MILITARY OFF THE HOOK FOR ASHLEY MADISON
Probe would’ve taken too much time, officials say
Military personnel and Defence Department employees who may have used government computers to access the Ashley Madison infidelity dating service cannot be punished since rules allow using such equipment to “communicate” with friends — even if it involves an illicit romance, according to documents obtained by the Ottawa Citizen.
Last year hackers posted personal data of users of the Ashley Madison website which offers a service for those looking to have extramarital affairs.
More than 180 email addresses of Department of National Defence and Canadian Forces personnel were included, sending federal officials scrambling to figure out how to respond, show the documents obtained through the Access to Information law.
But DND security and information technology staff were in a dilemma over whether they could punish those using government computers to conduct extramarital affairs. The department’s rules say unauthorized use of equipment included anything bringing discredit to the DND and the military. But the same policy also had a section allowing the use of federal computers for “communicating with family, friends and other persons, for other than official use.”
In addition, since the Ashley Madison site did not send verification emails, the accounts might not belong to actual users of the service.
To determine whether a federal employee had used department equipment to register on Ashley Madison and exchange messages with people looking for extramarital action would have taken an excessive amount of time, DND officials concluded in the documents written in September and October 2015.
“Pursuing disciplinary or admin action against those individuals was not feasible,” noted one of the briefings.
So instead, they suggested sending a message to remind staff about the proper use of government computers.
They also singled out a few individuals who may have been involved with the Ashley Madison site. Those staff would be interviewed because the sensitive positions they held created “a higher risk” for the military and the DND.
The documents did not indicate which positions were involved or the type of risk.
In addition, the department and military took a hands-off approach for other people on the Ashley Madison list.
Officials reasoned that since the federal government was not responsible for the data breach, there was no obligation to inform those people they were on the list.
“It was observed that there were significant challenges in advising them without causing undue alarm or harm,” the documents added.
Hackers were able to steal credit card information, emails and other identification material from the Ashley Madison site. Other email addresses from the site were linked to the RCMP, Ontario government and police forces. About 15,000 were from U.S. government or military accounts.
Last month the Office of the Privacy Commissioner of Canada concluded the Ashley Madison website had inadequate security safeguards even though it marketed itself as a “100 per cent discreet service.”
“Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable,” Privacy Commissioner of Canada Daniel Therrien said in a statement.
His investigation also found the company was inappropriately retaining some personal information after users had deactivated or deleted their online profiles.