Discussion:
Census: make your opinions counts: no to forced transit via the USA
(too old to reply)
JF Mezei
2006-05-02 21:27:12 UTC
Permalink
This year, the government wants us to fill out the census on-line.

Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.

1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca

http://www12.statcan.ca/IRC/english/contact_e.htm
Zanta Clause~
2006-05-03 00:38:28 UTC
Permalink
Post by JF Mezei
This year, the government wants us to fill out the census on-line.
Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.
1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca
http://www12.statcan.ca/IRC/english/contact_e.htm
This is terrible!

What if a group of malicious hackers got a hold of this information and set
out to ruin the census of an entire country, such as :
Canada eh?

They could possibly punk that web site and render it all useless.

Amazing.


Zanta Clause
Henry Wong
2006-05-03 02:30:28 UTC
Permalink
Post by JF Mezei
This year, the government wants us to fill out the census on-line.
Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.
1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca
http://www12.statcan.ca/IRC/english/contact_e.htm
IMHO, I don't think this is such a big deal.

The census is done over an https connection, which means intermediaries
(supposedly) would not be able to extract any information without
breaking the encryption. I am inclined to believe that 168-bit
encryption is sufficient.
Mike Tancsa
2006-05-03 05:08:41 UTC
Permalink
On Tue, 02 May 2006 22:30:28 -0400, Henry Wong
Post by Henry Wong
Post by JF Mezei
This year, the government wants us to fill out the census on-line.
Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.
1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca
http://www12.statcan.ca/IRC/english/contact_e.htm
IMHO, I don't think this is such a big deal.
The census is done over an https connection, which means intermediaries
(supposedly) would not be able to extract any information without
breaking the encryption. I am inclined to believe that 168-bit
encryption is sufficient.
Not to mention, there is FAR, FAR more information that you can buy
from any credit bureau, pretty well no questions asked than the info
on the Census short form...

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Mike Tancsa
2006-05-03 05:06:42 UTC
Permalink
On Tue, 02 May 2006 17:27:12 -0400, JF Mezei
Post by JF Mezei
This year, the government wants us to fill out the census on-line.
Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.
How do you figure that ? Bell is just one, and actually, they have
them as a lower pref.


% host www.statcan.ca
www.statcan.ca has address 142.206.64.31

The oregon route server shows them as fairly well connected.

route-views.oregon-ix.net>show ip bgp 142.206.64.31
BGP routing table entry for 142.206.0.0/16, version 15739770
Paths: (51 available, best #9, table Default-IP-Routing-Table)
Not advertised to any peer
4513 15290 2669
195.66.224.82 from 195.66.224.82 (209.10.12.222)
Origin incomplete, localpref 100, valid, external
6509 2884 818 19620
205.189.32.44 from 205.189.32.44 (205.189.32.44)
Origin IGP, localpref 100, valid, external
Community: 2884:818 6509:10 6509:65001 6509:65030
22388 11537 6509 2884 818 19620
192.203.116.253 from 192.203.116.253 (192.203.116.253)
Origin IGP, localpref 100, valid, external
Community: 11537:2501 22388:100
11537 6509 2884 818 19620
198.32.8.196 from 198.32.8.196 (198.32.8.196)
Origin IGP, metric 260, localpref 100, valid, external
Community: 11537:2501
3333 286 15290 2669
193.0.0.56 from 193.0.0.56 (193.0.0.56)
Origin incomplete, localpref 100, valid, external
6939 15290 2669
216.218.252.145 from 216.218.252.145 (216.218.255.241)
Origin IGP, localpref 100, valid, external
16150 15290 2669
217.75.96.60 from 217.75.96.60 (217.75.96.60)
Origin incomplete, metric 0, localpref 100, valid, external
Community: 16150:63392 16150:65320 16150:65334 16150:65351
286 15290 2669
134.222.85.45 from 134.222.85.45 (134.222.85.45)
Origin incomplete, localpref 100, valid, external
Community: 286:19 286:29 286:80 286:800 286:3031 286:4001
8001 15290 2669
209.123.12.51 from 209.123.12.51 (209.123.12.51)
Origin IGP, localpref 100, valid, external, best
Community: 8001:2000 8001:2008
5650 15290 2669
208.186.154.35 from 208.186.154.35 (207.173.112.63)
Origin incomplete, metric 0, localpref 100, valid, external
2905 701 15290 2669
196.7.106.245 from 196.7.106.245 (196.7.106.245)
Origin incomplete, metric 0, localpref 100, valid, external
5650 15290 2669
208.186.154.36 from 208.186.154.36 (207.173.112.11)
Origin incomplete, metric 0, localpref 100, valid, external
14608 19029 15290 2669
209.161.175.4 from 209.161.175.4 (209.161.175.4)
Origin incomplete, localpref 100, valid, external
Community: no-export
7018 15290 2669
12.0.1.63 from 12.0.1.63 (12.0.1.63)
Origin incomplete, localpref 100, valid, external
Community: 7018:2000
6453 577 2669 2669 2669 2669 2669 2669 2669
195.219.96.239 from 195.219.96.239 (195.219.96.239)
Origin incomplete, localpref 100, valid, external
3257 3561 577 2669 2669 2669 2669 2669 2669 2669
213.200.87.254 from 213.200.87.254 (213.200.87.40)



From my network, I have a number of paths to them including via
Allstream (aka MB Tel)

% traceroute www.statcan.ca
traceroute to www.statcan.ca (142.206.64.31), 64 hops max, 40 byte
packets
1 205.211.164.49 (205.211.164.49) 0.290 ms 0.239 ms 0.146 ms
2 telus-vl108 (67.43.129.246) 0.208 ms 0.237 ms 0.366 ms
3 toroonxndr01.bb.telus.com (209.115.140.137) 175.904 ms 159.808
ms 1.669 ms
4 toroonnlgr00.bb.telus.com (154.11.6.85) 1.303 ms 1.031 ms 0.990
ms
5 Allstream.toroonnlgr00.bb.telus.com (154.11.3.30) 0.677 ms 0.605
ms 0.664 ms
6 pos4-0-0.hcap3-ott.bb.allstream.net (199.212.172.10) 20.740 ms
19.951 ms 19.863 ms
7 216.191.228.70 (216.191.228.70) 22.368 ms 22.215 ms 22.264 ms
8 *^C


It never leaves Canada. Besides, the traffic is encrypted between
your browser and the statscan server. Hardly, "No protection"

---Mike
Post by JF Mezei
1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca
http://www12.statcan.ca/IRC/english/contact_e.htm
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
JF Mezei
2006-05-03 06:12:07 UTC
Permalink
Post by Mike Tancsa
How do you figure that ? Bell is just one, and actually, they have
them as a lower pref.
The oregon route server shows them as fairly well connected.
the cidr-report.org shows them as having just allstream and bell.

Looking at allstream, it does seem to be fairly well connected.
Post by Mike Tancsa
route-views.oregon-ix.net>show ip bgp 142.206.64.31
Paths: (51 available, best #9, table Default-IP-Routing-Table)
Not advertised to any peer
4513 15290 2669
195.66.224.82 from 195.66.224.82 (209.10.12.222)
Origin incomplete, localpref 100, valid, external
6509 2884 818 19620
205.189.32.44 from 205.189.32.44 (205.189.32.44)
Origin IGP, localpref 100, valid, external
Community: 2884:818 6509:10 6509:65001 6509:65030
This is interesting. How come you are getting routes to 2 different
destination AS ?

BTW, the statcan.ca web site is in 2669, not in 19620


Note that 818 is department of communications, and it is fed by only
allstream. Passing thorugh 2884 is invalid. 2884 is "RA-NAP" in marina
del Rey California. Looks like a rogue route to me.
Post by Mike Tancsa
From my network, I have a number of paths to them including via
Allstream (aka MB Tel)
If you exclude the rogue routes going to the wrong AS via RA-NAP, all
your routes shown go though allstream.
Post by Mike Tancsa
It never leaves Canada. Besides, the traffic is encrypted between
your browser and the statscan server. Hardly, "No protection"
I don't consider browser encryption to be something that would prevent
spy agencies from getting the data, especially when they know what field
names are being transmitted in the HTTP transaction, making it much
easier for them to decrypt it.

