Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

2.4 Million Ontario Voters' Private Info Compromised

Soulskill posted more than 2 years ago | from the only-maple-leafs-fans dept.

Canada 81

An anonymous reader writes "Elections Ontario, an agency tasked with the organization and conduct of general elections and by-elections in Canada's Ontario region, is warning voters about the loss and potential theft of two USB sticks containing private information of 2.4 million voters from approximately 20–25 electoral districts. The information at issue is limited to full name, gender, birth date, address, whether or not an elector voted in the last provincial election and any other personal information updates provided by voters to Elections Ontario during that time, as well as administrative codes used solely for election purposes. The information does not include how an individual voted."

cancel ×

81 comments

Sorry! There are no comments related to the filter you selected.

Private information? (-1)

Anonymous Coward | more than 2 years ago | (#40714525)

That must make life hard for political campaigns. All of that information is generally considered public in democratic countries and is essential to planning and budgeting for effective campaigns.

Re:Private information? (1)

Sir_Sri (199544) | more than 2 years ago | (#40714665)

Why would you include date of birth?

Political campaigns can know your name (maybe just first name), address and whether or not you voted and they can reasonably conclude gender most of the time from first name.

But ya, overall that information is pretty public (except whether or not you voted). You're in any of the phone book, land registries, employer office parties, condo corporations etc.

Re:Private information? (2)

Cabriel (803429) | more than 2 years ago | (#40714675)

To ensure the person is of voting age?

Re:Private information? (1)

Desler (1608317) | more than 2 years ago | (#40714769)

Date of birth information is part of public record, too. You didn't actually think you DoB was secret did you?

Re:Private information? (1)

cygnwolf (601176) | more than 2 years ago | (#40715279)

Age and if you even bother to vote are important demographics. Someone in the 20-25, 'college age' group likely has different things that are important to them than say, someone who is in the 55-60 age group. A USA example would be social security. Very few 20-somethings that I know are even remotely concerned with it. On the other hand, someone who is 60 is already likely to be face the choice to retire at 62 or hold out till 65. (I know, TFA was about our northern neighbors, but I'm sure there's a similar example for people who are more familiar with Canadian social programs). So that would definitely be a reason why they would be INTERESTED in date of birth. Now, if that should be considered publicly available info is up for debate

Re:Private information? (1)

realityimpaired (1668397) | more than 2 years ago | (#40715609)

Now, if that should be considered publicly available info is up for debate

It's a matter of public record.

http://www.ontario.ca/en/ontgazette/STEL01_033657.html [ontario.ca]
http://www.gazette.gc.ca/index-eng.html [gazette.gc.ca]

Each province has their own equivalent of the Gazette. If you know the name of somebody and the province they were born in (and seriously, there's only 10), you can find what year they were born in by searching by name. All births, deaths, and name changes are published as part of the vital statistics act. You *can* have something like that be non-published (I did a name change a few years ago that was non-published), but there's a *very* strict set of criteria under which it's allowed, and it's done by special request only.

Re:Private information? (1)

Mashiki (184564) | more than 2 years ago | (#40715647)

Why would you include date of birth?

DoB is included because in Canada, we use government photo ID as a requirement to be allowed to vote. Your ID has to match, and in turn your name, address and DoB has to match the registar book. No matchy, no vote.

Re:Private information? (0)

Anonymous Coward | more than 2 years ago | (#40716331)

It is because Elections Ontario has no unique way of identifying a voter, they do not keep any unique ID like SIN number, so the way they try to match people up is via address, name, dob, etc to determine who is who for the voters list. It's horrible. That's why some people get two voting cards for two polling stations etc, and some people don't ever get one.

So what? (1)

busyqth (2566075) | more than 2 years ago | (#40714529)

Doing everything electronically and "on the net" is of such overwhelmingly critical importance that the loss of a few million voter records is of little interest to any civilized human being.
Just imagine if we had to go back to pencil and paper! The barbarism! *SHUDDER*

Re:So what? (0)

Anonymous Coward | more than 2 years ago | (#40714629)

Right, because paper records never get compromised, stolen, edited/forged, or just get lost in transportation or storage.

