UPAC’S St. Constant raid raises questions
Anti-corruption unit searches mayor’s home, city hall after report absolves town
Created a little over a year ago amid growing concerns that corruption and collusion had become hallmarks of Quebec’s construction industry, UPAC – the province’s permanent anti-corruption unit – has experienced a rougher 12 months than any suspect who has attracted its attention.
And Wednesday’s early morning raid on St. Constant city hall and the home of its mayor has left some wondering just how efficiently Quebec’s anti-corruption broom actually sweeps.
“(Tuesday), the Municipal Affairs Department, after in- vestigations on the situation in St. Constant lasting more than a year, presented a report saying that aside from a few details here and there, the municipality had essentially respected its legislative and regulatory obligations,” Stéphane Bergeron, Parti Québécois municipal affairs critic, told reporters in Quebec City.
“But (Wednesday) morning we learned that UPAC had landed in St. Constant and conducted searches at the city hall, the mayor’s home and the company of the mayor’s son.
“Was the Municipal Affairs investigation botched? What did UPAC see in St. Constant that the Municipal Affairs Department did not see after a year of investigations?
“Was the department’s report a whitewash?”
Bergeron’s comments followed an early morning raid Wednesday that saw about 60 UPAC investigators execute “several” search warrants in St. Constant.
Investigators stationed themselves at St. Constant city hall and the home of Mayor Gilles Pepin, as well as the company of Pepin’s son, Danny, the official agent of the mayor’s political party.
St. Constant is located on Montreal’s South Shore, between Châteauguay and Candiac. It has about 25,000 residents.
Outside his home, a feisty Pepin told reporters he had “no problem” with the arrival of investigators.
A day before the raid, Pepin was quoted in La Presse as saying that an ongoing probe into his activities by UPAC was “farcical,” adding that an investigation by Quebec’s Municipal Affairs Department had found his city had “generally” adhered to regulations involving the awarding of contracts.
In 2007, Quebec Superior Court removed Pepin and a slate of municipal councillors from office for exceeding limits on campaign spending by some 40 per cent.
Pepin was re-elected in a 2008 by-election and again in the regular election of 2009.
UPAC, the Unité permanente anticorruption, was created just over a year ago as part of what the Liberal government of Premier Jean Charest called a crackdown on corruption and collusion relating to public contracts.
When asked about the timing of Wednesday’s warrants, Public Security Minister Robert Dutil responded: “I have no idea. UPAC is independent.”
As for the length of time UPAC is taking to move its investigations forward, Dutil answered by referring to Wolverine, a police operation against biker gangs.
“It took several years before they could present their evidence. We have to understand that.”
Since its creation last year, UPAC has been criticized for moving too slowly in executing its mandate to crack down on corruption.
The unit, which includes provincial and municipal police, was created in the midst of a prosecutors strike that saw many senior Crown lawyers resign in protest and others refuse to work on UPAC.
Reports have suggested the squad also is divided by internal dissension between investigators and bureaucrats, as well as an unwillingness to share information. Those tensions came to the fore last October, when former Montreal police chief Jacques Duchesneau, whose investigations confirmed that corruption involving organized crime and attempts to pay off politicians were widespread in Quebec, was fired after he said a judge – not a police officer – should head UPAC.
If emails were stolen from the Charbonneau commission, it could mean that the website for corruption whistleblowers was woefully insecure, Montreal network security specialists say.
Although the commission says there was never an intrusion into its computers, local “ethical hackers” who are paid to find security flaws say governments and companies are notorious for skimping on defences.
“These companies say they’re already secure and don’t need to spend money on it. Then we pull out passwords and social insurance numbers,” said Terry Cutler, chief technology officer at security firm Digital Locksmiths.
Seven emails were allegedly taken from the commission by well-meaning hackers, Le Devoir reported on Wednesday, as an attempt to reveal security flaws.
The messages, if real, detailed illicit payments to Montreal city workers in return for construction contracts.
A spokesperson for the commission into corruption and collusion in the construction industry said he has not seen the emails but insists that its computers were never broken into.
“I can tell the public that the website works. They can contact us and their anonymity will be guaranteed,” Richard Bourdon said. “We have already received more than 200 calls.”
However, the website had been criticized for weaknesses from the beginning.
When it was unveiled last week, it had an online form for whistleblowers to write in their tips. It was quickly taken down after vulnerabilities were found, and replaced with an email address. That address was also removed from the site after the hacking reports.
Patrick Boucher, president of firm Gardien Virtuel, said the website didn’t at first have a secure connection, as the Web address was preceded by “http” instead of “https.”
Also, it had minimal en- cryption for data transmission.
“It shows the mindset of people who secured the website. They put minimum effort into it,” Boucher said. “And we’re talking about a corruption commission here.”
Whistleblowers can now only contact the commission by phone or fax. However, an email address will be added once again to the contact page, but with a warning, Bourdon said.
“We will add a message reminding people that email isn’t a totally secure means of communication,” he said.
Whether the emails were plucked from the commission’s computer or intercepted before they arrived, it suggests someone gained administrative access to their servers, the hackers agreed.
Cutler said such breaches happen when there isn’t a comprehensive security policy that comes from the top and touches all staff.
“They need to do a full audit. Email is just one piece of the machine,” he said. “If someone was able to intercept their email in plain text they have much bigger problems.”