31 January 2008

Atty Gen'l: identity theft potential exists for victims of gov't InfoSec breach

Attorney General Jerome Kennedy said today that 153 residents of the province, including 108 clients of the province's workers compensation agency, face the potential risk of identity theft as a result of a computer security breach by a consultant working for the agency.

A total of 694 files were exposed to the Internet for an undisclosed period of time, through an unspecified file-sharing program. While a forensic investigation has been conducted by at least one computer security firm, the minister did not confirm whether or not the files had actually been accessed.

The information included names, addresses, medical histories, work histories, sex and date of birth.

In a backgrounder to the lengthy news release, the provincial government confirms that until now, there was no government policy requiring outside consultants to adhere to government security protocols on access to information.

This situation appears to have existed despite five years of preparation before the government implemented privacy sections of a new access to information law. The law was implemented on January 16 and the security failure occurred on January 22. it was disclosed three days later.

The actions taken by the province's chief information officer in the wake of the breach include installing new software, holding educational sessions for employees and other actions that presumably were not done since the chief information office was created and well before the privacy rules came into effect.

-srbp-

AG considers Sept '07 report to cover improper retention or misappropriation of public money or other similar action

In his annual report for 2007, Auditor General John Noseworthy includes his massive September 2007 Report on a Review of Constituency Allowance Claims from 1989-90 through to 2005-06 as a report under section 15 of the Auditor General Act.

As the AG cites, section 15 provides:

Where during the course of an audit, the auditor general becomes aware of an improper retention or misappropriation of public money or another activity that may constitute an offence under the Criminal Code or another Act, the auditor general shall immediately report the improper retention or misappropriation of public money or other activity to the Lieutenant-Governor in Council.

Under the AG Act, the auditor general is required to provide the report to the minister of finance.

Under a similar provision in the new Green bill on House accountability and integrity - in force in September 2007 - Noseworthy was required to advise six offices of the report, including the Speaker, the Attorney General, the Premier and the Minister of Finance.

The Auditor General has refused all public comment on the September report, citing the provisions of the Green bill. Under section 45, the Auditor General is prohibited from confirming or denying the existence of such a report on a member or other official of the legislature except to include a reference in his next annual report.

Bond Papers contacted the House of Assembly earlier in January asking if the Auditor General had filed any section 15 reports in addition to those related to certain companies, three former members of the legislature and five individuals currently facing criminal charges. The official response was to decline comment on the question. The report does include information on the former members of the legislature, but nothing that had not been included in previous reports since the focus of the report was broader in scope and purpose.

There is no constraint in the Green bill on the six offices receiving a section 15/section 45 report similar to the restriction on the Auditor General.

Under the order in council authorizing the September 2007 report, the Auditor General was detailed to conducted annual audits of the House of Assembly for the periods Fiscal Year 1999 to Fiscal Year 2003 and to review constituency allowance spending from 1989 to 2004 to determine if overspending occurred beyond approved amounts. neither of the two reports cited by the Auditor General as resulting from that order in council appears to meet either term of the order.

-srbp-

30 January 2008

Allegation versus news

Geoff Meeker asked VOCM news director Gerry Phelan about VOCM's coverage of the cell phone story.

According to Phelan, VOCM reported the cell phone accusation against the Premier but only after he admitted to the offence. Then there was this curious comment that VOCM reported it "reluctantly" and that he was "chagrinned":

VOCM did follow the story the next day when the premier admitted to the infraction, Phelan said. However, they did so reluctantly.

“We ran it that evening, much to my chagrin because it was still a non-story,” Phelan said. “How often do you have to react to someone making an allegation? I still have a problem with (reporting on) someone making an allegation that may or may not be true. Where do you draw that line? Where do you stop?”

Okay.

So if VOCM doesn't report unproven allegations, why is there a story on a 79 year old man accused of impaired driving? He's not named but the accusation against him hasn't been proved. How come there's a story on there reporting this at all?

Or what about the police officer accused of impaired driving and refusing the breathathalyzer? Unproven but widely reported by VOCM both on air and on line.

Withholding the accused's name seems hardly sufficient to avoid violating the VOCM "standard" standard of not reporting unproven allegations. After all, the news director apparently reluctantly reports admissions of guilty so reporting an accusation should leave him apoplectic, not just feeling a little chagrin.

Seems like a bit of a, editorial double standard or at least a highly malleable one.

-srbp-

Eastern Health: only 4 of 21 accreditation requirements met

In the most recent accreditation review of Eastern Health, the authority met only four of 21 practices required for accreditation according to CBC News.

The report expressed concern that there were no regional policies for keeping track of patients' medications, as well as no regional procedure for sterilizing equipment and no policy on equipment maintenance.

The report highlighted problems with temperature controls, and how lab samples are taken and transported.

"The likelihood of improper samples reaching testing sites is high," said the report, which added, "incorrect results could lead to improper patient diagnosis and treatment."

The Canadian Council on Health Services Accreditation conducted a site visit in September and issued the report in November 2007. CCHSA is an independent body that audits health service practice ac4ross Canada according to nationally accepted standards.

-srbp-

29 January 2008

Way Back

The Way Back Machine is a marvellous thing.

Marvellous that is, unless you happen to be the one whose words in the past are coming back to haunt you.

Like in these examples of politicians who said one thing at one time and then did another later on.

