06 February 2008

Fail to plan...

Plan to fail.

It's an old military axiom.

That's why it was surprising when CanWest called last week to discuss a story they were working on in which the Department of National Defence said he didn't have any casualty estimates or projections for the mission in Afghanistan.

Runs contrary to everything your humble e-scribbler knows about armies anywhere, let alone the Canadian version of the beast. Even on a road trip to training ranges at Mackinsons, there'd be provisions for a road accident or for a cut or scrape. There'd be a casualty estimate - even if it was zero - and there'd be contingency plans to deal with what would occur if something went off the rails.

But no cas estimates at all?

Sheeet, in the work up for a possible deployment to the Persian Gulf in 1990, the Canadian army included a casualty estimate in Contingency Operations Plan Broadsword.

In a 1995 international exercise, casualty estimates were prepared as part of the normal planning routine. That situation was a bit special since the public affairs officers on the exercise - role-playing media - used their knowledge of the military world to ask questions most journalists would miss.

The media briefer - somewhat inexperienced with reporters - talked frankly about the whole thing, referring to a certain number of casualties as light. In his world, they were light. To the rest of us out here in the world, the numbers he used would be considered appalling. They actually weren't appalling, but civilian sensibilities have changed with 60-odd years of peace.

Anyway, said senior officer learned the value of picking words carefully and understanding how his audiences out beyond the tent flaps might respond.

But he had casualty estimates.

His successor apparently goes to morning prayers with his boss and smiles like Dr. Flox, er, an idiot: "No sir, no casualties. None. Nada. And we know because we didn't prepare a casualty estimate."

Sounds like every anal ops officer or J7 plans guy you'd ever meet.

The inevitable headline

First this.

Watch next for Jack Harris to announce he'll run for the Dippers, which will make the next headline, followed by the next one: Harris wins in landslide.

Ironically, Jack Harris was first elected as a member of parliament in a Jurassic Park battle where he was the furry, agile little mammal as the alternative to two dinosaurs.

Now, Harris will likely be one of the dinosaurs, but with no alternative, voters will have an extremely limited choice.

The thing about inevitable headlines is that they aren't all inevitable; the other thing about them is that if the first one turns out to be inevitable, the rest will just fall in line.

-srbp-

04 February 2008

Possible privacy breach at MUN

As many as 150 Memorial University students are being contacted concerning a possible leak of their personal information resulting from the theft of a professor's personal laptop, MUN's official online news service reported on January 31.

The theft occurred while the professor was out of the country. He returned home to find his home had been burgled. Among the items stolen was a laptop computer on which the professor had kept class lists, student grades and their Memorial University student identification numbers. The affected students were enrolled in two sections of Business 1000 from fall 2006 and a section of Business 7302 from fall 2007.
“We are obviously very concerned about the possibility of such privacy breaches,” said Rosemary Smith, the university’s information access and privacy protection co-ordinator. “Our first priority has been to advise our students of what’s happened. We remain confident that the information that may have been exposed by this theft was minimal and cannot lead to further problems for the students affected,” she said. “Still, we are reminding all faculty and staff at the university, and anyone who teaches at the university and who may handle private information, to use password protection and/or data encryption on all laptops and removable media devices.”
-srbp-

02 February 2008

The Do Nothing Department in a Do Nothing Administration

in American politics, there used to be the Know Nothings.

They were a group of native-born Americans who had a problem with immigrants yet whenever anyone asked a member of the group about it, he'd claim that he "knew nothing" at all.

In Newfoundland and Labrador, we should call the current administration a Do Nothing government.

You see, in 2004 a provincial government task force laid out a plan to deal with the problem of hospital-related infections. That's when you go to hospital and get sick from a bug you picked up in the place where you went to get better in the first place.

Anyway, it is now 2008.

Four, maybe five years later depending on how you count it.

The Auditor General released a report this week noting that not only does the province have no freakin' idea how many infections are caused by hospital infections or nor how many deaths come from those infections, but also that there are a raft of problems with hospital sterilization techniques and cleaning procedures.

That's pretty much what your grandmother taught you about disease prevention: wash your hands. Oh yeah, and boil things to make them sterile.

And the hospitals aren't quite getting it yet. But anyway, someone gave them a plan.

In 2004.

So, in response, health minister Ross Wiseman promises that by 2009 - that is 12 months from now and definitely five years AFTER the plan was laid out - there will be "significant progress" made on a "comprehensive, provincewide infection control program."

Uh huh.

And we are supposed to believe this from a guy whose department is embroiled in controversies of one form or another.

Like the breast cancer one.

Or the one also revealed this week where the health boards created in 2004 that were supposed to save money are actually costing more money.

And we are supposed to believe a guy who just by pure coincidence scheduled his media availability to coincide with one being held by his colleague minister talking about the InfoSec breach.

Flying wingman for a guy who is himself trying to obscure the facts of a very serious political and legal problem for government is not a way to enhance your credibility.

But then again, speaking of Jerome, this is a government where things explode, fail, fall-apart or collapse based on government inaction over a long period of time and the standard government response is that a "plan is in the works", that this is "a priority of government" and that "all is well."

These cabinet ministers seem to spend too much time torquing and talking to actually accomplish anything real.

Around these parts, they used to be the serial government: one thing after another.

But all this talking and lack of action is actually part of a bigger problem: this is a Do Nothing Administration.

-srbp-

Related:

- Serial government and Labrador

- "and there shall be plans, and planning for plans, and plans to co-ordinate the plans of the planning for plans..."

01 February 2008

Missing company has half million in provincial cash

The Government of Newfoundland and Labrador invested $500,000 in a natural gas-related company in 2006 which has apparently disappeared in the meantime.

The company is SAC Mfg Inc.

