can attest that the democratization of security research tools is a balancing force for manufacturers to improve the safety of their products. Today, many industry actors rely on such research, just like we have Federal & Provincial^1 government programs that support & reward security vulnerability disclosure that benefits us all. Implementing such a policy would have a chilling effect on these efforts, potentially undermining their positive impact on society. Additionally, with bills such as C-244 (Right to Repair), that recently passed unanimously and C-294 (Interoperability) that gathered support from multiple parties, we believe this overbroad policy will penalize legitimate analysis and repair use-cases, that were just made available to canadians. Finally, we believe this policy represents a waste of judiciary resources that could be better used to collaborate with experts from the cybersecurity industry to identify ways to prevent and deter such crimes Because of the arbitrary nature of such a policy, we believe the judiciary system will be faced with a slew of litigious cases around the many uses of these security tools. Instead, these resources could be focused on creating constructive communication channels between cybersecurity experts, car manufacturers, insurers, and the judiciary system to identify ways to improve the security of automotive keyless entry and push-to-start systems, and enforce minimal levels of security for future products, as it is the case in other industries. --------------------------------------------------------------------- English version above Version francaise Signer Trouver et contacter votre depute Vols de vehicules - Les vehicules non securises devraient etre interdits, pas les outils de securite comme le Flipper Zero Le vol de vehicules est un probleme qui nous affecte tous collectivement. En tant que professionnels de la cybersecurite et de la technologie, nous reconnaissons l'importance d'agir rapidement pour reduire son impact sur les Canadiens. Cela etant dit, nous croyons que la proposition du gouvernement federal, en particulier l'interdiction des outils de recherche en securite, est malavisee, trop generale et surtout, contre-productive. ISDE examinera toutes les possibilites pour interdire les dispositifs utilises pour voler des vehicules en copiant les signaux sans fil du systeme de teledeverrouillage, tels que le Flipper Zero, ce qui permettrait de retirer ces dispositifs du marche canadien, en collaboration avec les organismes charges de l'application de la loi. Nous croyons que cette politique ne fonctionnera pas car elle repose sur une incomprehension de la technologie sous-jacente Cette politique est basee sur des hypotheses technologiques obsoletes et mal informees, rendant son application et son execution irrealisables. Les outils de securite comme le Flipper Zero sont essentiellement des radios programmables, connues sous le nom de Radios Definies par Logiciel, ou Software Defined Radios en anglais, (SDR), une technologie qui existe depuis des annees et qui, dans certains cas, peut etre construite en utilisant des composants open-source ou simples disponibles dans le commerce. Ces radios sont egalement fondamentalement les memes que celles utilisees dans de nombreux appareils a travers divers secteurs, y compris les appareils menagers intelligents, les drones et les technologies aerospatiales, les telephones mobiles et les reseaux, ainsi que les systemes de controle industriel. Par consequent, interdire une telle fonctionnalite est pratiquement impossible et pourrait etouffer considerablement l'economie canadienne. Nous croyons que cette politique va degrader la securite nationale, en incitant les fabricants a concevoir des produits non securises, car la recherche en securite sera criminalisee et le droit de reparer penalise Cette