Re:So what? (4, Informative)

Anonymous Coward | more than 2 years ago | (#40714783)

If you've ever seen the way Canadian elections are handled, you'd know just how difficult that is to do. The steps involve a non-neutral representative from each party watching the ballot box, along with multiple neutral elections Canada employees watching it. All these people must be present whenever a vote is cast into the box, or if the box is moved (in my case, I had to walk to the hallway as a disabled person wished to vote and there were stairs leading to the voting area). All votes themselves are done completely secretly.

The box is opened with all these people watching and every single vote is counted aloud and all representatives may complain if they see a vote they aren't happy with (not marked properly, forged, stuffed box, etc). We all get to watch each voter enter and get crossed off the list as they vote. The number of votes much match what we all saw. Once the votes are tallied (or someone complains from the group about a vote) a special cellphone only to be used for the election is used on speakerphone to call in the results in front of all of us.

The box is then taped up with special security tape and driven directly to a secure storage location.

The only way to have any tampering would be for all involved parties to be corrupt. That would be odd co-operation since all involved parties (other than Elections Canada) don't like each other.

Re:So what? (0)

Anonymous Coward | more than 2 years ago | (#40716861)

To continue that chain (this was a few years ago on the federal level, though), the phone call goes through to a phone pool (staffed by temporary Elections Canada employees) to the local office for the Elections Canada Returning Offer for the electoral district (typically such offices are rented out on a temporary basis for the period up until the election, and handle sending out the Voter Information Cards, handle electroral list revisions, advanced voting, etc). In the phone pool, the reported numbers from the poll are written on a small piece of paper and carried by hand to a temporary Elections Canada employee seated at a computer that has a data link to the Elections Canada servers in Ottawa (this was done over dialup may still be). This employee enters the election results into a special internal software program that sends the result to Ottawa to be compiled. The data is then distributed from there in near real time (to the website, the news organizations, etc). That was the job I did (entering the results into the official database). I vaguely recall asking about how they knew the person entering the data wasn't falsifying it, and it was explained that the hardcopy results from the polls would eventually be validated against what was entered, and any discrepancies corrected. Obviously mistakes and typos can happen even if the person entering the data is completely reliable. But the real-time process is required to get the results from the poll to the public as fast as possible, and it works pretty darned well.

Re:So what? (1)

SomePgmr (2021234) | more than 2 years ago | (#40714817)

Well sure, those kinds of things have happened... though I'd be surprised if 2.4m people worth of paper records were lifted all at once. I'm not-so-surprised with electronic records on a thumb drive. That can fall out of your pocket in the parking lot.

Re:So what? (1)

Em Adespoton (792954) | more than 2 years ago | (#40718761)

Well sure, those kinds of things have happened... though I'd be surprised if 2.4m people worth of paper records were lifted all at once. I'm not-so-surprised with electronic records on a thumb drive. That can fall out of your pocket in the parking lot.

...of course, the drives were encrypted, so this isn't much of a story. Since it could fall out of your pocket in the parking lot, they took precautions.

Strange thing, is I don't see this mentioned in the linked articles or anywhere on here.

Re:So what? (0)

Anonymous Coward | more than 2 years ago | (#40720285)

The USB drives were supposed to be password-protected, encoded and kept in a locked area accessible only to specific staffers. But these drives were not password-protected or encoded. And somehow, when the office area was being treated for mould in April, they weren’t in a secure area either and someone realized that the two USB drives had gone missing.

(from the local news source here)

Re:So what? (1)

Anonymous Coward | more than 2 years ago | (#40714863)

I wanted to start my response with "Are you stupid?" but instead I'll start with the following paragraph.

Paper voting can be monitored at every stage by representatives of all parties and by apolitical observers. In the UK, that's exactly what happens - from the carrying/opening of the ballot box to the count to the recording of results. There are people standing around watching everything who can and will raise merry hell if anything appears to be wrong.

