Stonewall erected where IT firewall failed
After proving itself ineffective at ensuring a firewall protects Nova Scotians’ personal information, the Liberal government is overcompensating by erecting an impenetrable stonewall between Nova Scotians and the facts behind the debacle born of lax security.
Liberal backbencher Brendan Maguire (Halifax Atlantic), in the chair at the legislature’s public accounts committee Wednesday, wouldn’t allow a vote on a motion to bring in senior officials from the Internal Services Department.
Tim Houston (Pc-pictou East) has been trying for weeks to get the officials responsible for government IT security before the committee but the Liberal majority has blocked every attempt.
Houston based Wednesday’s motion on new information. Charges were dropped against a 19-year-old man who’d been the focus of a Halifax police investigation into a possible breach of the government’s freedom- ofinformation web portal. Several similar breaches have come to light since the young man was initially charged with the improbable offence of unauthorized use of a computer, his own.
The police announcement wasn’t a surprise to anyone following the ever-changing story that grabbed attention when the government disclosed in April that there had been what it called a major information security breach. At the time, the government assured Nova Scotians that its diligent work with the police helped nab the “perpetrator” – Premier Stephen Mcneil’s characterization — who was “taken into custody” — still the premier — and Nova Scotians could sleep well knowing the government was protecting them, if not their social insurance numbers — not the premier.
Except, the young man in question clearly had no criminal or malicious intent and his so-called breach didn’t amount to much more than using above-average skills to maximize access to information on the site, where personal information wasn’t visible but was vulnerable to easy, even inadvertent, access.
There have been more improbable plot twists in this case than in a cheap mystery novel, but as the story unfolds the government looks more like Inspector Clouseau than Hercule Poirot.
In the closing days of the spring legislature, the premier and Internal Services Minister Patricia Arab said repeatedly that there was only one breach. More were discovered. They said the po- lice had asked them to keep the breach quiet, an assertion simultaneously denied by the cops.
The premier climbed out on a limb, however, when he said “... it’s our hope that not only will they be able to charge this individual, they will also know whether or not that individual sent that information to anyone, or to any group of people.” He didn’t.
It fell to the police to saw off the limb, announcing that charges aren’t proceeding, the premier’s expressed hope notwithstanding.
Premier Mcneil demurred when invited to apologize to the unidentified 19-year-old and his family, traumatized when 15 city cops descended on their home for a “thorough” search that left the place a mess.
For brevity, we’ll highlight only the most striking mishandling of this issue.
The government’s paranoid overreaction, which infected the Halifax Regional Police, is only apparent in retrospect, although it would have been alarming in real time for the innocent family whose home was ransacked. But, had the province’s IT security officials any inkling that their portal was so easily compromised, they might have adopted a more circumspect response.
This suggests that the province’s IT security, which guards everything from your medical records to financial information, depending on your government associations, doesn’t know where its vulnerabilities lie. They didn’t in this case.
The overreaction fed the premier’s and his minister’s overheated rhetoric in the legislature. The government was quick, and thrilled, to find a villain and divert attention from itself.
But when it turned out the young man was no villain at all, the premier decided to wear the egg on his face with the dignity that condition permits, rather than do the right thing, accept responsibility and move on.
Finally, the current stonewalling of legitimate committee efforts to hear from officials at the centre of the controversy won’t end well.
Both the auditor general and the privacy commissioner will issue reports critical of the government’s security and handling of the so-called breach. Those reports will eliminate the government’s threadbare excuse for shielding IT security personnel who will then have to appear before the committee. All the Liberals are doing is delaying and prolonging their political agony.
Why the government chokes on its mistakes instead of owning up to them and promising to try to do better is another mystery. Pride? There’s a proverb that tells us where that leads.