Google Leaks Peeks and Lost Letters | Truth Lies Deception and Coverups - Democracy Under Fire

Translate

Leaks Peeks and Lost Letters


Leaks, Peeks 
and Lost Letters
Data Leaks D16

Leaks

The rather gobsmacking breeches of privacy from multiple different government bodies in New Zealand over the past 2 years raises issues regarding privacy, secrecy and coverups. I'm not sure whether this is an actual epidemic of monumental proportion, or whether the public is finally hearing what has been going on behind the scenes for a long time, and the only thing that is new is that the public now knows about it.
Oh No What did I do D16
Most New Zealanders are aware of the email  scandals involving leakage of personal data related to over 100,000 people over the past 2 years. email has been sent (presumably accidentally) to people who should not have received it on various occasions by staff in different government departments. 

Many years ago I was a Flight Surgeon, trained in Aviation Medicine and involved in investigating aircraft accidents. A point that was repeatedly made in my training (and which I discovered to be true in subsequent aircraft accident investigations) was that the most common cause of an aircraft accident is human error. The purpose for investigating any accident was to find the likely cause and subsequently fix the problem to help prevent it from happening again. In the absence of evidence of structural failure, neither the pilots or the other planes in the fleet were grounded. In the case of human error, changes were subsequently made in training or design of aircraft to help reduce the likelihood of an accident being caused by the same factors again.

Solving PC Problems D16
At the moment, at least part of the government is reacting in a manner to these human errors by metaphorically "grounding" the fleet by cutting off email communication with the public. We have not been told that the hardware is defective. Nor have we been told that the software is sending out all this personal data automatically of its own accord. There are little fingers pushing the keys. This is a human factors issue.

The consequence of cutting off communication with the public by email is an unhappy public. The public deserves to have access to people in government dealing with matters that affect them; and so they can keep an eye on what government is up to. For many people, email is the best way to communicate. 

"Benign" leaks require fixing. They do not warrant turning the "water" off for indefinite periods. They certainly do not warrant long-term policies and procedures that seriously restrict the flow of data to the public, or block it entirely.
Mistakes were made D16

The underlying cause(s) of accidental release of information (even monumental gaffes such as these) that are due to human factors (in this case, human error) are generally due to factors that can be readily identified and fixed. The government has millions of dollars in hardware and oodles of information technology experts at their disposal. There is no point in ruminating over why the systems that led to the recent blunders weren't better designed to prevent accidents of this type in the first place. It needs fixing. It will be dealt with, if for no other reason than the fact that the politicians implicated by association are finding the embarrassment of the lapses and the pressure of public reaction sufficient to insure it is fixed.
It wasn't me D16

People are fallible. Although the problems leading to these mistakes are likely to be fixed; this does not mean there won't be mistakes in the future. All organizations need a response plan because mistakes of this type can happen anywhere, at any time. The organization and people involved should be accountableCovering up the error or denying responsibility or understating the extent of the error or belittling the victim's response only serves to make the victims more angry, adds insult to injury and does not prevent the problem from happening again. 
Locking information away D16
It is certainly not on for bureaucrats to over-react and use the errors made by a few government employees as an excuse to make it more difficult for individuals to obtain information under the Privacy Act or Official Information Act. The public is not the problem. The public is having problems getting information they are entitled to under the Privacy Act and Official Information Act due to a "Secret Squirrel" culture that is into hiding information - which makes the careless (albeit accidental) wrongful distribution of large amounts of personal data all the more aggravating.


Peeks - Accidental Recipients and Whistle-Blowing
Shocked Face D16

Besides the processes staff use when dealing with email - these incidents raise another issue - that of the accidental  recipient of the data.

It must be remembered that the recipient did not cause the error. Curiosity is a powerful drive. It is unrealistic to expect that the recipient of email mistakenly sent to them will not read at least some of the data, either because they think there is something in there related to them that they are supposed to read; or because they are just plain curious as to what the information is about. So, it's not reasonable to legislate against the recipient reading the information; because it is not realistic to expect that an ordinary person would refrain from doing so. 

In our view, the accidental recipient of personal information needs to be dealt with in a  practical way in privacy and/or other legislation. An accidental recipient may receive information that is just information (albeit information the parties involved would usually prefer was kept secret); or on occasion, the information may also include evidence of wrong-doing. To stifle the outing of evidence of wrong-doing by a member of the public by using the protective cloak of the Privacy Act to protect the wrong-doer is equivalent to gagging a whistle-blower employee from exposing wrong-doing.

