ITSS’s Refusal to Cooperate: Information Technology (without the information)

new ghiz photoIt’s been pretty obvious to anyone who has been following the e-gaming story that the government has been completely unwilling to come clean on what really happened behind closed doors when Robert Ghiz was still at the helm.

Despite all Wade MacLauchlan’s promises that he and his government would be “open and transparent,” he and his government have volunteered absolutely nothing about e-gaming, and have done everything within their power to block access to the truth about this major scandal.  He, his Ministers, and the Attorney General (Jordan Brown) have repeatedly refused to answer any questions in the Legislative Assembly; and the Liberal majority on the Public Accounts Committee voted down motion after motion from the opposition members to bring the people able to answer questions before the committee.  Perhaps the most sickening aspect of the premier’s organized cover-up is the way he used and abused the Auditor General by saying how she did a “thorough” and complete investigation, when she stated unequivocally that her investigation was partial at best since she herself was denied access to e-gaming project management files (kept at McInnis Cooper law firm when they should have been kept in government offices) or as a result of the e-gaming government records of key players in the file having been destroyed by government.

So with a criminal proceeding currently underway, one would expect at least a measure of cooperation from government, but that is not happening….in fact just the opposite is happening.  I could literally write a book citing example after example of how my efforts to get answers to simple and straightforward questions have either been completely ignored or frustrated over the past few weeks.  But I’ll pick just one really good example on an especially important issue to give you some idea of what I’m up against.

When Robert Ghiz completed the ITSS’s Employee Removal Form on October 19, 2011, instructing an ITSS technician to delete all Chris LeClair’s electronic files on his  computer Network Drives, and all the emails in LeClair’s GroupWise email account, Ghiz added a note in the “memo” field near the bottom of the form  stating:

Chris LeClair’s computer has already been wiped….all we want removed is his GroupWise account. Thank you.

This is a very curious and concerning note.  PEI government policy is very clear about who can and can not alter and/or delete computer hard drives.  Treasury Board policy [especially 5.06 “IT SECURITY AND ELECTRONIC DEVICES”] provides all government employees with hyperlinks to several documents on the PEI government’s server regarding security policy pertaining to electronic devices. Reading and understanding those documents is a requirement for all government employees:

3.02 All employees who have been granted access to these resources must
read and understand the IT Security Handbook (Attachment 4.01).

 

In a “Note to Managers/Supervisors” found in the IT Security Handbook – which requires a signature confirming the policy has been read and understood – it states within the section titled “Computer Use and Access”:

“As a manager/supervisor, you must ensure that computer hardware alterations and configurations are handled by IT staff.”

 

And under the IT Security Handbook’s section titled “Disposing of Information and Assets,” it states:

“Computer storage media, e.g. floppy disks, CDs, and video and audio tapes are to be disposed of as outlined in the  “Procedures for the Disposal of Government Information on Computer Media”. Note to  Managers/Supervisors _________________. As a manager/supervisor, you must ensure that your staff know about the proper procedures for disposal of recorded information and assets.”

 

Given that Robert Ghiz had to inform ITSS that Chris LeClaire’s computer had already been “wiped”,  it’s logical to assume that an ITSS technician didn’t do the “wiping” – which immediately gives rise to the question: “Who wiped Chris LeClair’s computer?”

If someone other than an ITSS technician wiped Chris LeClair’s desktop computer hard drive, then that in itself constitutes a serious violation of government’s IT Security policy; but before trying to get an answer to that question, I first wanted to know more about the exact step-by-step procedures outlined in the “wiping computer hard drives” policy within the PEI government, so I went looking for a copy of the “Procedures for the Disposal of Government Information on Computer Media” document mentioned in the IT Security Handbook to find out more.

That four (4) page document outlines – with incredible attention to detail – the exact steps that must be taken before government computers are “wiped” – including a formal requirement to involve the Department’s “Record Management Liaison Officer” to ensure that any government records on the electronic device (that must be kept in legal compliance with the department’s record retention schedules) are copied and securely stored before the electronic versions of those documents are permanently deleted and destroyed. From the policy document:

2.0 DESTRUCTION OF INFORMATION FROM REMOVABLE AND NON-REMOVABLE ELECTRONIC MEDIA
1. Prior to disposing of information contained on electronic media or destroying the electronic media itself, it is critical that Information Owners determine whether the media contains any records. If the media contains records, then the media can not be destroyed until the Information Owner, in conjunction with their Departmental Records Management Liaison Officer, ensures the records are retained or disposed of according to the appropriate records retention and disposition schedules.
2. Once the electronic media no longer contains information that is considered to be a record(s), it may be destroyed.
3. A Records Transfer Request Form must be completed. The form may be obtained from the Department’s
Records Management Liaison Officer. It is a three part form identifying the information and the type of media will becompleted.
4. The Records Transfer Request Form is to be signed by the Information Owner and the Department’s Records Management Liaison Officer.

