Really? Of course, really.
Last Wednesday, five Liberal MLAs — Gordon Wilson, Suzanne Lohnes-Croft, Ben Jessome, Brendan Maguire, and Hugh MacKay — voted, not with their minds, or their hearts, or their common sense, or even in the interests of the taxpayers who put them there, but in the craven service of their self-interested my-way-or-no-way political master, the premier.
The Fang-less Five are members of the legislature’s public accounts committee, an important standing committee whose non-partisan duty is supposed to be to “review public spending, reports of the auditor general and any other financial mattersrespecting the public funds of the province.”
Instead, they voted down en bloc an opposition request to call officials from the province’s internal services department to testify about how well private IT suppliers are fulfilling their responsibilities to keep government — and private citizens’ — information secure.
That request came in light of the recent disclosure of the beyond sloppy handling of personal information inside the province’s freedom-of-information portal — so beyond that a 19-year-old with no nefarious intentions (he was looking for teacher-related information releases on the recent dispute between teachers and the government) was able to download 7,000 freedom-of-information documents, some of which contained un-redacted personal information about those applying.
In fact, the young man had simply created a single line of code to capture the sequentially stored data and spent a few hours downloading the FOIPOP information.
“I didn’t do anything to try to hide myself,” he told the CBC’s Jack Julian. “I didn’t think any of this would be wrong if it’s all public information. Since it was public, I thought it was free to just download, to save.”
When the government’s IT service supplier — totally incidentally and accidentally, it appears — discovered more than a month later that someone had downloaded the data, the government shut down the portal and called in the police. (See timeline.)
Internal Services Minister Patricia Arab was initially vague even about what happened. “We take privacy and security very seriously, but all I can say today is that there was an issue. We’ve taken it down and we’re working our quickest to get it back up again.” She later claimed she’d kept Nova Scotians out of the loop at the request of the police, which the police said simply wasn’t true.
Nonetheless, the government’s police call soon led to an early morning raid by 15 of Halifax’s finest at the young man’s family home. They not only seized his computer, but his father’s work-required cellphone and computer, and much else. “They rifled through everything,” explained his mother. “They turned over mattresses, they took drawers and emptied out drawers, they went through personal papers, pictures.”
The police charged the young man with “unauthorized use of a computer,” a serious crime that carries a possible 10-year jail sentence.
The premier publicly accused him of “stealing.”
Uh… wait a minute. Why was this personal information so easily available in the first place? Who was responsible for that? And are they being held accountable?
Since 2004, Unisys — “a global information technology company that solves complex IT challenges at the intersection of modern and mission critical” — has been paid more than $50-million to solve our not-that-complex IT challenges at the intersection of mundane and mission profitable.
When the freedom-of-information portal opened in January 2017, in fact, the government simply handed Unisys a $245,000-a-year tag-on to its existing contract to operate the portal.
By then, however, the government already knew there were serious questions about the security of government websites. Two months earlier, the Auditor General had released a report on its audit of AMANDA, the provincial software system that collects and stores Nova Scotians’ private personal information through a variety of websites for a variety of public purposes.
Although that report did note the department’s central management of its IT systems had improved in the previous decade, it also said there were still red flags, including this: “internal services is not reviewing Unisys reports on how well AMANDA is working,” and this: “security settings for systems… need improvement to fully meet IT security standards.”
Auditor General Michael Pickup made six recommendations for improvement.
So far, according to government officials, only two of them have been completely addressed.
But, given that recent data drip/flood out of the FOIPOP portal, it’s hard to be confident that one of those recommendations the government says it had actually fully implemented — “apply[ing] security configuration standards for AMANDA and its related infrastructure to protect the confidentiality, integrity, and availability of information” — really has been.
So, it would be useful for the province’s public accounts committee to ask officials from the province’s internal services department, not to mention Unisys and the auditor general himself, to appear before it and answer questions in public about matters of clear public financial interest. (Besides the $4-million a year we pay to keep our information secure, the auditor-general’s report also notes that $530 million of our money is “monitored and/or collected” each year through AMANDA.)
Instead, that Craven Cabal of Liberal Nobodies did nothing last week except try to hide behind the skirts of the auditor general. Liberal MLA Gordon Wilson said it would be “pre-emptive” to talk about while the auditor general is examining this latest government information implosion. Their faux argument was that the auditor general did agree last week — at the request of Minister Arab — to add this FOIPOP fandango to his already lengthy to-do list.
But… Earth to Gordon Wilson.
There’s already an auditor general’s report the committee can use as a starting point for this discussion. And then too, there’s the urgency of a looming contract renewal with Unisys in June to make it even more imperative the committee review some of those “other matters respecting the public funds of the province.”
Is it really that hard for those Liberal members of the public accounts committee to distinguish between the public interest and the private, PR self-interest of their premier and government?
Apparently it is.
This is a nitpicky point, but even saying the 19 year old “created” the single line of code that scraped the FOIPOP site is a stretch, because the commands that do that sort of thing have existed for a long time and are very standard. “Created” implies a level of ingenuity on the part of the teen that suggests he had to go out of his way to get the documents. “Used” might be a bit more appropriate, since any of us could use these types of commands without inventing any new methods.