The Ontario NDP are being criticized for not redacting a URL at the bottom of a leaked document they released to the media last week.
The Health System Efficiency Act, a draft bill by the Ontario government, proposes changes to healthcare across the province and details the creation of a super agency. An Ontario Public Service employee was dismissed as a result of the leak. The Ford government asked the OPP to investigate how the document was obtained.
Privacy and data experts said the URL listed could have easily allowed government IT officials to track and identify the source of the leak.
“In that URL there is a unique identifier that was enough to identify probably at least the user and the user’s unique access to the document,” Graeme Hirst, a University of Toronto professor of computer science, told Global News.
Hirst said he is baffled as to why the NDP would neglect redacting the information.
“Clearly the NDP could have protected the identity of the leaker by redacting that bottom line on each page of the document by literally blacking it out with a marker and re-scanning the document,” he said, adding whoever leaked the draft bill was naive.
“The ID was there in plain view of every single page that they leaked … If they were at all familiar with the kind of web mail systems that this document clearly came from, they should have recognized that that was a unique ID that would tie the document back to them.”
When asked about the criticism, a NDP spokesperson told Global News in a statement, “The NDP received these documents with permission from the source or sources to release them as delivered. We believe that nothing on them could have revealed the source, and have verified that to the best of our abilities.”
The NDP spokesperson also reiterated what NDP Leader Andrea Horwath told the media last week.
“Doug Ford’s mission to hunt down and punish whistleblowers worried about health care is a bizarre and callous priority,” she said.
“This Ford revenge plot is clearly designed to put a chill on the opposition, public servants and journalists.”
Information privacy and security consultant John Wunderlich said the NDP didn’t do “due diligence” to protect their source. He also said the NDP should have consulted an IT expert before releasing the document to the media.
“It’s important to know what you don’t know,” he said.
“If you’re not a digital-forensic expert, you should know that if someone gives you a digital file that you’re going to share with reporters, you should know enough to ask yourself the question, ‘Am I an expert on making sure that this is not going to reveal the source?'”
Dave Bulmer, president of AMAPCEO, the union that represents the fired employee, told Global News he couldn’t comment on the specific employee. ”
“I can say that the 14,000-plus professional public servants who we represent across the province take seriously their responsibility to provide non-partisan support and advice to the government of the day,” he said, adding those who work for the Ontario Public Service take an oath of office and are obligated to maintain confidentiality.
“AMAPCEO also takes seriously its obligations as a union, and would provide representation to any member who is disciplined or terminated, for whatever reason, believing that everyone deserves to have someone in their corner at work.”