Remember that according to USA lawyers representing the US government,
foreigners no longer have any rights in the USA.
Mike Tancsa
2006-05-03 11:48:06 UTC
Permalink
On Wed, 03 May 2006 02:12:07 -0400, JF Mezei
Post by JF Mezei
Post by Mike Tancsa
How do you figure that ? Bell is just one, and actually, they have
them as a lower pref.
The oregon route server shows them as fairly well connected.
the cidr-report.org shows them as having just allstream and bell.
I have no idea what you were reading, but it was totally wrong to
conclude they were just connected to Bell and that the data had to go
through the US....
Post by JF Mezei
This is interesting. How come you are getting routes to 2 different
destination AS ?
Because they are advertising out of 2 ASes
Post by JF Mezei
BTW, the statcan.ca web site is in 2669, not in 19620
% host www.statcan.ca
www.statcan.ca has address 142.206.64.31

I see it advertised out of 2 ASes
293 6509 2884 818 19620
Post by JF Mezei
Note that 818 is department of communications, and it is fed by only
allstream. Passing thorugh 2884 is invalid. 2884 is "RA-NAP" in marina
del Rey California. Looks like a rogue route to me.
Looks pretty valid to me. What the display name at ARIN says is
totally independent of how the AS is used (e.g. exchange points).


% traceroute www.teksavvy.ca
traceroute to teksavvy.ca (206.248.154.226), 64 hops max, 40 byte
packets
1 205.211.164.49 (205.211.164.49) 0.168 ms 0.239 ms 0.147 ms
2 torix-vl108 (67.43.129.248) 0.208 ms 0.396 ms 0.209 ms
3 gw-teksavvy.torontointernetxchange.net (198.32.245.67) 0.988 ms
0.859 ms 0.677 ms
4 piero.pppoe.ca (65.39.134.4) 1.300 ms 1.325 ms 1.459 ms
5 206-248-140-42.dsl.teksavvy.com (206.248.140.42) 8.946 ms 8.728
ms 8.508 ms
^C
[auth2]%

... hop 3
% whois 198.32.245.2

OrgName: Exchange Point Blocks
OrgID: EPB
Address: PO 12317
City: Marina del Rey
StateProv: CA
PostalCode:
Country: US

NetRange: 198.32.0.0 - 198.32.255.255
CIDR: 198.32.0.0/16
NetName: NET-EP-1
NetHandle: NET-198-32-0-0-1
Parent: NET-198-0-0-0-0
NetType: Direct Assignment
NameServer: DOT.EP.NET
NameServer: FLAG.EP.NET
Comment:
RegDate: 1997-06-09
Updated: 2001-12-17

RTechHandle: WM110-ARIN
RTechName: Manning, Bill
RTechPhone: +1-310-322-8102
RTechEmail: ***@karoshi.com

# ARIN WHOIS database, last updated 2006-05-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

I guess you are saying the Torix routing is bogus because
198.32.245.0/24 is from Bill Manning as well ?
Post by JF Mezei
Post by Mike Tancsa
From my network, I have a number of paths to them including via
Allstream (aka MB Tel)
If you exclude the rogue routes going to the wrong AS via RA-NAP, all
your routes shown go though allstream.
Wrong

% traceroute www.statscan.ca
traceroute to www.statscan.ca (142.206.64.31), 30 hops max, 40 byte
packets
1 v42-cn-rt-mc.uwaterloo.ca (129.97.42.7) 0.529 ms 0.302 ms 0.432
ms
2 cn-rtext.uwaterloo.ca (129.97.10.3) 0.335 ms 0.287 ms 0.208 ms
3 ORION-WATERLOOU-RNE.DIST1-WTLO.IP.orion.on.ca (66.97.23.33) 0.337
ms 3.664 ms 10.688 ms
4 DIST1-GLPH-GE1-1.IP.orion.on.ca (66.97.16.22) 1.698 ms 1.681 ms
1.580 ms
5 DIST2-TORO-GE2-1.IP.orion.on.ca (66.97.16.30) 3.073 ms 3.035 ms
3.093 ms
6 DIST1-KNTN-GE1-1.IP.orion.on.ca (66.97.16.89) 8.466 ms 8.437 ms
8.326 ms
7 DIST1-OTWA-GE1-2.IP.orion.on.ca (66.97.16.73) 11.182 ms 11.140
ms 11.077 ms
8 198.32.149.10 (198.32.149.10) 11.314 ms 11.597 ms 11.524 ms
9 * * *
Post by JF Mezei
Post by Mike Tancsa
It never leaves Canada. Besides, the traffic is encrypted between
your browser and the statscan server. Hardly, "No protection"
I don't consider browser encryption to be something that would prevent
spy agencies from getting the data, especially when they know what field
names are being transmitted in the HTTP transaction, making it much
easier for them to decrypt it.
This too is nonsense.

Besides, the info you are posting in the short form is all readily
available to pretty well anyone through various credit bureaus and
other corporations. They dont need to spend tremdous amounts of
computing resources to brute force the data when its all there to buy.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Geoffrey Welsh
2006-05-03 14:28:31 UTC
Permalink
For the record, traceroutes from home via Primus go through TORIX and
Allstream. Traceroutes from work via Allstream... well, you can guess.
Post by Mike Tancsa
Because they are advertising out of 2 ASes
I ran StatCan's 146.206.0.0/16 through BGPlay, and it looks very wierd. Do
you ever use BGPlay and, if so, do you find it useful?
--
Geoffrey Welsh <Geoffrey [dot] Welsh [at] bigfoot [dot] com>
Never leave until tomorrow what can wait until next week.
Mike Tancsa
2006-05-03 22:42:00 UTC
Permalink
On Wed, 3 May 2006 10:28:31 -0400, "Geoffrey Welsh"
Post by Geoffrey Welsh
I ran StatCan's 146.206.0.0/16 through BGPlay, and it looks very wierd. Do
you ever use BGPlay and, if so, do you find it useful?
Hi,
Not really, but I make heavy use of their other resources,
specifically their route server

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Norman Wilson
2006-05-06 17:40:25 UTC
Permalink
For what it's worth, I decided to look at the online census
form mechanism this afternoon.

The paper form I received points me at www.census2006.ca,
which resolves to 205.194.32.200. A traceroute from my
Teksavvy fixed IP address goes to Cogent, and appears to
go through the US; in particular it transits routers whose
IP addresses resolve to names like

p15-0.core01.ord01.atlas.cogentco.com
bellnexxia.ord01.atlas.cogentco.com
core1-chicago23-pos0-2.in.bellnexxia.net

That doesn't mean everybody's accesses will go through the
US, but mine appear to do so.

I might have filled out the form anyway, since mine is
the short form, and anyone who is interested in stalking
me (whether privately or on the part of either of my countries
of citizenship) probably already knows my name, date of birth,
and marital status. But www.census2006.ca refuses to work
for me, claiming that my browser isn't good enough. Why
Firefox 1.0.8 isn't new enough for it is, I suppose, another
story, but one in which I don't have enough interest to
look further.

It does suggest that JF ought not to bother, since even if
the routing were to his liking his browser is probably not
to theirs.

I plan just to send in the paper, even though for all I know
someone in the US Consulate has made a back-room deal with
CSIS and Canada Post and will pick my form out of the mail,
note the results, and change them in the belief that only
by monkeying with the census can we make the world safe for
Republicans and meat byproducts.

Norman Wilson
Toronto ON
--
To reply directly, expel `.edu'.
Steven Winikoff
2006-05-06 20:54:03 UTC
Permalink
But www.census2006.ca refuses to work for me, claiming that my browser
isn't good enough. Why Firefox 1.0.8 isn't new enough for it is, I
suppose, another story, but one in which I don't have enough interest
to look further.
Given that the site claims to support firefox, my guess is that the
problem is with your version of Java. They claim to require a JVM
version of 1.4.2_3 or newer, and if you're still running firefox 1.0
you probably have an older JVM.

I'm not up to date on JVM security issues, but I can confirm that a
number of security holes in firefox itself were fixed in 1.5.0.2 and
1.5.0.3, so you might want to consider upgrading firefox regardless of
your opinion of Statistics Canada. :-)

- Steven
________________________________________________________________________
Steven Winikoff |
Concordia University |
Montreal, QC, Canada | There's an exception to every rule,
***@alcor.concordia.ca | except this one.
http://alcor.concordia.ca/~smw |
JF Mezei
2006-05-06 23:38:34 UTC
Permalink
Post by Steven Winikoff
Given that the site claims to support firefox, my guess is that the
problem is with your version of Java. They claim to require a JVM
version of 1.4.2_3 or newer, and if you're still running firefox 1.0
you probably have an older JVM.
Why would they need JAVA to fill a form ? It isn't as if you're playing
an on-line game or something.
Malcolm Ferguson
2006-05-07 14:46:26 UTC
Permalink
Post by JF Mezei
Post by Steven Winikoff
Given that the site claims to support firefox, my guess is that the
problem is with your version of Java. They claim to require a JVM
version of 1.4.2_3 or newer, and if you're still running firefox 1.0
you probably have an older JVM.
Why would they need JAVA to fill a form ? It isn't as if you're playing
an on-line game or something.
Security perhaps? More control over the data on the client perhaps?
Some browsers remember what you type in to HTML forms.

