And some help for Tom as well

In the interests of helping out justice minister Tom Marshall, here’s a link back to a January 2009 in which your humble e-scribbler offered the members of the provincial legislature the entire text of draft whistleblower protection legislation.

We are now two years into the unfulfilled promise of such protection and all government has offered is excuses like ‘Oh it’s complicated.’  Well, legislation is apparently not so complicated that they couldn’t ram through the expropriation bill last December or bring other legislation in the recent sitting that amended legislation from last year that isn’t even implemented yet.

And here’s the kicker:  the draft whistleblower legislation first appeared in Ye Olde Bond E-mail Inbox in April 2008!

Jinkies, as Velma would say.

With this draft legislation, the boys don’t even have to sweat it.  They can just cut and paste the bill and send it offer to work through the system. 

Incidentally, back in January, we were helping out then-justice minister Jerome Kennedy*.  Seems like this is getting to be a trend.

 

-srbp-

*R’uh R’oh Update:  That would be a mistake.  Jerome and Tom swapped portfolios the previous fall. Jerome was quoted last year giving excuses as to why his department still wasn’t ready with whistleblower legislation, but the minister of justice since 31 October 2008 has been Tom Marshall.

More help for Jerome

Finance minister Jerome Kennedy’s not alone.

He’s not alone on a lot of things, but in this case, we refer to his lack of willingness to read the documents relevant to an issue and to understand the plain English meaning of them.

Jerome’s already been poked a bit both here and at the Telegram over his apparent ignorance of the role of the Clerk of the House of Assembly.

But there’s more ignorance, and that has to do with one of the issues the House of Assembly Management Commission discussed at its May 13 meeting.

They were talking about recreating the financial statements of the legislature for Fiscal Years 1999 and 2000.  The issue is whether or not to pay an outside audit firm to rebuild the House accounts for those two years and then audit them.

Auditor General John Noseworthy believes this work would be for naught since many of the records are missing and there is no guarantee the accounts would be accurate.  He noted in correspondence dating back to 2007 that his reviews would be sufficient to meet the legislative requirement the management commission is looking at in trying to have this work done. There’s an estimate under discussion of hiring an outside audit firm at a cost of over $600,000 to do the work.

Jerome thinks the work ought to be done.

Without going into all the details, he’s right.

The work ought to have been done and it should have been done by the Auditor General under the task assigned to him by cabinet in 2006. The only problem is that it isn’t clear the work was done.

In the summer of 2006, cabinet directed the Auditor General to do two things as a result of the House of Assembly scandal. 

First, he was directed to go back to 1989 to find any other examples of overspending up to 2004.  He did that and apparently found nothing beyond what he’d already reported.  Note that he didn’t look in detail at the two years up to 2006 when the allowances account was overspent by about $1.0 million and the budget estimates presented in the House were known to be wrong.

Second, the Auditor General was directed to conduct “annual audits of the accounts of the House of Assembly from fiscal years 1999/2000 to 2003/2004.”

So where are those audits?

Good question, since they’ve never been made public. In fact, there’s no public sign that component of the order was ever done even though the Auditor General got extra money and staff in order to do the work.

What we got instead was a report that discussed some inappropriate spending from 1989 to 2005. We can say “some” inappropriate spending  since Noseworthy never went into enough detail to determine where all the cash actually went or if people misdirected money even if they didn’t exceed their allowance totals.

For example, Noseworthy never reported at all – apparently never even noticed – how much money was directed to partisan purposes even for a member now known to have funded party work out of his allowances.  There was a glaringly obvious breach of the Elections Act in there but it went unreported until the Ed Byrne trial.

If Noseworthy didn’t do that for one glaring example, then we have to wonder just exactly how much of a look his team of auditors actually gave any of their reports.  But that’s a digression.

The key point to bear in mind is that the Auditor General himself was tasked with producing detailed audits for 1999 up to 2004.  That’s irrespective of whether or not there was an audit by a private firm.

On top of that, there’s no sign Noseworthy and his team ever did the work they were tasked with by cabinet in 2006.

So what exactly is the House of Assembly Management Commission doing arguing about spending public money to recreate what the Auditor General already got paid to do?

-srbp-

Never let it be said…

That Bond Papers didn’t offer cabinet ministers a bit of help with the demands on their time.

Finance minister Jerome Kennedy had a problem at the House of Assembly management committee’s meeting a couple of weeks ago.  The story made the front page of the telegram on Tuesday of last week.  The story isn’t on line but the committee Hansard record is. 

At issue was a resolution that would, in part, give effect to a commitment made earlier by the provincial government to give former citizen’s representative Fraser March an outside review of the circumstances surrounding his dismissal:

CLERK [of the House of Assembly, Bill Mackenzie]: Yes, thank you, Mr. Speaker.

As this is being drafted, I could ask the Government House Leader, I may be able to assist in the drafting of it. There are factual errors in this, and I think some matters which are not as comprehensive as they might be.

Referring just to travel expenses, this is not accurate in terms of the reasons for his dismissal. It should really refer to the very first item the Auditor General wrote about, which was violations of the Citizens’ Representatives Act, by carrying on a business, trade or profession. That is also what Michael Harrington gave his opinion on, and that was always the primary issue with Mr. March. So it would not be fully accurate just to say travel expenses. It should be more comprehensive; if, indeed, you have to say anything. It may be you do not have to put any of the issues like that. This could be a much condensed resolution in the House.