We think the following are also matters that should be considered future legislation in dealing with privacy breeches of this sort:
Keeping a close eye D16
  1. If data sent by error to a recipient includes information related to the recipient, we think that the recipient should be able to keep that part of the data. (They are entitled to information related to them under the Privacy Act. Denying the accidental recipient the part of the information that relates to them is fundamentally unfair; is just likely to get their back up and increases the likelihood of prompt development of a public brouhaha.)
  2. The accidental recipient should be required to notify the originator (if they can tell who that is from the email) PLUS, if possible, the originator's supervisor (or someone higher up in the organization) of the error. (This is another reason the accidental recipient may need to read at least part of the data - to identify the organization).
  3. The accidental recipient should be asked by the originator to destroy the data and should let the originator know when this is done.
  4. The accidental recipient should definitely not be allowed to demand money or other rewards in exchange for keeping quiet about the breech.
  5. The accidental recipient should not be allowed to release the actual names of people or address  information included in the data to the public.
  6. If it is apparent from the data that there is something shady afoot; then the accidental recipient should be able to keep a copy of the data temporarily in order to deal with the information as a whistle-blower. 
  • Otherwise, the wrong-doing will not be "out"-ed and the wrong-doing will
    likely continue.
  • The accidental recipient of evidence of wrong-doing should then refer the matter to the appropriate authorities for follow-up.  
The whistle-blower legislation in New Zealand does not currently specifically
Whistle-blowers vs Corruption D16
cover the situation whereby a member of the public who is not an employee obtains evidence of wrong-doing. If the legislation did cover this situation then it makes it more likely that the recipient in such cases would go to a relevant authority so that an investigation can be originated, rather than go directly to the newspapers.  
But, if the authorities do not investigate or take remedial action, then there should not be any obstruction of a whistle-blower (whether an employee or member of the general public) going to the media with their story.
Other Insecure Forms of Data Handling

However, the accidental press of the "send" key sending data on 10s of thousands of people to wrong email addresses is not the only weakness in current government information handling:

1. Staff are writing under other staff's emails or multiple staff are writing under pool email accounts.


Insecure computer D16

It's one thing if multiple members of a family share a computer, and they may in some instances share an email address. It's quite another matter when government departments or organizations operating in the public trust have multiple people using the email address of another person or multiple people using the same email pool address.

It's understandable if an organization has a generic pool email such as: accounts@XXXX or info@ XXXX or support@XXXX. But subsequent contact by a staff person assigned that case from the pool should be by an identifiable person who uses a unique email address (unless there is only one person using the generic email address). If the designated person is away systems should be in place so that the case is assigned to a different specific person who makes contact with their unique email address. Having multiple
Faceless bureaucrats D16different people responding under a common generic pool address (such as info@XXXX) is wrong.  It is confusing to the recipient; facilitates unwarranted secrecy; makes tracking of correspondence difficult (maybe that's the intention);  makes accountability next to impossible owing to not having a clear line of who did what, therefore who was responsible for actions or inaction; and if there is common access by a pool of unknown people to personal data -  how can privacy of personal information be assured? (Answer: It can't).

But it's not just different people writing under an invisible cloak of a common generic email account. Government staff are also sending out emails under the actual personal name email of other staff members. Unique email IDs are not expensive relative to the importance of privacy, security and accountability. When a staff person writes under another staff person's email ID, what happens if there is a mistake, a privacy breech or fraud? How can there be a trackable chain of accountability? (Answer: There can't be).

2. Staff are writing and sending official documents (including legal documents) under the name of different staff members with an unidentifiable squiggle and no indication of their own name.

Scribble D16
In the old days when secretaries typed documents for executives, it might have been common for them to pp a document. But if a document (especially an official or legal document) is written by someone else or signed by someone else in this day and age - there is no excuse not to include the actual name of the writer or signer in addition to the typed name of the person they are writing or signing for: (eg Jane Doe for John Smith - including Jane Doe's contact details). This is about track-ability, responsibility and accountability. In some instances there may be legal implications if a legal document is written and signed under someone else's name. If the letter results in harm of some sort, who is responsible - the person who did not write or send the letter but whose name was on it, or the unidentifiable person who put a squiggle on it. Well we know what happens under these circumstances. No-one takes responsibility.

