Advertisement

N.S. relaunches FOIPOP site 1,024 days after pulling it down over data breach

Click to play video: 'N.S. auditor general releases FOIPOP website data breach report'
N.S. auditor general releases FOIPOP website data breach report
Tue, Jan 15, 2019: After nearly a year, some of the answers surrounding the breach to the province’s FOIPOP website have finally come to light. But the situation isn't exactly sewn up. Jeremy Keefe reports – Jan 15, 2019

The saga of a major transparency tool came to an end on Thursday as the province relaunched an online platform more than 1,000 days after it was yanked offline and after multiple delays.

The website, now known as the IAPrequest site, facilitates online requests under Nova Scotia’s Freedom of Information and Protection of Privacy Act (FOIPOP), a piece of legislation that allows journalists, academics, businesses, activists and any other Canadians to obtain government information that is normally withheld from the public.

Some of the stories that were obtained through FOIPOP requests include the province’s decision to grant the majority of COVID-19 exemption requests earlier this year, details on inspections about a crane that would later collapse in downtown Halifax, and the decision by multiple ministers to use private email accounts for government business despite rules to the contrary.

Story continues below advertisement

The province once had a similar online system.

But 1,024 days ago it was pulled down after it was revealed that a data breach on the website had exposed 7,000 documents containing personal information such as social insurance numbers, personal addresses, child custody documents, medical information and proprietary business information.

The press release issued on Thursday by the Nova Scotia government does not mention that breach or the government’s role in it.

Click to play video: 'Nova Scotia granted three-quarters of all COVID-19 exemption requests between March and July'
Nova Scotia granted three-quarters of all COVID-19 exemption requests between March and July

The data breach

The data breach of the original FOIPOP website was first detected by a worker at the Nova Scotia archives.

In an email sent on the evening of April 4, 2018, the employee attempted to re-enter a URL that linked to a released and redacted document he had previously accessed through the FOIPOP portal but mistyped the address.

Story continues below advertisement

“Rather than going to another redacted, released document, I ended up seeing an incoming FOIPOP request. … It seems that rather than being inside the government system, which in itself is a bit of a shaky practice, the materials are out there, seemingly unprotected, on the web,” the employee said.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

READ MORE: N.S. Liberal leadership candidates agree on updating FOIPOP legislation but not specific changes

Provincial officials quickly jumped into action, scrambling through April 5 to find a solution.

One official wrote that the government should shut down the website “until we get a grip on things.”

With no immediate solution available, the government yanked down the website at 8:15 a.m. and it remained offline until it was partially restored 152 days later, allowing Nova Scotians to request previously completed requests.

Until Thursday, Nova Scotians were still forced to file requests by pen, paper and Canada Post mail.

A vulnerability, not a hack

Halifax Regional Police arrested a 19-year-old on April 11, 2018, after searching his home, but three weeks later issued a news release saying they would not charge the man, as “the 19-year-old who was arrested … did not have intent to commit a criminal offence.”

Story continues below advertisement

Halifax police said the young man was arrested under a rarely used section of the Criminal Code that prohibits the unauthorized use of a computer with fraudulent intent.

Click to play video: 'It’s ‘more important than ever’ for government to protect data: privacy commissioner'
It’s ‘more important than ever’ for government to protect data: privacy commissioner

The man later told CBC that his arrest had been carried out by approximately 15 officers.

The police’s initial decision to charge the 19-year-old drew heavy criticism from the tech community in Canada. Critics say police “overreached” for something that is a common action in the technology field.

Search warrants indicate that a Nova Scotia civil servant told police somebody “hacked” into the province’s freedom of information website.

However, internal government documents indicate that the province understood the problem to be an issue that made the website’s operating system vulnerable and that it wasn’t a malicious attack.

Story continues below advertisement

Reports from a pair of oversight bodies would later take the departments that oversee Nova Scotia’s IT infrastructure to task after determining “poor overall project management” and a “serious failure of due diligence” helped cause the data breach.

READ MORE: N.S. information commissioner says office legally hamstrung, short on resources

Repeated delays come to an end

The path to bringing the request website back online has faced repeated delays.

A tender for the new website was issued in May 2019, with the Nova Scotia government telling Global News at the start of 2020 that it would launch the site sometime in the spring.

That was then pushed back to the end of 2020 before eventually being pushed to this winter.

READ MORE: Nova Scotia re-launches FOIPOP website after 152 days of being offline

The province has previously told Global News that COVID-19 has delayed the implementation of the website and that it has been conducting rigorous security testing to ensure the website is secure.

On Thursday, those delays finally came to an end.

Story continues below advertisement

“The public can now use the FOIPOP online portal to access information knowing that additional safeguards have been put in place to support increased security and privacy protocols,” said Minister of internal services, Patricia Arab, in a press release.

“The new portal restores the ability for people to easily submit requests and receive responses online.”

Click to play video: 'More instances of ‘unusual activity’ found on N.S. freedom of information website'
More instances of ‘unusual activity’ found on N.S. freedom of information website

After a meeting of cabinet on Thursday Arab said the province has a five-year contract worth $760,000 with two companies to operate the site.

Arab said it took time to set up the portal because the project was split into several parts. One portion involved receiving requests while another involved disclosing documents. Added security measures also required time, she said.

“We wanted to do as many security tests as we could and to come up with the right solutions, and we took seriously two reports given to us following the (security) breach,” Arab said.

Story continues below advertisement

Nearly 2,000 requests are filed annually in Nova Scotia.

With files from The Canadian Press

Sponsored content

AdChoices