All of their secure online sites require Java that I've seen, which I've
admittedly only used for passport application and my CRA account.

Malc
Testy
2006-05-07 21:00:53 UTC
Permalink
Post by Malcolm Ferguson
Security perhaps? More control over the data on the client perhaps?
Some browsers remember what you type in to HTML forms.
Malc
If they were truly interested in Security they would not be using Internet
Explorer at all!

Testy

*** Posted via a free Usenet account from http://www.teranews.com ***
DevilsPGD
2006-05-10 05:11:54 UTC
Permalink
Post by Testy
Post by Malcolm Ferguson
Security perhaps? More control over the data on the client perhaps?
Some browsers remember what you type in to HTML forms.
Malc
If they were truly interested in Security they would not be using Internet
Explorer at all!
How do you figure?

While I wouldn't suggest using IE as a user, as a web server operator,
it's no more or less safe (to ME) if the end user uses IE, Firefox,
Opera, Lynx, Blazer, or anything else out there...
--
For recreational use only.
Snorkelson MacBurp
2006-05-07 02:32:06 UTC
Permalink
Post by Steven Winikoff
Given that the site claims to support firefox, my guess is that the
problem is with your version of Java. They claim to require a JVM
version of 1.4.2_3 or newer, and if you're still running firefox 1.0
you probably have an older JVM.
I'm not up to date on JVM security issues, but I can confirm that a
number of security holes in firefox itself were fixed in 1.5.0.2 and
1.5.0.3, so you might want to consider upgrading firefox regardless of
your opinion of Statistics Canada. :-)
I'm current with both and I had to use the Wife's XP box to complete the
census. I figured it was a Linux/SuSE thing.
Malcolm Ferguson
2006-05-07 14:47:44 UTC
Permalink
Post by Norman Wilson
www.census2006.ca refuses to work
for me, claiming that my browser isn't good enough. Why
Firefox 1.0.8 isn't new enough for it is, I suppose, another
story
It shouldn't be good enough. It should be upgraded to the latest version.

Malc
shell
2006-05-07 19:28:54 UTC
Permalink
Post by Norman Wilson
I might have filled out the form anyway, since mine is
the short form, and anyone who is interested in stalking
me (whether privately or on the part of either of my countries
of citizenship) probably already knows my name, date of birth,
and marital status. But www.census2006.ca refuses to work
for me, claiming that my browser isn't good enough. Why
Firefox 1.0.8 isn't new enough for it is, I suppose, another
story, but one in which I don't have enough interest to
look further.
It does suggest that JF ought not to bother, since even if
the routing were to his liking his browser is probably not
to theirs.
I plan just to send in the paper, even though for all I know
someone in the US Consulate has made a back-room deal with
CSIS and Canada Post and will pick my form out of the mail,
note the results, and change them in the belief that only
by monkeying with the census can we make the world safe for
Republicans and meat byproducts.
Norman Wilson
Toronto ON
Newsforge has an article about the online census not working on Linux a
few days ago:
http://trends.newsforge.com/article.pl?sid=06/05/04/233250

I doubt it's compatibility with other browsers like Opera, Konqueror,
either. By all means, if you are affected, send them a letter, comment,
email, or call them.
Madonna
2006-05-15 20:36:31 UTC
Permalink
If you manage to have a 100% secure route to statcan.ca they'll still get the info...
...since our government outsources private information to US firms.
(which of course are subject to the Patriot act and don't tell the Canadian
government when they've been looked at or copied.)

source: http://www.src.ca/nouvelles/National/2006/05/15/001-reseignement-canadiens-USA.shtml
(Radio-Canada, en francais)
Post by JF Mezei
This year, the government wants us to fill out the census on-line.
Unfortunatly, their web site is connected to Bell only. This means that
for the majority of canadians, our personal data will have to transit
via the USA where our data has no protection.
1 877 594-2006 and tell them that you refuse to fill out your census
on-line because of this and tell them t either tell Bell to start
peering or choose another transit provider for www.statcan.ca
http://www12.statcan.ca/IRC/english/contact_e.htm
Mike Tancsa
2006-05-16 01:46:10 UTC
Permalink
Post by Madonna
If you manage to have a 100% secure route to statcan.ca they'll still get the info...
...since our government outsources private information to US firms.
(which of course are subject to the Patriot act and don't tell the Canadian
government when they've been looked at or copied.)
source: http://www.src.ca/nouvelles/National/2006/05/15/001-reseignement-canadiens-USA.shtml
(Radio-Canada, en francais)
You are mischaracterizing the report you refer to. I translated it
roughly to "According to a document obtained by Radio-Canada, more
half of the agencies and ministries federal entrust to American
companies the management of personal Canadian information"

The rules that statscan uses are VERY, VERY strict and clearly laid
out and cannot be lumped into the privacy policies of other ministries
in general. Statscan is a non partisan organization and is world
respected for the quality and integrity of work they do. Have a look
at their privacy policies which are clearly laid out on their website
instead of making misleading claims about what they do.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
JF Mezei
2006-05-16 04:55:35 UTC
Permalink
Post by Mike Tancsa
The rules that statscan uses are VERY, VERY strict and clearly laid
out and cannot be lumped into the privacy policies of other ministries
in general.
Contracts awared prior to Patriot Act would have been awarded to USA
companies without thinking it possible the USA would turn into a police
state with no privacy garantees at all. Those contracts would still be
shipping canadian data to the USA at a time where the USA has clearly
stated that it will look into any data it has access to. The USA
recently even said that they want internet traffic between countries to
flow via the USA so they can spy on it.

Als, remember that the USA ambassador did state that candains do not
have any rights when travelling in the USA. So don't expect any privacy
laws applying to canadians when theyr data transits via the USA.
Mike Tancsa
2006-05-16 08:16:23 UTC
Permalink
On Tue, 16 May 2006 00:55:35 -0400, JF Mezei
Post by JF Mezei
Post by Mike Tancsa
The rules that statscan uses are VERY, VERY strict and clearly laid
out and cannot be lumped into the privacy policies of other ministries
in general.
Contracts awared prior to Patriot Act would have been awarded to USA
Again, you are making the assumption they have access to the data.
Have a look at the statscan website to understand their involvement.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Madonna
2006-05-31 12:08:21 UTC
Permalink
Post by Mike Tancsa
On Tue, 16 May 2006 00:55:35 -0400, JF Mezei
Post by JF Mezei
Contracts awared prior to Patriot Act would have been awarded to USA
Again, you are making the assumption they have access to the data.
They're on a data collecting spree right now...
Today's privacy headline is the collection of web site visitor's IP addresses.

WASHINGTON (CNN) -- The attorney general and the FBI director have asked the nation's leading Internet service companies
to keep a variety of customer information and other data for two years, much longer than the companies do now, the
Justice Department confirmed Tuesday.

Companies have varying policies regarding what information is kept and for how long.

One thing the Justice Department wants is some type of subscriber information, such as the Internet address assigned to
a person when logging on to a service provider, according to two sources familiar with a meeting that was held last week
between the government and the Internet companies.
...
The Internet companies have said there are other ways to get the information without them having to hand it over and
believe requests like this are burden to the industry, the sources said.
...

http://www.cnn.com/2006/TECH/internet/05/30/internet.records/index.html
JF Mezei
2006-05-31 19:27:48 UTC
Permalink
Post by Madonna
WASHINGTON (CNN) -- The attorney general and the FBI director have asked the nation's leading Internet service companies
to keep a variety of customer information and other data for two years, much longer than the companies do now, the
Justice Department confirmed Tuesday.
Gets worse. La Presse reported that canadian subsidiaries of US
corporations are/may be subject to patriot act requests for them to hand
over payroll information of their canadian employees.

And of course, if you're travelled to the USA on an airplane in the last
few years, the USA government knows all about you because the canadian
government buckled under the pressure to transmit all the private data
in a reservation to the USA government to a foreign government despite
this being against the data privacy act. (similar process was just
struck down by the european courts).