3. Lost Letters - "It's in the snail mail." (Ooops! Snails must have eaten it!)

It's all very well to get over-worked about email. But at least with email, as long as the originating and recipient email addresses are unique and accessed by one person, where the email went can be followed.
Snail Mail D16
Snail mail is another story. 

In August 2012, the NZ Herald reported that more than 1000 letters or packages were reported (to NZ Post Customer Service Centre) as lost in the mail on a weekly basis. The impression management team at NZ Post promptly swung into action claiming this was a minuscule amount, because NZ Post delivers an average of 16 million items a week! 

Insecure mailboxes D16Given there are only ~4 million souls of every age living in New Zealand; letter writing is a dying art; most financial transactions are done electronically these days; and young people have largely lost the art of spelling, let alone letter-writing due to text-speak (so they are no more likely to add significantly to the snail mail pool than their pre-school siblings), NZ Post was clearly blowing dust in the eyes of the public to cover up what is a big problem. 

NZ Post Public Relations "impression management" / spin people were counting junk mail to coverup the problem disclosed by the journalist who wrote about the large volume of lost mail. Only someone with a serious mental health issue would complain about not receiving junk mail. 
Lost Packages D16
Further the complainants had to know the mail was gone missing (anyone who did not know their mail had gone missing wouldn't complain); and they had to be willing to go to the bother of making a formal complaint to the right people at NZ Post.  Those figures also don't include the likely large amount of mail that is sent to the wrong address; but is subsequently returned to the post office by the recipient for correct redirection; or the wrongly delivered mail that is dropped off by the recipient directly to the correct person. People who don't receive birthday, anniversary or sympathy cards (real mail) may be disappointed - but aren't likely to make a formal complaint. Then there's quotes, invoices and statements (real mail) - not receiving these may be inconvenient (or possibly welcome) - but the normal reaction would be to go to the sender to get another copy, not make a formal complaint to the post office. 

If you get my drift, the amount of real mail that is likely to trigger a formal complaint is likely relatively small making the actual statistic of 1,000 pieces of lost mail a week significant - not minuscule as the post office spin doctors would like us to believe.
(To rub salt in the wound, in Sept 2012, the NZ Herald reported that NZ Post sell off items deemed "undeliverable"  after 3 months and keep the cash.)

Note in a bottle D16

People generally consider their mail and things they buy are private matters. We think that losing what is likely at the very least 1000 items of genuine mail a week, on a regular basis  for years is a serious matter that's right up there with the Earthquake Commission saga. NZ Post just has faster-talking spin doctors.

Why am I going on about snail mail? It's because government departments are using all kinds of excuses not to send data by email, commonly refuse to use signature courier (the only reasonably secure way to send hard copies) and are using snail mail.

Accountability and Communication D16Depending on where you live, it can take several days to get snail mail - even without it getting lost en route. A lot of government correspondence is time sensitive (especially legal matters). Apparently all bureaucrats have to do is to make a record that they sent something by snail mail at such and such a date and if you don't get it in time - tough luck Charlie. DRSL usually sends its Review reports by snail mail because that is all they are legally required to do. (Yet to Appeal a DRSL Review to the Courts you must do so within 28 days of the Review having been mailed out - by snail mail).
Lottery balls D16
Snail mail is a bit of a lottery as to whether or not you will actually receive it. But more than that - the security issues are major. (And we're not just talking about NZ Post opening mail they deem "abandoned"). Most people live in a house with more than one person. In some cases there are a great many people. There's the issue of the mail being retrieved from the mailbox but not being given to the addressee (a bit like teenagers and telephone messages). Other people who live in the house or may just be visiting can open someone else's mail - accidentally or deliberately. And of course there is mail stolen directly from mailboxes and opened by unknown persons. Snail mail is not trackable at all.

In summary: 
  • Snail mail is unreliable, insecure, not trackable and is the perfect method for privacy breeches. 
  • It is preferred by government departments near you.
4. Widespread surveillance and swapping of information between agencies nationally and internationally

Legislation has been passed in New Zealand that allows swapping of information between government departments without a warrant. There was not much made of it in the media at the time owing to a level of naivety on the part of the public (due to being woefully uninformed of what the government has been up to).