politique echoue a reconnaitre que ces outils ne sont pas l'ennemi, mais plutot que les produits non securises le sont. Contrairement a il y a des decennies, ou l'industrie s'appuyait sur la securite par l'obscurite comme strategie, nous pouvons maintenant attester que la democratisation des outils de recherche en securite est une force d'equilibre pour les fabricants pour ameliorer la securite de leurs produits. Aujourd'hui, de nombreux acteurs de l'industrie s'appuient sur une telle recherche, tout comme nous avons des programmes gouvernementaux Federaux et Provinciaux^2 qui soutiennent et recompensent la divulgation de vulnerabilites de securite qui nous profitent tous. La mise en oeuvre d'une telle politique aurait un effet paralysant sur ces efforts, compromettant potentiellement leur impact positif sur la societe. De plus, avec des projets de loi tels que C-244 (Droit a la reparation), qui a recemment ete adopte a l'unanimite et C-294 (Interoperabilite) qui a recueilli le soutien de plusieurs partis, nous pensons que cette politique trop generale penalisera les analyses legitimes et les cas d'utilisation de reparation, qui viennent juste d'etre rendus disponibles aux Canadiens. Enfin, nous croyons que cette politique represente un gaspillage de ressources judiciaires qui pourraient etre mieux utilisees pour collaborer avec des experts de l'industrie de la cybersecurite afin d'identifier des moyens de prevenir et de dissuader de tels crimes En raison de la nature arbitraire d'une telle politique, nous croyons que le systeme judiciaire sera confronte a une multitude de cas litigieux concernant les nombreuses utilisations de ces outils de securite. Au lieu de cela, ces ressources pourraient etre concentrees sur la creation de canaux de communication constructifs entre les experts en cybersecurite, les fabricants de voitures, les assureurs et le systeme judiciaire pour identifier des moyens d'ameliorer la securite des systemes d'entree sans cle et de demarrage par bouton-poussoir des automobiles, et imposer des niveaux de securite minimaux pour les futurs produits, comme c'est le cas dans d'autres industries. Signatures If you agree with this letter, please sign it and share it. Signatures are added to the site roughly once a day, manually. Si vous etes d'accord avec cette lettre, veuillez la signer et la partager. Les signatures sont ajoutees au site manuellement, environ une fois par jour. Name/Nom Title/Titre Guillaume Ross Deputy CISO, JupiterOne Pierre-David Oriol Cybersecurity Product Executive Gabriel Tremblay Cybersecurity CEO Nelson Lamoureux School principal & CISO CSSMCN Axel Schulz Director Cybersecurity Operations Emilio Gonzalez Cybersecurity Professional Simon Carpentier Information Security Principal @ Desjardins Dr. Alexander Dean Security Awareness Professional - Utilities Sector Cybulski Patrick Mathieu President, Hackfest Communication Nicholas Romyn Security Architect Sivathmican Sivakumaran Mike Lizotte Offensive Security Consultant Laurent Chouinard dystopie Eric Hogue James Arlen Fernando Cybersecurity Industry Analyst Montenegro Jean-Sebastien NorthSec - VP Training Delorme Adam Anklewicz Manager, IT Endpoint Engineering Tim Fitzgerald Manager of IT Systems Sean Charles Ferguson Rahul Nathan Beranger Sr. IT Professional Guillaume Guillaume Morissette Morissette Philippe M. Technical Solutions Architect Sylvain P Pierrick Vittet Analyste en cybersecurite TUX Laurent Desaulniers Mat X Brad Clare IT Consultant Garth Boyd Security Architect Serge-Olivier Director of Innovation Paquette Dmitriy Beryoza Senior Security Researcher Simon Nolet Testeur d'intrusion transversaux Colin Stephenne Cybersecurity specialist Pavel Sushko Chief Executive Officer Mandeep Felipe Saez Security Engineer Clayton Smith Security researcher salt Analyste en securite informatique Simon Decosse