 

If the “information owner” has already left government, the onus and responsibility for ensuring proper policy and procedures regarding the disposal of government records falls to the Department Head – the person designated under the Archives and Records Act as having both the legal authority and responsibility to ensure government records are properly managed and protected. In the case of Chris LeClair, that person was Robert Ghiz – who was not only the “Department Head,” but Chris LeClair’s “Manager & Supervisor”.

Before a computer hard drive is “wiped,” a specific form must first be completed. That form looks more like a legal document than an ordinary “form” and contains a number of specific provisions of the Freedom of Access to Information and Protection of Privacy (FOIPP) Act presented as a series of “Whereas….” statements leading up to a final signed “declaration” by the person who is authorizing the “wiping” of the hard drive that he or she is both aware of the law and has taken the necessary measures to copy government records from the hard drive.  The form also requires the signature of a “witness”.

I suspect ITSS created this form to protect itself in the event that an ITSS technician wiped a computer hard drive containing government records that had not first been copied and stored, as is required by law.  With this form, the full responsibility for “breaking the law” by not copying government records resides solely with the person doing the “authorizing” – not the ITSS staff-person doing the actual, technical work of  “wiping”.

I had previously contacted Scott Cudmore [Director, Enterprise Architecture Services
IT Shared Services, Department of Finance] – who had appeared before the Public Accounts Committee to answer questions about the deletion of e-gaming email accounts and records in early 2017 – requesting some statistical information (not “protected” or in any way “sensitive” information) regarding how many accounts were “deleted” or “disabled” during Robert Ghiz’s tenure as premier.

I received the following “absolutely-no-help-at-all” email response from him many days later (after following up with messages left on his direct phone line and receptionist, asking Mr. Cudmore to call me or respond to my email, which he never did; then finally leaving a message for his supervisor and the Chief Operating Officer (COO) of ITSS, Ms. Tracy Wood, concerning Mr. Cudmore’s refusal to respond to my inquiries [Although I never spoke with Ms. Wood, I suspect she told him to respond to me, since I received the following email just a couple of hours after leaving a message with her office]:

Dear Mr. Arsenault,
The appropriate avenue to request records of Government is through the FOIPP Act (RSPEI 1988, Cap.15.01). The legislation and application form can be found at the web addresses below:
Regards,

 

 

….so I gave up on getting any help from Mr. Cudmore and decided to file an access to information request.

But first I wanted to confirm where those completed “wiping hard drive” forms were filed. Since they contained a series of provisions from the FOIPP Act, I decided to call the FOIPP office to see if they had copies. After speaking with Kim Johnston on July 19, 2018 – who was both pleasant and helpful – I took her advice and sent her my request via email:

Kim Johnston,
Legislative Assembly
Office of the Information and Privacy Commissioner
Dear Ms. Johnston,
As a follow-up to our telephone conversation, I am sending you the policy document and form I mentioned, which is to be completed when computer hard drives of government employees are “wiped“. The form is designed to ensure the requirements to keep records which are not to be deleted – as per the Freedom of Information and Protection of Privacy Act….. are understood before records on the hard drive are deleted. The form is the last page of the attached document.
When these forms are completed, who (which department and/or office) is responsible for keeping them on file? Does the Office of the Information Commissioner receive a copy (or the original)?
Thank you,
Kevin J. Arsenault, Ph.D.
(902) 626-7254

 

The very next day, I received the following response from Maria MacDonald, a Case Review Officer at the Office of the Information and Privacy Commissioner

Dear Mr. Arsenault,

I work with the Information and Privacy Commissioner as the Case Review Officer.  The Commissioner has asked me to respond to your question about where to find the completed declaration forms confirming the Electronic Wiping of Computer Hard Drives.

The short answer is we do not know.  Public Bodies do not provide signed originals or copies to our office.  The policy you provided to our office including the declaration form is silent on where this declaration form is filed.  They may be retained in the department that the declarant works in.

If this is related to an access to information request, you may ask Kathryn Dickson, Manager of APSO (Access and Privacy Services Offices) (902) 569-0568, kedickson@gov.pe.ca, where they are filed, although she may have to make some inquiries to answer this question.