According to the recently released Public Accounts:

During the year, the Province acquired 500 Class “B”Common shares at a cost of $500,000. Commencing in June 2007, these shares are conditionally redeemable based on after tax earnings. All shares must be redeemed no later than 19 December 2016.

There is no SAC Manufacturing listed in the current Newfoundland and Labrador telephone directory and a number available through an Internet search is not in service.  The fax number with the same listing will ring but there is no fax machine at the other end, apparently.

Likewise, a check with the telephone company's directory assistance turned up no listing for SAC Mfg in Rochan Sands Alberta, another address for the company that shows in a listing for an Alberta oil and gas exposition last June.

The contact name for SAC at the exposition is the same name as a director of SAC in the company's entry in the Newfoundland and Labrador registry of companies. The corporate registration hasn't been renewed since 2006.

A local telephone number for the two corporate directors, showing a Paradise address also in the telephone directory as the couple's home address, is also no longer in service. [Update:]  The company web domain - www.sacmfg.ca - is unregistered.

There is no indication on the Internet of what the company did  except that it was related to natural gas manufacturing. SAC is not listed as a member of the province's oil and gas supplier association, NOIA.

The Public Accounts for the year ending March 31, 2007  - quoted above - gave no indication that there had been any change in the company's operating status. 

The Auditor General's annual report for the same period  - released on Thursday - makes no mention of the company whatsoever.  Instead, the AG report raises questions about provincial government small business support for 2005. 

The provincial government has issued no news releases about the investment in SAC Mfg. 

-srbp-

It's the software's fault

Apparently the latest provincial government InfoSec breach can be blamed on the software, specifically a file sharing program known as LimeWire.

A popular file-sharing program exposed the private details of more than 150 people over the internet [sic]earlier this month, the Newfoundland and Labrador government said Thursday.

That's an interesting take on the story, given that people operated the computer involved, loading the software without changing the default settings.

Apparently, no one at the Workplace health and safety commission had anything to do with it either, even though they handed over highly confidential information without ensuring the outside contractor was following appropriate security procedures.

No people were involved at all.

Well, that is, except, ummm, of course for the 153 people whose files were exposed, including 108 who had their medical histories and work histories, as well as names and birthdates openly accessible on the Internet for 24 or so days.

And that identity theft thingy that Attorney General Jerome Kennedy warned about in the news release on Thursday? Well, when he spoke to reporters, Kennedy had a slightly different tune to sing:

"The file sharing program allows for access of various information that's on an individual's computer. It doesn't mean it will be accessed," Kennedy told reporters.

So why all the big fuss about government officials taking proper measures in the wake of the leak or of the giant lock-down being applied to every computer in government? Apparently it was nothing to worry about after all.

In other words, the giant news release Kennedy authorized for distribution was just a waste of energy.

Is it just an overactive imagination or did the province's attorney general sound less like a cabinet minister looking out for the public interest and more like the government's chief legal counsel representing a client staring at potential lawsuits?

-srbp-

Remember the story yesterday and the Telegram's short version? The story on page three of the Friday edition didn't mention identity theft anywhere.

Gov Comm 101: How to manage crisis spin

1. Write a news release which deliberately buries the real news so far down the page that reporters are likely to miss it.

2. Omit key information from the news release, like the fact that the information in a security breach was exposed to the Internet from December 30 until at least January 22.

3. Hold a newser to discuss the security breach later on the same day when the Auditor General releases a scathing report into government operations. (Since you have the AG report months in advance in order to prepare replies and since you know in advance the day, time and place the thing will be released, then deliberately scheduling the newser you want to bury is very easy. Experience tells you that newsrooms will be so consumed with the AG report they won't have the resources - people or time - to dig through your presentation for the news you buried.)

4. Send the number two person in the Communications and Consultation branch to supervise the execution of the spin plan. (That's a clue as to how much concern there is in government about ensuring the story is highly torqued.)

-srbp-

31 January 2008

AG raises issues with public cash in three private ventures

in his annual report, the Auditor general examined the provincial government's investment programs for business, including three businesses which fell outside the programs already established.

The three companies are identified as High Technology Company A, High Technology Company B and High Technology R&D Company. They are, in order, Blue Line, Consilient and Trans Ocean, as revealed by comparing Volume II of the Public Accounts with the AG report.

The Auditor General's conclusions on the three were:

We are of the opinion that there is no explicit authority under the Financial Administration Act
for the Department to make direct investments in companies. During 2005-06, the Department made three such investments totalling $1,050,000 to three companies. Furthermore, there are no documented procedures for approving, disbursing and monitoring such unique investments and, as a result, these investments were not subject to the same due diligence required for investments under the SME Fund. As a result, there were deficiencies. For example:

- none of the three companies were required to repay the investment contingent on either income earned or a maximum seven year period;

- one company was not required to submit documentation to support specific expenditures;

- shareholders for one company (Knowledge-based IT Company A) who received $500,000 were not required to make new equity investments as part of their contribution to the project; instead,
previous investments were accepted;

- shareholders for one company (Knowledge-based IT Company B) who received $500,000 were not required to provide personal net worth statements; and

- Department officials were not entitled to attend any company meetings for one company (Knowledge-based IT Company B) even though the company was provided with funding totalling $500,000

The innovation department responded:

With respect to other investments outside our normal programs, we do not concur with your interpretation that there is no explicit authority under the Financial Administration Act for the Department to make direct investments in companies. We understand that there is a separate section
in the Report on the Financial Administration Act to which the Department of Finance has responded.

Government, as has always been the case, receives proposals from companies seeking financial assistance of various types and levels that do not fit our normal business programs. Government reviews each case based on its own merit, including full due diligence, and, when considered appropriate, has provided assistance to some of these companies. The process that is followed in these cases is the Cabinet process. Economic development and business growth, especially new growth sectors, are priorities. Access to capital is an important issue for these SMEs in this Province. These investments levered additional funding for these companies and involved young entrepreneurs, leading edge technology, the potential to increase export sales and to increase quality employment opportunities in new growth sectors for our post-secondary graduates.

