A Real (i.e. non-form letter) Response from Stats Canada

Written By: claytonrumley
Date: 2006-05-12 08:56:00
<a href="/article/215628820-a-real-ie-nonform-letter-response-from-stats-canada">Article Link</a>

<blockquote> Mr. Rumley, In your reply to Dr. Fellegi's earlier response, you raised a number of specific questions. I would like to provide you with additional information, which I trust will provide you reassurance of the security and privacy of your Census data. Firstly, you asked if the source code was evaluated. Yes, the independent security audits did include a source code review. Infact, the code was independently reviewed on two separate occasions (including the final version in production), and the IT security company validated the code through both manual review and automated means, and concluded that there are no extraneous calls, trojan horses or outputs that could pose any risk to Census data. Secondly, you asked how the internet could be considered extraneous to our confidential networks. The security layer of the application is in fact provided by the Government of Canada's Secure Channel, which has also been independently validated. The connection between Secure Channel and Statistics Canada's confidential network includes a series of firewalls as well as air-gap devices (mechanical switches that only allow the one-way transfer of data under our control), thus there is no physical or persistent connection with the Internet. The Census Internet system is also composed of separate zones or compartments each protected by firewalls. It would be extraordinarily difficult, if not impossible to gain unauthorized access to census information as multiple vulnerabilities in multiple layers would all have to be exploited simultaneously. Thirdly, Statistics Canada has chosen to use PKI (Public Key Infrastructure), with 1024 bit encryption to protect data. The PKI encryption of data starts at the browser and goes all the way to the end server at Statistics Canada. This level of security is much higher than most of the on-line transactions on the web, which typically offer only 128 bit encryption. The data remains encrypted from the point of entry making the data impossible to read or access in the very unlikely event that it were compromised along the way. Fourthly, no contractor is even remotely involved in the handling or processing of any confidential data. They do not have access to any of the questionnaires or the systems that contain confidential data. Thus even if they wanted to or were instructed to gain access to Census data, it would be impossible for them to do so. Statistics Canada has procured services from multi-national firms in the past, and has an unblemished record of protecting the privacy and confidentiality of confidential data, while leveraging on the investment and capacity of the private sector. Lastly, you asked why a Census is required at all, and why we could not follow the example of some countries that do not conduct a traditional collection approach. The effective governance of a country requires a strong national statistical system, and there is no doubt that the data collected in the Census are vital. A number of countries have relied on a population register that compiles and tracks through administrative means important events in the lives of their citizens. Specific surveys are then conducted to supplement the register or to fill important gaps on a periodic basis. In Canada, we do not have such a population register and the current privacy environment would likely not support such an initiative. For the moment, the Census remains a unique and cost effective means to provide essential data for critical programs, while providing the necessary security safeguards. In summary, I trust you will find this information helpful, and convey to you that Statistics Canada takes its obligation to protect the confidentiality of your Census information, and while adhering to all the procurement laws of the country, subjected itself to the highest scrutiny for contractor developed systems. Yours Sincerely, Anil Arora, Director General Census Manager </blockquote>

Thanks for posting the response you got back. Anil Arora is doing nothing more than trying to justify the continued existance of her job. Burecrats always try to justify how important and needed they are to society. Canada worked fine before it had a census and will work fine after it gets rid of this one. I say stop all government funding of Statistics Canada. Statistics can always be used for or against an arguement, they are not what matters. What matters is someones ability to think critically. Anil Arora should be fired as should every pile of tax sucking crap that works at Stats Canada. Needless to say I have already sent my census envelope back with a poster from count me out while my census form sits on my desk covered in swear words and insults with the bar code cut out.

---
My freedom is more important than your great idea.
– Anonymous

The response is self serving pap. My feeling is that if you are not competent enough to hire in-house staff who are capeable of doing the programming and who know what erquipment to purchase then you are not competent enough to run Stat.s Can. To hear this guy talk you would think that Lockheed Martin performed the contract for nothing.