You simply can't get this level of auditing with electronics: the equivalent would be lots of tallying/auditing software provided by different groups, all continually checking the system. Then you'd have to trust the hardware vendor, and so on. And for what benefit? A few more hours to count? No thanks. Luddism is the rejection of tech per se, not the rejection of tech when it is inappropriate.

Re:So what? (0)

Anonymous Coward | more than 2 years ago | (#40714723)

Good point. There was nary a single incident of voter fraud and election tampering before e-voting came along.

Re:So what? (1)

Desler (1608317) | more than 2 years ago | (#40714807)

You mean loss of records that anyone could already obtain since they are part of public record?

Re:So what? (1)

busyqth (2566075) | more than 2 years ago | (#40714879)

You mean loss of records that anyone could already obtain since they are part of public record?

Yes I mean those. Exactly those. And no others.

Re:So what? (2)

Mashiki (184564) | more than 2 years ago | (#40715589)

In Canada we pretty much do everything by pencil and paper. What this is though is the register of voters of who's eligible to vote by district. There are places where you can vote by electronic machine, but most people don't use them, they don't like them. It's pretty simple and straight forward.

How it works is like this:
In Canada when you file your taxes, you get the option of allowing Revenue Canada to send your personal information(DOB, name and address) to Elections Canada and in the regional office for Elections Canada for the voting registry. This is then used to compile the voter registration database. You can refuse, there's no problem with that. You just show up on election day and they update the register then. You'll have to show Government issued photo id, and two bills within the last 30 days that have your name and address on it. Then you can vote. Also, if you vote, you must show photo ID. This Photo ID is matched with the registar book.

If you move, your name appears on the original registar still. But you can vote in your new district. The new district will often call your old district to have your name removed before allowing you to vote at your new one. Honestly, and to the point, I can't figure out what the big hoopla in the US is about over voter ID is anyway. But maybe that's besides the point.

Private? (4, Interesting)

Lev13than (581686) | more than 2 years ago | (#40714561)

Sounds like the same "private" information that every candidate and party has access to during the election campaign and on election day. Not sure about the birth date, but everything else is definitely on the voter registration and tracking printouts used by poll clerks and by party scrutineers during the election.

Yes, but you have to *pay* for those (1)

oneiros27 (46144) | more than 2 years ago | (#40715867)

$128 in Maryland:

http://www.elections.state.md.us/voter_registration/purchase_lists.html [state.md.us]

(and you can get 'em on CD, rather than printed out ... I seem to recall it being a spreadsheet when I saw one ... don't know if it was a flat file that someone had imported, or if they gave it to you in Excell)

Re:Yes, but you have to *pay* for those (0)

Anonymous Coward | more than 2 years ago | (#40716019)

So, your issue is not that private or personal information was leaked, but that the Canadian government was not adequately reimbursed for the leaked data?

I'm not really understanding your position on this matter. Are you for or against the release of this information?

If you are for it's availability, why do you feel that a fee associated with public information is appropriate?

If you are opposed to the release of this information, why would you be amenable to its release simply because a fee was paid?

Re:Yes, but you have to *pay* for those (2)

Em Adespoton (792954) | more than 2 years ago | (#40718797)

So, your issue is not that private or personal information was leaked, but that the Canadian government was not adequately reimbursed for the leaked data?

I'm not really understanding your position on this matter. Are you for or against the release of this information?

If you are for it's availability, why do you feel that a fee associated with public information is appropriate?

If you are opposed to the release of this information, why would you be amenable to its release simply because a fee was paid?

I think he's meaning to point out that as you can purchase this information relatively cheaply, it doesn't really matter whether or not it was leaked.

Of course, Canada still isn't the US, and the data was encrypted, so nobody likely got their hands on the sensitive data.