As noted, these investments were approved, with the required analysis and due diligence outside the SME program and therefore were not subject to the same requirements for auditing purposes. At the time of the approval, the Department did not have a program to support commercial research and development, and/or invest in businesses at the pre-commercial stage of operation. Since then, the Department has established a Commercialization Program that accommodates projects of this nature.

Given that these transactions took place two fiscal years ago, perhaps the Auditor General will report on some more recent transactions similar to the ones cited above - which took place since then - when he issues his next report: January 2009.

-srbp-

Atty Gen'l: identity theft potential exists for victims of gov't InfoSec breach

Attorney General Jerome Kennedy said today that 153 residents of the province, including 108 clients of the province's workers compensation agency, face the potential risk of identity theft as a result of a computer security breach by a consultant working for the agency.

A total of 694 files were exposed to the Internet for an undisclosed period of time, through an unspecified file-sharing program. While a forensic investigation has been conducted by at least one computer security firm, the minister did not confirm whether or not the files had actually been accessed.

The information included names, addresses, medical histories, work histories, sex and date of birth.

In a backgrounder to the lengthy news release, the provincial government confirms that until now, there was no government policy requiring outside consultants to adhere to government security protocols on access to information.

This situation appears to have existed despite five years of preparation before the government implemented privacy sections of a new access to information law. The law was implemented on January 16 and the security failure occurred on January 22. it was disclosed three days later.

The actions taken by the province's chief information officer in the wake of the breach include installing new software, holding educational sessions for employees and other actions that presumably were not done since the chief information office was created and well before the privacy rules came into effect.

-srbp-

AG considers Sept '07 report to cover improper retention or misappropriation of public money or other similar action

In his annual report for 2007, Auditor General John Noseworthy includes his massive September 2007 Report on a Review of Constituency Allowance Claims from 1989-90 through to 2005-06 as a report under section 15 of the Auditor General Act.

As the AG cites, section 15 provides:

Where during the course of an audit, the auditor general becomes aware of an improper retention or misappropriation of public money or another activity that may constitute an offence under the Criminal Code or another Act, the auditor general shall immediately report the improper retention or misappropriation of public money or other activity to the Lieutenant-Governor in Council.

Under the AG Act, the auditor general is required to provide the report to the minister of finance.

Under a similar provision in the new Green bill on House accountability and integrity - in force in September 2007 - Noseworthy was required to advise six offices of the report, including the Speaker, the Attorney General, the Premier and the Minister of Finance.

The Auditor General has refused all public comment on the September report, citing the provisions of the Green bill. Under section 45, the Auditor General is prohibited from confirming or denying the existence of such a report on a member or other official of the legislature except to include a reference in his next annual report.

Bond Papers contacted the House of Assembly earlier in January asking if the Auditor General had filed any section 15 reports in addition to those related to certain companies, three former members of the legislature and five individuals currently facing criminal charges. The official response was to decline comment on the question. The report does include information on the former members of the legislature, but nothing that had not been included in previous reports since the focus of the report was broader in scope and purpose.

There is no constraint in the Green bill on the six offices receiving a section 15/section 45 report similar to the restriction on the Auditor General.

Under the order in council authorizing the September 2007 report, the Auditor General was detailed to conducted annual audits of the House of Assembly for the periods Fiscal Year 1999 to Fiscal Year 2003 and to review constituency allowance spending from 1989 to 2004 to determine if overspending occurred beyond approved amounts. neither of the two reports cited by the Auditor General as resulting from that order in council appears to meet either term of the order.

-srbp-

30 January 2008

Allegation versus news

Geoff Meeker asked VOCM news director Gerry Phelan about VOCM's coverage of the cell phone story.

According to Phelan, VOCM reported the cell phone accusation against the Premier but only after he admitted to the offence. Then there was this curious comment that VOCM reported it "reluctantly" and that he was "chagrinned":

VOCM did follow the story the next day when the premier admitted to the infraction, Phelan said. However, they did so reluctantly.

“We ran it that evening, much to my chagrin because it was still a non-story,” Phelan said. “How often do you have to react to someone making an allegation? I still have a problem with (reporting on) someone making an allegation that may or may not be true. Where do you draw that line? Where do you stop?”

Okay.

So if VOCM doesn't report unproven allegations, why is there a story on a 79 year old man accused of impaired driving? He's not named but the accusation against him hasn't been proved. How come there's a story on there reporting this at all?

Or what about the police officer accused of impaired driving and refusing the breathathalyzer? Unproven but widely reported by VOCM both on air and on line.

Withholding the accused's name seems hardly sufficient to avoid violating the VOCM "standard" standard of not reporting unproven allegations. After all, the news director apparently reluctantly reports admissions of guilty so reporting an accusation should leave him apoplectic, not just feeling a little chagrin.

Seems like a bit of a, editorial double standard or at least a highly malleable one.

-srbp-

Eastern Health: only 4 of 21 accreditation requirements met

In the most recent accreditation review of Eastern Health, the authority met only four of 21 practices required for accreditation according to CBC News.

The report expressed concern that there were no regional policies for keeping track of patients' medications, as well as no regional procedure for sterilizing equipment and no policy on equipment maintenance.

The report highlighted problems with temperature controls, and how lab samples are taken and transported.

"The likelihood of improper samples reaching testing sites is high," said the report, which added, "incorrect results could lead to improper patient diagnosis and treatment."

The Canadian Council on Health Services Accreditation conducted a site visit in September and issued the report in November 2007. CCHSA is an independent body that audits health service practice ac4ross Canada according to nationally accepted standards.

