TORONTO - Elections Ontario staff who lost two memory sticks with the personal information of millions of voters did not encrypt the files because they didn't know what encryption meant, privacy commissioner Ann Cavoukian said Tuesday.
"They went online, they Googled it, and the closest they could discern was that encryption means zipping the data, which means compressing the data, not encrypting it," Cavoukian said at a press conference.
The missing USB keys included voters' full names, addresses, date of birth, gender and whether they voted in the last election — information that is a "gold mine" for identity thieves, warned Cavoukian.
"Cases of identity theft often take well over a year before they transpire," she said.
"They lay low, wait until the story is yesterday's news, and then hit hard, so you have to be vigilant."
The lost data is from about 2.4 million voters in 20-25 electoral districts, but because Elections Ontario can't say which districts, four million voters in 49 ridings are being advised to keep an eye on their bank statements.
Elections Ontario discovered the "massive breach" in late April, when two memory sticks went missing, but it didn't tell the public until July 17, prompting investigations by the information and privacy commissioner and provincial police.
Even worse, said Cavoukian, the agency went right back to using USB keys without enabling the encryption software just four days after realizing it had lost the two other data storage devices.
"I hit the roof, as you might imagine," she said.
"On what planet do you do that, do you do the same thing again and not encrypt the data? It’s baffling to me."
Elections Ontario's efforts to protect voters' information "were totally inappropriate in light of the breach that had just occurred," added Cavoukian.
"Personal information is the currency in which Elections Ontario trades, their sole responsibility in terms of the electorate," she said.
"I am astounded at the failure of senior staff to address the security and technological challenges posed by the decision to locate the project off-site."
Elections Ontario rented an off-site warehouse after last fall's election resulted in a minority government, because it had to prepare for the possibility of another snap election while also doing its usual post-election updating of the voters' lists.
However, staff at the second location did not have access to the Elections Ontario server, so they used portable USB keys to move the data back and forth.
The USB keys were never locked away as they were supposed to be, the encryption software was never enacted to protect voters' data, and it turns out staff thought putting a password on the file would protect the information.
"They had no understanding of the meaning of encryption," concluded Cavoukian.
When they resumed work after losing the two USB keys, the Elections Ontario staff again failed to use available encryption software even though there were new security measures in place.
"These measures were totally inadequate and failed to address the glaring privacy risk raised by the loss of the keys," said Cavoukian.
"Most significant, the project resumed by using a replacement set of USB keys with an encryption functionality, it was never activated."
Chief Electoral Officer Greg Essensa was unavailable to comment on Cavoukian's investigation, but his office issued a statement saying the agency will issue a report by the end of the year on how it will implement the commissioner's recommendations.
The commissioner also said it was discouraging to learn that privacy and security of personal information was not part of any training programs for staff at Elections Ontario.
A province-wide class action lawsuit has been launched against Elections Ontario regarding the loss of voters' personal information.