---

"Unthinking respect for authority is the greatest enemy of truth."
(Albert Einstein)

For those who are interested, I posted my reply to Mr. Arora <a href="http://www.claytopia.net/article.php?articleid=89&LanguageId=1">here</a>. I wasn't going to be belligerent or beat up on this fellow as he is probably just doing his job and genuinely believes in the value of the census. I do not share that opinion however, and his arguments haven't given me any reason to support the census. I'm still boycotting.--- Clayton Rumley 
-------------- 
http://www.claytopia.net

As noted on a Globe <a href="http://www.theglobeandmail.com/servlet/story/RTGAM.20060512.wcen0512/BNStory/National/?page=rss&id=RTGAM.20060512.wcen0512">story</a>: <blockquote>It's expected to cost $566.9-million over the eight years it will take to collect, collate and analyze the data. The 2000 census cost $429.5-million</blockquote> Does it actually cost more to contract out? Yep... At least it not go the way the arm registry went... Same bureaucratic attitude though. I also wonder why the mainstream press does not scream on this. --- "We are all in this together somehow, some more than others somehow"

I would imagine that the mainstream press does not scream about this because they are as hungry for the census data (and all the ways it can be twisted to shock and titillate their mass market) as the social engineers, marketing firms and general nosy individuals are.

---
Clayton Rumley
--------------
http://www.claytopia.net

Like the peddler not objecting to bad drug habits?

---
"We are all in this together somehow, some more than others somehow"

Well the census at the end of the day IS necessary, but I must say thanks for finding that tidbit about the $120 million dollar run-up in costs. Yep, another fine example of how contracting out to save costs saves nothing at all.

---
If there was ever a time for Canadians to become pushy - now is the time - for time is running out on this nation called Canada.

I still haven't gotten an answer to my question: How is Lockheed going to do the printing of data it does not have access to?

As they state in their press releases, Lockheed is supplying hardware, software, and PRINTING.

You could try posing your question to Mr. Anil Arora, <a href="[email protected]">[email protected]</a>. He didn't seem to mind replying to my concerns.--- Clayton Rumley 
-------------- 
http://www.claytopia.net

Wow. You send an email with a long list of ignorant
questions and you get an intelligent response... and then
you get mad about it.

Look at the response for a second. The guy (or girl, I
have no idea by the name alone) went through your issues
one by one and satisfied each one to a very high degree of
technical detail. They gave you the encryption style
(public key) and even the number of bits (1024) along with
a slew of other honest, helpful information.

The internet is a *perfect* venue for the collection of
census data because of it's very nature: it's cheap and
it's everywhere. You're worried about security? Of
course you are, because you clearly don't know anything
about the mechanics of the internet.

Communication is one-way: client->server. Once encryption
is established, data is sent from the single client to the
server and handled on that end. Even if someone wanted to
get their hands on this information, they'd have to hack
every desktop machine in Canada -- either that or crack
the mainframe which as the response stated has been
independently audited and checked for back doors.

You're worried about security. That's good. But this is
a simple process. It's much easier to bribe the people
handling the paper census than it is to hire a horde of
hackers to break into and make off with census data. Let
it go.

And stop giving this person a hard time. They gave up
part of their day to answer your concerns accurately and
honestly. Maybe you should show some gratitude?

If you really want to get pissed off about something, make
a point of the fact that Canada is giving Lockheed Martin
any money at all for something that could have been done
by someone with more political ethics.

Just stop ragging on the technical point because you
clearly don't know what you're talking about.

---
a man who feels the winds of change should build not a windbreak,
but a windmill.
- mao tse tung

Let me say this about that: <a> 1. The person was paid to answer the questions. 2. An encryption code doesn't mean much if the code is broken. 3. You don't have to hire a horde of hackers if you have already built in a back door. 4. I have two words for those people who think that the system audit proves that it is secure. <a href="http://www.commondreams.org/views02/0712-02.htm">Arthur Anderson</a> <a>5. Saying it is so does not make it so. If you make deals with habitual criminals are you trustworthy?--- 
"Unthinking respect for authority is the greatest enemy of truth." 
(Albert Einstein)

Gabriel,

And I suppose you've had your personal piercer chip you too so that you don't have to carry your keys anymore? Since Mulroney trust and credibility are two things that have been severely squandered in Canada. In my opinion anyone that continues to trust technology to protect their privacy must have "The Glad Game" encripted on their grey matter. Either that or you depend on keeping the myth alive because your livlihood depends on it. There is a place for technology but this is not it.