-srbp-

29 January 2008

Way Back

The Way Back Machine is a marvellous thing.

Marvellous that is, unless you happen to be the one whose words in the past are coming back to haunt you.

Like in these examples of politicians who said one thing at one time and then did another later on.

In 2000, to begin with Ed Byrne was leader of the opposition and a fellow highly critical of a contract between Newfoundland and Labrador Hydro and Hydro Quebec. The Guaranteed Winter Availability Contract (GWAC) was the only positive result of Brian Tobin's giant election scam in 1998 in which he announced simultaneous development of the Lower Churchill and an expansion of the Upper while he was at it.

The full text of this NTV broadcast is at the end of the post, but just take a look at this bit:
As for the shareholder's agreement and the GWAC, Mr. Byrne believes that the GWAC will bring no revenue to the province and will instead be used to keep the Churchill Falls Labrador Company solvent.
He was absolutely right and it was known to quite a few at the time that the GWAC was essentially a plan to key Hydro in the black. Anyone who read the thing could see what was going on: Hydro recalled the maximum amount of power it was legally able to do under the 1969 Churchill Falls contract. Finding that it had no domestic customers for the power - quel surprise - Hydro then offered the power for sale to Hydro Quebec which picked up the same block it had just relinquished but at a substantially higher price than under the 1969 contract.

But the Way Back Machine also revealed another statement by Byrne, this one in 2004 after the fellow was named energy minister. Suddenly, GWAC was a wonderful thing, on the occasion of its renewal. The fundamental premise of the whole thing was the same, but perspectives change when one is making the announcement.

At the end of that same release, though is an even more interesting comment, this time from the Premier:
"This contract is a step in the right direction in helping this government meet its financial obligations," said Premier Williams. "Yet, we know we cannot balance our books on revenue growth alone. This is an important but small part of the solution."
Of course that's exactly how the books were balanced, by relying solely on revenue growth resulting almost entirely entirely from high oil prices.
-srbp-
Ed Byrne On Churchill Falls

December 12, 2000


The day after Hydro officials released contracts signed between this province and Quebec over the Churchill Falls agreement. P.C. leader Ed Byrne was quick to respond.

On Monday, Newfoundland Hydro gave the media a briefing of two contracts signed in 1998, the guaranteed winter availability contract and the shareholders agreement. Hydro did not release a third contract, the 130 megawatt recall contract, deeming its contents too commercially sensitive. That strikes Ed Byrne as curious, since Hydro had no difficulty releasing the fact that it made $65 million profit from the three year contract - for Mr. Byrne, given that revelation, the 'commercially sensitive' excuse rings hollow. He says if Hydro won`t release the contract, it should be subject to a review by the Auditor General.

As for the shareholder's agreement and the GWAC, Mr. Byrne believes that the GWAC will bring no revenue to the province and will instead be used to keep the Churchill Falls Labrador Company solvent. And further still the shareholders agreement gives Quebec the run of CFLCO, by granting the minority shareholder the power of veto.

Ed Byrne says its time to stop the piecemeal revelations of details of the Churchill Falls contracts, details the province and Hydro defend vigorously, and he condemns as another historical resource giveaway.

The P.C.s will now push a motion in the legislature to have the contracts referred to the public accounts committee, where they can be subject to still closer scrutiny.

28 January 2008

News by Chip

VOCM has been getting a toasting from a few people lately for its questionable editorial choices, especially when it comes to the current provincial administration.

Well, truth be told the favourable coverage of the puissance du jour started a long while ago but really reached full bloom under Brian Tobin. That's when it came to be known as Voice of the Cabinet Minister.

And boy, that name really applies when you see a news organization repeat almost verbatim the fawning, self-congratulatory spin - i.e. bullshit - of a cabinet minister at the centre of a major breach of personal security by a government agency and with it the violation of a brand new privacy act.

Only in Newfoundland and Labrador would a news organization side with the power of the day in a case where said power:

a. Had a complete breakdown of its computer security.

b. Again.

c. For the second time in three months.

d. And sat on the information for three full days.

e. and even at that point (now almost a week later), still has no idea what exactly happened, how long it was going on and how much information on how many people was involved.

No matter how bad the cock-up, no fear. VOCM will always tell you exactly what the provincial government wants you to know.

And when it comes to stories they get first that cast the current administration (whichever it is) in a bad light, well, they'll avoid it like the plague.

VOCM: Who cares about the common man?

Update; A couple of e-mails raised issues with two aspects of this post.

The first one is simple: the Chip in the title is the Kevin Bacon character in Animal House who ran around insisting all was well in the middle of a riot. it seemed an apt analogy since the basic thrust of the provincial government's message here is that everything is fine and there is a problem, but a really not so important one. After all, "appropriate" measures had been taken. Oh yeah, after the fact but the measures were "appropriate".

The second was with the word "complete" as in complete breakdown of computer security. At this point, we have no idea of the extent of the security breach. But frankly, when it comes to security, the issue is never about the 99% of the system that wasn't involved but the 1% - using arbitrary numbers - that was.

Security is a bit like virginity or pregnancy. You can't be mostly unpregnant any more than you can be a partial virgin.

If there was a breach - and there undeniably was - then the system failed.

To take it a step beyond that, the focus of government's comment and the consequent public comment is that this is seen as an information technology issue. Government computers are secure, as we are told, since the IT people have taken measures to ensure that particular software can't be loaded to government computers.

That's not really the point, though.

Information security is a system, a culture that involves not only the hardware and software but also the attitudes and behaviour of people using the computers and programs.

Take a look at The Breach Blog (breachblog.com) and you'll get a better feel for the issue and the ideas. Information security encompasses a whole range of issues beyond just hardware and software. Scroll the posts at Breach Blog and you can also see the extent of the security issue across the developed world.