In 2000, to begin with Ed Byrne was leader of the opposition and a fellow highly critical of a contract between Newfoundland and Labrador Hydro and Hydro Quebec. The Guaranteed Winter Availability Contract (GWAC) was the only positive result of Brian Tobin's giant election scam in 1998 in which he announced simultaneous development of the Lower Churchill and an expansion of the Upper while he was at it.

The full text of this NTV broadcast is at the end of the post, but just take a look at this bit:
As for the shareholder's agreement and the GWAC, Mr. Byrne believes that the GWAC will bring no revenue to the province and will instead be used to keep the Churchill Falls Labrador Company solvent.
He was absolutely right and it was known to quite a few at the time that the GWAC was essentially a plan to key Hydro in the black. Anyone who read the thing could see what was going on: Hydro recalled the maximum amount of power it was legally able to do under the 1969 Churchill Falls contract. Finding that it had no domestic customers for the power - quel surprise - Hydro then offered the power for sale to Hydro Quebec which picked up the same block it had just relinquished but at a substantially higher price than under the 1969 contract.

But the Way Back Machine also revealed another statement by Byrne, this one in 2004 after the fellow was named energy minister. Suddenly, GWAC was a wonderful thing, on the occasion of its renewal. The fundamental premise of the whole thing was the same, but perspectives change when one is making the announcement.

At the end of that same release, though is an even more interesting comment, this time from the Premier:
"This contract is a step in the right direction in helping this government meet its financial obligations," said Premier Williams. "Yet, we know we cannot balance our books on revenue growth alone. This is an important but small part of the solution."
Of course that's exactly how the books were balanced, by relying solely on revenue growth resulting almost entirely entirely from high oil prices.
-srbp-
Ed Byrne On Churchill Falls

December 12, 2000


The day after Hydro officials released contracts signed between this province and Quebec over the Churchill Falls agreement. P.C. leader Ed Byrne was quick to respond.

On Monday, Newfoundland Hydro gave the media a briefing of two contracts signed in 1998, the guaranteed winter availability contract and the shareholders agreement. Hydro did not release a third contract, the 130 megawatt recall contract, deeming its contents too commercially sensitive. That strikes Ed Byrne as curious, since Hydro had no difficulty releasing the fact that it made $65 million profit from the three year contract - for Mr. Byrne, given that revelation, the 'commercially sensitive' excuse rings hollow. He says if Hydro won`t release the contract, it should be subject to a review by the Auditor General.

As for the shareholder's agreement and the GWAC, Mr. Byrne believes that the GWAC will bring no revenue to the province and will instead be used to keep the Churchill Falls Labrador Company solvent. And further still the shareholders agreement gives Quebec the run of CFLCO, by granting the minority shareholder the power of veto.

Ed Byrne says its time to stop the piecemeal revelations of details of the Churchill Falls contracts, details the province and Hydro defend vigorously, and he condemns as another historical resource giveaway.

The P.C.s will now push a motion in the legislature to have the contracts referred to the public accounts committee, where they can be subject to still closer scrutiny.

28 January 2008

News by Chip

VOCM has been getting a toasting from a few people lately for its questionable editorial choices, especially when it comes to the current provincial administration.

Well, truth be told the favourable coverage of the puissance du jour started a long while ago but really reached full bloom under Brian Tobin. That's when it came to be known as Voice of the Cabinet Minister.

And boy, that name really applies when you see a news organization repeat almost verbatim the fawning, self-congratulatory spin - i.e. bullshit - of a cabinet minister at the centre of a major breach of personal security by a government agency and with it the violation of a brand new privacy act.

Only in Newfoundland and Labrador would a news organization side with the power of the day in a case where said power:

a. Had a complete breakdown of its computer security.

b. Again.

c. For the second time in three months.

d. And sat on the information for three full days.

e. and even at that point (now almost a week later), still has no idea what exactly happened, how long it was going on and how much information on how many people was involved.

No matter how bad the cock-up, no fear. VOCM will always tell you exactly what the provincial government wants you to know.

And when it comes to stories they get first that cast the current administration (whichever it is) in a bad light, well, they'll avoid it like the plague.

VOCM: Who cares about the common man?

Update; A couple of e-mails raised issues with two aspects of this post.

The first one is simple: the Chip in the title is the Kevin Bacon character in Animal House who ran around insisting all was well in the middle of a riot. it seemed an apt analogy since the basic thrust of the provincial government's message here is that everything is fine and there is a problem, but a really not so important one. After all, "appropriate" measures had been taken. Oh yeah, after the fact but the measures were "appropriate".

The second was with the word "complete" as in complete breakdown of computer security. At this point, we have no idea of the extent of the security breach. But frankly, when it comes to security, the issue is never about the 99% of the system that wasn't involved but the 1% - using arbitrary numbers - that was.

Security is a bit like virginity or pregnancy. You can't be mostly unpregnant any more than you can be a partial virgin.

If there was a breach - and there undeniably was - then the system failed.

To take it a step beyond that, the focus of government's comment and the consequent public comment is that this is seen as an information technology issue. Government computers are secure, as we are told, since the IT people have taken measures to ensure that particular software can't be loaded to government computers.

That's not really the point, though.

Information security is a system, a culture that involves not only the hardware and software but also the attitudes and behaviour of people using the computers and programs.

Take a look at The Breach Blog (breachblog.com) and you'll get a better feel for the issue and the ideas. Information security encompasses a whole range of issues beyond just hardware and software. Scroll the posts at Breach Blog and you can also see the extent of the security issue across the developed world.

