Apr 212018
 

CBC News has an update to a government leak incident noted previously on this site. This is one of those incidents where Justin Shafer’s case comes to mind, as the government’s response to their security failure was to criminalize the behavior of the teen who downloaded what were freely available reports. When the public went up in arms over the government’s attempt to cast him as some master criminal, the government started to back off.  Now CBC News reports:

The privacy breach involving Nova Scotia’s freedom-of-information portal has led to a police investigation, put the government on the defensive, and garnered international attention and criticism.

Here is a timeline of events.

See the timeline here.  Kudos to David Fraser for representing the teen.

Apr 202018
 

Bill Lukitsch reports:

Personal financial and medical information of more than 4,000 people was mailed to the wrong addresses earlier this year, two state agencies announced Friday.

“Notices containing personal information were mailed to 4,136 individuals at incorrect addresses,” a news release from the Illinois Department of Healthcare and Family Services and Department of Human Services said.

Read more on Chicago Tribune.

Apr 202018
 

BBC reports:

A teenager who tricked his way into obtaining the email and phone accounts of senior US intelligence officials has been sentenced.

Kane Gamble, 18, targeted CIA, FBI and US Department of Justice databases from his bedroom in Leicestershire.

The Old Bailey was told Gamble, who has admitted a number of charges, damaged the “effectiveness” of the wider law enforcement community.

He will serve two years at a youth detention centre.

Read more on BBC.

Apr 162018
 

No charges? No surprise.

Canberra News reports:
No charges will be laid by Federal Police following the investigation into the discovery of classified documents in a cabinet from a Canberra second-hand store. An AFP spokesman says thorough investigation has been conducted and no further action will be taken.
The papers, from Prime Minister Malcolm Turnbull’s department revealed secret cabinet discussions from the last four Governments as well as details on the NBN, refugee policy and welfare cuts.
So okay, but explain why no charges will be filed. Is AFP saying that as long as something was an error, there will never be charges? If not, under what circumstances will there or might there be charges?  What if it hadn’t been secret cabinet discussions but had been HIV status on named patients?
Apr 112018
 

CBC News in Canada reports:

Halifax police have detained a person after a breach of the Nova Scotia government’s freedom-of-information website that included access to personal information.

More than 7,000 documents were accessed. About four per cent were determined to have “highly sensitive personal information,” according to government officials. They said the number of Nova Scotians affected is “in the thousands.”

“This is not great news,” Internal Services Minister Patricia Arab said Wednesday.

Sensitive information accessed includes birth dates, social insurance numbers, addresses and government-services client information. Credit card information was not accessed during the breach, according to the government.

Read more on CBC News. This appears to be a case where someone exploited a vulnerability, but I imagine we’ll learn more in due course.

The Office of the Information and Privacy Commissioner of Nova Scotia issued a press statement today:

HALIFAX – Information and Privacy Commissioner Catherine Tully has launched an investigation into the recently announced breach of the government’s access to information web portal.

This investigation will examine whether the Department of Internal Services was in compliance with Nova Scotia’s Freedom of Information and Protection of Privacy Act. The investigation will focus in particular on the adequacy of the security of the system.

When the investigation is complete, a public report will be published online at www.foipop.ns.ca. As this is an active investigation, no additional details are available at this time.