Re:Private? (1)

Mike Van Pelt (32582) | more than 2 years ago | (#40716179)

That was what I was thinking. When I ran for a local office and did some precinct walking back in 1992, I got a printout (fan-fold, green-lined line printer output) with this information. I don't recall what it cost, but it wasn't that much.

In Other News, Phone books missing (5, Funny)

retroworks (652802) | more than 2 years ago | (#40714595)

I'm almost as alarmed by the sense of alarm. This sounds like harmless information. A ten year old hard drive is not the same as losing your current laptop, and being tagged in a Facebook photo is not as dangerous as having your social security information compromised. Maybe we should distribute useless USB sticks filled with past telephone book listings just to keep identity thieves busy..

Re:In Other News, Phone books missing (1)

Sir_Sri (199544) | more than 2 years ago | (#40714679)

encrypted

USB sticks

you missed an important part.

Re:In Other News, Phone books missing (1)

mlts (1038732) | more than 2 years ago | (#40716619)

From the TFA, the USB stick was not encrypted.

This in itself is pure stupidity. You can buy USB flash drives with hardware AES encryption on the cheap. Even the more expensive drives that are physically tamper resistant like the IronKey are not that pricy.

As for software locking, BitLocker comes with Windows 7, and TrueCrypt is available at no charge.

There is no excuse for unencrypted USB drives, none.

Re:In Other News, Phone books missing (0)

Anonymous Coward | more than 2 years ago | (#40717313)

From the TFA, the USB stick was not encrypted.

This in itself is pure stupidity. You can buy USB flash drives with hardware AES encryption on the cheap. Even the more expensive drives that are physically tamper resistant like the IronKey are not that pricy.

As for software locking, BitLocker comes with Windows 7, and TrueCrypt is available at no charge.

Even the common archive programs (7Zip, Zip Genius etc) include heavy duty encryption, if you choose that option

Re:In Other News, Phone books missing (1)

Em Adespoton (792954) | more than 2 years ago | (#40718843)

The TFA didn't say the stick wasn't encrypted -- it just failed to mention the fact that it was... and yes, it was. Other articles available on google go into much more detail.

And yes, there is no excuse for unencrypted PII on USB drives.

Re:In Other News, Phone books missing (0)

Anonymous Coward | more than 2 years ago | (#40721355)

Even if it were encrypted, that might not bring peace of mind. Zipping some files up with PKZIP and the old 2.0 encryption (pre-AES) is a lot less secure than using TrueCrypt with all the machines the flash drive goes into having keyfiles and a solid passphrase.

Not hard to fix. Just a couple Bitlocker policy settings on Windows guarantees an encrypted drive as soon as there is an attempt to write to it.

Re:In Other News, Phone books missing (1)

pluther (647209) | more than 2 years ago | (#40715229)

...and being tagged in a Facebook photo is not as dangerous as having your social security information compromised.

It could be worse, depending.

Having your SSN compromised can be fixed through filling out some forms, paying some fees, and forwarding a few dozen letters to wishful creditors.

But whenever a new HR department googles you and finds that one picture...

Re:In Other News, Phone books missing (0)

Anonymous Coward | more than 2 years ago | (#40717461)

Most Canadians do not have a SSN since they do not particularly care about the US Social Security. Perhaps you meant SIN (Social Insurance Number)?
http://www.servicecanada.gc.ca/eng/sc/sin/

Re:In Other News, Phone books missing (1)

EdIII (1114411) | more than 2 years ago | (#40715427)

While you are attempting to make light of it, there are rather serious concerns:

The information at issue is limited to full name, gender, birth date, address, whether or not an elector voted in the last provincial election and any other personal information updates provided by voters

Physical address is concerning. Not everyone wants that listed and has trust that the government, who ostensibly needs that information, will protect it. Yes, it could matter. Plenty of people are harassed, have sensitive jobs (law enforcement, abortion doctors, etc.), and have quite valid reasons to wish for some privacy and anonymity. Both of which are basic human rights that no government should be able to violate in the first place for any reason. That is arguable of course, but complete public dissemination of where citizens sleep is not something I would call "popular".