…

MR. KENNEDY: Mr. Speaker, I just want to point out that the document is in the booklet dated May 13, 2009. Perhaps just for clarification, before the Clerk leaves - this is only my second House management meeting. What is the role of the Clerk in these House management meetings? Is it set out anywhere here in the rules or procedure?

He is expressing commentary here. I just wonder, is it appropriate for the Clerk to be injecting himself into, essentially, the debate on a motion, telling us that the motion is not accurate? If it is, so be it, but I would like to see something here in the rules or procedures, something that tells me that is there.

MR. SPEAKER: That is the real role of the Clerk.

The Clerk.

CLERK: Minister Kennedy, you will remember the Speaker and I offered an orientation session for you, but you were unable to avail of it because of your schedule so we sent over materials. This is one of the matters it would have covered.

I am a member of the Commission. I am non-voting, but I am a member as well as acting as secretary, so I come to meetings, I express my opinion, I simply cannot vote.

MR. KENNEDY: Where? I would like to see something that outlines (inaudible) -

CLERK: Section 28 of the act.

MR. KENNEDY: Section 28 of the act allows you to….

CLERK: That is all of the duties of the Clerk. I would also suggest you read section 31. Sections 28, 29, 30 and 31 cover it all.

MR. KENNEDY: I will have a look at it (inaudible).

For Jerome’s benefit, here’s the section of the  House of Assembly Accountability, Integrity and Administration Act that lays out what that fellow in the funny black robe who sits at that table in the centre of the rooms does:

28. (1)  The clerk is the chief officer of the House of Assembly with the status equivalent to a deputy minister in the public service and in that capacity the clerk is

(a) the chief parliamentary advisor to the speaker; and

(b) the chief administrative and financial officer of the House of Assembly responsible to the speaker and through the speaker to the commission for the management of the operations of the House of Assembly service and the administration of the statutory offices.

(2) In his or her capacity as chief parliamentary advisor, the clerk is responsible for

(a) advising the speaker, deputy speaker, committee chairpersons and members on procedural matters concerning the rules, privileges and proceedings of the House of Assembly;

(b) directing and coordinating the provision of procedural services by the clerk assistant, sergeant-at-arms and other officers of the House of Assembly;

(c) coordinating all official parliamentary ceremonies and other events involving the House of Assembly;

(d) custody of and safe-keeping of the records of the House of Assembly and all bills, petitions and documents presented to or laid on the table of the House, and shall produce them when required by the speaker or by his or her order on motion of a member;

(e) recording and carrying out all recorded votes of the House of Assembly; and

(f) ensuring and controlling public access to the proceedings of the House of Assembly through the production and distribution of Hansard and the facilitation of electronic access to proceedings by the media.

(3) In his or her capacity as chief administrative and financial officer, the clerk is responsible for

(a) the provision of administrative, financial and other support services to the House of Assembly, its members, and statutory offices;

(b) direction and supervision of the clerks, officers and staff employed in the House of Assembly service and for the establishment of general administrative policies of the statutory offices;

(c) acting as secretary of the [House of Assembly Management] commission and has custody of all records and minutes of the commission;

(d) ensuring that disclosure, as required by law, of the proceedings of the commission and the financial matters pertaining to members and the House of Assembly service is provided for;

(e) the preparation of the estimates of the House of Assembly as required by section 26 and analysis and commentary, to the commission, on the budget submissions of the statutory offices and the office of the auditor general;

(f) administration of all services and payments to members;

(g) the orderly safekeeping of the records of the House of Assembly service;

(h) authorizing and recording all financial commitments entered into on behalf of the House of Assembly and statutory offices;

(i) reporting regularly to the commission and informing the secretary of the Treasury Board regarding the financial and budgetary performance of the House of Assembly and statutory offices;

(j) reporting to the commission and the audit committee on the status of audits of the House of Assembly and the statutory offices and, specifically, reporting if in his or her opinion the audit is not being conducted on a timely basis;

(k) maintaining and periodically assessing the effectiveness of internal controls in the House of Assembly and statutory offices and reporting on that assessment and effectiveness to the commission; and

(l) certifying to the commission as required that the House of Assembly and statutory offices have in place appropriate systems of internal control and that those systems are operating effectively.

[Emphasis added]

That lays out the complete list of duties of the Clerk.

Section 29 doesn’t seem to be directly relevant since it provides that the Clerk is responsible for reporting the status of members’ accounts. Likewise, section 30 provides that the Clerk’s responsibilities are generally similar to those of the Clerk of the House of Commons and section 31 covers the relationship between the Clerk and the Public Accounts committee.

And if Jerome was wondering why this curious fellow was deigning to speak to his betters, here’s the other bit he should have taken time to read before opening his ministerial maw:

18. (1)  The Commission of Internal Economy of the House of Assembly established under the Internal Economy Commission Act is continued under the name of the House of Assembly Management Commission.

(2) The speaker, or in his or her absence, the deputy speaker, shall preside over the commission and when presiding, shall vote in the case of a tie .

(3) The commission shall consist of

(a) the speaker, or, in his or her absence, the deputy speaker, who shall be the chairperson;

(b) the clerk, who shall be the secretary and shall not vote;

(c) the government house leader;

(d) the official opposition house leader;

(e) 2 members who are members of the government caucus, only one of whom may be a member of the Executive Council;

(f) one member who is a member of the official opposition caucus; and

(g) one member, if any, from a third party that is a registered political party and has at least one member elected to the House of Assembly.