The USA basically has no effective privacy act. So the second you
transmit info to them, it is no longer protected. There have been
instances of real passenger information being handed over to contrators
for "tests", and the contractors used that data to build popwerpoint
slides that were used in public conferences.

Your reservation data contains all the info you need for identity theft.
(passport number, credite card number, telephone number, address if they
send tickets/receipt by paper mail, your FF number, what hotels you
might be staying at, the telephone number where you'll be while in the
USA, who you are travelling with and what other flights you are on for
the same reservation.

Since all international credit card transations go through the USA,
whenever your use your credit card for an international purchase, the
USA regime can lookup its transport database and get your full name and
other details.
Some Guy
2006-06-02 13:33:10 UTC
Permalink
Post by JF Mezei
Your reservation data contains all the info you need for
identity theft.
Not exactly.
Post by JF Mezei
passport number
Which is not linked to anything of any real value, such as your credit
card, your SIN number, your bank accounts, etc.
Post by JF Mezei
credit card number
Someone having your CC number by itself usually can't be used for ID
theft, fraud, etc. Think of all the times that your CC number is
given to restaurant waiters when you pay your bill. They get to see
two extra pieces of info that is not on your air-travel itinerary:
The 3-digit code on the back of the card, the exact name on the card,
and potentially even the expiry date. To do some real dammage, you'll
usually need the card's billing address and a few other things.
Post by JF Mezei
telephone number
Give your work number, or cell phone - not home number.
Post by JF Mezei
address if they send tickets/receipt by paper mail
Again use work address.
Post by JF Mezei
your FF number
The utility of which is questionable
Post by JF Mezei
what hotels you might be staying at
Which has an extremely short, time-limited value, if any.
Post by JF Mezei
the telephone number where you'll be while in the USA
I'm never asked for that.
Post by JF Mezei
who you are travelling with and what other flights
you are on for the same reservation.
Not sure how that could be used for ID theft or fraud.
Post by JF Mezei
Since all international credit card transations go through
the USA,
I'm thinking that anyone in Canada who holds a Mastercard or Visa and
uses it to buy anything in Canada will probably have that same
information go through a USA-based processing center, which means it's
available for US agencies to look into.
Stephen
2006-06-02 15:45:00 UTC
Permalink
On Fri, 02 Jun 2006 09:33:10 -0400, Some Guy in can.internet.highspeed wrote:

<snip excellent response>
Post by Some Guy
Give your work number, or cell phone - not home number.
I'm thinking that anyone in Canada who holds a Mastercard or Visa and
uses it to buy anything in Canada will probably have that same
information go through a USA-based processing center, which means it's
available for US agencies to look into.
Very good point(s) that many of the "know it alls" here, didn't even think
to ponder. LOL
JF Mezei
2006-06-02 19:26:32 UTC
Permalink
Post by Some Guy
Post by JF Mezei
passport number
Which is not linked to anything of any real value, such as your credit
card, your SIN number, your bank accounts, etc.
It is a "master key" that the US government captures at every border
crossing. Because in the PNR, your passport number is entered along
with all the other info, the US regime can cross reference it. Also,
they can use "diplomatic" means to obtain more information about you
with your passport number ("to confirm your identity" would be the fake
reason they are giving.
Post by Some Guy
Someone having your CC number by itself usually can't be used for ID
theft, fraud, etc.
The airline is accepting your CC transaction based on all the
information you have provided in the PNR. That information is far more
than enough to do identity theft.
Post by Some Guy
Think of all the times that your CC number is
given to restaurant waiters when you pay your bill.
They don't know your residence, birth date, contact info in case of accident.
Post by Some Guy
The 3-digit code on the back of the card, the exact name on the card,
and potentially even the expiry date.
When you book via the web, that same information is stored in your PNR.
Post by Some Guy
To do some real dammage, you'll
usually need the card's billing address and a few other things.
Which is often stored in the PNR, especially if you start off by giving
your FF number which allows teh airline to build a PNR with the FF
information already filled. So if you need tickets/receipt sent by mail,
they already have that info.
Post by Some Guy
Give your work number, or cell phone - not home number.
Actually, you need to always change phone numbers. Authorities don't
clue in on the actual telephone number but rather on repeated use of
same number in order to associate various pieces of information
collected from different places. If you give a owrk number, the regime
also knows who you work for, and when you go through US immigration,
they might be able to check if you are telling the truth when they ask
you where you work.

Besides, do you really want to live in a country where you have to work
to hide your information from your own government ?
Post by Some Guy
Post by JF Mezei
your FF number
The utility of which is questionable
You greatly underestimate this. If you travel domestically in the USA,
the FF number is as close to a passport identification. And they can
also link different itineraies you have taken and see if you used
different credit cards for payments.
Post by Some Guy
Post by JF Mezei
what hotels you might be staying at
Which has an extremely short, time-limited value, if any.
No sir. This is extremely valuable info. Because if you happen to stay
in the same Vegas hotel as an al-qeada operative during the same period,
you become a terrorist suspect because you might have had as puprose of
your trip meeting that person to plan a terrorist attempt.
Post by Some Guy
Post by JF Mezei
the telephone number where you'll be while in the USA
I'm never asked for that.
Airlines routinely ask for that for trips that are more than a few days.
But only if you book directly with the airline. This is so they could
try to reach you and advise you of schedule changes. If it is booked
through a web site or travel agency (both are really the same), then the
airline has no responsability to try to contact you to advise of
schedule changes.
Post by Some Guy
I'm thinking that anyone in Canada who holds a Mastercard or Visa and
uses it to buy anything in Canada will probably have that same
information go through a USA-based processing center, which means it's
available for US agencies to look into.
Actually, for transactions that remain in Canada (canadian company
dealing with canadian bank/card processor, candain cardholder dealing
with canadian bank and transaction in CAD, then it stays in Canada.

However, Air Canada uses a US based credit card processor, so any of
your purchases on Air Canada, even if to travel between Gander and
Halifax will go through the USA.
Madonna
2006-06-03 13:24:57 UTC
Permalink
Post by JF Mezei
Post by Some Guy
I'm thinking that anyone in Canada who holds a Mastercard or Visa and
uses it to buy anything in Canada will probably have that same
information go through a USA-based processing center, which means it's
available for US agencies to look into.
Actually, for transactions that remain in Canada (canadian company
dealing with canadian bank/card processor, canadian cardholder dealing
with canadian bank and transaction in CAD, then it stays in Canada.
Pay attention to the "card processor" location.
For example, CIBC signed in 2002 a 10 year agreement Total Systems Services Inc
of Columbus GA to outsource credit card processing operations.

And the cardholder agreement was modified:
"I acknowledge that in the event that a Service Provider is located in the United States, my information may be
processed and stored in the United States and that United States governments, courts or law enforcement or regulatory
agencies may be able to obtain disclosure of my information through the laws of the United States...."

RBC has also outsourced to Total System Services.
( http://www.radio-canada.ca/nouvelles/Index/nouvelles/200410/01/006-Visa-CIBC-Patriot.shtml )

Banks that operate their credit card operations in Canada: Scotia (Visa), BMO (MasterCard).
Mike Tancsa
2006-06-02 00:19:38 UTC
Permalink
Post by Madonna
Post by Mike Tancsa
On Tue, 16 May 2006 00:55:35 -0400, JF Mezei
Post by JF Mezei
Contracts awared prior to Patriot Act would have been awarded to USA
Again, you are making the assumption they have access to the data.
They're on a data collecting spree right now...
What does it have to do with the Census ? The website is NOT in the
US (where as the protest site about the Census www.countmeout.ca is
still in the US?!?!) and its NOT run by American companies.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Madonna
2006-06-02 13:47:35 UTC
Permalink
Post by Mike Tancsa
What does it have to do with the Census ?
Just branching off-topic wrt census and discussing the data privacy issue in general.

Just thought it'd more appropriate to put it in this thread than in the Richard Scoville or TV threads ;)
Some Guy
2006-06-02 13:17:59 UTC
Permalink
Post by Madonna
WASHINGTON (CNN) --
One thing the Justice Department wants is some type of
subscriber information, such as the Internet address
assigned to a person when logging on to a service
provider.
The Internet companies have said there are other ways to
get the information without them having to hand it over...
Ok, so tell me what are those other ways to find out IP assignments?