Maria MacDonald

Case Review Officer

Office of the Information and Privacy Commissioner (PEI)

 

So I took her advice and sent an email to Kathyrn Dickson:

Dear Ms. Dickson,
Would you happen to know where these particular forms are filed? (see last page of attached).  I have recently filed several access requests to ITSS asking for specific copies of these forms (among other documents); however, if they are kept somewhere else, I would also want to submit a request to that department asap.
Thanks,
Kevin J Arsenault
(902) 626-7254

 

And received a prompt reply – FOIPP staff are usually prompt to respond and provide as much helpful information as they have…ITSS staff – not so much:

Mr. Arsenault,
I do not know where these forms are filed but I suggest you contact ITSS directly to discuss further. Tracy Wood, email:  TMWOOD@gov.pe.ca may be able to assist.
This office is in receipt of 8 FOI requests submitted recently by you and we are working with public bodies to provide you with records you have requested under the Act.
K
Kathryn Dickson
Access and Privacy Services Office
Department of Justice and Public Safety

 

So I sent the following email to Ms. Wood:

Chief Operating Officer
Finance
Information Technology Shared Services
July 23, 2018
Dear Ms. Wood,
As I indicated in my  July 19, 2018 email to Mr. Scott Cudmore – Director, Enterprise Architecture – which I also cc’d to you – I am seeking assistance from ITSS in the preparation of a legal brief for an upcoming PEI Court Pre-enquete hearing on the laying of two Informations against former premier of P.E.I., Robert Ghiz.
I have submitted a number of FOIPP requests for documents within ITSS directly relating to this criminal proceeding; however, it is unlikely that I will receive any documentation prior to the August 28, 2018 hearing.  With that in mind, I am sending this limited and more focused request directly to you trusting that you will be willing to provide me with the information I require, which should be made available to Chief Judge Nancy Orr at the hearing.
In particular, the Employee Removal Form completed and signed by Robert Ghiz on October 19, 2011 providing instructions to ITSS regarding the disposition of both the network files and the emails/email account of Chris LeClair (see attached) contained a note from Mr. Ghiz stating the following: “Chris LeClair’s desktop has already been wiped….”
Presumably, ITSS did not wipe Chris LeClair’s desktop, otherwise, Mr. Ghiz would not have had to inform ITSS that it had already been wiped, and that the only thing he wanted ITSS to remove was Chris LeClair’s GroupWise account.  Can you confirm what happened with the wiping of Chris LeClair’s desktop computer?
1. Did ITSS wipe Chris LeClair’s desktop computer? (Yes/No);
2. If ITSS did not wipe Chris LeClair’s desktop computer, do you know – or can you inquire and find out – who did wipe Chris LeClair’s desktop computer?
I have also attached a copy of  the “Standard Procedure for the Disposal of Government Information on Electronic Media” policy document from the Corporate Office of Information Protection IT Shared Services, which contains an “Electronic Wiping of Computer Hard Drives Form” (the last page of the document).
This form provides detailed information on the statutory requirements to retain government records and seeks a witnessed declaration that the “…. undersigned does solemnly declare that any information that would create a record of the provincial Government of Prince Edward Island has been printed to paper and filed in the appropriate file.”
3. Was an Electronic Wiping of Computer Hard Drives Form” completed prior to Chris LeClair’s desktop computer being wiped?
4. If an “Electronic Wiping of Computer Hard Drives Form” was completed prior to Chris LeClair’s desktop computer being wiped, who completed this form? Can you kindly email me a copy of that completed form?
I appreciate your attention to this request for information needed to clarify important issues relevant to the upcoming hearing, and look forward to your response at your earliest convenience.
I also trust that you will – as Mr. Scott Cudmore’s manager/supervisor –  authorize Mr. Cudmore (or someone else within ITSS) to cooperate with my time-sensitive preparation for the upcoming Pre-enquete hearing, and ensure that I receive answers to the questions outlined in my July 19, 2018 email to Mr. Cudmore in advance of the August 28, 2018 hearing.
Sincerely,
Kevin J Arsenault, Ph.D
(Private Prosecutor)

 

It’s now been over a week and I haven’t heard back from Ms. Wood, so I called her office this morning and was informed by her very pleasant private administrative assistant (as I was informed every other time I called her office) that Ms. Wood was “in a meeting” .