All pretty simple really and perhaps it would have been helpful if Jerome had been able to find time in his schedule for the orientation offered to members.  It pays to have some idea what you are talking about and when helpful people actually offer up some of their valuable time to tell you stuff you really could find out for yourself, it’s really a good idea to take advantage of their generosity.

Makes one wonder, though, what the Clerk might have said to provoke Jerome’s ire.  One thing is pretty clear:  Jerome won’t be taking Bill Mackenzie for granted again.  The Clerk did his job with evident competence.  Too bad the same can’t be said of Jerome.

-srbp-

Nurses, government do the power dance

First, government tried threatening the nurses with an imposed settlement and back-to-work legislation in hopes of frightening them off their strike vote.

Then, when that didn’t work, they tried to lure them back to the table now with a significant change of position.

Then, when the nurses didn’t cancel their strike vote and return to the bargaining table immediately, the Premier and finance minister said they were disappointed the nurses’ didn’t accept the government’s olive branch. The even tried to bring up the financial scare issue of the looming deficit.

There are a few of things to bear in mind:

1. Nurses accepted the olive branch.  They just are going back to the bargaining table with a strike mandate in their back pocket, not when the Premier and finance minister would like.
2. It’s polling season.  Don’t under-estimate that timing issue as a motivating factor for an administration that spends an inordinate amount of time massaging polls. The provincial government had plenty of time to deal with this issue before now.  Their panic at having the government pollster in the field while the nurses carry on a strike vote isn’t a reason for the nurses to simply stop everything.
3. What happened to the bubble?  Before Christmas everything was rosy according to the Premier, finance minister and the government’s favourite economist.  Bond Papers readers knew better. It seems a little disingenuous for government to be singing the deficit tune now.
4. Back to the table now interrupts the strike vote.  The Premier and finance minister – both experienced lawyers – know that if the nurses interrupt their strike vote now, they’d have to start from scratch later on.  That would give government an additional six weeks or more if talks failed this time. Nurses lose by going back to the table prematurely so they aren’t likely to do it. Claiming they aren’t interested in talks sounds a little precious  - even desperate - at this point.
5. Did you hear the eyelids slamming shut?  Government’s tactics in dealing with the nurses have been clumsy, to put it mildly.  Jerome’s year-end deadline passed as if it was nothing.  His threat to legislate vanished this week.  It’s hard for the nurses to feel any sympathy for the provincial government when it has stuck to its hard line all this time.  It’s harder again for nurses to take government seriously when they first of all make threats and then don’t carry them out.  This week nurses heard Jerome Kennedy’s eyelids slamming shut as he blinked, big time.  That may not have been his intention but that’s what nurses saw. No on is surprised they are carrying on with their strategy;  it seems to be working just as government’s obviously isn’t.
6. Bad jokes don’t help.  Danny Williams didn’t help matters with his widely reported, cheesy joke about not wanting to get sick and have to face the province’s nurses in a hospital. He needs to throw away the guide to public speaking and joke telling Roger Grimes left him.  That’s tongue in cheek, by the way.  Williams lambasted Grimes for telling an off colour joke when Grimes spoke to American bankers a few years ago.   The little jest at nurses expense delivered to an audience at a national conference in St. John’s is every bit as bad or worse.

This might turn out to be the most interesting year in recent memory.  The provincial government may have finally found a group that can’t be bullied or intimidated or even fooled for that matter.

The Premier should call up his predecessor and get some better advice.  Brian Tobin tackled the nurses and didn’t come out of it all that well off.  And Danny Williams and his wannabe replacement Jerome Kennedy should remember:  nurses won’t forget.

-srbp-

Pull the other one, Jerome

About half through finance minister Jerome Kennedy’s scrum on Friday something very interesting happened.

Jerome scratched his nose.

It’s interesting because it is the only time he made any big hand gestures within the camera shot during the entire scrum.  His hands come up a bit during some sections but this one really leaps out if one watches the whole scrum from start to finish.

It’s interesting because he scratched his nose right after an exchange with reporters about how the province’s financial state might make it impossible for government to deliver nurses a very generous wage offer since, as Kennedy put it, there are “unknowns and variables” that will affect government’s financial position.

In fact he scratches his nose right before he says “unknowns and variables.”

It’s interesting because scratching your nose is usually taken as a sign of discomfort, a sign that what was said is not accurate or true.  In extreme cases, scratching ones nose is a sign of deception.

The nurses and government have been at logger-heads for most of the past year.  The government insists that there will be no discussion on salaries;  it’s the 20% offered or nothing else. 

Listen to the scrum.  You have to go a ways before that becomes clear but under relentless questioning from CBC’s David Cochrane Kennedy makes it plain that the only issue government is really hung up about is cash.  The rest of it is something they are willing to talk about but nothing more. 

This isn’t negotiation by any stretch of anyone’s imagination or even a serious effort to get the nurses back to the bargaining table.  If it was, Kennedy and his boss wouldn’t have been throwing threats around since before Christmas.  Now the last threat – to take the 20% off the table after December 31st – turned out to be a gigantic bluff.  The nurses pulled the other one and found out there were bells on it.

The latest threat is to come back and take the offer or else, the or else part in this case being having a settlement imposed on nurses.

From the nurses perspective, of course, it doesn’t take too much imagination to see that there’s precious little difference between swallowing the 20% and everything else in government’s position  along with it or having rammed Danny and Jerome ram it down their collective throats as if they were AbitibiBowater. 