Team Lead Ethical Hacker Eric Beaurivage Administrateur de systemes et reseaux Alexandre Cote Security Researcher Michael Jeanson Lex Gill Avocate Etienne Prud'homme Eric Hebert Information Security Professional Patricia Cybersecurity Analyst Gagnon-Renaud Antoine Analyste en cybersecurite Gauthier-Drapeau Sebastien Duquette Director of Software Development, ex-Application Security Lead @ Devolutions Cyndie Feltz Co-founder Jacob Diamond Pentester Mark Cohen CIO Adrian Christie Francis Coats Expert en securite Louis Nadeau Martin D Maxime Paradis Analyste Technique Regis Belarbi Simon Loiselle Lead security advisor Simon Charest Senior Software Developer and CEO at SLCIT Andrew Bellini Author of Beginner's Guide to IoT and Hardware Hacking V Daniel Account executive Eric C. Alex Kozin Alexandre Blanc strategical and security advisor Free Spirit Bitcoin miner Felix Doyon DevOps Engineer Alec Barea Global information security director Vaidotas Brazauskas Tom Ewan Alexis D. Eugene Grant Security Principal TEC Ops Mitch M Denis Lessard David Guerin Pier-Luc Moisan Lee Brotherston Infosec Rando Etienne Levesque Developpeur web Gaspar-Sec CyberSecurity Analyst Jean-Francois Kenneth Gallagher Bruno Morel Cid Summers Reda Baydoun Sr. Principal Software Dev., CISSP Marc-Antoine Technology expert, ECCC Chabot Sergey Faleev Senior IT manager Neumann lim Marc-Etienne Chercheur en logiciels malveillants M.Leveille Olivier Bilodeau President de NorthSec et Directeur de la recherche en cybersecurite chez GoSecure Benjamin Courchesne Alexandre CEO @ Ardent Security Larocque, P.Eng. Samuel A. Application Security Analyst I Frederic Fortin President, iconnek.io Marc Ouellet J. Fournier Aure Serruriere Ben Renaud Director, Cybersecurity, PetalMD Vincent Le Hemonet Consultant securite reseau C G Cybersecurity specialist Mathieu Hetu CEO - MH Service Technologies Maxim Chartrand Chef d'entreprise, GTI Telecoms Maxime Conseiller en cybersecurite Labrecque-Raymond Cedric Thibault Partner & CTO Max Wot Jean Rho Integrateur, systeme de securite Jean-Michel V Charles-Etienne Crevier Steve Waterhouse Professionnel en Securite de l'Information Fabrice Delor Cybersecurity Architect Vincent lambert Molon Labe Gabriel Longpre Analyste Securite & Reseau Marvens Decayette Security analyst Werner Burat Technical Solutions Consultant Flaster Jedd Offensive security consultant Nicholas Milot Co-Founder @Yack Bernard Bolduc Conseiller en Cyber Securite Caido Co-fondateur Marc-Andre Dumont Cybersecurity Team Lead Philippe L Cybersecurite operationnelle Philippe Hamel Pascal Fortin PDG - Cybereco Guillaume Raymond Patrick Davidson Directeur, Securite offensive, Simulation Tremblay d'adversaires Steve Lavoie Directeur TI, CISSP Stephane Pelletier Application Security Analyst Emilien Pierru Backend developer Guillaume President Commit2Security Inc. Nourry-Marquis Antoine Reversat Maxime Carbonneau Cybersecurity Professional Derek W. Infosec Dude & Flipper Zero User Marc Kastelo Caron Simon Clavet Programmer Sebastien Graveline Sebastien Masse-Croteau Jason M. Cybersecurity consultant Danny Fullerton CISO, VP Olivier Dion Sebastien Huneault Enseignant en Informatique anarcat Sonia Fath Alexandre Boyer Lead info sec engineer Amandine Associate Red Team Consultant - Mandiant, VP Gagnon-Hebert Engagement @NorthSec, prevention des mefaits > coercition Justin Brulotte Senior AI Developper Fred Quenneville Ethical Hacker Dominique Trevor hough (loudmouth CSO security) Martin Leger Sysadmin Olivier Michaud Technicien en TI Yvan Beaulieu PhD Conseiller senior en securite de l'information Justin Lavoie Philippe Panaite Lead System Administrator Marc Cybersecurity consultant Mark Said Izawi Security Solutions Architect Dany Boivin FlippingForFlipper Jason Keirstead LG Nobre Cybersecurity professional Adam Shostack Author, Threat modeling: Designing for Security Yohannes Aberacht Marc Lefrancois Lead Developer Jeremy Aube Eric M. Gagnon Chef D'equipe, Simulation d'adversaires Daniel Drouet Tech investor and entrepreneur Tim Partridge Senior Security Architect - IBM Canada LTD Oley V Mathieu Saulnier Ross Derewianko Senior Staff Systems Eingeer Alexandre A. Rob Wood Founder Anne Katherine Jason Ernst Principal Software Engineer, PhD Wireless Mesh Networks Alexandre Guedon Cybersecurity Professional Tom Gwozdz Lee Nichols Will Whittaker Samer Essa Information Security Manager Nicholas Mr. St-Jacques Ty Lamontagne Zachary M Mike Clark jeff woods VP Software Daniel Lynch Senior Cyber Security Advisor Trevor Orsztynowicz Eric Cody Trew Kole Barnes Christopher Reid William Bergmann William Bergmann Borresen Borresen Ssmidge Philippe Depelteau IT & Cybersecurity Director Orin Johnson Bort Cybersecurity Analyst Christophe Langlois Mike K Katie H. Senior Cybersecurity Consultant Adam White Tyler Nicholson Hugo Genesse Cybersecurity Researcher, VP-Conference @NorthSec Jamie Bode Principal Consultant @RedRainSecurity & Senior Red Olivier Laflamme Team Operator @F500 - CISSP, BSCP, OSCP, CRTO, CRTL, EWPTX, ECPPT Ronan Scott Tyler Austin Kevin2600 Jon alikakos J@nnny Matt Moore Mr. Ari Lukas S. Andrey Frol Software Developer Noah Clements Hacker AnonMan Web Dev Malvin Din Service Technician Simon Bouchard CyberSecurity Analyst Andrew R. Evan Brundritt IT Specialist Olivier Caron Cyber Security Specialist Haram Lee random 11yro kid who wrote a full essay to Jonathan Wilkinson to save flipper Pat Papineau Aiden Andreanne Bergeron Cybersecurity Researcher Bib James Renken Site Reliability Engineer Lucas Kovacs the hacker Jesse Poikonen Mr Kienan S. Anon IT Service Francis Ouellet Jedi Master Amar Juneja Cybersecurity Consultant Mark Linton Scott Flowers Mike Burgener VP Cybersecurity, Vancity Savings Credit Union Johnny Williams JhonnyW55 J.A. Rogers Consultant Wen Director of Product Jarob Portillo Dental Technician Sukh Panech Daniel Beaulne Andrew Simpson Software Engineer Anonymous Z Software Developer Ja d'Attaq Pen Tester Phil Steward Sr. Project Manager / Security Consultant Nandan Reddy S James Taylor Maryanne Francis Mrs Jay Turla Principal Security Consultant Dhruv Majumdar Neelanjana Mandal Jerome Lebel Faith M Faith M Mohammed Shine Shine J Matthew W. Sam G Robert Brown Flipper Lobster Captain flipper fishing guy Harper Kelly Mr. Tom Kemp Dr. Andrew Paul Crampton "Uncle Harkinian" Broadcast engineer Aria Burrell Sr. Software Development Manager A.Gill Elijah Fukiro htmlh4cker Hunter Beachcow Parker Koch Parker Koch Leo Xu Hamdi Bahrini Application Security Analyst Flipper supporter Snorre Trehjorningen snorre@svedman.no Svedman Thomas Alonso CTI Director Paul Benton Director of IT Jake Koen Francois Proulx Senior Product Security Engineer Paul R. VP Operations, GGR Security MasterK Mr. JP Julien Desrosiers Web developer Mike T. Jay Radcliffe Director, Medical Device Security Pavel Shirshov Mitchell Schwartz Developer and Process Designer Mark Hahn sysadmin Guy Legault IT tech Alexander Information Security Officer Paul Reinheimer President, WonderProxy Inc. Martin LG Software Engineer - Flipper Owner D. Neto Development Manager - Big 3 Banks Ian W Robert Pouliot System administrator Zkink M.P Quick question James (purpleidea) Author of https://github.com/purpleidea/mgmt/ MS Jeffrey Rau Dr. Tyler Kuipers Spyers Fergus Argyll 1337 h4x0r Andre Medeiros M. Forget J Rossy Software Engineer Sam Bostock Gerry Power Huzefa Dargahwala Anouar Mansour Senior Cybersecurity Specialist Andrew Henry Mr Felix Charette Senior Application Security Engineer Rhenium River White Software Engineer Andrew Brown Security Developer Jeremy Banker Senior Security Developer @ VMware Tom Hotston J. King Laura Rodgers Adrien Lasalle NetRunner | @Speaker | Offensive Security Scott Hamilton Tiger F Paul Pereira-Brunner Julian Maingot Software Engineer Adam McDaniel Technical Product Manager Vincent Dansereau Elizabeth LC IT Logistics Andrey Petrov James Rycman Software Development Manager Tom Strickland Kyle Stevenson Arthur Margulies Daphne Reed Senior Director of Security AAL Ariadna Urazbaeva Sultan Qasim Khan Security Researcher Bryce Benn Software Developer Jason Kaczor Amin Shah Gilani Software Engineer and Hobbyist Hugo Nicolas Krause James Weatherell Technologist Samy Ghannad Security Researcher Kevin Cox Maxim Baele Jonathan Senior Software Developer Villemaire-Krajden Joey Coleman Dr Nick Taylor Manager, Infrastructure Security @ Shopify Jerome Carretero Embedded software engineering specialist Raf Ryan Draga DevOps/Application Security Engineer/Maker Michael Holloway Systems Administrator Gabriel Digital Autonomy Advocate Pierre-Nicolas Sr. Penetration Tester Allard Michael Longval MD Adam Schumacher Ryan Luker pelmen Michael Perklin Randy Saint-Louis Thomas Kilbride System on Chip Security Architect Aaron Janeiro Quantitative Analyst Stone Martin Mara Miss Daniel Mitchell Cybersecurity Practitioner Rob Keizer Founder / CTO Aurabindo Pillai Embedded Systems Engineer Sal Rahman Software Development Engineer Brian Tammi UTKU KARAASLAN SW DEVELOPER Andrew Cohoe Radio hobbyist Michael Saringer Leader of Cybersecurity Carmen C Cloud Solution Architect Mohit Chauhan JF Godin Albert R Steve Eh Andrew Dutton Andrew Gibson vilez Brice Yangue Cybersecurity student JohnF Scott Shanti Maharaj Mitch A Justin Unrau Digital Literacy Librarian J Dunford Mikkel Paulson Former leader, Pirate Party of Canada SPACECADET Beau Gunderson CTO Aliaksei Sheshka Brandon Sacha Mallais Mathieu Application Security Lead Morrissette David Kiddell IT Coordinator Karim Yaghmour CEO / Author / Speaker / Consultant Ryan Barber Software Technologist Andre M Software Architect Jared T. Asad Osman hobbyist programmer Helene S Adam M. Aiden Fox Ivey University of Waterloo - Computer Engineering Callum Hay Keith Daser Danielle De Leo Damian Zareba Mr Jeff Lavoie Software Developer and Researcher Paul H Olivier Ethan Henry Taylor L Alex.S Software Engineer XK Korran Nielsen Staff Software Engineer at Google, security Jonathan Tougas Charles B Software Developer mlavgn LeeW Mario M P B Tier 3 Infrastructure Support Technician Robert Xiao CS Professor @ UBC Vianney Gall Cyber security analyst Owen Anderson Software Developer Kelly Banman Software Engineer Mike Gozzo Chief Product & Technology Officer, Ada Andrew Beeler Mr. Cindy "Sinderz" Jones Nelson Asinowski Leturer in Computer Support Jamie F Eric Sedore information Security Abdelhakim Q. Software Developer Nasheed Ur Rehman Ross Zurowski Designer & Technologist Chris Foster A.K Software engineer Saave Da Phlipper Lord. Bernard Lebel Directeur - Cybersecurite des TO E. Calderon Penetration Tester Espagne Stefan Timotijevic Hackers Without Borders Thomas Foubert DevSecOps Engineer & Pentester Vincent Software Developer Salamanca-Gagnon Benjamin Dupuis Ingenieur cybersecurite Matthieu Borgraeve IT lead Laurent Dumont Senior Cloud Architect Thomas Thetank Engineer Justin Duval IT Specialist Tyler Ratliff Security Researcher Lucien Dubois Jerome Tremblay Architech TI Mikhael E. RICHARD Corentin Industrial Software Engineer Sean I.T. Specialist Hakim Sid'Ahmed JollyMongrel Researcher Stephane Beniak --------------------------------------------------------------------- 1. Provincial examples: Quebec's bug bounty, Alberta's Vulnerability Reporting Program,British Columbia's Vulnerability Disclosure Program -[?] 2. Exemples provinciaux: Programme de prime aux bogues du Quebec, Programme d'avis de vulnerabilites de l'Alberta,Programme d'avis de vulnerabilites de la Colombie-Britannique -[?] (c)Creative Commons :: Theme made by panr