Recently New Zealand's participation in global spy rings (including Echelon which spies on just about anyone with a digital device anywhere in the world) has come to the attention of the public. This government is pushing through Bills to legalize widespread surveillance (spying) on the citizens of this country and the swapping of information obtained this way between agencies within the country and with other countries. Furthermore the legislation is geared to grant immunity from prosecution for the government employees who do this.

While government secrecy is over the top - the notion of "Privacy" is clearly an illusion in New Zealand, and the current government appears intent to undermine it further through the legislative process. Between government secrecy and actions geared to subvert personal privacy - the government of New Zealand is progressively undermining New Zealanders democratic rights and freedoms along with privacy.

5. Overall information handling by government

We think accidental leaks can be remedied and should be remedied - but not in such a way to make administration inefficient or contribute to unwarranted secrecy.

But, accidental leaks of information have to be considered in the overall context of information handling by government. There are huge problems in this area that go well beyond accidental leaking of data.

a. NZ is subverting the right to personal privacy

Legislation that has been passed or is in the works that is related to inter-departmental sharing of data (or sharing of data with any other parties) needs to be reviewed.


  • It is clear that the transfer of large volumes of data increases the magnitude of the adverse consequences of error. That can presumably be fixed technologically.
  • It's the integrity of some government officials and employees etc in their handling of data that raises the need to revisit this type of legislation.
  • We think legislation that allows government departments to share access with other departments (or with agencies in other countries) needs to be reviewed.
  • There needs to be reasonable justification to intrude into people's privacy. Vague suspicions or "possibilities" or administrative convenience just become generic rationalization for unwarranted intrusion and are not good enough reasons for any part of government to invade the personal privacy of New Zealanders (or to acquire information from agencies in other countries in order to circumvent this right).
  • The requirement for justification and a warrant for acquisition or transfer of information should be reconsidered in order to protect the rights of New Zealanders and NZ residents to privacy.
b. Widespread surveillance of New Zealanders and transfer of this information

  • Some legislation that has been passed and some that is in the works allows surveillance of New Zealanders for whom there are no reasonable grounds to suspect any crime. 
  • This is a gross invasion of the rights of New Zealanders (and residents) to personal privacy. It needs to be reviewed on an urgent basis.
  • It is not just a gross invasion of privacy - it (similar to interdepartmental transfer of data without good reason) puts the individuals at increased risk of abuse of access to their information. (See the risks of spying under "Spying on individuals has consequences" herehttp://bit.ly/18JhA1m  )
  • The requirement for justification and a warrant for acquisition or transfer of information by surveillance needs to be reviewed and updated urgently in order to protect the rights of New Zealanders to privacy.
  • Data related to New Zealanders for whom there are no reasonable grounds to suspect a crime should not be sent en masse to any other countries or organizations. 
  • The requirement for justification, and a warrant for acquisition or transfer of information should be reconsidered in order to protect the rights of New Zealanders and NZ residents to privacy.

http://www.stuff.co.nz/dominion-post/news/politics/8911664/Call-for-human-rights-inquiry-into-GCSB-bill
c. Legislation of various types is in the works to grant government employees "immunity" for their actions.
  • It says a lot that this government has been pushing immunity for government officials and employees. Why should they be immune from liability for illegal, malicious or negligent acts?
  • This is truly the road to unaccountable, uncontrollable authoritarian government.
d. A secret squirrel culture to hide the actions of government officials and employees by deeming documents secret simply because it has an employees name or opinion on it.
  • This is effectively a counter-culture to open government. 
  • Ordinary activities of government are being hidden by: claiming they are secret (purely on the basis of having been written by a staff person - claiming that staff person's right to privacy allows the government to hide what they said or did), or denying the information exists by storing it in a different part of a filing system in order to avoid producing it on request.
  • This allows the government to act in secret. Consequently, government and publicly funded people working for government directly or as contractors can get up to all kinds of things that the public would not agree with if they knew about it. 
  • Secrecy (and denial) may also be used as a means to hide unjust or corrupt actions or outright fraud and corruption.
  • It goes without saying that that is exactly the opposite of the basic premises of open, democratic government.
e. Need for amendment of the Privacy Act


  • The Privacy Act needs to be updated. 
  • We think that neither the current "Justice" Minister nor any other Minister who has directly or peripherally been involved in legislation - which has either already been passed or in the works that encroaches on New Zealander's democratic rights and freedoms or privacy - should be involved in selecting the committee or influencing the committee that works on amendment of the Privacy Act.
  • We think that the Privacy Commissioner (and the Ombudsman) should have the right to subpoena documents and the legal right to directly access databases to ascertain if data has been hidden or illegally deleted and obtain copies of it if necessary.
  • We think there should be serious penalties and legal liability for anyone to have misled or lied to the Privacy Commissioner or Ombudsman or hidden information in the course of any investigation.
____________________



If you want to leave a comment you are welcome to do so.
Click on "Post a Comment" below the very bottom of the Post
and a comment box will appear.