No difference, no gain.  No gain – even if only in face saving – and there is no chance of averting a strike.  Nurses have been down this road before.  A decade ago they hounded Brian Tobin during the winter election until Brian made a deal to get them off his back.  From the nurses’ standpoint, he didn’t deliver so they went on strike.

He legislated them back to work.

The opposition Provincial Conservatives had a field day in the legislature that spring raising questions about recruitment and retention and pattern bargaining.

Sounds awfully familiar, doesn’t it?

Kennedy pulled his nose because what he is saying makes no sense and he knows it. 

In addition to the December 31st cut-off being a big bluff, the whole threat to the nurses lacks in credibility.  If they might not get anything beyond eight percent in the first year because of the uncertain economic times, then it stands to reason that the other unions might have to give up their cash as well.  Kennedy says no;  the government has guaranteed their money despite the economic circumstances.

CBC’s David Cochrane does a good job of poking at that one and Kennedy squirms in discomfort at the fairly obvious logical problem with the government position. He gets to the point in the scrum where – having drawn a bunch of lines in the sand of his own - Kennedy accuses nurses union president Debbie Forward of drawing lines in the sand.  Again, Cochrane points that out in the preface to one of his questions. 

Kennedy’s conundrum on the nurses is that obvious.

His fiscal one will become more obvious the closer we all get to budget day.  On the one hand, Kennedy needs to convince nurses there are hard economic times and therefore they should take the government offer now rather than risk losing all that money.

On the other hand, you have government and its supporters - Kennedy, Shawn Skinner, Paul Oram, government pollster Don Mills and government economic consultant and Wade Locke – all talking about how wonderful the future will be. The two things can’t live in the same space just as the 31st of December can’t be a deadline and then not a deadline, the 20% can be guaranteed but not guaranteed or the government be willing to talk but only if there is no talk and the nurses accept whole the government’s position as dictated.

The last government crew that messed with nurses wound up starting their long political death spiral in the fight. The only difference is that then the government started out with a credible financial argument to back their position.

Jerome hasn’t even got that.

All he’s got is his nose to pull.

Sounds pretty impotent.

-srbp-

Money Talk

1.  From labradore, a post titled “Responsible Government”.

2.  From the Telegram, the editorial follows up on a story from the Saturday edition noting the difference between Jerome Kennedy’s take on the pensions business and that of his immediate predecessor.

It asks a question - So, why the huge difference between ministerial attitudes? – that is worth answering, or at least attempting to answer.

The difference has to do, in part, with the length of time in the job and the amount that one knows about the fundamentals of the job. 

Tom Marshall gave the answer any finance minister might give who understood his job and felt comfortable in the roll. 

The long-term effect of a drop in asset valuation is to force the government and maybe the unions to drop more cash into the fund.  As Marshall noted, over the long haul, the pension fund’s asset valuation has gone up and down yearly but has average over 10% growth since it was created in 1981 [See chart at left].

No big sweat in other words.

Jerome, on the other hand, left the impression huge mounds of cash might have to be dropped into the fund in the next “number of years”.

Big sweat, in other words, since most people would take the tone of his comments to mean more cash was needed in a hurry.

Kennedy’s shown this sort of thing before, this lack of understanding.  His answers to simple questions in the legislature last session – his first as finance minister – were overly aggressive, snarky and condescending.

What else is new, sez the wag in the gallery.  True, but look at the words and you get more the sense of a fellow who is anxious to make sure people don’t realize he doesn’t understand a lot of what he is talking about.

He is covering up, maybe temporarily, maybe as part of a pattern.

Another part of Kennedy’s interpretation versus Marshall’s has to do with the annual budget requirement to find some sort of theme for the farce known as “budget consultations.”  Last year it was a debt clock.  Tom Marshall talked a lot about dealing with the debt but in the end did virtually nothing about it all.  This year, Jerome didn’t have a lot of time to find something to use as a prop, as a theatrical device around which to frame all talk.

CBC’s piece gave him that prop, albeit at the last minute. 

A prop really isn’t necessary though, if any of Friday’s session in St. John’s is the guide.  The Board of Trade – predictably – called for tax cuts for businesses as the way to help get through the coming tough times.  otherwise, government should stay the course.

What that means exactly is unclear, since the current crowd have been spending like there’s no tomorrow and no paying down the public debt to any appreciable degree. Plus, as labradore notes, their entire debt pay-down thingy is merely designed to open up room for more public debt.  That hardly sounds like something the Board of Trade would endorse but yet it does.

The only thing more predictable than the always Tory Board of Trade was the Canadian Federation of Independent Business. Times are good:  cut taxes, says Bradley George.  Times are bad?  Cut taxes, says Bradley George.

Again, no concern for the drain on public resources represented by debt and the odds such debt would increase with all those tax cuts.  How will we pay for everything if we cut taxes and cut them again and then cut them thrice for good measure?

The shortcomings of both the Board and Bradley are evident since neither made any reference to the gigantic shortfall in revenues coming this year. They either do not know or care not to know about the billion or so that has to come from somewhere since it won’t be coming from oil and mining and forestry next year.  It is like the debt:  best ignored except to support action which does not occur.

The size of the “or so”part of that equation by the way would be increased, inevitably, by the size of their tax cuts but this is all of no concern.  The only crowd equal in irresponsibility to the business bunch would be the labour and “social” bunch.  Where the business crowd seek to  cut revenue, the other would boost spending in just about every direction simultaneously. 