Who else besides the ISP has that info?
JF Mezei
2006-06-02 19:06:29 UTC
Permalink
Post by Some Guy
Post by Madonna
The Internet companies have said there are other ways to
get the information without them having to hand it over...
Ok, so tell me what are those other ways to find out IP assignments?
Who else besides the ISP has that info?
The point is: if the regime suspects someone, they get a court order and
then get the ISP to reveal who used that IP at a certain time or start
monitoring that traffic.

Requesting ISP to maintain records of this for 2 years is onerous.

Lets face it, if the Bush regime is 2 years behind in analysing all the
ifnormation they are collecting under their "total information
awareness" philosophy, (so they want to be able to go to ISPs and ask
the identity of the user of an IP 2 years ago at a certain time/date),
it means that their plan isn't going to foil any terrorist attempt.

Of course, the total information awareness matra is probably not about
terrorism. There was another republican government back in the 1970s
that also wanted to know about what others were doing, especially at a
now well known hoter named "Watergate".
JF Mezei
2006-06-02 20:51:41 UTC
Permalink
To those who don't believe the US regime is out to spy on civilians:

http://news.com.com/Week+in+review+Keeping+watch+over+Web+surfing/2100-1083_3-6079302.html?tag=nefd.lede
Some Guy
2006-06-03 02:43:19 UTC
Permalink
Post by JF Mezei
Post by Some Guy
Post by Madonna
The Internet companies have said there are other ways to
get the information without them having to hand it over...
Ok, so tell me what are those other ways to find out IP
assignments? Who else besides the ISP has that info?
The point is: if the regime suspects someone, they get a court
order and then get the ISP to reveal who used that IP at a certain
time or ...
And if the ISP only has records back to a week or two, and the gov't
wants to know who owned a certain IP a month or two ago, then the
gov't won't really get the info they want now will they?

And I've asked this question many times - and never gotten an answer:

What rules are US and Canadian ISP's currently operating under when it
comes to archiving customer IP assignments?

Clearly it is in the ISP's best interest to store IP assignment
information for as short a time as possible, to the point of limiting
it only as long as necessary for correct network functionality. The
shorter this time is, the more limited will be it's value when the
gov't or the RIAA come knocking.

And what about third-party usenet services, like giganews? What is
their policy of keeping records that would allow authorities to learn
the source of specific posts? Which usenet providers perform no
coding of their posts that would allow back-tracking to a specific
user?
Post by JF Mezei
Requesting ISP to maintain records of this for 2 years is
onerous.
Yes it is, but what is the current rule or regulation?
Post by JF Mezei
Of course, the total information awareness matra is probably
not about terrorism.
Political counter-intelligence aside, total information awareness
really has only one primary goal:

To allow the gov't to learn which of it's citizens owes it money, to
learn how much money, to learn where that money is, to learn where the
citizen is. It's about taxes, tax evasion, and the IRS. You don't
run up a huge national debt without being concerned about how to make
sure your citizens pay for it, or your lenders will lose confidence in
you and will dump your debt and you will suffer economic and social
chaos on scale never seen before.
JF Mezei
2006-06-03 04:06:10 UTC
Permalink
Post by Some Guy
What rules are US and Canadian ISP's currently operating under when it
comes to archiving customer IP assignments?
There are no rules. If the RCMP comes to them with a "search warrant",
then the ISP is forced to let the RCMP snoop traffic from a particular user.

For dialup connections, one needs to keep more records because often, it
is ISP #1 that gets the call and bills ISP #2 because that user belongs
to #2 but who got an ISP #1 IP address. This is done via Radius servers
etc.

For DSL, it isn't so obvious that there needs to be records because ISP
#1 doesn't bill per connection, they have fixed bills per month. On the
other hand, they do have usage records for bandwidth use so obviously,
they can associate an IP to a user.
Madonna
2006-05-16 06:48:35 UTC
Permalink
Post by Mike Tancsa
Post by Madonna
If you manage to have a 100% secure route to statcan.ca they'll still get the info...
...since our government outsources private information to US firms.
(which of course are subject to the Patriot act and don't tell the Canadian
government when they've been looked at or copied.)
source: http://www.src.ca/nouvelles/National/2006/05/15/001-reseignement-canadiens-USA.shtml
(Radio-Canada, en francais)
You are mischaracterizing the report you refer to. I translated it
roughly to "According to a document obtained by Radio-Canada, more
half of the agencies and ministries federal entrust to American
companies the management of personal Canadian information"
The rules that statscan uses are VERY, VERY strict and clearly laid
out and cannot be lumped into the privacy policies of other ministries
in general. Statscan is a non partisan organization and is world
respected for the quality and integrity of work they do. Have a look
at their privacy policies which are clearly laid out on their website
instead of making misleading claims about what they do.
"Yes, the American FBI could, under the infamous Patriot Act, access your census information.
It seems Census Canada, mired in the usually right-wing thought that anything done by Americans is better than that done
by Canadians, has contracted out the software and data processing to an American company -- a subsidiary of weapons
manufacturer Lockheed Martin. "
source: Williams Lake Tribune, May 11 2006
link: http://www.wltribune.com/portals-code/list.cgi?paper=37&cat=48&id=646535
Mike Tancsa
2006-05-16 08:15:11 UTC
Permalink
Post by Madonna
Post by Mike Tancsa
Post by Madonna
If you manage to have a 100% secure route to statcan.ca they'll still get the info...
...since our government outsources private information to US firms.
(which of course are subject to the Patriot act and don't tell the Canadian
government when they've been looked at or copied.)
source: http://www.src.ca/nouvelles/National/2006/05/15/001-reseignement-canadiens-USA.shtml
(Radio-Canada, en francais)
You are mischaracterizing the report you refer to. I translated it
roughly to "According to a document obtained by Radio-Canada, more
half of the agencies and ministries federal entrust to American
companies the management of personal Canadian information"
The rules that statscan uses are VERY, VERY strict and clearly laid
out and cannot be lumped into the privacy policies of other ministries
in general. Statscan is a non partisan organization and is world
respected for the quality and integrity of work they do. Have a look
at their privacy policies which are clearly laid out on their website
instead of making misleading claims about what they do.
"Yes, the American FBI could, under the infamous Patriot Act, access your census information.
It seems Census Canada, mired in the usually right-wing thought that anything done by Americans is better than that done
by Canadians, has contracted out the software and data processing to an American company -- a subsidiary of weapons
manufacturer Lockheed Martin. "
source: Williams Lake Tribune, May 11 2006
link: http://www.wltribune.com/portals-code/list.cgi?paper=37&cat=48&id=646535
An op-ed in .... The Williams Lake Tribune ?? There is nothing in
there of substance, other than repeating some of the misinformation
here.

From the stats can website (see below for info about countmeout.ca)

<----- quote ----->
http://www12.statcan.ca/IRC/english/confidentiality_e.htm

By law, Statistics Canada must protect the confidentiality of the
information you provide on its surveys and censuses. All Statistics
Canada employees must take an oath of secrecy, and are subject to
fines and/or imprisonment should they reveal identifiable information
derived from the Census. Any possible breach of the confidentiality of
Census returns is an exceedingly serious matter which would be
investigated immediately and thoroughly and be subject to the full
force of the Statistics Act.
http://www.statcan.ca/english/about/statact.htm

....

Contract staff are never in possession of confidential data. Contract
staff are only allowed escorted access to Statistics Canada's secure
facilities if they have been security cleared and sworn-in under the
Statistics Act. They are accompanied by a Statistics Canada employee
at all times during their visit to any secure facility. Contract
employees are not allowed to bring in or take out any electronic
device such as a laptop, CD-ROM, memory stick, etc.

Processing of census returns
The processing of individual census returns will be undertaken by
employees of Statistics Canada. NO private sector employees will be
involved in the processing of 2006 Census questionnaires or any other
census information.

<---- end quote ---->



Why on earth would the CIA go to all the trouble of devising a
fiendishly clever trojan horse system to be embedded in various form
reading hardware, that will somehow create a network connection out of
Stats Canada where none currently exists only to transmit information
on how many people live in your household and how old you are when it
would be FAR, FAR, FAR, FAR easier to just ask VISA or Mastercard or
American Express for this information and have WAY, WAY, WAY more info
than whats in the census form.

Instead, people want to sabotage the information that helps all sorts
of Canadian public and private organizations from school boards
projecting growth to businesses gaging demand that ultimately make
your life better and governments and corporations more efficient.
Bizarre.