Stolen laptops. Unencrypted data. Missing hard drives and flash drives.

Even in the case where a laptop has encrypted data, putting the laptop in a place where it can be stolen suggests a certain laxness (laxity?) in personal habits of the people using the laptops.

Your humble e-scribbler has been involved in information security a number of ways over the years and information security is an integral part of day-to-day business. There are all sorts of the hardware and software methods to secure information from both unintentional disclosure and from possible prying eyes. There's also a segregation of information such that confidential information isn't stored where it might be accessed. Flash drives are routinely cleared of files and each one is kept under close custody.

One client kept apologizing for the security procedures they used internally which included incidentally, keeping physical control over individual movements within the office suite when outside consultants were in the suite. Going to the bathroom required notification, permission and escort. Flash drives were surrendered and scanned on entry and exit to ensure only those files that were authorized came and went.

The Government of Canada has a fairly extensive information security (InfoSec) program that applies throughout government and to contractors. In an increasing number of cases, outside contractors must clear a security screen, including an assessment of security processes and procedures at the contractor's work site.

The responsibility for security is established at the outset:

Departments are responsible for protecting sensitive information and assets under their control according to the Security policy and its operational standards. This responsibility applies to all phases of the contracting process, including bidding, negotiating, awarding, performance and termination of contracts, as well as to internal government operations.

Whether a contract is within or outside a department's delegated contracting responsibilities, the department is responsible for identifying sensitive information and assets warranting safeguards.

Part of the InfoSec issue with the provincial government is related to its overall attitude toward security. That's not a new issue, but things have definitely not improved lately. How many officials have cleared a federally-recognized security screen? The answer as of two years ago was the same as it always has been: zero. That's why no provincial officials were allow to attend a briefing on the Titan missile launch even though the briefing was only at the Secret level, the second lowest level there is.

Recall Heidigate? In 1997, an official of the Premier's Office obtained confidential pension information on three former members of the House of Assembly and leaked it to local media.

Okay. That's bad enough.

But the public servants responsible for controlling the pension data, all of whom knew of the need for confidentiality and who knew or ought to have known the official had no legal right to access the information, gave up the data based on nothing more than a telephone call from the Premier's Office. If they objected or raised questions, we'll never know. Certainly there were no consequences, beyond the minor political controversy that erupted over it. The whole thing was brushed aside by the Premier of the day based on the youthfulness of the person who asked for information. The tone was set from the top.

You see the point: security is about more than whether or not someone can load MSN Messenger or Limewire on a computer.

It's about attitude, and frankly, when the attorney general's news release on the issue focuses attention everywhere except on the gravity of the security breach in the first place, we can be pretty sure the security attitude hasn't changed much.

-srbp-

27 January 2008

Song for the Mira

How Irish are we? Well apparently not enough for this Irish fellow to know that the Mira is in Cape Breton, despite his claim that he has been here.

or there?

Whatever.

Also, not enough to know he shouldn't poke fun at Newfoundlanders, as he does, with about the same type of dig that an Englishman would have tossed the Irishman's way a few decades ago.

Or yesterday.

In any event, Song for the Mira is a lovely tune I first heard about 25 years ago, played by a good friend whose family came from Cape Breton. The song has stuck in my head all these years for one reason or another and while I've only been to the Mira once or twice, it still resonates.

-srbp-

They're down. No... No.... They're up. No, wait. They're down again...

There's a reason why some people should not write about political polls results and others should just be careful.

Let's do Peter a favour and throw him some traffic, only to illustrate how not to interpret poll results.

For whatever reason, there's no link in that post to the poll results, but for those who want them, you can find them at the National Post. It's under the second most "not news" headline right after "Danny in a snit, again".

Anyway, to cut a long story short, a poll by Ipsos Reid conducted between Tuesday and Thursday of last week has the Connies at 37% nationally with the Grits at 29%. Regionally, the survey breaks down different ways with one or another of the two major parties on top - NDPers spare me the e-mails - all of which Peter takes to suggest that there won't be an election any time soon. Yes, he tosses in some other stuff, but the poll results are the hinge on which his post swings.

Couple of problems.

First, the national margin of error, at 3.1% is typical of national surveys but it means that the range of possibilities for the result could have the Connies in majority territory and therefore feeling kinda cocky. Then again, in the Connie worst case in this poll, the parties are basically in a dead heat. So, we could be in an election or we couldn't be.

Second, that sort of stuff only gets worse at the regional level where the margin of error heads for 6%. That's pretty much in the bullshit part of the charts where basically more useful numbers could be produced by tossing darts randomly on the streets of any given small town in the said region.

If that wasn't bad enough, consider that just two weeks before, Ipsos Reid cranked out a poll for CanWest - i.e. the same client - and had the numbers nationally with Grits 35% and Connies at 33%.

Six freakin' point variation in two weeks? Wow.

if you want to wade through a post by a Saskatchewan blogger and the 70-odd comments, you'll find some things that might shed some other light on these poll results. No, Ipsos Reid is not biased. Get past all that crap, including the rather silly rejoinders from Ipsos vice president John Wright. Look at some of the comments, including one by your humble e-scribbler.

Sample size for the national stuff is running around 800 to 900 Canadians. That's the same sample size Ipsos used in the last Ontario provincial election. Basically, they can produce results that look good on paper nationally and might even be generally in the right neighbourhood.