The current administration enjoys the support of both business and labour, it should be noted. 

Of course, none of this consultation has to make sense, nor must it bear any resemblance to what is actually going on in the world. The purpose of the consultation farce is merely to allow everyone to recite their scripted lines and if it can be held at the hotel owned by a loyal supporter of the government, all the better.

The whole thing is like the annual Christmas pantomime in grade school.   Everyone must memorise the lines and say them, even if they do make sense only in the fantasy world of the moment.

There’s no requirement that the participants in the entertainment actually understanding what they are talking about either.

That, of course, is both painfully obvious and the answer the Telegram’s question.

 

-srbp-

An accountability problem for Jerome

Aside from being one of the most arrogant and condescending finance ministers in a long time, Jerome Kennedy might need to brush up on his math a bit.

Here's a sample of the arrogant and condescending finance minister in action first:

It is important, and whether or not the – I understand that the Leader of the Opposition does not understand. Nor would I necessarily expect her to. The reality is that this is not artificial spending here. We are not borrowing to spend on infrastructure. We are taking $1 billion and putting into infrastructure.

Everyday Jerome is on his feet there's at least one of those sort of slimy comments. Totally unnecessary, but he makes them every day.  Too bad there's no one like Antonio around to teach the poor fellow some manners.

But that's not the problem.

Here's the problem:

In Question Period, Jerome revealed that the province's unfunded pension liabilities have grown, according to the finance minister, by $1.5 billion as a result of the downturn in the world economy.  Here's what he told the House:

As the Leader of the Opposition is aware, in 2006 we paid $1.953 billion into the Teachers’ Pension Plan, and a further $982 million into the Public Service Pension Plan 2007, trying to bring these pension plans up to the funding levels of 80 per cent to 85 per cent, which is suggested.

The recent downturn in the economy and what has happened, Mr. Speaker, has resulted in approximately, right now, a shortfall of $1.5 billion in terms of our pension funds. That is not unexpected in light of everything that has gone on, and some of the figures I think I gave last night in terms of losses by the banks.

One figure, though, that becomes important, Mr. Speaker, although we have decreased our debt servicing charges by approximately $200 million, there could be a result in the pension cost next year of an extra $180 million.

That last figure is only somewhat important.

It is only important to the extent that in his financial statement on Tuesday Jerome patted himself on the back for reducing the debt servicing charges.

In the House, he revealed that - all things considered - those charges will grow by roughly the same amount as the decrease this year.  That is important considering that expenditures are going up while revenue is going down.  Not a good position.

But look again at the front end and the middle bit of that quote because that's where the big problem comes in.

The $1.9 billion is the Accord 2005 money received in a lump in 2005 and already spent.  The $982 million - if memory serves - was borrowed.

But all that doesn't matter since the pension fund has lost $1.5 billion in value in the space of a few months.  Apparently those shopping malls mortgaged in Ontario and British Columbia to Great-West Life, among others, aren't pulling in the expected bucks.

The inconsistencies among Jerome's comments at different times gives the old boy a basic problem:  an accountability problem.  He just can't seem to give a straight account of the province's financial state.

That's a pretty bad thing for a finance minister because if anyone needs to be able to keep his accounts straight,  it would be him.

Bottom line?

We won't know the real financial position of the province until sometime after March 31, 2009 and even then we'll likely have to take Jerome's words with a grain of salt.

-srbp-

It's the software's fault

Apparently the latest provincial government InfoSec breach can be blamed on the software, specifically a file sharing program known as LimeWire.

A popular file-sharing program exposed the private details of more than 150 people over the internet [sic]earlier this month, the Newfoundland and Labrador government said Thursday.

That's an interesting take on the story, given that people operated the computer involved, loading the software without changing the default settings.

Apparently, no one at the Workplace health and safety commission had anything to do with it either, even though they handed over highly confidential information without ensuring the outside contractor was following appropriate security procedures.

No people were involved at all.

Well, that is, except, ummm, of course for the 153 people whose files were exposed, including 108 who had their medical histories and work histories, as well as names and birthdates openly accessible on the Internet for 24 or so days.

And that identity theft thingy that Attorney General Jerome Kennedy warned about in the news release on Thursday? Well, when he spoke to reporters, Kennedy had a slightly different tune to sing:

"The file sharing program allows for access of various information that's on an individual's computer. It doesn't mean it will be accessed," Kennedy told reporters.

So why all the big fuss about government officials taking proper measures in the wake of the leak or of the giant lock-down being applied to every computer in government? Apparently it was nothing to worry about after all.

In other words, the giant news release Kennedy authorized for distribution was just a waste of energy.

Is it just an overactive imagination or did the province's attorney general sound less like a cabinet minister looking out for the public interest and more like the government's chief legal counsel representing a client staring at potential lawsuits?

-srbp-

Remember the story yesterday and the Telegram's short version? The story on page three of the Friday edition didn't mention identity theft anywhere.

Gov Comm 101: How to manage crisis spin

1. Write a news release which deliberately buries the real news so far down the page that reporters are likely to miss it.

2. Omit key information from the news release, like the fact that the information in a security breach was exposed to the Internet from December 30 until at least January 22.

3. Hold a newser to discuss the security breach later on the same day when the Auditor General releases a scathing report into government operations. (Since you have the AG report months in advance in order to prepare replies and since you know in advance the day, time and place the thing will be released, then deliberately scheduling the newser you want to bury is very easy. Experience tells you that newsrooms will be so consumed with the AG report they won't have the resources - people or time - to dig through your presentation for the news you buried.)