Whether or not a person voted is information that can be used against them, and more than likely could result in increased harassment from political parties seeking to gain power. It's like putting blood in the water for sharks. Moreover, the fact that you did not vote is not information that is any less sensitive than who you may have voted for.

Personal information updates is just wide open. You can't make a claim either way about the sensitivity of that information, and dismissing it out of hand is baseless.

The real concern is the security practices of Election Ontario. I think it is the state of Massachusetts (?) that levies hefty fines for any corporations or organizations that let information out like this.

There is no excuse either. It's patently ridiculous to have that much sensitive information on USB sticks for fucks sake. Their CTO, and those directly responsible for the USB sticks should be fired and fined, or laws created to allow them to be heavily fined.

I know regulations are not exactly popular around Slashdot, but any agency or corporation that deals with that much information should be required to go through some information security courses or something. I'm sure we could all write pages and pages here about best security practices that would have greatly mitigated this event.

Re:In Other News, Phone books missing (1)

mcgrew (92797) | more than 2 years ago | (#40717767)

Physical address is concerning.

For a hundred years, almost everyone's address was published in a printed book that came out yearly. It was opt-out, and to keep your name off the list you had to pay extra for the unlisted phone number.

Plenty of people are harassed, have sensitive jobs (law enforcement, abortion doctors, etc.)

If you're being harrassed, you go to the courthouse and get an order of protection. If you're a cowardly wimp, law enforcement may not be the ideal line of work for you. If you're an abortion doctor, you're in more danger from a drunk driver than a crazy anti-abortion murderer.

Whether or not a person voted is information that can be used against them

In Illinois it's a matter of public record whether or not you voted, and if you vote in the primary, so is the party you chose to vote in.

It's patently ridiculous to have that much sensitive information on USB sticks

That goes without saying.

What is this info doing on USB-sticks? (4, Insightful)

santax (1541065) | more than 2 years ago | (#40714601)

What would be a valid reason to put that much info on 2 usb-sticks besides, wanting to sell it or altogether being to darn lazy to even think about security and consequences. Anyone?

Re:What is this info doing on USB-sticks? (0)

Anonymous Coward | more than 2 years ago | (#40714691)

The data was not supposed to be on the USB keys to begin with according to the internal protocols.

"Two Elections Ontario staff members did not follow standard protocol when it came to handling that information, Essensa said."
http://www.cbc.ca/news/canada/toronto/story/2012/07/17/ontario-voter-data-breach.html

Re:What is this info doing on USB-sticks? (2, Insightful)

Sir_Sri (199544) | more than 2 years ago | (#40714777)

moving data between computers. Not everyone knows how to do network sharing. they may also physically mail the encrypted USB sticks to people (or pass them around) for whatever reason. Ontario is a big place, and we've got about 13 million people over a large area, so there might be a lot of data moved around snail mail style by people who for whatever reason aren't linked up to a the central physical database.

They may also have data for static analysis. The 'real' data might be updated constantly as people change addresses and so on, which is fine, but if you want to analyze voting patterns, say related to a investigation of robocalling (http://en.wikipedia.org/wiki/Robocall_scandal), you need the data preserved as it applied to a particular point in time.

Re:What is this info doing on USB-sticks? (0)

Anonymous Coward | more than 2 years ago | (#40715139)

Most of Ontario (landwise) doesn't have high speed internet, but all of Ontario has mail. Of course, population wise, much of Ontario has high-speed internet (Although a surprising amount of it is only via wireless, which sucks, but hey, better something than nothing!)

Thus, to accomodate the lowest common denominator, USB sticks are used.

No (0)

Anonymous Coward | more than 2 years ago | (#40716507)

The data wasn't encrypted so clearly it wasn't meant for internal use.

Re:No (1)

Sir_Sri (199544) | more than 2 years ago | (#40718085)

The local reporting here said it was. I'm not sure who is wrong/lying

Re:No (1)

Em Adespoton (792954) | more than 2 years ago | (#40718885)

The data WAS encrypted, so your argument is useless. The poster just chose the wrong links, as the ones linked fail to mention that the data was encrypted.