But for all practical purposes, the poll results are useless.

Well, except maybe to keep the Ipsos Reid name in the headlines.

And to generate posts that draw erroneous conclusions based on them.

-srbp-

Province invests in natural gas...quietly

Over the past two years, the Government of Newfoundland and Labrador has quietly invested in two local companies involved in the natural gas industry, according to information in the Public Accounts, Volume II.

In 2005, the province offered Trans Ocean Gas Inc $100,000 as an interest free repayable contribution to the company's research and development activities. Up to the end of March 2007, the province had contributed $90,000 and received 18,000 Class 'B' non-voting, non-interest bearing common shares. The shares must be redeemed no later than march 22, 2015.

No news release was issued by the provincial government or Trans Ocean Gas on the deal, but there is reference to the provincial government as an investor in a news story in The Independent. The company website does list the Department of Innovation, Trade and Rural Development as having a "strategic relationship" with Trans Ocean.

In 2006, the provincial government acquired 500 Class 'B' common shares in SAC Mfg Inc at a price of $500,000. The shares are conditionally redeemable based on after tax earnings and must be redeemed no later than December 19, 2016. According to the companies registry , SAC is based in paradise, Newfoundland and has two directors: Dana Clancy and Sandy Clancy.

The Canadian Trade Index website lists the company business as "manufacture/distribute/service natural gas compression packages". The company website, sacmfg.ca, appears to be inoperative. A listing at a 2007 Alberta oil and gas show lists the company with an Alberta address which has a 100 hp compressor package designed to produce gas from wells deemed uneconomical due to high water content.

Trans Ocean is not related in any way to SAC.

-srbp-

Gimme your lunch money, dork: the sequel

That $10 billion Equalization debt thingy is curious, dontchya think? The Premier and his followers bandy it about like it was fact.

Where did it come from?

Wade Locke. Well, at least one set of assessments done by the Memorial University economist.

Funny thing, though, if you look way back to last June, you'll find a study Locke did for the Atlantic Provinces Economic Council (APEC), along with a buddy of his, Paul Hobson, an economist from Acadia. Hobson, incidentally proposed a totally different approach to the treatment of resource revenues, one that went completely unnoticed in all the fooferah over the past couple of years.

Anyway, Hobson and Locke, point out that all four Atlantic provinces are adversely affected by the new Equalization formula:

Nova Scotia - $159 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.4 billion less under the new Equalization program than under the Fixed Framework;

New Brunswick - $68 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.1 billion less under the new Equalization program than under the Fixed Framework;

Prince Edward Island - $7 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $196 million less under the new Equalization program than under the Fixed
Framework;

Newfoundland and Labrador - $654 million reduction in revenues for the first two years under the new Equalization program, an increase of $22 million in the third year, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.4 billion less under the new Equalization program than under the Fixed Framework. It should be noted that Newfoundland and Labrador will no longer be a recipient of Equalization after 2008-2009, under both the Fixed Framework and the new Equalization program. [Emphasis added]

Now this was before the Nova Scotia side deal which also works for Newfoundland and Labrador as well. But notice, in particular, the figure for New Brunswick. You see, the lovely province slightly to the west doesn't get much of its own cash from non-renewable resources. The reduced pot of cash involved in the new Equalization system doesn't work quite as well for them as the old way of doing things.

That's not really the whole story though.

Flip back to Ken Boessenkool's 2001 paper for the Atlantic Institute for Market Studies wherein the whole idea of taking non-renewables out of the Equalization calculation was laid out. At that time, the 10 province standard without non-renewables may have only dropped this province's Equalization transfer by a paltry $3.0 million but new Brunswick would have lost over 10 times as much cash and that's just by changing the way the formula was worked out.

The impact of various ideas for Equalization reform was also presented by the O'Brien expert panel. Go back and take a look at that report again since it includes a very good overview of Equalization and the history of the program.

You see, that's one of the things some locals keep forgetting. The Harper Equalization promise wasn't made to just one province. It was party policy across the country, affecting potentially every province. Some provincial governments like Saskatchewan and Newfoundland and Labrador may have thought it was absolutely wonderful. Others? Not quite so enthusiastic.

That's the political situation - painfully and patently obvious at the time of two successive general elections - that makes it seem foolish for any provincial government to have banked on it or even expected it to be politically feasible. No surprise that the federal government went with the expert panel's recommendations and why most provinces have accepted it. The new system isn't perfect, but at least it works. And for provinces like Manitoba and new Brunswick it works considerably better than taking all non-renewable resources out of the formula.

Beyond banking on a completely unrealistic expectation, there's something else in all this some people in Newfoundland and Labrador like to ignore: After 2009, Newfoundland and Labrador won't qualify for Equalization any more under either the new scheme or the old one. As Locke and Hobson note, the provincial government would receive - by their calculation - about $1.4 billion less under the new approach compared to the Fixed Framework.

$1.4 billion.

Where does that figure turn up again?

The Public Accounts, Volume I, note 4 on page 37, released just this week:

The deferred revenue totalling $1,646.2 million consists primarily of $1,458.5 million relating to the Atlantic Accord (2005), which represents the unearned balance of the $2.0 billion advance payment received in 2005-06. In addition, the deferred revenue balance consists of $51.7 million relating to Federal Government funding for various health care initiatives, $44.9 million relating to Federal initiatives in support of post-secondary education, public transit and affordable housing, $16.4 million relating to gas tax initiatives, $62.3 million relating to entities in the education sector, $7.4 million relating to entities in the health sector, and $5.0 million related to other miscellaneous programs. These amounts will be recognized as revenue in the periods in which the revenue recognition criteria have been met. [Emphasis added]

Curious, huh?

