Canada Revenue Agency ramps up security in wake of hacks

The Canada Revenue Agency is ramping up its security measures for online taxpayer accounts as it deals with continued intrusions by hackers and identity thieves. The security of the CRA’s own systems hasn’t been at issue. Rather, hackers have been using user name and password combinations obtained on other websites to try to access the online accounts of taxpayers, which can be used to apply for income support benefits and contain banking information. If an individual has used the same combination for the compromised site and for their CRA login, their account is vulnerable to being exploited by identity thieves. The CRA says it’s moved to lock down hundreds of thousands of accounts in recent months. Even so, thousands of taxpayers have fallen victim to identity theft related to fraudulently claimed Canada Emergency Response Benefit payments, as I wrote last week. The agency will move to tighten log-in procedures in coming months by eventually requiring all taxpayers accessing their online accounts to use what is called two-step verification. After entering the correct user name and password, taxpayers will be sent a one-use numerical code either by text or by voice that is then used to complete the log-in process. Cybersecurity experts have said two-step verification would reduce the ability of identity thieves to access vulnerable CRA accounts.

Right now, two-step verification is available, but not mandatory (although once you sign up, you have to continue using the process). The CRA says it’s working to enroll users of its My Account service over the next few months, a process it expects will be completed by the end of the summer. Taxing questions If the government makes me pay it money, isn’t that a tax? That’s the question a reader asked on Twitter in the wake of Thursday’s ruling from the Supreme Court that upheld the constitutionality of Ottawa’s legislation to reduce greenhouse gases. In that ruling, the court also held that the system of carbon pricing is not a tax, despite it often being referred to as a carbon tax. The key legal issue isn’t whether a fee is obligatory, but whether it’s aimed at changing behaviour (versus simply raising revenue). Not all fees charged by the government are taxes, according to the strict legal definition. Some are regulatory charges, connected to a “regulatory scheme,” and “designed to proscribe, prohibit, or lend preference to a behaviour.” The court found that the extra costs added to fossil fuel meet that definition of a measure that aims to change behaviour, as opposed to a tax that is intended to raise revenue.

Patrick Brethour – The Globe and Mail