Re:What is this info doing on USB-sticks? (0)

Anonymous Coward | more than 2 years ago | (#40714825)

I don't know about Canada but in the US voter information has always been public and available to all. In California there are so-called confidential voters such as law enforcement, public figures, etc. but in general voters names, addresses, party affiliation and voting history are easy to get. Of course how a person votes is not recorded or captured anywhere. That s why you often see political candidates criticized if they didn't vote for a while.

Re:What is this info doing on USB-sticks? (1)

Anonymous Coward | more than 2 years ago | (#40715273)

I find it somewhat amusing that the information for "public figures" is kept private, while for private citizens it is made public.

Re:What is this info doing on USB-sticks? (1)

Em Adespoton (792954) | more than 2 years ago | (#40718917)

In Canada (and in Ontario), there are specific laws protecting personal information and how it can be stored/used. There is a stricter set of laws aimed at the government, and a laxer set of laws that apply to all businesses and individuals. So while the data is available if you go through the right channels, how you get the information (and the information you need to give up about yourself to get it) is strictly controlled.

Re:What is this info doing on USB-sticks? (1)

Striek (1811980) | more than 2 years ago | (#40715259)

The laptops were not networked and were not connected to the Elections Ontario network, therefore, two USB drives were to be used for the purpose of transferring information amongst the laptops in the facility.

http://www.elections.on.ca/en-CA/AboutUs/Privacy_Breach.htm [elections.on.ca]

Re:What is this info doing on USB-sticks? (1)

ThatsNotPudding (1045640) | more than 2 years ago | (#40715277)

Might be time to require any USB stick used by government officials to be permanently attached to a large iron ball.

Re:What is this info doing on USB-sticks? (1)

PolygamousRanchKid (1290638) | more than 2 years ago | (#40715509)

permanently attached to a large iron ball.

I've got a better idea. How about attaching it to the two balls in the crotch of the user?

No idiot would lose them by leaving them around somewhere, and not be able to find them. But then again, nothing can be made foolproof, because fools are so ingenious.

Once again, humans are the weakest link in the security chain. Now, if you'll excuse me, I need to adjust my shit. My USB stick isn't hanging right . . .

Re:What is this info doing on USB-sticks? (1)

Muramas95 (2459776) | more than 2 years ago | (#40715921)

There is no reason this information should of been on these USB sticks. Even if they DID have them on sticks they should of been encrypted. No excuses.

Re:What is this info doing on USB-sticks? (0)

Anonymous Coward | more than 2 years ago | (#40716819)

In the US, this sort of info would be available to anybody who asked at the registrar of voters office. Last time I got full voter info for 20-25 voter districts, it was on a compact disk. They charged me $10 for it. Next time, it might be on USB sticks. I probably misplaced the CD, as after the primary it wasn't needed anymore. This is not a big deal.

Re:What is this info doing on USB-sticks? (0)

Anonymous Coward | more than 2 years ago | (#40716841)

The various electoral bodies in Canada are not exactly technologically savvy when it comes to distributing or transporting data in this day and age. I know that Elections Canada still distributes voter list updates to the local candidates on 3.5" floppy disks, and although they at least have the good sense to encrypt them, the passwords are often distributed with the disks. I think there is actually legislation in the works to move to an optical media distribution format - I'm thinking this will probably be implemented just in time for optical media to die off.

To answer your question though - I don't think any of the electoral bodies have particularly sophisticated networks with client/server type access to this data. In all likelihood it contained some sort of updated information that was collected during the last election, updates to addresses, newly registered voters, etc. As to not thinking about security - it wouldn't surprise me if they hadn't thought moving the data between internal employees was a risk.

No "personal information" (0)

Anonymous Coward | more than 2 years ago | (#40714607)

Pretty much any info on these things is already publicly available, except for SINs (like SSN's for Americans), and whether you voted or not in the last election.