But even better, the website www.countmeout.ca which is trying to for
better or worse tie this to free trade and an abrogation of
sovereignty issues and says,

"So even if Statistics Canada could guarantee the privacy of personal
census data, we believe the fact that the census software and hardware
have been contracted out under NAFTA to a subsidiary of US weapons
manufacturer Lockheed Martin is in itself an affront to Canadians."

Yet, the irony is lost on them that they host their website in the
USA! Even better, it gets transit from AT&T! You know, the company
who was all too happy to hand over information in violation of US
privacy laws ?

shell1% host www.countmeout.ca
www.countmeout.ca is a nickname for countmeout.ca
countmeout.ca has address 12.129.179.121
countmeout.ca mail is handled (pri=10) by mail.countmeout.ca
shell1% whois -h whois.arin.net 12.129.179.121
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
NETWORK INNOVATIONS NETWORK-23-179 (NET-12-129-179-0-1)
12.129.179.0 - 12.129.179.255

# ARIN WHOIS database, last updated 2006-05-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
shell1%
route-server>traceroute www.countmeout.ca
Translating "www.countmeout.ca"...domain server (12.127.17.83) [OK]

Type escape sequence to abort.
Tracing the route to countmeout.ca (12.129.179.121)

1 white_dwarf.cbbtier3.att.net (12.0.1.1) [AS 7018] 0 msec 0 msec 0
msec
2 ar13.s10-0-0.n54ny.ip.att.net (12.124.182.17) [AS 7018] 4 msec 0
msec 4 msec
3 tbr1-p011905.n54ny.ip.att.net (12.123.0.42) [AS 7018] [MPLS: Label
31252 Exp 0] 24 msec 24 msec 24 msec
4 tbr1-cl14.cgcil.ip.att.net (12.122.10.2) [AS 7018] [MPLS: Label
31104 Exp 0] 24 msec 24 msec 24 msec
5 ar3-a3120s4.cgcil.ip.att.net (12.123.4.69) [AS 7018] 20 msec 20
msec 24 msec
6 12.119.137.50 [AS 7018] 20 msec 24 msec 20 msec
7 ge0-0.aggr01.00e0.02e4.eqix.ord.serveraxis.net (209.144.74.253)
[AS 36252] 24 msec 200 msec 200 msec
8 countmeout.ca (12.129.179.121) [AS 36252] 204 msec 204 msec 200
msec
route-server>

Countmeout.ca is concerned that our public institutions are doing
business with evil US corporations, yet they choose to host their
protest website with one in and in the USA !?!?!

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Madonna
2006-05-16 17:20:46 UTC
Permalink
Post by Mike Tancsa
An op-ed in .... The Williams Lake Tribune ??
Radio-Canada seems to think there is. You accused me of mistranslating
them so I provided an english version so I could directly quote it.
Post by Mike Tancsa
There is nothing in there of substance, other than repeating some
of the misinformation here.
There is one thing of substance, the fact that StatCan outsourced to Lockheed Martin.
Post by Mike Tancsa
From the stats can website (see below for info about countmeout.ca)
<----- quote ----->
http://www12.statcan.ca/IRC/english/confidentiality_e.htm
By law, Statistics Canada must protect the confidentiality of the
information you provide on its surveys and censuses. All Statistics
Canada employees must take an oath of secrecy, and are subject to
fines and/or imprisonment should they reveal identifiable information
derived from the Census.
There are no issues with Statistics Canada employees. It's the subcontractors living
outside of Canada (i.e. where Canadian laws don't apply) that are worrying.
Post by Mike Tancsa
Any possible breach of the confidentiality of Census returns is an exceedingly
serious matter which would be investigated immediately and thoroughly and be subject
to the full force of the Statistics Act.
The full force of the Statistics Act is nil outside of Canada.
Post by Mike Tancsa
Contract staff are never in possession of confidential data. Contract
staff are only allowed escorted access to Statistics Canada's secure
facilities if they have been security cleared and sworn-in under the
Statistics Act. They are accompanied by a Statistics Canada employee
at all times during their visit to any secure facility. Contract
employees are not allowed to bring in or take out any electronic
device such as a laptop, CD-ROM, memory stick, etc.
Processing of census returns
The processing of individual census returns will be undertaken by
employees of Statistics Canada. NO private sector employees will be
involved in the processing of 2006 Census questionnaires or any other
census information.
Ok that's relevant information. Looks like they're serious about security
(i.e. better than the drugstores or the Societe de l'Assurance-Auto du Quebec).
They probably have less holes than the average government agency.

Who compiles the software?
Does StatCan review the source code and then compile it themselves?
Post by Mike Tancsa
Why on earth would the CIA go to all the trouble of devising a
fiendishly clever trojan horse system to be embedded in various form
reading hardware, that will somehow create a network connection out of
Stats Canada where none currently exists only to transmit information
on how many people live in your household and how old you are when it
would be FAR, FAR, FAR, FAR easier to just ask VISA or Mastercard or
American Express for this information and have WAY, WAY, WAY more info
than whats in the census form.
Data Mining is done by the NSA not the CIA. Collecting data from as many sources
as possible to have 100% coverage of telecommunications. Internet, Phone, etc.
http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm
Billions spent yet Osama is still free...
Post by Mike Tancsa
Instead, people want to sabotage the information that helps all sorts
of Canadian public and private organizations from school boards
projecting growth to businesses gaging demand that ultimately make
your life better and governments and corporations more efficient.
Well there's some useful information collected, but what you do with it
is another topic. For example, they build Mirabel supposedly because
growth predicted the saturation of Dorval airport.
Post by Mike Tancsa
But even better, the website www.countmeout.ca which is trying to for
better or worse tie this to free trade and an abrogation of
sovereignty issues and says,
They have their own agenda. It's more of a blog that looks like a web site.
Post by Mike Tancsa
Yet, the irony is lost on them that they host their website in the
USA! Even better, it gets transit from AT&T! You know, the company
who was all too happy to hand over information in violation of US
privacy laws ?
Yeah that's funny. OTOH they don't host confidential information (except
for honeypotting visitor IP addresses on the server).
Post by Mike Tancsa
Countmeout.ca is concerned that our public institutions are doing
business with evil US corporations, yet they choose to host their
protest website with one in and in the USA !?!?!
Might be a free or almost-free hosting. The web site looks like a one-man show.
JF Mezei
2006-05-16 18:59:50 UTC
Permalink
Post by Madonna
There is one thing of substance, the fact that StatCan outsourced to Lockheed Martin.
This, in itself, doesn't mean that the data goes the the USA. The USA
company may have loaned hardware that is installed in Stats Can
premises. They may have provided the software and training for stats can
employees to do their work, and they may be only there as support staff
when stuff doesn't work.
Post by Madonna
There are no issues with Statistics Canada employees. It's the subcontractors living
outside of Canada (i.e. where Canadian laws don't apply) that are worrying.
Contractors outside of canada who provide support by telephone are not
the problem. The problem is if the data physically resides or travels
through the USA. This is where the NSA/CIA/whatever will have full
access to it, especially since the USA has saidf theyr were keener in
inspecting data/calls that are international and flow through/to the USA.
Post by Madonna
The full force of the Statistics Act is nil outside of Canada.
Correct. However, at the time they signed the contracts, Stats Can would
have had to ensure that the contractors would be able to abide by the
Stats Can rules.

And here is where it gets complicated: Would the canadian government
admit publically that it refused to deal with a USA firm because the
USA's police state policies ? (I personally think it should, perhaps USA
businesses would then lobby the USA regime to bring back democracy and
pricacy/liberty to the USA because Rumsfeld/Cheney/Wolfowitz' s antics
are costing real money to american businesses.
Post by Madonna
Data Mining is done by the NSA not the CIA.
Billions spent yet Osama is still free...
Ossama was just the excuse needed to allow the regime to implement its
police state. And the long his name sake is alive, the longer audio
tapes are released and immediatly confirmed by the CIA, the longer the
US regime can instill fear in americans and continue their police state policies.

Has they announced they had killed Ossama within weeks of invading
Afghanistan, Rumsfeld,Cheney,Wolfowitz would never have been able to
push through their agenda to kill the prevous deal with North Korea to
bring it to its knees, invade Iraq to get rid of Saddam and then pester
Iran until it becomes friendly to the USA.

