Well, this is an odd story. Sadly, it is far from uncommon for secret, or apparently not so secret, docs to be found by passersby. Back in April ’06 Hydro Quebec security plans and passwords were found on a subway platform. To say nothing of the foreign affairs minister who left classified docs at his ex-girlfriend’s apartment.
This time it was a document that detailed how to Environment Canada computers could be pwned.
From Canadian Press:
Environment Minister John Baird has asked officials to look into how a government document – detailing how Environment Canada computers could be hacked – wound up on a street corner in Ottawa.
However, Baird said the document contained no top secret or classified information.
“It’s certainly bizarre,” he said. “I’m told two things: that it’s neither classified nor secret and that it’s stuff that could be available under access to information.”
Still, Baird said his department takes document security seriously and he’s asked officials to find out how this 131-page document came to be found by a passer-by on a street in a rain-stained, tire-marked, brown envelope.
So, want to pwn government computers? File an access to information request.
Sigh.
Firewalls: $250,000
Access Control: $875,000
Intrusion Prevention Systems: $600,000
Business Process Re-engineering and Training: $900,000
Being able to bypass all technical and procedural controls with a FOIA request: Priceless
Sunshine laws are at odds with information protection and are often written by people who don’t get, or are not made aware of, issues with disclosing infrastructure data. It’s a good thing that no governmental agency runs any critical infrasru… Nevermind.