Stolen laptops. Unencrypted data. Missing hard drives and flash drives.

Even in the case where a laptop has encrypted data, putting the laptop in a place where it can be stolen suggests a certain laxness (laxity?) in personal habits of the people using the laptops.

Your humble e-scribbler has been involved in information security a number of ways over the years and information security is an integral part of day-to-day business. There are all sorts of the hardware and software methods to secure information from both unintentional disclosure and from possible prying eyes. There's also a segregation of information such that confidential information isn't stored where it might be accessed. Flash drives are routinely cleared of files and each one is kept under close custody.

One client kept apologizing for the security procedures they used internally which included incidentally, keeping physical control over individual movements within the office suite when outside consultants were in the suite. Going to the bathroom required notification, permission and escort. Flash drives were surrendered and scanned on entry and exit to ensure only those files that were authorized came and went.

The Government of Canada has a fairly extensive information security (InfoSec) program that applies throughout government and to contractors. In an increasing number of cases, outside contractors must clear a security screen, including an assessment of security processes and procedures at the contractor's work site.

The responsibility for security is established at the outset:

Departments are responsible for protecting sensitive information and assets under their control according to the Security policy and its operational standards. This responsibility applies to all phases of the contracting process, including bidding, negotiating, awarding, performance and termination of contracts, as well as to internal government operations.

Whether a contract is within or outside a department's delegated contracting responsibilities, the department is responsible for identifying sensitive information and assets warranting safeguards.

Part of the InfoSec issue with the provincial government is related to its overall attitude toward security. That's not a new issue, but things have definitely not improved lately. How many officials have cleared a federally-recognized security screen? The answer as of two years ago was the same as it always has been: zero. That's why no provincial officials were allow to attend a briefing on the Titan missile launch even though the briefing was only at the Secret level, the second lowest level there is.

Recall Heidigate? In 1997, an official of the Premier's Office obtained confidential pension information on three former members of the House of Assembly and leaked it to local media.

Okay. That's bad enough.

But the public servants responsible for controlling the pension data, all of whom knew of the need for confidentiality and who knew or ought to have known the official had no legal right to access the information, gave up the data based on nothing more than a telephone call from the Premier's Office. If they objected or raised questions, we'll never know. Certainly there were no consequences, beyond the minor political controversy that erupted over it. The whole thing was brushed aside by the Premier of the day based on the youthfulness of the person who asked for information. The tone was set from the top.

You see the point: security is about more than whether or not someone can load MSN Messenger or Limewire on a computer.

It's about attitude, and frankly, when the attorney general's news release on the issue focuses attention everywhere except on the gravity of the security breach in the first place, we can be pretty sure the security attitude hasn't changed much.

-srbp-

27 January 2008

Song for the Mira

How Irish are we? Well apparently not enough for this Irish fellow to know that the Mira is in Cape Breton, despite his claim that he has been here.

or there?

Whatever.

Also, not enough to know he shouldn't poke fun at Newfoundlanders, as he does, with about the same type of dig that an Englishman would have tossed the Irishman's way a few decades ago.

Or yesterday.

In any event, Song for the Mira is a lovely tune I first heard about 25 years ago, played by a good friend whose family came from Cape Breton. The song has stuck in my head all these years for one reason or another and while I've only been to the Mira once or twice, it still resonates.

-srbp-

They're down. No... No.... They're up. No, wait. They're down again...

There's a reason why some people should not write about political polls results and others should just be careful.

Let's do Peter a favour and throw him some traffic, only to illustrate how not to interpret poll results.

For whatever reason, there's no link in that post to the poll results, but for those who want them, you can find them at the National Post. It's under the second most "not news" headline right after "Danny in a snit, again".

Anyway, to cut a long story short, a poll by Ipsos Reid conducted between Tuesday and Thursday of last week has the Connies at 37% nationally with the Grits at 29%. Regionally, the survey breaks down different ways with one or another of the two major parties on top - NDPers spare me the e-mails - all of which Peter takes to suggest that there won't be an election any time soon. Yes, he tosses in some other stuff, but the poll results are the hinge on which his post swings.

Couple of problems.

First, the national margin of error, at 3.1% is typical of national surveys but it means that the range of possibilities for the result could have the Connies in majority territory and therefore feeling kinda cocky. Then again, in the Connie worst case in this poll, the parties are basically in a dead heat. So, we could be in an election or we couldn't be.

Second, that sort of stuff only gets worse at the regional level where the margin of error heads for 6%. That's pretty much in the bullshit part of the charts where basically more useful numbers could be produced by tossing darts randomly on the streets of any given small town in the said region.

If that wasn't bad enough, consider that just two weeks before, Ipsos Reid cranked out a poll for CanWest - i.e. the same client - and had the numbers nationally with Grits 35% and Connies at 33%.

Six freakin' point variation in two weeks? Wow.

if you want to wade through a post by a Saskatchewan blogger and the 70-odd comments, you'll find some things that might shed some other light on these poll results. No, Ipsos Reid is not biased. Get past all that crap, including the rather silly rejoinders from Ipsos vice president John Wright. Look at some of the comments, including one by your humble e-scribbler.

Sample size for the national stuff is running around 800 to 900 Canadians. That's the same sample size Ipsos used in the last Ontario provincial election. Basically, they can produce results that look good on paper nationally and might even be generally in the right neighbourhood.

But for all practical purposes, the poll results are useless.

Well, except maybe to keep the Ipsos Reid name in the headlines.

And to generate posts that draw erroneous conclusions based on them.

-srbp-

Province invests in natural gas...quietly

Over the past two years, the Government of Newfoundland and Labrador has quietly invested in two local companies involved in the natural gas industry, according to information in the Public Accounts, Volume II.