It's likely a coincidence, but remember that when the provincial government signed the 2005 transfer deal - it wasn't about offshore oil revenues, by the way - the up front cash was offered and accepted because both the federal and provincial governments knew that, at least for Newfoundland and Labrador, it offered more cash than would be obtained before the province went off Equalization if the thing was just run on a year-to-year basis.

At the time the deal was signed, both public and government estimates were that Newfoundland and Labrador's provincial government fiscal capacity would put it off the top-up scheme called Equalization such that the second eight year phase was unlikely to be realized. As the premier noted at the time the transfer deal was signed, the whole thing came down to a discussion of the cash - the quantum, as he put it - and by simply adjusting the assumed average price of oil, the up front cash went from $1.4 billion from October to $2.0 billion in January 2005.

Poof, the deal was done. Never mind that the principles laid out in the January deal were actually inferior in some respects to the October offer. It was the up front cash that counted.

All of this should be a reminder that provincial governments across the country all look at the federal government as a source of cash. There's nothing new in this at all. The pretexts vary, but the demand is still the same. Danny Williams is looking for $10 billion or so based on what he calls a broken promise. Dalton McGuinty has a figure double that and earlier this month he went looking to Ottawa looking for another $350 million. Just this week, the arch-provincialist party the Bloc Quebecois put $15 billion of demands on the table as its price for supporting Stephen Harper's Conservatives. Saskatchewan is looking for cash, too.

Just to give a real sense of just how much the $10 billion - for example - is merely a pretext for the usual game of federal-provincial relations, look back at the letters Danny Williams sent to Stephen Harper through December and into January. The 'ask', to use Danny Williams sales talk, is the federal shares in Hibernia, which he appears to want for free. Harper doesn't dismiss the subject out of hand, as some local media erroneously reported. rather he clearly leaves the door open to discussion on a purchase price.

But the question that goes begging is why Danny Williams would be prepared to trade off an old demand of his demands in settlement of supposedly new and humiliating grievance of The Broken Promise. If The Broken Promise was both as new and as grievous as the rhetoric would suggest then it could only be genuinely settled with some new compensation.

Not so. And the willingness to trade off - to say yes to less - isn't really a constructive effort to settle an account. Take a look at what else would supposedly settle the grievance and you see a raft of things the provincial government has been seeking for some time or something else that's cropped up lately.

What we have here is old-fashioned federal-provincial relations but reduced to a highly dysfunctional set of confrontations. As noted here before, the entire thing, at least in Newfoundland and Labrador's case, is now structured in a way to frustrate the sort of political discussions that have worked on small and large projects in the past.

But that's not just a function of Danny Williams' style, although his partisans will be quick to leap forward and spew the Blackberry Talking Point du jour. Even in the most intense period of the "Fair Deal" crusade, federal-provincial relations still managed to function. Back room chats, informal exchanges and formal proposals flew back and forth between Ottawa and St. John's. There was a resolution to the major impasse, but there were also other issues that were addressed. Take the offshore board thing as a case in point. The federal and provincial governments engaged in all sorts of discussion out of public view in an effort to resolve the issue. Read the decision in Ruelokke v Newfoundland and Labrador; the evidence is there.

Like the old saying, it takes two to tango and in the current dysfunction in federal-provincial relations it takes two to tangle. The resolution to the problem may well come in the next federal election but it won't because of any ABC campaign by any one politician. You see, just looking at Newfoundland and Labrador, one can see that historically the province tends to vote anything but Conservative, whether we mean the current version of the party or the old Progressive Conservative crowd. There are some compelling reasons in front of the voting public that are likely to reinforce that tendency next time not just locally but across the country.

The old game of "Gimme me your lunch money" won't vanish. That's too entrenched in the federal-provincial system. But there is a possibility that the next federal government will take a different view of how the system should operate, one that restores the sort of political accommodation and compromise that has made Canadian federalism as successful as it has been.

And locally, when the provincial government gets a sense that things are different, well, maybe it will start focusing on those "other things to talk about" everyone has raised lately in the cell phone story. They'll start talking about fiscal responsibility and about the policies needed to sustain the province's new-found status as a major economic engine for the country.

Bullying for lunch money - looking for handouts to pay the bills - is the domain of the insecure and weak. It's time we moved on to something else. Heaven knows the province as a whole is long since past that sort of stuff even if some politicians and their supporters still have an entire forest of chips on their shoulders.

-srbp-

[h/t to Dulse and Fog for the APEC link]

26 January 2008

Public body breached new privacy law

Is everyone in government ready to protect personal privacy?

Apparently not.

The section of the Access to Information and Protection of Personal Privacy Act, known by appealing acronym ATIPPA, dealing with personal privacy came into force on January 16, 2008.

Given the five year delay in implementing the new privacy protections, it came as something of a surprise on Friday to learn of the possible leak of an undisclosed amount of private information held by a government agency. Someone on contract to the Workplace Health, Safety and Compensation Commission operated a file sharing program that gave access to files on the computer's hard-drive, including confidential records related to the commission.