And now, the USA have begun to pick on Venezuella for no reason, even
though Venezuella is a huge supplier of oil to the USA and it hasn't
done any harm to americans, in fact, they have supplied subsidized oil
to poor families in certain USA cities. Yesterday, they have begun to
label Venezuella as a terrorist supporting state.
Post by Madonna
Well there's some useful information collected, but what you do with it
is another topic. For example, they build Mirabel supposedly because
growth predicted the saturation of Dorval airport.
Dorval had been saturated by the time Mirabel opened. Those predictions
were right. What they didn't predict is the economic downturn caused by
all the head offices moving to Toronto after the PQ got into power in
1976. Demand in air travel for Montreal shrunk back to a level where 25
years later, they could fit the demand back into Dorval. And while they
may have wasted billions to build the new wings, those new wings replace
the old ones and don't really add significant number of gates.


In fact, while Dorval had stated that building the US wing was so urgent
to handle growth that it couldn't afford to wait for environmental
impact, once construction was started, they tore up 4 gates on the old
US wing to allow for work to proceed and then ran out of funds and
Dorval was able to operate with fewer gates for USA flights for many
years while Dorval tried to get money to finish the work it started. So
the "urgent need for more gates" translated into "we are able to operate
for over 5 years with 4 fewer gates".

What the census doesn't show is whether the jobs in a city are jobs that
generate business air travel or not. Employees of a regional office of
a bank in Montreal aren't going to travel to London or New York to
strike huge deals. It is the employees of the headquarters in Toronto
who will do that travel. Hence Toronto airport having stolen the "hub"
status from montréal.
Post by Madonna
Post by Mike Tancsa
Countmeout.ca is concerned that our public institutions are doing
Might be a free or almost-free hosting. The web site looks like a one-man show.
If you have enough principles to make a web site to warn about USA no
longer having proper data privacy, then you should strive to have your
web site hosted in Canada. I think the only comeback this guy could have
is to state that at the time he signed up, he was unaware it was a USA
hosted system and use this as an exmaple of how many canadians are
unaware that their personal data ends up unkowingly in the USA where
there is no privacy.


Note that an american citizen could challenge the USA government at the
supreme court and have the supreme court strike down those laws that
void data privacy. A canadian citizen whose personal data ended up in
the USA and used wrongly has no recourse.


Recall that the USA doesn't have strict data privacy rules like canada
or the EU. (and Canada's aren't as strict as those in the EU). The USA
regime forced a few airlines to donate their reservation data for
analysis. This is for travellers who had not been told while making a
reservation that their data would be sent to the regime. The regime then
gave a contract to some republican consulting form for analysis. That
firm used that data during powerpoint presentations in PUBLIC
conferences because they thought it was just dummy test data.
Some Guy
2006-05-18 23:41:59 UTC
Permalink
Post by JF Mezei
The problem is if the data physically resides or travels
through the USA. This is where the NSA/CIA/whatever will
have full access to it ...
The US can force any entity that operates or has a presence in the USA
to turn over any communications or data that it has within it's
corporate possession or control.

It the entity has operations (subsidiaries, equipment, data, etc) in
other countries, then those communications or data are also subject to
seizure and foreign gov'ts will (and have) acted on behalf of the US
gov't to perform said seizure and, where requested, have forced
web-sites and web-hosts to take down servers hosting content deemed
sensitive by US agencies.
Mike Tancsa
2006-05-17 00:43:01 UTC
Permalink
Post by Madonna
Post by Mike Tancsa
An op-ed in .... The Williams Lake Tribune ??
Radio-Canada seems to think there is. You accused me of mistranslating
them so I provided an english version so I could directly quote it.
The SRC link you sent talked about "ministries in general" not Stats
Canada specifically which has laws specific to it and cannot be
compared to ministries in general. Then you posted a link to an OpEd
piece as if were fact which has great claims like, if you fill you're
your census online, "Countmeout.ca says this means your information
goes straight to the weapons manufacturers." Really ? Show me how.
And please, no references to "24" or "Alias" where it "just goes
through the firewall" and 1024bit encryption is cracked in seconds..
(For a quick ref on cracking speeds, see
http://www.thecrypt.co.uk/lockdown/recovery_speeds.html)
.
Post by Madonna
Post by Mike Tancsa
There is nothing in there of substance, other than repeating some
of the misinformation here.
There is one thing of substance, the fact that StatCan outsourced to Lockheed Martin.
If they outsourced their coffee machines and grass cutting to local
mobsters, would this make your data less safe ? Take a look again to
see what exactly their involvement is before getting too worried.
Look, I am pretty cheesed off about MML having ANY involvement too.
But Stats Canada stated they publicly tendered their requirements and
they were the only ones who showed up to bid. If it were up to me, I
think this would be a great investment the government should have made
to develop these tools in-house. But sadly, politically I am sure
there would be far too many people who would try and make political
hay out of it.
Post by Madonna
Ok that's relevant information. Looks like they're serious about security
(i.e. better than the drugstores or the Societe de l'Assurance-Auto du Quebec).
They probably have less holes than the average government agency.
Yes, I wish all companies and organizations took the same care they
do.
Post by Madonna
Who compiles the software?
Does StatCan review the source code and then compile it themselves?
Do you have the source code to Windows to examine ? Again, look at
how they handle the data. The fact that they have done so much due
dillegence in other areas, I would give them the benefit of the doubt
they would do what they can to mitigate this risk.
Post by Madonna
Post by Mike Tancsa
Why on earth would the CIA go to all the trouble of devising a
fiendishly clever trojan horse system to be embedded in various form
reading hardware, that will somehow create a network connection out of
Stats Canada where none currently exists only to transmit information
on how many people live in your household and how old you are when it
would be FAR, FAR, FAR, FAR easier to just ask VISA or Mastercard or
American Express for this information and have WAY, WAY, WAY more info
than whats in the census form.
Data Mining is done by the NSA not the CIA.
I am sure BOTH do it and far more. But I dont see how based on the
information available to us they would have confidential information
to mine in the first place. Besides, the private sector has way more
interesting info that 3/4 telcos seemed all too happy to hand over.
Post by Madonna
Post by Mike Tancsa
Yet, the irony is lost on them that they host their website in the
USA! Even better, it gets transit from AT&T! You know, the company
who was all too happy to hand over information in violation of US
privacy laws ?
Yeah that's funny. OTOH they don't host confidential information (except
for honeypotting visitor IP addresses on the server).
But still, they pay some money to them. They are all upset about
outsourcing to US companies and here they are outsourcing to a US
company themselves ? I hope they use different passwords than on those
accounts at AT&T for their other activities :)

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Madonna
2006-05-23 18:20:41 UTC
Permalink
Post by Mike Tancsa
The SRC link you sent talked about "ministries in general" not Stats
Canada specifically which has laws specific to it and cannot be
compared to ministries in general.
The media are way too vague in their reporting. The source of the news
item seems to be the Privacy Commissioner, and he/she seems to agree with you.

http://www.privcom.gc.ca/media/nr-c/2006/nr-c_060406_e.asp
http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/pm-prp/pm-prp04_e.asp