So I asked her to give Ms. Wood a message: “That it’s important for her to call me,” adding that her refusal to do so  to date – along with my dead-end efforts to get any help from Scott Cudmore –  has inspired me to publish an update to my pre-hearing efforts to get additional information concerning the Ghiz’s destruction of government records for Chief Judge Orr to consider, which I told her I’d be posting by noon today [July 30, 2018]…..and that (spoiler alert) she and Mr. Cudmore wouldn’t be coming across in a very flattering way, so she might want to influence my characterization of her and Mr. Cudmore as “completely unhelpful” with some helpful cooperation.  Well, high noon has arrived, so I guess we’re off to the (not) O.K. corral.

To cover all the bases – since no one at ITSS will tell me if that key “wiping computer hard drive” form was ever completed – or if it was filled out, who filled it out – I decided to file essentially the same Access Request to both the ITSS department and the Premier’s Office requesting:

All documentation and completed forms related to the removal, disposition, or deletion of documents and/or user accounts for all electronic devices (computers, blackberry; Local Area Network; GroupWise email accounts, etc. ) and the hard-copy government records of the former Deputy Minister and Chief-of-Staff – Chris LeClair – to former premier Robert Ghiz, including all incident log reports (or other records documenting communications); the completed ITSS Employee Removal Form; the completed “LAN Access Removal Information” form; the Freedom of Information and Privacy Act “Electronic Wiping of Computer Hard Drives,” declaration of compliance form; and all other records pertaining to this matter.

 

Why are these ITSS bureaucrats – who are getting huge salaries from the taxes we ordinary Islanders pay – so unwilling to help uncover/discover the truth about what happened with the destruction of e-gaming records by former premier Robert Ghiz?

I unfortunately can’t answer that question, but I can tell you thatI find their refusal to cooperate with me both baffling, frustrating and very concerning.  It’s sadly ironic that more “light” escapes black holes than the department within government with “information” in its name!

I can’t help but wonder if this criminal proceeding against Robert Ghiz had been initiated by the crown attorney’s office – and not a private prosecutor – whether Scott Cudmore would ignore a crown attorney’s request for information, refuse to even respond for days, then finally send a one-line email telling the crown attorney to go file an access request? Or whether the COO of ITSS would refuse to even acknowledge communication or return a phone call if it was a crown attorney leaving messages?

I trust that the full truth about this matter will eventually come out…it’s just really unfortunate that some of the most important information  – facts which could potentially make the difference with Chief Judge Nancy Orr making a determination whether there is a “likelihood of conviction” with the charge against Robert Ghiz –  may not be provided to me in advance of the August 28th hearing as a result of a complete refusal to cooperate by the senior management of the Information Technology and Shared Services (ITSS) office of the PEI government.

….fade to black, with a modified version of the chorus of the classic Beetle’s tune “HELP” also slowly fading in the background.

“Help me if you can, don’t let me down
I don’t know why they say you’re never around
Help me get my case on solid grounds
Won’t you please, please help me?”

“BREAKING NEWS!”

Ms. Tracy Wood has just now (4:34 pm, Monday, July 30, 2018) provided me with a response to my request for her help:

Mr. Arsenault,
Thank you for your inquiry. The appropriate avenue to seek access to the records you are requesting of our office is through the FOIPP Act (RSPEI 1988, Cap.15.01), which you have mentioned. The legislation and application form can be found at the web addresses below:
Tracy Wood

 

This entry was posted in Provincial Politics and tagged , , , , , , , , , . Bookmark the permalink.

One Response to ITSS’s Refusal to Cooperate: Information Technology (without the information)

  1. Checker says:

    The long and the short of it Kevin is that there is no political will to investigate the e-gaming, the PNP and many other serious breach’s of public trust perpetrated by the former Ghiz government or the present day government. To begin with , the public officials entrusted to uphold good governance are themselves indebted to our political leaders. To rock the political pirate ship would not be a career enhancing move. You also touched on another serious breach of public trust. We have written on this before. When you have the Attorney General reporting to the first minister and party in power, there is very little chance that anything embarrassing will be investigated. The first loyalty of the AG is to the Party. One conciliatory factor is that all the correspondence created by those who have ,or had , graves concerns about the actions of our provincial government will be available to researchers, historians and revisionist in the future and I am convinced that many will be interested in this period of governance because of the lack of transparency and the accusations of impropriety surrounding this administration. I am still hopeful that an opposition party will recognize the conflict of interest in having the Solicitor General report to the party in power. The people would be better served if the Attorney General becomes an office of the legislative assembly elected by the whole assembly and accountable to the Lt Governor in Council. Keep digging, it will make future research easier.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s