4. Send the number two person in the Communications and Consultation branch to supervise the execution of the spin plan. (That's a clue as to how much concern there is in government about ensuring the story is highly torqued.)

-srbp-

Atty Gen'l: identity theft potential exists for victims of gov't InfoSec breach

Attorney General Jerome Kennedy said today that 153 residents of the province, including 108 clients of the province's workers compensation agency, face the potential risk of identity theft as a result of a computer security breach by a consultant working for the agency.

A total of 694 files were exposed to the Internet for an undisclosed period of time, through an unspecified file-sharing program. While a forensic investigation has been conducted by at least one computer security firm, the minister did not confirm whether or not the files had actually been accessed.

The information included names, addresses, medical histories, work histories, sex and date of birth.

In a backgrounder to the lengthy news release, the provincial government confirms that until now, there was no government policy requiring outside consultants to adhere to government security protocols on access to information.

This situation appears to have existed despite five years of preparation before the government implemented privacy sections of a new access to information law. The law was implemented on January 16 and the security failure occurred on January 22. it was disclosed three days later.

The actions taken by the province's chief information officer in the wake of the breach include installing new software, holding educational sessions for employees and other actions that presumably were not done since the chief information office was created and well before the privacy rules came into effect.

-srbp-

News by Chip

VOCM has been getting a toasting from a few people lately for its questionable editorial choices, especially when it comes to the current provincial administration.

Well, truth be told the favourable coverage of the puissance du jour started a long while ago but really reached full bloom under Brian Tobin. That's when it came to be known as Voice of the Cabinet Minister.

And boy, that name really applies when you see a news organization repeat almost verbatim the fawning, self-congratulatory spin - i.e. bullshit - of a cabinet minister at the centre of a major breach of personal security by a government agency and with it the violation of a brand new privacy act.

Only in Newfoundland and Labrador would a news organization side with the power of the day in a case where said power:

a. Had a complete breakdown of its computer security.

b. Again.

c. For the second time in three months.

d. And sat on the information for three full days.

e. and even at that point (now almost a week later), still has no idea what exactly happened, how long it was going on and how much information on how many people was involved.

No matter how bad the cock-up, no fear. VOCM will always tell you exactly what the provincial government wants you to know.

And when it comes to stories they get first that cast the current administration (whichever it is) in a bad light, well, they'll avoid it like the plague.

VOCM: Who cares about the common man?

Update; A couple of e-mails raised issues with two aspects of this post.

The first one is simple: the Chip in the title is the Kevin Bacon character in Animal House who ran around insisting all was well in the middle of a riot. it seemed an apt analogy since the basic thrust of the provincial government's message here is that everything is fine and there is a problem, but a really not so important one. After all, "appropriate" measures had been taken. Oh yeah, after the fact but the measures were "appropriate".

The second was with the word "complete" as in complete breakdown of computer security. At this point, we have no idea of the extent of the security breach. But frankly, when it comes to security, the issue is never about the 99% of the system that wasn't involved but the 1% - using arbitrary numbers - that was.

Security is a bit like virginity or pregnancy. You can't be mostly unpregnant any more than you can be a partial virgin.

If there was a breach - and there undeniably was - then the system failed.

To take it a step beyond that, the focus of government's comment and the consequent public comment is that this is seen as an information technology issue. Government computers are secure, as we are told, since the IT people have taken measures to ensure that particular software can't be loaded to government computers.

That's not really the point, though.

Information security is a system, a culture that involves not only the hardware and software but also the attitudes and behaviour of people using the computers and programs.

Take a look at The Breach Blog (breachblog.com) and you'll get a better feel for the issue and the ideas. Information security encompasses a whole range of issues beyond just hardware and software. Scroll the posts at Breach Blog and you can also see the extent of the security issue across the developed world.

Stolen laptops. Unencrypted data. Missing hard drives and flash drives.

Even in the case where a laptop has encrypted data, putting the laptop in a place where it can be stolen suggests a certain laxness (laxity?) in personal habits of the people using the laptops.

Your humble e-scribbler has been involved in information security a number of ways over the years and information security is an integral part of day-to-day business. There are all sorts of the hardware and software methods to secure information from both unintentional disclosure and from possible prying eyes. There's also a segregation of information such that confidential information isn't stored where it might be accessed. Flash drives are routinely cleared of files and each one is kept under close custody.

One client kept apologizing for the security procedures they used internally which included incidentally, keeping physical control over individual movements within the office suite when outside consultants were in the suite. Going to the bathroom required notification, permission and escort. Flash drives were surrendered and scanned on entry and exit to ensure only those files that were authorized came and went.

The Government of Canada has a fairly extensive information security (InfoSec) program that applies throughout government and to contractors. In an increasing number of cases, outside contractors must clear a security screen, including an assessment of security processes and procedures at the contractor's work site.

The responsibility for security is established at the outset:

Departments are responsible for protecting sensitive information and assets under their control according to the Security policy and its operational standards. This responsibility applies to all phases of the contracting process, including bidding, negotiating, awarding, performance and termination of contracts, as well as to internal government operations.

Whether a contract is within or outside a department's delegated contracting responsibilities, the department is responsible for identifying sensitive information and assets warranting safeguards.