"Statistics Canada only keeps personal information on its government premises, and the Canada Revenue Agency stores and
backs up all Canadian taxpayer information on-site only.
The USA PATRIOT Act, however, drew attention to the fact that best practices should be more uniform throughout
government. It also drew attention to the need for additional measures that would build upon and complement existing
safeguards. "
Post by Mike Tancsa
Then you posted a link to an OpEd piece as if were fact which has great claims like, if you fill you're
your census online, "Countmeout.ca says this means your information
goes straight to the weapons manufacturers." Really ? Show me how.
I'm only caring about the outsourcing part. Officially the data stays in the building it seems.
But we just wonder what the weakest link is and how tough the safeguards really are.
For example it just takes one disappeared laptop to have 26 million records stolen:
http://www.cnn.com/2006/US/05/23/vets.data/index.html
Post by Mike Tancsa
And please, no references to "24" or "Alias" where it "just goes
through the firewall" and 1024bit encryption is cracked in seconds..
(For a quick ref on cracking speeds, see
http://www.thecrypt.co.uk/lockdown/recovery_speeds.html)
Ok then I'll try the "Prison Break" route and just use social engineering to smuggle the data out ;)
(Or use the NSA key.)
Post by Mike Tancsa
If they outsourced their coffee machines and grass cutting to local
mobsters, would this make your data less safe ? Take a look again to
see what exactly their involvement is before getting too worried.
They seem to make the software that handles the census data.
Post by Mike Tancsa
Look, I am pretty cheesed off about MML having ANY involvement too.
But Stats Canada stated they publicly tendered their requirements and
they were the only ones who showed up to bid.
That's the way government public tenders are bypassed:
1) choose who you want to get the contract
2) have them spell out requirements specifically tailored to their product and make it hard for competing products to
meet those requirements in an economically feasible way
3) open the bid
4) accept the only bidder
5) check your swiss/barbados/caiman bank account balance
Post by Mike Tancsa
Do you have the source code to Windows to examine ? Again, look at
how they handle the data. The fact that they have done so much due
dillegence in other areas, I would give them the benefit of the doubt
they would do what they can to mitigate this risk.
They are better than average, about the same level as the revenue agency.
Speaking of which, they seem to have lost track of a few billion $'s.
Post by Mike Tancsa
Besides, the private sector has way more
interesting info that 3/4 telcos seemed all too happy to hand over.
Orwell's 1984.
Post by Mike Tancsa
But still, they pay some money to them. They are all upset about
outsourcing to US companies and here they are outsourcing to a US
company themselves ? I hope they use different passwords than on those
accounts at AT&T for their other activities :)
The other thing they screwed up is, by hosting in the US, if their content
breaks a US law the US courts can ask for an extradition even if the person
never went there physically (there was an item about this on CBC radio this week).
Mike Tancsa
2006-05-24 01:13:46 UTC
Permalink
Post by Madonna
Post by Mike Tancsa
Then you posted a link to an OpEd piece as if were fact which has great claims like, if you fill you're
your census online, "Countmeout.ca says this means your information
goes straight to the weapons manufacturers." Really ? Show me how.
I'm only caring about the outsourcing part. Officially the data stays in the building it seems.
But we just wonder what the weakest link is and how tough the safeguards really are.
http://www.cnn.com/2006/US/05/23/vets.data/index.html
I am looking at their stated designs and practices. Any well designed
set of policies and procedures can be poorly implemented. Perhaps if
there was an outside audit to see how good it is implemented ?...
Hmmm See below.
Post by Madonna
Post by Mike Tancsa
If they outsourced their coffee machines and grass cutting to local
mobsters, would this make your data less safe ? Take a look again to
see what exactly their involvement is before getting too worried.
They seem to make the software that handles the census data.
.... Thats run on non outside network connected computers according to
their website. I would give them the benefit of the doubt that they
have some extrusion detection in their system for network connected
computers as well...

Better yet, take a look at a former auditor generals report on this
specific issue

http://www22.statcan.ca/ccr07/ccr07_007_e.htm

Quote, "We conclude that the data to be gathered during the 2006
Census using the contractor supplied systems will be secure. Based on
the work performed and to the best of our knowledge, it would be
practically impossible for the contractors involved in the Census
project to intentionally or otherwise access Census data. In addition,
we can report that the overall security posture for the Census
applications and the physical facilities where Census data will be
collected and processed has been further strengthened as a result of
the three security audits."

Or you can listen to some guy* who says the "information is going
straight to the weapons manufacturers"

*Some guy: The same guy who sets up a protest web site about
outsourcing Canadian information to shifty American companies,
outsources his protest site to a shifty American company. Now thats a
credible source!
Post by Madonna
Post by Mike Tancsa
Look, I am pretty cheesed off about MML having ANY involvement too.
But Stats Canada stated they publicly tendered their requirements and
they were the only ones who showed up to bid.
And did this actually happen in this case (I mean with the census
specifically)?

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Madonna
2006-05-24 01:54:15 UTC
Permalink
Post by Mike Tancsa
I am looking at their stated designs and practices. Any well designed
set of policies and procedures can be poorly implemented. Perhaps if
there was an outside audit to see how good it is implemented ?...
Hmmm See below.
Better yet, take a look at a former auditor generals report on this
specific issue
http://www22.statcan.ca/ccr07/ccr07_007_e.htm
Quote, "We conclude that the data to be gathered during the 2006
Census using the contractor supplied systems will be secure. Based on
the work performed and to the best of our knowledge, it would be
practically impossible for the contractors involved in the Census
project to intentionally or otherwise access Census data. In addition,
we can report that the overall security posture for the Census
applications and the physical facilities where Census data will be
collected and processed has been further strengthened as a result of
the three security audits."
That sounds serious and credible. The rest of the government needs
to follow their example.
Post by Mike Tancsa
And did this actually happen in this case (I mean with the census specifically)?
Unless you know someone on the inside it's pretty hard to know.
JF Mezei
2006-06-12 20:43:06 UTC
Permalink
Another interesting one:

##
About Verified Identity Pass and Clear

Clear is the first privately run registered traveler program operating
at a U.S. airport.
Clear has been operational since July 19, 2005, at Orlando
International Airport and
today has over 25,000 members at that airport. Clear has been selected
by Norman Y.
Mineta San Jose International Airport, Indianapolis International
Airport and Cincinnati
International Airport to begin operations there upon approval from TSA
expected this
summer. Verified ID has a contract with Toronto Pearson International
Airport to
operate a Canadian Program, working with Canadian authorities. In
February, General
Electric made a $16 million investment to become a partner in Verified
Identity Pass.
##


So if you use the biometric readers in Toronto airport, it is a USA
company bound by the Patriot Act and with no proper data privacy laws in
the USA that captures your biometric information.

JF Mezei
2006-05-16 18:15:37 UTC
Permalink
Post by Mike Tancsa
Contract staff are never in possession of confidential data. Contract
staff are only allowed escorted access to Statistics Canada's secure
facilities if they have been security cleared and sworn-in under the
Statistics Act. They are accompanied by a Statistics Canada employee
at all times during their visit to any secure facility. Contract
employees are not allowed to bring in or take out any electronic
device such as a laptop, CD-ROM, memory stick, etc.
What is missing in this message is a garantee that all processing will
be done in Canada. E.G. it leaves the door open for the processing to be
done in the USA with only Stats Can employees accessing the data.

And if the processing is done in the USA, then the USA government can do
as it wishes to the data and no canadian law will prevent it from doing so.

If all processing is done in Canada and the data resides on disks
located in Canada, then the United POlice States of America wouln't have
"legal" access to it through it Patriot Act. In such a case, I agree
that the CIA wouldn't bother trying to get to the individual data. They
will however get a full copy of the results (as many people do) since
this is partly how they populate their world fact book.
Mike Tancsa
2006-05-16 23:33:52 UTC
Permalink
On Tue, 16 May 2006 14:15:37 -0400, JF Mezei
Post by JF Mezei
Post by Mike Tancsa
Contract staff are never in possession of confidential data. Contract
staff are only allowed escorted access to Statistics Canada's secure
facilities if they have been security cleared and sworn-in under the
Statistics Act. They are accompanied by a Statistics Canada employee
at all times during their visit to any secure facility. Contract
employees are not allowed to bring in or take out any electronic
device such as a laptop, CD-ROM, memory stick, etc.
What is missing in this message is a garantee that all processing will
be done in Canada. E.G. it leaves the door open for the processing to be
done in the USA with only Stats Can employees accessing the data.
Its pretty clear according to the website confidential data does NOT
leave Canada and stays in their facilities in Ottawa and other
Canadian cities on equipment not tied to any outside networks (see
their website for more details)

I am not sure how you see "contract staff are never in possession of
confidential data" as being ambiguous. <sarcasm>But then again, I
guess the CIA might employ idiot savants to memorize it all....You
never know </sarcasm>

I dont get it, why are people not upset at those who actually do share
and sell personal and private information in all sorts of really nasty
ways.

It reminds me of The Daily Show episode the other week when Howard
Dean was on. The Democrats are fed on a silver platter example after
example of Republican gross mismanagement, incompetence, criminality
and they then choose to focus on the most inane insignificant issues.
Jon Stewart's response to Dean, "Door knockers eh ? You are sunk"

Here it reminds me of people getting their knickers in a knot over
David Dingwall's somewhat on the edge compensation package when at the
same time, the guy who led the CIBC during the Enron "incident" gets
to retire with a multimillion dollar package after seeing almost all
of their profits wiped out under his tenure due to a 2.4 billion (yes
B) "settlement" (But hey, they didnt admit to any wrong doing)... And
you wonder why your RRSPs didnt do so well ?

So come on people, give it a rest with the unsubstantiated claims
about how your data is or isn't being handled. Stats Canada is a
really great organization that Canadians should be proud of and
recognize how important their work is for all of Canada. There are
real "privacy villains" out there that deserve scrutiny and censure.
But Stats Canada is not one of them.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
***@sentex.net, (http://www.tancsa.com)
Continue reading on narkive:
Loading...