____________________


If you are interested in reading more on 
surveillance and privacy,
you might also be interested in...


Privacy, Secrecy and Coverups

Secret Squirrels and the Office of the Privacy Commissioner


The New Zealand GCSB Spy Bill - 12 steps closer to Big Brother surveillance

Eye Spy - Echelon, Big Brother and New Zealand - in the Global Spying Network

Submission example for the NZ Spy Bill

Coffee Q5: Would you vote for, or respect any politician - who votes in favor of the GCSB Spy Bill?

Peeping Toms - 70 years of government led domestic surveillance and repression through Spy Agencies

States of Surveillance: New - Mandatory blood testing of all Americans age 15-65 

States of Paranoia - Evolution of a Police State and Constitution Free Zones

Julian Assange, Robin Hood of the Information Age - and Pandora's Box

Coffee Q4 - Who are the good guys vs the bad guys?




We3forDemocracy




  • We 3 believe in democratic governance, not authoritarian rule.
  • We 3 believe in democratic rights and freedoms.
  • We 3 believe in the right to privacy of each person and their right to privacy within their home - not unwarranted surveillance or misuse of personal data.
  • We 3 believe in open government, not government that operates in secrecy.
  • We 3 believe in good faith, fairness and justice for all - not injustice and back room deals.
  • We 3 believe in accountability, not secrecy and coverups.
  • We 3 believe in truth, not lies, deception and secrets.
__________________________________________ 



Lies disguised as truth P3


Some politicians and bureaucrats think the general public are dumb. They want to keep us that way by controlling what information we are given. 

The information we are provided may be "truthiness" (which is not the truth, and involves all manner of deception), not truth. Lies and deception are often used to put a positive spin on matters  we would not agree to, or would disgust us if we knew the truth. Secrecy is another tool of "impression management" to cover up wrong-doing, or shameful or corrupt acts.

Freedom of information is a cornerstone of democracy and justice. Without it, the risk of a decline into an authoritarian form of government is virtually inevitable.

Are we "sheep-les" or mere puppets who can be led to believe and do whatever our masters say; or are we thinking people who want to be truthfully informed? 

Are we willing to speak up and insist on the truth? Are we prepared to take action to guard our democratic rights and our rights to justice and fair treatment?
_____________________________


Thinking Tiger D16


The people generally trust their government, law-makers and the publicly funded bureaucrats who are responsible for representing their interests. But the "people" are being deceived in many instances. We feel this is wrong.  The "people" - ordinary folk like you and me have great power in democratic countries. We can and should do something about this.

Lies, deception, cover-ups and corrupt practices must be "out"-ed if they are to end. This is necessary for democracy and justice to survive.



Tiger sleeping D16






The "people" are like a sleeping tiger.




Tiger jumping D16



If you pull the tail of the tiger; it is to be expected that the tiger will wake up, take notice of it's tormenters and give chase.





In the interests of democracy, justice, world peace and a stable economy for ordinary people - the tiger must run wrong-doers to the ground.

Tiger running wrong do-ers to ground D16
Separator D16d
Original 3 Monkeys D16
Original 3 Monkeys

All that is required for evil to take hold and grow is to: close your eyes, block your ears, shut your mouth - and do nothing.



If we do nothing - then nothing will improve.


Spreading the Word D16

Spread the Word!

One person can achieve little or nothing. 
Many can move mountains.
3 Freedom Monkeys D16
3 Freedom of Information Monkeys

Thank you from
3 Monkeys & me

1 comment:

Anonymous said...

My spouse and I stumbled over here different page and thought I might check things out.
I like what I see so now i am following you. Look forward to exploring your web page for a
second time.

My site ... Realtors Woodbury MN