It's taken a while to get the whole act into force, something on the order of five years. The delay was apparently due to a need to get government departments ready to deal with the implications of the new legislation. In the meantime, the old Privacy Act, circa 1981 was in force. The Privacy Act was far from perfect but at least it was something.

Workplace Health learned of the security problem on January 22 but it took three whole days for the provincial government to inform the public of the problem. The entirely self-serving news release spent more time trumpeting the actions taken to deal with the problem and to praise the Office of the Chief Information Officer [OCIO] for all its fine work in protecting information than it did in disclosing what government knew about the extent of the breach and whether or not information had actually been obtained illegally by anyone.

In fact, the only thing clear through the release is that the provincial government actually knows - or appears to know - very little about the breach beyond some very rudimentary details.

There's even a rather interesting quote from the newly minted chief executive of Workplace Health;

"The Commission shares the Provincial Government’s view that private and confidential client information must be safe guarded both at the Commission and with service providers. Until the forensic investigation is complete, the extent of the exposure is not known and we are unable to determine how many, if any, of the Commission’s clients may be affected," said Leslie Galway, Chief Executive Officer, Workplace Health, Safety and Compensation Commission. "The Commission was not the source of the breach but nevertheless has taken measures to ensure the integrity of its network system was intact, as well as address the network system concerns with the private company involved."

How comforting.

The commission shares the provincial government's view that private information must be safeguarded.

Unfortunately for the commission, this is not merely a "view", an opinion of the sort one might wish to be associated with like, say, "My goodness that was a lovely sunrise this morning."

It is the law.

36. The head of a public body shall protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.

And there's nothing in the law that restricts the legal obligation of a public body to protect private information only to computers owned by the public body itself.

It's a blanket obligation.

That's what makes the provincial government news release so interesting. In the quote above, Leslie Galway talks about securing the commission's own network and refers vaguely to addressing "network system concerns." Heaven knows what that means, but it is entirely irrelevant since the actions were taken after the fact.

The story gets more interesting when one reads the coverage in the Saturday Telegram, sadly not available online.

Justice minister Jerome Kennedy says the consultant was "doing some work for justice" [presumably the department] occupational health and safety assessments. Kennedy repeated that there are government policies in place that prohibited the use of file sharing programs on government computers. He pronounced himself satisfied with that: "I'm comfortable ...that this issue with government-owned computers has been addressed very expeditiously and thoroughly."

Just so that we can all share the minister's sense of comfort, go back and wander through the OCIO website. try and find a policy statement on file sharing and the handling of records. There isn't even a link to the ATIPPA in the links section of the website, even though ATIPPA is a key part of records management within government.

But of course, this is the second such incident in a handful of months. A similar case came to light in November involving 1420 medical files. The Telegram reports that 370 files were accessed - by whom is not disclosed - and that the files belonged to 151 patients and two employees of Eastern Health.

The Telegram also states - erroneously - that provincial government policies do not extend to the private consultant. While a public body is able to disclose personal information to a consultant doing legitimate work for the agency or a government department, section 36 of the ATIPPA doesn't limit the obligation of the department or agency to take reasonable security measures.

The crux of this story is that for the second time since November, a provincial government agency is involved in a breach of privacy. This second case is all the more serious since it comes less than a week after new legislation took effect which obligates public bodies to protect information from disclosure.

No surprise, in that context, that the provincial government delayed disclosing the existence of a security breach and at the same time focused its attention - in the news release - in endless self-praise, rather than acknowledging the gravity of what had occurred.

That's not accountability or transparency, as the justice minister professed when announcing the privacy legislation was in force. And frankly, the people of the province should view with some suspicion this pronouncement by the justice minister.

"I want to assure the people of Newfoundland and Labrador that their personal and confidential information is treated with respect and in accordance with the Access to Information and Protection of Privacy Act."

The subject of his news release - a second security breach involving an undetermined amount of confidential, personal information on an undisclosed number of individuals or corporations - is evidence that information is not being handled "in accordance with" the ATIPPA. If the minister is not prepared to acknowledge a problem exists, it's highly unlikely a proper solution will be implemented, let alone found.

Up-data: Seems the CBC version of this story has some variations from the telegram version.

"The investigation is very early on," said Leslie Galway, the commission's chief executive officer.

"We are not aware of whether our clients are actually involved with the information on that computer specifically, and what sort of information may be there."

Three days later and no one knows what was on the computer?

"At this stage, we don't know the extent or nature of the breach," Kennedy said, "nor the types of information that may have been exposed."

Now there's a familiar line. It popped up in November as well, and right behind came the assurance that there was absolutely nothing to worry about.

The real value of the CBC story though is the link to a follow-up on the November security leak. on November 27, health minister Ross Wiseman said there were only 49 people involved in the first leak. The Telly now has the figure at 153.

Which number is right?

-srbp-

25 January 2008

Where real bloggers live

Periodically, Ye Olde Bond-Papers gets an e-mail from one of the Premier's staunchest of staunch supporters.  They are always enjoyable, if not mysterious, since they tend to follow a predictable pattern that ends up constantly begging the same question.

At the point where said correspondent notes the overwhelming  - dare one say "avalanche of" - popularity of the province's premier mobile phoner, it seems amazing that there are any e-mails coming at all. Surely, if the guy addicted to his Roger's cell that popular, what poor old e-scribblers scribble would hardly matter.  Would it?

Anyway...