In 2005, the province offered Trans Ocean Gas Inc $100,000 as an interest free repayable contribution to the company's research and development activities. Up to the end of March 2007, the province had contributed $90,000 and received 18,000 Class 'B' non-voting, non-interest bearing common shares. The shares must be redeemed no later than march 22, 2015.

No news release was issued by the provincial government or Trans Ocean Gas on the deal, but there is reference to the provincial government as an investor in a news story in The Independent. The company website does list the Department of Innovation, Trade and Rural Development as having a "strategic relationship" with Trans Ocean.

In 2006, the provincial government acquired 500 Class 'B' common shares in SAC Mfg Inc at a price of $500,000. The shares are conditionally redeemable based on after tax earnings and must be redeemed no later than December 19, 2016. According to the companies registry , SAC is based in paradise, Newfoundland and has two directors: Dana Clancy and Sandy Clancy.

The Canadian Trade Index website lists the company business as "manufacture/distribute/service natural gas compression packages". The company website, sacmfg.ca, appears to be inoperative. A listing at a 2007 Alberta oil and gas show lists the company with an Alberta address which has a 100 hp compressor package designed to produce gas from wells deemed uneconomical due to high water content.

Trans Ocean is not related in any way to SAC.

-srbp-

Gimme your lunch money, dork: the sequel

That $10 billion Equalization debt thingy is curious, dontchya think? The Premier and his followers bandy it about like it was fact.

Where did it come from?

Wade Locke. Well, at least one set of assessments done by the Memorial University economist.

Funny thing, though, if you look way back to last June, you'll find a study Locke did for the Atlantic Provinces Economic Council (APEC), along with a buddy of his, Paul Hobson, an economist from Acadia. Hobson, incidentally proposed a totally different approach to the treatment of resource revenues, one that went completely unnoticed in all the fooferah over the past couple of years.

Anyway, Hobson and Locke, point out that all four Atlantic provinces are adversely affected by the new Equalization formula:

Nova Scotia - $159 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.4 billion less under the new Equalization program than under the Fixed Framework;

New Brunswick - $68 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.1 billion less under the new Equalization program than under the Fixed Framework;

Prince Edward Island - $7 million increase in revenues for the first two years under the new Equalization program, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $196 million less under the new Equalization program than under the Fixed
Framework;

Newfoundland and Labrador - $654 million reduction in revenues for the first two years under the new Equalization program, an increase of $22 million in the third year, and reduced revenues in each year thereafter compared with the Fixed Framework: in aggregate, the province receives $1.4 billion less under the new Equalization program than under the Fixed Framework. It should be noted that Newfoundland and Labrador will no longer be a recipient of Equalization after 2008-2009, under both the Fixed Framework and the new Equalization program. [Emphasis added]

Now this was before the Nova Scotia side deal which also works for Newfoundland and Labrador as well. But notice, in particular, the figure for New Brunswick. You see, the lovely province slightly to the west doesn't get much of its own cash from non-renewable resources. The reduced pot of cash involved in the new Equalization system doesn't work quite as well for them as the old way of doing things.

That's not really the whole story though.

Flip back to Ken Boessenkool's 2001 paper for the Atlantic Institute for Market Studies wherein the whole idea of taking non-renewables out of the Equalization calculation was laid out. At that time, the 10 province standard without non-renewables may have only dropped this province's Equalization transfer by a paltry $3.0 million but new Brunswick would have lost over 10 times as much cash and that's just by changing the way the formula was worked out.

The impact of various ideas for Equalization reform was also presented by the O'Brien expert panel. Go back and take a look at that report again since it includes a very good overview of Equalization and the history of the program.

You see, that's one of the things some locals keep forgetting. The Harper Equalization promise wasn't made to just one province. It was party policy across the country, affecting potentially every province. Some provincial governments like Saskatchewan and Newfoundland and Labrador may have thought it was absolutely wonderful. Others? Not quite so enthusiastic.

That's the political situation - painfully and patently obvious at the time of two successive general elections - that makes it seem foolish for any provincial government to have banked on it or even expected it to be politically feasible. No surprise that the federal government went with the expert panel's recommendations and why most provinces have accepted it. The new system isn't perfect, but at least it works. And for provinces like Manitoba and new Brunswick it works considerably better than taking all non-renewable resources out of the formula.

Beyond banking on a completely unrealistic expectation, there's something else in all this some people in Newfoundland and Labrador like to ignore: After 2009, Newfoundland and Labrador won't qualify for Equalization any more under either the new scheme or the old one. As Locke and Hobson note, the provincial government would receive - by their calculation - about $1.4 billion less under the new approach compared to the Fixed Framework.

$1.4 billion.

Where does that figure turn up again?

The Public Accounts, Volume I, note 4 on page 37, released just this week:

The deferred revenue totalling $1,646.2 million consists primarily of $1,458.5 million relating to the Atlantic Accord (2005), which represents the unearned balance of the $2.0 billion advance payment received in 2005-06. In addition, the deferred revenue balance consists of $51.7 million relating to Federal Government funding for various health care initiatives, $44.9 million relating to Federal initiatives in support of post-secondary education, public transit and affordable housing, $16.4 million relating to gas tax initiatives, $62.3 million relating to entities in the education sector, $7.4 million relating to entities in the health sector, and $5.0 million related to other miscellaneous programs. These amounts will be recognized as revenue in the periods in which the revenue recognition criteria have been met. [Emphasis added]

Curious, huh?

It's likely a coincidence, but remember that when the provincial government signed the 2005 transfer deal - it wasn't about offshore oil revenues, by the way - the up front cash was offered and accepted because both the federal and provincial governments knew that, at least for Newfoundland and Labrador, it offered more cash than would be obtained before the province went off Equalization if the thing was just run on a year-to-year basis.