Part of the InfoSec issue with the provincial government is related to its overall attitude toward security. That's not a new issue, but things have definitely not improved lately. How many officials have cleared a federally-recognized security screen? The answer as of two years ago was the same as it always has been: zero. That's why no provincial officials were allow to attend a briefing on the Titan missile launch even though the briefing was only at the Secret level, the second lowest level there is.

Recall Heidigate? In 1997, an official of the Premier's Office obtained confidential pension information on three former members of the House of Assembly and leaked it to local media.

Okay. That's bad enough.

But the public servants responsible for controlling the pension data, all of whom knew of the need for confidentiality and who knew or ought to have known the official had no legal right to access the information, gave up the data based on nothing more than a telephone call from the Premier's Office. If they objected or raised questions, we'll never know. Certainly there were no consequences, beyond the minor political controversy that erupted over it. The whole thing was brushed aside by the Premier of the day based on the youthfulness of the person who asked for information. The tone was set from the top.

You see the point: security is about more than whether or not someone can load MSN Messenger or Limewire on a computer.

It's about attitude, and frankly, when the attorney general's news release on the issue focuses attention everywhere except on the gravity of the security breach in the first place, we can be pretty sure the security attitude hasn't changed much.

-srbp-

Public body breached new privacy law

Is everyone in government ready to protect personal privacy?

Apparently not.

The section of the Access to Information and Protection of Personal Privacy Act, known by appealing acronym ATIPPA, dealing with personal privacy came into force on January 16, 2008.

Given the five year delay in implementing the new privacy protections, it came as something of a surprise on Friday to learn of the possible leak of an undisclosed amount of private information held by a government agency. Someone on contract to the Workplace Health, Safety and Compensation Commission operated a file sharing program that gave access to files on the computer's hard-drive, including confidential records related to the commission.

It's taken a while to get the whole act into force, something on the order of five years. The delay was apparently due to a need to get government departments ready to deal with the implications of the new legislation. In the meantime, the old Privacy Act, circa 1981 was in force. The Privacy Act was far from perfect but at least it was something.

Workplace Health learned of the security problem on January 22 but it took three whole days for the provincial government to inform the public of the problem. The entirely self-serving news release spent more time trumpeting the actions taken to deal with the problem and to praise the Office of the Chief Information Officer [OCIO] for all its fine work in protecting information than it did in disclosing what government knew about the extent of the breach and whether or not information had actually been obtained illegally by anyone.

In fact, the only thing clear through the release is that the provincial government actually knows - or appears to know - very little about the breach beyond some very rudimentary details.

There's even a rather interesting quote from the newly minted chief executive of Workplace Health;

"The Commission shares the Provincial Government’s view that private and confidential client information must be safe guarded both at the Commission and with service providers. Until the forensic investigation is complete, the extent of the exposure is not known and we are unable to determine how many, if any, of the Commission’s clients may be affected," said Leslie Galway, Chief Executive Officer, Workplace Health, Safety and Compensation Commission. "The Commission was not the source of the breach but nevertheless has taken measures to ensure the integrity of its network system was intact, as well as address the network system concerns with the private company involved."

How comforting.

The commission shares the provincial government's view that private information must be safeguarded.

Unfortunately for the commission, this is not merely a "view", an opinion of the sort one might wish to be associated with like, say, "My goodness that was a lovely sunrise this morning."

It is the law.

36. The head of a public body shall protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.

And there's nothing in the law that restricts the legal obligation of a public body to protect private information only to computers owned by the public body itself.

It's a blanket obligation.

That's what makes the provincial government news release so interesting. In the quote above, Leslie Galway talks about securing the commission's own network and refers vaguely to addressing "network system concerns." Heaven knows what that means, but it is entirely irrelevant since the actions were taken after the fact.

The story gets more interesting when one reads the coverage in the Saturday Telegram, sadly not available online.

Justice minister Jerome Kennedy says the consultant was "doing some work for justice" [presumably the department] occupational health and safety assessments. Kennedy repeated that there are government policies in place that prohibited the use of file sharing programs on government computers. He pronounced himself satisfied with that: "I'm comfortable ...that this issue with government-owned computers has been addressed very expeditiously and thoroughly."

Just so that we can all share the minister's sense of comfort, go back and wander through the OCIO website. try and find a policy statement on file sharing and the handling of records. There isn't even a link to the ATIPPA in the links section of the website, even though ATIPPA is a key part of records management within government.

But of course, this is the second such incident in a handful of months. A similar case came to light in November involving 1420 medical files. The Telegram reports that 370 files were accessed - by whom is not disclosed - and that the files belonged to 151 patients and two employees of Eastern Health.

The Telegram also states - erroneously - that provincial government policies do not extend to the private consultant. While a public body is able to disclose personal information to a consultant doing legitimate work for the agency or a government department, section 36 of the ATIPPA doesn't limit the obligation of the department or agency to take reasonable security measures.

The crux of this story is that for the second time since November, a provincial government agency is involved in a breach of privacy. This second case is all the more serious since it comes less than a week after new legislation took effect which obligates public bodies to protect information from disclosure.

No surprise, in that context, that the provincial government delayed disclosing the existence of a security breach and at the same time focused its attention - in the news release - in endless self-praise, rather than acknowledging the gravity of what had occurred.

That's not accountability or transparency, as the justice minister professed when announcing the privacy legislation was in force. And frankly, the people of the province should view with some suspicion this pronouncement by the justice minister.