In the land to the East, in the Mother of Parliaments, a mother of another kind who blogs under the name Guy Fawkes recently uncovered a campaign spending controversy. That's part of a much larger series of posts on one labour member  - Peter Hain - whom Guy now claims as his first head, as in head on a pole.

You'll find some interesting discussion of the Hain series at Iain Dale's online diary, and Roy Greenslade's space at the Guardian Online.

As Iain notes, bloggers don't exist to get scalps however from time to time, we can influence the public conversation.

That's pretty much it. 

Sometimes other people can influence the public conversation too, like say the fellow who went public with his story this week about Danny Williams and the cell phone.  Despite the very best efforts at character assassination by the Premier's supporters and despite the efforts by a surprising number of reporters to kill or discredit the story and despite the fact that VOCM completely ignored a story they had first, the great cell phone debacle had national legs over several days.

And the story kept rolling despite a relatively quick effort by the thumbs on the 8th to get the admission of guilt into circulation.  The story was still going on radio talk shows four news cycles after it first broke on a VOCM talk show and VOCM news took an editorial decision to ignore it officially.

Wow.

That's impact.

Makes you wonder what some people would do if local blogs really did dig for stories like Guido does.

Exploding heads, maybe?

Soiled undies, per chance?

jitcrunch.aspx Anyway, if you feel so inclined, Guy's come some half-decent swag, via Cafe Press.

-srbp-

RNC mugshot revealed

Brucex25  From the Chronicle Herald.

Snow Day Quiz: Talk Radio Comparison

Grab a listen to this exchange between a radio talk show host and an irate caller.

You don't need to know much about American politics and the constitution to find the thing funny.

But today's question is:  What's the difference between American talk radio and the local variety, like say the afternoon laugh riot (and ratings bust) known as Back Talk?

Post your answers in the comments section and after a little while, the answer will follow.

[h/t to Daimnation! for the clip.]

-srbp-

Canada Post omits national holiday from 2008 calendar

June 24 is just another day on Canada Post's 2008 calendar, apparently.

In Quebec, Canadian Press is reporting the story since June 24 is Saint-Jean Baptiste Day, the nationalist holiday in that province.

But, June 24 is also an important day for Canada as a whole.

According to legend, Giovanni Caboto (John Cabot) sighted land on his exploration voyage for the King of England on June 24, 1497.  The land he found was Newfoundland, and as such, June 24 is a day of national historic significance.  The day has long been celebrated in Newfoundland and Labrador as Discovery Day, but since 1949, the date should also mark a discovery day for all Canada.

Too bad Canadian history isn't better known among Canadians.

-srbp-

"Too bureaucratic": Andy Wells

Translation:  "I couldn't verbally abuse and browbeat people into submission.  The board expected me to read briefs and have an informed opinion instead of just shooting off with some colourful words and phrases."

-srbp-

Wasn't this a graphic novel before they made it into a movie?

Who said Hollywood's fiction writers are on strike?

The Globe's Danny Chavez piece is the sort of fluffy, insubstantial silliness we might have expected four years ago, but at this point, it's just downright bizarre to see John Gray's piece when so much fact and detail is known.

How many myths can you find, right down to the one about everything past the overpass on death watch or Danny running in Corner Brook to fight the overpass syndrome?

At some point, some reporter from somewhere will write something serious.

John Gray ain't it.

-srbp-

24 January 2008

GIGO editorial; GIGO policy

There's an acronym among the amateur computer programmers out there:  GIGO. It stands for Garbage In;  Garbage Out. In other words if you start off wrongly, then odds are what comes out the other end of the process will be wrong, too.

It really applies to just about any process. Like say an editorial which is ostensibly about the current racket over Equalization and political promises made and broken:

Welcome to the nation's capital, where it doesn't take long to discover why Newfoundland and Labrador's fight for offshore revenues is such a hard sell.

There's the garbage in and here's the garbage out:

Just informing people in other provinces about the nuances of this debate is nearly impossible, and in the absence an understanding of the nuances, you end up sounding like an oil reactionary of some kind, lathering up about federal unfairness while everyone else is waiting for the next dish to arrive.

You see there is no "fight for offshore revenues".  There hasn't been since 1984 when the federal and provincial government signed the real Atlantic Accord.

The current political racket isn't about offshore revenues;  the provincial government gets them and spends them, just as it has since oil started flowing in 1997.  All of them too, just like in any province where the oil and gas is on land.  Just like the minerals on land in Newfoundland and Labrador. it doesn't lose a nickel of offshore revenues the province is supposed to collect and when it comes to royalties - the rent paid to the resource owner for the right to develop them - the provincial government is the only one collecting them and spending them.

The current racket is about something else and, to be brutally frank, it isn't clear what the row is about beyond some need for political theatre.

On the face of it, the fight is about Equalization and how to treat revenue going to the provinces from non-renewable resources, things like minerals and oil and gas. So let's consider the provincial government position in that light and see what happens.

Equalization is a top-up scheme.  Provincial governments that don't collect enough revenues from their sources to meet a national average get a transfer from the federal government.  The money doesn't come from other provincial governments.  It comes from federal revenues, from things like personal and corporate incomes taxes. That's your pocket and mine, whether you live in Petawawa or Pasadena.

If we ran the program based on the official provincial government position in 2005/2006, Newfoundland and Labrador wouldn't get a nickel of top-up after next year.  Every penny of oil and mineral money would be counted. The provincial government would collect more revenue than the national average and therefore, there'd be no more top-up.