At the time the deal was signed, both public and government estimates were that Newfoundland and Labrador's provincial government fiscal capacity would put it off the top-up scheme called Equalization such that the second eight year phase was unlikely to be realized. As the premier noted at the time the transfer deal was signed, the whole thing came down to a discussion of the cash - the quantum, as he put it - and by simply adjusting the assumed average price of oil, the up front cash went from $1.4 billion from October to $2.0 billion in January 2005.

Poof, the deal was done. Never mind that the principles laid out in the January deal were actually inferior in some respects to the October offer. It was the up front cash that counted.

All of this should be a reminder that provincial governments across the country all look at the federal government as a source of cash. There's nothing new in this at all. The pretexts vary, but the demand is still the same. Danny Williams is looking for $10 billion or so based on what he calls a broken promise. Dalton McGuinty has a figure double that and earlier this month he went looking to Ottawa looking for another $350 million. Just this week, the arch-provincialist party the Bloc Quebecois put $15 billion of demands on the table as its price for supporting Stephen Harper's Conservatives. Saskatchewan is looking for cash, too.

Just to give a real sense of just how much the $10 billion - for example - is merely a pretext for the usual game of federal-provincial relations, look back at the letters Danny Williams sent to Stephen Harper through December and into January. The 'ask', to use Danny Williams sales talk, is the federal shares in Hibernia, which he appears to want for free. Harper doesn't dismiss the subject out of hand, as some local media erroneously reported. rather he clearly leaves the door open to discussion on a purchase price.

But the question that goes begging is why Danny Williams would be prepared to trade off an old demand of his demands in settlement of supposedly new and humiliating grievance of The Broken Promise. If The Broken Promise was both as new and as grievous as the rhetoric would suggest then it could only be genuinely settled with some new compensation.

Not so. And the willingness to trade off - to say yes to less - isn't really a constructive effort to settle an account. Take a look at what else would supposedly settle the grievance and you see a raft of things the provincial government has been seeking for some time or something else that's cropped up lately.

What we have here is old-fashioned federal-provincial relations but reduced to a highly dysfunctional set of confrontations. As noted here before, the entire thing, at least in Newfoundland and Labrador's case, is now structured in a way to frustrate the sort of political discussions that have worked on small and large projects in the past.

But that's not just a function of Danny Williams' style, although his partisans will be quick to leap forward and spew the Blackberry Talking Point du jour. Even in the most intense period of the "Fair Deal" crusade, federal-provincial relations still managed to function. Back room chats, informal exchanges and formal proposals flew back and forth between Ottawa and St. John's. There was a resolution to the major impasse, but there were also other issues that were addressed. Take the offshore board thing as a case in point. The federal and provincial governments engaged in all sorts of discussion out of public view in an effort to resolve the issue. Read the decision in Ruelokke v Newfoundland and Labrador; the evidence is there.

Like the old saying, it takes two to tango and in the current dysfunction in federal-provincial relations it takes two to tangle. The resolution to the problem may well come in the next federal election but it won't because of any ABC campaign by any one politician. You see, just looking at Newfoundland and Labrador, one can see that historically the province tends to vote anything but Conservative, whether we mean the current version of the party or the old Progressive Conservative crowd. There are some compelling reasons in front of the voting public that are likely to reinforce that tendency next time not just locally but across the country.

The old game of "Gimme me your lunch money" won't vanish. That's too entrenched in the federal-provincial system. But there is a possibility that the next federal government will take a different view of how the system should operate, one that restores the sort of political accommodation and compromise that has made Canadian federalism as successful as it has been.

And locally, when the provincial government gets a sense that things are different, well, maybe it will start focusing on those "other things to talk about" everyone has raised lately in the cell phone story. They'll start talking about fiscal responsibility and about the policies needed to sustain the province's new-found status as a major economic engine for the country.

Bullying for lunch money - looking for handouts to pay the bills - is the domain of the insecure and weak. It's time we moved on to something else. Heaven knows the province as a whole is long since past that sort of stuff even if some politicians and their supporters still have an entire forest of chips on their shoulders.

-srbp-

[h/t to Dulse and Fog for the APEC link]

26 January 2008

Public body breached new privacy law

Is everyone in government ready to protect personal privacy?

Apparently not.

The section of the Access to Information and Protection of Personal Privacy Act, known by appealing acronym ATIPPA, dealing with personal privacy came into force on January 16, 2008.

Given the five year delay in implementing the new privacy protections, it came as something of a surprise on Friday to learn of the possible leak of an undisclosed amount of private information held by a government agency. Someone on contract to the Workplace Health, Safety and Compensation Commission operated a file sharing program that gave access to files on the computer's hard-drive, including confidential records related to the commission.

It's taken a while to get the whole act into force, something on the order of five years. The delay was apparently due to a need to get government departments ready to deal with the implications of the new legislation. In the meantime, the old Privacy Act, circa 1981 was in force. The Privacy Act was far from perfect but at least it was something.

Workplace Health learned of the security problem on January 22 but it took three whole days for the provincial government to inform the public of the problem. The entirely self-serving news release spent more time trumpeting the actions taken to deal with the problem and to praise the Office of the Chief Information Officer [OCIO] for all its fine work in protecting information than it did in disclosing what government knew about the extent of the breach and whether or not information had actually been obtained illegally by anyone.

In fact, the only thing clear through the release is that the provincial government actually knows - or appears to know - very little about the breach beyond some very rudimentary details.

