05 July 2016

Emails, government business, and ATIPPA #nlpoli

During the Ed Martin fiasco,  an email turned up from Ken Marshall - then chair of the Nalcor board - to Premier Dwight Ball and natural resources minister Siobhan Coady about the board's decision to send Martin out the door in a way that maxed out his severance and other entitlements.

Marshall used his gmail account to send the message to Ball's government account and Coady's gmail.

Some folks raised a question about the appearance that Coady was using her gmail account for official business.  Coady denied she was doing it but now the Telegram's James McLeod has an access to information response that includes 70 pages of material sent from Coady's government email account to her gmail account.
Let's be clear right from the outset that until now the only sign of a potential issue was with Marshall's use of a personal email account to send a confidential government communication.  An ATIP released by the provincial government shows that the same email was copied to several Nalcor board members using their personal accounts as well.

That's the far more serious issue that someone should be investigating.  It is possible that highly confidential government and corporate information has been accessible for some time.  The threat here is not from some asshat in his mother's basement but from sophisticated corporate and government intelligence gathering that can access unencrypted emails sent by commercial email services like gmail, yahoo, or Microsoft Outlook.

In a conversation on Twitter, McLeod said that most of the emails Coady forwarded to her personal account were speaking notes, media talking points, and similar material.  McLeod said three full pages were redacted as solicitor-client privileged.  That's a potential concern and raises the question of why Coady would be sending government information to a public email address at all.

At the very least, it suggests that the government IT system has some problems.  Any cabinet minister or public servant who needs to work away from the office should have a secure system for government business. That includes a Blackberry as well as a laptop or tablet that can log in to the government system securely from a remote location. There's just no reason for anyone to be conducting government business on unsecure systems. Officials still need access to non-government email for personal emails and, in the case of political staffers, for party business.  But for government business,  they need to have government computers and software.

As far as Coady is concerned,  there doesn't look like any effort here to circumvent access to information.  After all,  the fact Coady has been sending emails to her personal account left the tracks for McLeod to turn up.  But the fact that she has actually been using a personal email account for some government business will raise doubts and that's where the problems come.  The fact that McLeod made several attempts to get a comment from Coady but got nothing only makes it worse.

The questions raised by Coady's use of personal emails for government business are similar to questions raised by Kathy Dunderdale's refusal to use a government cell phone.  We just don't know how much government business was conducted on unsecure systems.

Nor can we be really sure about the government's records management system.  Simple requests for access to emails for both Kathy Dunderdale and, most recently, for Dwight Ball, have turned up very little in Dunderdale's case or absolutely nothing in Ball's case.  Neither seems believable on the face of it.  There have been too many of these access request responses over the years, either where no records supposedly exist or where there are enormous and inexplicable blank spots in the record.

While those sorts of responses are just suspicious, some of the worst abuses of the public right to access government information involved emails.  Danny Williams' office turned down a request for access to emails on the grounds the request was too onerous.  The chief information officer supported the refusal without having actually conducted any search to confirm the volume of emails.  They just guessed.  On appeal to the information commissioner's office, Ed Ring backed the Premier's Office just like he backed his personal friend's efforts to hide information from the public on several occasions.  In the Dunderdale case,  there's no public record he raised any concerns about Dunderdale's refusal to use government communications systems.

The bottom line on the current situation is simple:

  • Coady needs to stop using personal email for government business.  Period.  If government's IT folks need to do some work on her computer access, then that's what they need to do.
  • Anyone else in a political job doing government business on a private account better stop immediately.
  • They also need to stop doing personal or party business from a government account.  This has been a huge problem for years.  Time to stop it now.
  • Coady also needs to sort out the comms operation in her office.  Her media relations haven't been working very well at all from Day One.  Whether she needs to change policy or change staff or both,  Coady needs to take some corrective action sooner rather than later.  This latest mess was entirely preventable.
  • On the records management side,  someone needs to look hard at what is going on.  SRBP has an ongoing ATIP in justice that frankly boggles the mind.  It's entirely about events before last December but there are all sorts of documents missing.  What is there just raises all sorts of other questions, none of which are good.  But that will be another post.