"I want to assure the people of Newfoundland and Labrador that their personal and confidential information is treated with respect and in accordance with the Access to Information and Protection of Privacy Act."

The subject of his news release - a second security breach involving an undetermined amount of confidential, personal information on an undisclosed number of individuals or corporations - is evidence that information is not being handled "in accordance with" the ATIPPA. If the minister is not prepared to acknowledge a problem exists, it's highly unlikely a proper solution will be implemented, let alone found.

Up-data: Seems the CBC version of this story has some variations from the telegram version.

"The investigation is very early on," said Leslie Galway, the commission's chief executive officer.

"We are not aware of whether our clients are actually involved with the information on that computer specifically, and what sort of information may be there."

Three days later and no one knows what was on the computer?

"At this stage, we don't know the extent or nature of the breach," Kennedy said, "nor the types of information that may have been exposed."

Now there's a familiar line. It popped up in November as well, and right behind came the assurance that there was absolutely nothing to worry about.

The real value of the CBC story though is the link to a follow-up on the November security leak. on November 27, health minister Ross Wiseman said there were only 49 people involved in the first leak. The Telly now has the figure at 153.

Which number is right?

-srbp-

Danny and the Moe Howard School of Diplomacy

[original 15 Oct 06; Updated 160800NDT Oct 06]

So much for kissing and make up with the federal government.

Offal News has as good a take on the weekend events at the provincial Tory convention as you will find.

No small irony that a guy who only five years ago made fun of the provincial Liberal government fighting with the federal Liberal government is now in a situation where he is fighting with everyone, big or small, Tory or heretic.

[Photo: Premier Danny Williams and finance minister Loyola Sullivan plan their next war with Ottawa in advance of the 2007 provincial general election. Not exactly as illustrated]

This is the New Approach, for sure.

Meanwhile, Canadian Press has reported on the weekend events (see below). For some reason, CP did not get any quotes on the Slander in Gander donnybrook from deputy premier Tom Rideout [Photo, right, exactly as illustrated]

Question: Is this the first time Premier Danny Williams has taken it upon himself to tell what went on in a private meeting only for us to discover later that what Danny said and what actually happened were two entirely different things?

Update: Here's the answer to the question. Danny Williams claimed Stephen Harper was prepared to consider so-called fallow field legislation for the offshore. Williams is looking for the legal power to force development of offshore fields. He raised the idea after failing to achieve a deal on Hebron.

CBC Radio is reporting this morning a statement from the Prime Minister's Office which rejects the idea. The PM never agreed to consider or think about it apparently. Take note of the reference in the CBC story to contracts fairly negotiated or something along those lines.

This seems like an oblique reference to the issues of bad faith bargaining raised here about Danny Williams' approach to negotiations with the oil companies. Steve doesn't likely read the Bond Papers, but he seems to be talking about the same issue and heading to the same conclusion about Danny.



Williams takes aim at Ottawa in drive for re election in Newfoundland
The Canadian Press
Oct 15, 2006

By Tara Brautigam

GANDER, N.L. (CP) _ Newfoundland Premier Danny Williams hopes to capitalize on a growing standoff with Ottawa in his quest for province-wide dominance in next year's provincial election.

Williams rallied his party at a weekend Progressive Conservative convention in Gander, with a fiery speech that drew a deep line between himself and Prime Minister Stephen Harper.

The premier warned Saturday night that he would urge Newfoundlanders to vote against Harper in the next future federal election if the province loses out in a revised equalization formula.

Hours earlier, Williams and Harper met in an effort to resolve their differences over several thorny issues, including a revised equalization formula. But their discussion about equalization only further chilled relations between the two Tory leaders.

The meeting was "heated,"' one of the premier's staffers said Sunday. [Ed note: This likely means the Premier was shouting, as he is wont to do, while the other person is being calm and professional.]

Williams has made a political career of fighting the federal government.

In December 2004, he pulled down the Canadian flags from provincial buildings during talks for a revamped Atlantic Accord to give Newfoundland full protection against equalization clawbacks on offshore royalties.

In early January, the flags went back up, and an agreement was reached after marathon talks in Ottawa a month later.

"Fighting the enormous resources of the federal government and achieving a new deal on the Atlantic Accord is not easy, but that doesn't mean it's impossible,"' Williams told about 600 supporters Saturday, indicating he would step up his battle against Ottawa before his re-election campaign.

"Stay tuned, you might be into round two before this one is all over."'

Williams also warned the party not to take the Oct. 9, 2007 election for granted, a message echoed by party president John Babb.

"A quick clean sweep? Who knows?"' Babb said. "But from our point of view, we're not making any predictions."

The Progressive Conservatives can make big gains in the next election, observers say.

At least two polls this year suggested Williams enjoyed an approval rating above 70 per cent, despite a government spending scandal that led to the resignation of Ed Byrne, one of his top cabinet ministers, in June.

But the Liberals have slammed Williams for neglecting rural Newfoundland and Labrador, areas beset by waves of residents moving to Alberta for work because of mass layoffs from the forestry and fisheries industries.

Currently there are 35 Progressive Conservatives in the provincial legislature, 11 Liberal members and one New Democrat.

A byelection has been called for Nov. 1 to fill a vacant seat in the Signal Hill-Quidi Vidi riding in St. John's, where high profile criminal lawyer Jerome Kennedy will run for the Tories against NDP Leader Lorraine Michael.

The Liberals are not running a candidate.

-srbp-