There's even a rather interesting quote from the newly minted chief executive of Workplace Health;

"The Commission shares the Provincial Government’s view that private and confidential client information must be safe guarded both at the Commission and with service providers. Until the forensic investigation is complete, the extent of the exposure is not known and we are unable to determine how many, if any, of the Commission’s clients may be affected," said Leslie Galway, Chief Executive Officer, Workplace Health, Safety and Compensation Commission. "The Commission was not the source of the breach but nevertheless has taken measures to ensure the integrity of its network system was intact, as well as address the network system concerns with the private company involved."

How comforting.

The commission shares the provincial government's view that private information must be safeguarded.

Unfortunately for the commission, this is not merely a "view", an opinion of the sort one might wish to be associated with like, say, "My goodness that was a lovely sunrise this morning."

It is the law.

36. The head of a public body shall protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.

And there's nothing in the law that restricts the legal obligation of a public body to protect private information only to computers owned by the public body itself.

It's a blanket obligation.

That's what makes the provincial government news release so interesting. In the quote above, Leslie Galway talks about securing the commission's own network and refers vaguely to addressing "network system concerns." Heaven knows what that means, but it is entirely irrelevant since the actions were taken after the fact.

The story gets more interesting when one reads the coverage in the Saturday Telegram, sadly not available online.

Justice minister Jerome Kennedy says the consultant was "doing some work for justice" [presumably the department] occupational health and safety assessments. Kennedy repeated that there are government policies in place that prohibited the use of file sharing programs on government computers. He pronounced himself satisfied with that: "I'm comfortable ...that this issue with government-owned computers has been addressed very expeditiously and thoroughly."

Just so that we can all share the minister's sense of comfort, go back and wander through the OCIO website. try and find a policy statement on file sharing and the handling of records. There isn't even a link to the ATIPPA in the links section of the website, even though ATIPPA is a key part of records management within government.

But of course, this is the second such incident in a handful of months. A similar case came to light in November involving 1420 medical files. The Telegram reports that 370 files were accessed - by whom is not disclosed - and that the files belonged to 151 patients and two employees of Eastern Health.

The Telegram also states - erroneously - that provincial government policies do not extend to the private consultant. While a public body is able to disclose personal information to a consultant doing legitimate work for the agency or a government department, section 36 of the ATIPPA doesn't limit the obligation of the department or agency to take reasonable security measures.

The crux of this story is that for the second time since November, a provincial government agency is involved in a breach of privacy. This second case is all the more serious since it comes less than a week after new legislation took effect which obligates public bodies to protect information from disclosure.

No surprise, in that context, that the provincial government delayed disclosing the existence of a security breach and at the same time focused its attention - in the news release - in endless self-praise, rather than acknowledging the gravity of what had occurred.

That's not accountability or transparency, as the justice minister professed when announcing the privacy legislation was in force. And frankly, the people of the province should view with some suspicion this pronouncement by the justice minister.

"I want to assure the people of Newfoundland and Labrador that their personal and confidential information is treated with respect and in accordance with the Access to Information and Protection of Privacy Act."

The subject of his news release - a second security breach involving an undetermined amount of confidential, personal information on an undisclosed number of individuals or corporations - is evidence that information is not being handled "in accordance with" the ATIPPA. If the minister is not prepared to acknowledge a problem exists, it's highly unlikely a proper solution will be implemented, let alone found.

Up-data: Seems the CBC version of this story has some variations from the telegram version.

"The investigation is very early on," said Leslie Galway, the commission's chief executive officer.

"We are not aware of whether our clients are actually involved with the information on that computer specifically, and what sort of information may be there."

Three days later and no one knows what was on the computer?

"At this stage, we don't know the extent or nature of the breach," Kennedy said, "nor the types of information that may have been exposed."

Now there's a familiar line. It popped up in November as well, and right behind came the assurance that there was absolutely nothing to worry about.

The real value of the CBC story though is the link to a follow-up on the November security leak. on November 27, health minister Ross Wiseman said there were only 49 people involved in the first leak. The Telly now has the figure at 153.

Which number is right?

-srbp-

25 January 2008

Where real bloggers live

Periodically, Ye Olde Bond-Papers gets an e-mail from one of the Premier's staunchest of staunch supporters.  They are always enjoyable, if not mysterious, since they tend to follow a predictable pattern that ends up constantly begging the same question.

At the point where said correspondent notes the overwhelming  - dare one say "avalanche of" - popularity of the province's premier mobile phoner, it seems amazing that there are any e-mails coming at all. Surely, if the guy addicted to his Roger's cell that popular, what poor old e-scribblers scribble would hardly matter.  Would it?

Anyway...

In the land to the East, in the Mother of Parliaments, a mother of another kind who blogs under the name Guy Fawkes recently uncovered a campaign spending controversy. That's part of a much larger series of posts on one labour member  - Peter Hain - whom Guy now claims as his first head, as in head on a pole.

You'll find some interesting discussion of the Hain series at Iain Dale's online diary, and Roy Greenslade's space at the Guardian Online.

As Iain notes, bloggers don't exist to get scalps however from time to time, we can influence the public conversation.

That's pretty much it. 

Sometimes other people can influence the public conversation too, like say the fellow who went public with his story this week about Danny Williams and the cell phone.  Despite the very best efforts at character assassination by the Premier's supporters and despite the efforts by a surprising number of reporters to kill or discredit the story and despite the fact that VOCM completely ignored a story they had first, the great cell phone debacle had national legs over several days.

And the story kept rolling despite a relatively quick effort by the thumbs on the 8th to get the admission of guilt into circulation.  The story was still going on radio talk shows four news cycles after it first broke on a VOCM talk show and VOCM news took an editorial decision to ignore it officially.

Wow.

That's impact.

Makes you wonder what some people would do if local blogs really did dig for stories like Guido does.

Exploding heads, maybe?

Soiled undies, per chance?

jitcrunch.aspx Anyway, if you feel so inclined, Guy's come some half-decent swag, via Cafe Press.

-srbp-