---
"And those who were seen dancing were thought to be insane by those who could not hear the music." Friedrich Nietzsche

<blockquote>gabriel:Wow. You send an email with a long list of ignorant questions and you get an intelligent response... and then you get mad about it.</blockquote> I'm not sure if you're directing this comment to me or not gabriel (as I was the sender of the email with a long list of "ignorant" questions), but I disagree with your statements. For one, I am a software/web developer and know more than you may think about the matters of encryption, web sites, network security and software. I didn't find my questions ignorant, as I honestly didn't know the answers to them, nor was I willing to assume any answer. Software can be easily written with back doors and I was curious if our government just took Lockheed Martin's software and installed it without checking anything. An additional question that maybe should have been asked is "did Stats Canada employees actually compile the final source code and use the subsequent binaries or did they just accept binaries from Lockheed Martin on their word that the source code given for review was the source code actually used in the end"? Also, if you had <a href="http://www.claytopia.net/article.php?articleid=89">read my response</a> to Mr. Arora (he's a he, by the way) you'd know that I wasn't angry at all and thanked him for taking the time to write me. He answered my questions, whether truthfully or not, and that's all I was looking for. Please don't mistake my verboseness for impassioned anger, because it isn't. I'm not even angry now.

I still ended up disagreeing with Mr. Arora on the value of the Census and nothing he said has changed my mind in those regards. I do not hold this against him. I never planned to fill out the census online (or offline for that matter) so it's ultimately irrelevant to me how its implemented. <blockquote>gabriel:You're worried about security? Of course you are, because you clearly don't know anything about the mechanics of the internet. ...Even if someone wanted to get their hands on this information, they'd have to hack every desktop machine in Canada -- either that or crack the mainframe which as the response stated has been independently audited and checked for back doors.</blockquote> Actually, I do know something about the internet. The packets transmitted from desktop computers go through dozens (perhaps hundreds) of switches and routers prior to arriving at their destination. You do not have to hack the desktop or the mainframe to get the information as you can be at any point between them collecting up the packets. I once had the priviledge to see proposed plans for the placement of law-enforcement listening devices along major Canadian routers to monitor for criminal activity (I don't know if it was ever actually implemented or not), so I don't think it's unrealistic to assume that someone is watching. Granted, unless you know the public and private encryption keys being used you'll have a heck of a time decrypting the data in the packets. Which brings me to another question: what assurances are there that these keys are known only to Stats Canada? <blockquote>gabriel: And stop giving this person a hard time. They gave up part of their day to answer your concerns accurately and honestly. Maybe you should show some gratitude?</blockquote> Since you obviously didn't read it, here are quotes from my response to Mr. Arora: <blockquote>Thank you very much for taking the time to provide a personal reply and providing answers to my questions. I am especially happy to hear that the source code was allowed to be reviewed independently and to get a better understanding of how the security of the network is being maintained. and Once again, I thank you taking the time to respond to me. Your answers have not persuaded me to change my decision to boycott the census, but I appreciate your willingness to dialogue with me.</blockquote> I don't see where I'm "getting mad" about his response. I posted Mr. Arora's response here for the benefit of everyone (I think it's the first non-form letter response I've seen on the subject). If people want to get mad about the response or choose not to believe it they are free to do so. As I stated in my reply to him, I simply do not trust the government enough to take their word at face value on anything. Have a nice day!--- Clayton Rumley 
-------------- 
http://www.claytopia.net

Roy, why in your opinion is the Census gathering so important?

I think that in a day and time when we didn't have access to information from hundreds of sources, it could have been government worthy. Now, because our governments are corporate run I just see it as a great way to gather info for marketing targets and purposes. If we had independents for MPs, no provinces and municipal governments making most of our decisions all things would be known by all those that truly NEED the information without gathering it in this fashion. Things need to change and I am happy to help in that matter by objecting to a murdering machine doing the gathering and boycotting the census.

---
"And those who were seen dancing were thought to be insane by those who could not hear the music." Friedrich Nietzsche