It has been just over a year since the last federal election, one that has become known almost as much for allegations of electoral fraud in Guelph, Ont., as for the way it redrew the House of Commons.<br><br> <a href="http://www.huffingtonpost.ca/news/robocalls-scandal" target="_hplink">Investigators are now looking into calls wrongly claiming to be from Elections Canada that redirected voters to a polling station they couldn't use</a>. It's illegal both to interfere with a person's right to vote and to impersonate Elections Canada.<br><br> A year later, here's what we do know, according to court documents and information provided in interviews:<br><br> <strong><em>With files from CBC.</em></strong><br><br> (CP)
1. Probe Started Early
Elections Canada investigator Al Mathews started looking into complaints in Guelph on May 5, 2011, three days after the election that saw reports of illicit phone calls. The winning candidate in the riding, Liberal <a href="http://www.huffingtonpost.ca/2012/03/10/robocalls-by-liberals-guelph_n_1336895.html" target="_hplink">Frank Valeriote, compiled a list of almost 80 names</a> of people complaining about the calls. News of the investigation didn't break until Feb. 22, 2012. (Thinkstock)
All political parties use automated robocalls and live calls to identify voter support and contact people during a campaign. <a href="http://www.huffingtonpost.ca/2012/02/23/racknine-robocalls-elections-canada_n_1296383.html?ref=robocalls-scandal" target="_hplink">The campaign of Guelph Conservative candidate Marty Burke used RackNine</a>, a company that offers voice broadcasting services, to make legitimate robocalls to campaign supporters. The person who made the fraudulent robocalls also used RackNine. (Alamy)
3. Pierre Poutine
The <a href="http://www.huffingtonpost.ca/2012/02/28/robocalls-scandal-pierre-poutine_n_1307730.html?ref=robocalls-scandal" target="_hplink">person who made the calls used a disposable, or burner, cellphone, registered to a "Pierre Poutine."</a> The RackNine charges were paid via PayPal using prepaid credit cards, purchased at two Shoppers Drug Mart stores in Guelph. Shoppers Drug Mart doesn't keep its security camera videos long enough to see who bought the cards more than a year ago. (Alamy)
4. IP Traced
<a href="http://www.huffingtonpost.ca/2012/05/04/andrew-prescott-pierre-poutine-robocalls-conservative_n_1478809.html?ref=robocalls-scandal" target="_hplink">Elections Canada traced the IP address used to access RackNine</a> on election day and send the fraudulent message. Mathews got a court order for Rogers, the company that provided the internet service to that IP address, to provide the customer information that matches that address, on March 20, 2012. (Alamy)
5. Andrew Prescott Linked To Poutine IP
<a href="http://www.huffingtonpost.ca/2012/05/04/andrew-prescott-pierre-poutine-robocalls-conservative_n_1478809.html?ref=robocalls-scandal" target="_hplink">Pierre Poutine and Burke campaign worker Andrew Prescott (pictured here with Tony Clement) accessed their RackNine accounts using the same IP address</a>. On election day, they accessed their RackNine accounts from the same IP address within four minutes of each other, Mathews says in documents filed in court.
6. But Accounts Don't Match
A court document lists the billing account numbers for the customer information provided by Rogers to Mathews. <a href="http://www.cbc.ca/news/politics/story/2012/05/11/pol-robocalls-guelph-rogers-account-numbers.html" target="_hplink">Those accounts don't match</a> the number found on the Burke campaign's Rogers invoices submitted to Elections Canada, suggesting RackNine wasn't accessed through a computer in the Burke campaign office.
7. Misleading Calls Discussed?
Two Conservative staffers, accompanied by the party's lawyer, told Mathews they overheard <a href="http://www.huffingtonpost.ca/2012/05/04/michael-sona-robocalls-pierre-poutine-guelph_n_1479400.html?ref=robocalls-scandal" target="_hplink">Michael Sona (pictured here with Stephen Harper), another Burke campaign worker, talking about "making a misleading poll moving call."</a> Sona, who stepped down from a job in the office of Conservative MP Eve Adams when the story broke, has previously said he had nothing to do with the misleading calls.
8. Poutine Used Tory Database?
Arthur Hamilton, the Conservative Party's lawyer, told Mathews the list of phone numbers uploaded to RackNine by Pierre Poutine appeared to be a list of identified non-Conservative supporters, with data on it that was updated in <a href="http://www.huffingtonpost.ca/2012/05/17/robocalls-scandal-privacy-information_n_1525197.html?ref=robocalls-scandal" target="_hplink">CIMS, the party's database</a>, days before the election. The CBC's Terry Milewski had reported a similar pattern after sifting through complaints in 31 ridings.
9. Deluge Of Complaints
<a href="http://www.huffingtonpost.ca/2012/03/29/marc-mayrand-testimony-robocalls_n_1387176.html?ref=robocalls-scandal" target="_hplink">News coverage led to 40,000 people contacting Elections Canada one way or another</a> -- whether to report a misdirecting call or by signing an online petition to express concern that it had happened -- chief electoral officer Marc Mayrand told a parliamentary committee in April. There are now specific allegations in almost 200 ridings by 800 people.