Incidentally, the provincial government here currently spends more than all but two other provincial governments, calculated on a per person basis, but that's another issue.

As for Equalization offsets, the federal government would have paid out more in its $2.0 billion transfer in 2005 than the famous 2005 transfer deal (called the Atlantic Accord to be deliberately confusing to most of us) would have generated between 2004 and 2009 without the up-front cash.

On the other end of the spectrum, leaving all the oil and mineral revenues out of the calculation might well have delivered more than the $10 billion the Premier and his supporters are currently focused on. That figure came from a calculation that used an average price of oil that is now $25 to $30 per barrel lower than current prices. It also cut out in 2020-2021.  Carry it on past that date and the potential top-ups go way beyond the Premier's adopted figure.

The problem with that scenario is at the heart of the current dispute.

Provinces looked to change Equalization a few years ago because they felt the existing system treated them unfairly.  The expert panel set up to study it agreed.  They concluded the provincial government's approach worked against it and favoured provinces that had little or no revenue from non-renewable resources.  Those with non-renewables wouldn't catch a break and would have to spend that cash to pay the day-to-day bills without being able to create some sort of long-term benefit from them that would be felt once the resources were gone.

By the same token, the other scheme, in which non-renewables were left out, worked against the provinces without much cash coming from things like oil wells and mines. Both schemes - all in or all out - didn't seem fair across the board. none of this was a secret, especially to provincial governments which, in the case of the local one, opted for some reason to hitch its political future to a promise that was known to be as much of a dead issue as the system as it existed.

Instead the experts came up with the current system.  They argued their system was fair because, if nothing else,  it balanced out the advantages and disadvantages of the all-in or all-out options.  Argue with it all you want;  that's the rationale they offered.

There's something compelling about the argument, though,  given that the 10 provincial governments couldn't come to any agreement among themselves on all-in or all-out or on anything else except the need for some change. The Equalization program that we have is one that is in effect, a compromise between the first version of Danny Williams' Equalization idea and the one he now has latched onto.

No surprise either, that many people outside Newfoundland and Labrador, like a great many inside the province, don't quite get the idea Danny Williams is pushing. 

After all, he's basically arguing that every taxpayer everywhere in Canada should funnel cash into the local provincial bank account based not merely on a political promise but because this province deserves it somehow.  Spending more money per person than seven other provinces, Newfoundland and Labrador wants more still. And that's despite reaping huge windfalls from high oil and ore prices. 

The debt, you say?  Well,  those same taxpayers  from St. John's to Victoria can also see the same provincial government doing nothing of consequence about its own debt burden.  There may be something coming in the next budget but they likely heard loudly and clearly the recent admission by finance minister Tom Marshall that they'd done very little - some might say nothing  - to reduce the provincial debt load despite running surpluses and still boosting public spending over the past couple of years well beyond the rate of inflation.

The garbage out part of the editorial is the idea that some mainlanders - people in Ottawa especially - are somehow blind to reality, that they sweep aside the little things that are really important just like - as the metaphor goes - those little sidewalk sweeper machines in Ottawa flick away snowflakes.

Not really.  They just aren't confuddled by the latest political blather being offered, the kind that would claim - for example - that St. John's city sidewalks are already cleaned of snow magically overnight and that Mile One Stadium is not an economic sinkhole.

After all, if you believe this row with Ottawa is about offshore revenues, you'd likely be willing to believe just about anything.

-srbp-

23 January 2008

Cheeky monkey, Part II

The Speaker of the House of Assembly approved $12,000 plus HST for office accommodations for cabinet minister Tom Rideout in his constituency of Baie Verte-Springdale.

There is no explanation why in the simple briefing note the Speaker tabled with the legislature's management commission, even though the Regulations to the House accountability act clearly state there must be an explanation (S. 18(4)):

Where the speaker makes a decision under subsection (3) to authorize an increased allowance, he or she shall, in writing, report that decision to the next meeting of the commission together with the reasons for that decision and that information shall be recorded in the minutes of the commission meeting. [Italics added]

The Speaker's report on the issue actually misrepresents the requirements under the House accountability act when he states that a member may make application to exceed the approved sum.  They can, but they can only be approved where the Speaker is satisfied that suitable accommodation cannot be obtained within the regulations.

But here's the thing:  under s. 20 (8) b, the idea is pretty clear:

Where choosing office accommodation in a member’s constituency under paragraph (5)(a), a member shall...where accommodation, suitable in size, quality and location to the member, can be obtained in a Crown-owned building in the constituency, choose that space;

So is there no publicly-owned building in Mr. Rideout's constituency that can give him an office out of which he can operate?

What did his predecessor - also a cabinet minister - do for an office?

-srbp-

Health board under-staffed

Dr. Oscar Howell, vice-president of medical services for Eastern Health said the province's largest health authority is short-staffed and is "struggling every day" to assure it follows appropriate policies.

That comment came in testimony today at a court hearing into an application by the authority to limit access by a public inquiry to two quality assurance reports into the operation of its labs.

Interestingly, Howell's comments don't seem to be entirely relevant to issue at hand. The breast cancer screening issue may not have surfaced until 2005, but the problem dates back to a time when the health authority was much smaller than it is today.

Howell's comments do go a long way to explaining how the authority has handled several major crises since it was created in 2004/2005.

-srbp-