Relax people - it's not like credit cards or Facebook/email message archives.

at least the made a public statement... (2)

acidfast7 (551610) | more than 2 years ago | (#40714643)

...versus most corps who do not unless forced to.

Ontario region? (3, Informative)

Chonnawonga (1025364) | more than 2 years ago | (#40714729)

FYI, Ontario is a province. net-security.org should appreciate the value of precision, and /. editors need to edit.

Sincerely, an Ontarian. (Yes, that's a word.)

Re:Ontario region? (1)

dkleinsc (563838) | more than 2 years ago | (#40715099)

/. editors need to edit

You must be new here - that's really expecting far too much.

Re:Ontario region? (1)

Chonnawonga (1025364) | more than 2 years ago | (#40715269)

/. editors need to edit

You must be new here - that's really expecting far too much.

Oh, I don't expect them to DO it. I just want them to lose sleep at night.

Re:Ontario region? (1)

DarthVain (724186) | more than 2 years ago | (#40716987)

LOL.... really Ontario Region?

Its just 1,000,000 square km (400,000+ sq miles). Just a little area really....

Ontarioish. Brings new meaning to inaccurate, both in word, and in meaning.

Re:Ontario region? (0)

Anonymous Coward | more than 2 years ago | (#40717543)

Our country is bigger than yours, yet we don't call the United States a region for kicks and giggles (or because we suck at editing)

Fuck right off.

Seriously? (2)

Zamphatta (1760346) | more than 2 years ago | (#40714805)

On USB sticks???? What are they doing on USB sticks?!?!? Whoever put that on there, should be fired immediately, no questions asked.

Re:Seriously? (1)

Golden Section (961595) | more than 2 years ago | (#40715243)

Whoever put that on there, should be fired immediately, no questions asked.

And additionally, companies with such employees should be fined heavily. Only if it costs them much money, only then will this stupidity end. Protocols need to be in place, taught, checked and enforced with consequences.

Re:Seriously? (0)

Anonymous Coward | more than 2 years ago | (#40715483)

Why? In many countries, such as the United States, you can purchase all of the information that was lost here quite cheaply.

$7 for the U.S. Washington State's Voter Registration Database
https://www.sos.wa.gov/elections/vrdb_order.aspx [wa.gov]

The list of districts is in XLS? (0)

Anonymous Coward | more than 2 years ago | (#40714845)

Is there somewhere I can see a list of impacted districts without downloading an XLS from these nitwits?

Encryption (3, Insightful)

subreality (157447) | more than 2 years ago | (#40714859)

People think I'm paranoid because I encrypt all my drives... but when I lose a disk I never have to wonder if it potentially ended up in the wrong hands. Too bad it's only done by us loonies and not as standard practice everywhere.

Re:Encryption (0)

Anonymous Coward | more than 2 years ago | (#40715479)

Don't worry, your drives are safe with us.

- NSA agent

Voter Data is for sale in most US states. (0)

nestastubbs (924081) | more than 2 years ago | (#40715095)

This data is for sale in most states, to anyone who registers as a political committee (that is, candidate campaigns, political parties, PACs, fundraising groups etc...) In Illinois it includes all the data mentioned above, plus a history of which party primaries you voted in, and all of the political subdivision you are in. We, the Illinois Green Party, used it to build a Rails app for transcribing our candidate's ballot petitions, and then verifying addresses and signatures to make sure we have sufficient valid signatures, and were turning in our best sheets. Once the Democratic machine tried to challenge the petitions, we would have the voterid already looked up. It allows us to spread transcription and lookup to a dozen volunteers, and cost less to build and run than one days of lawyer fees the machine had to pay to just file the doomed objections.

it took MONTHS (0)

Droog57 (2516452) | more than 2 years ago | (#40715173)

That is my biggest problem with this issue. Not that the dolts that were responsible screwed up, but that it took MONTHS of internal "investigations" before some bright spark decided that it was time to share the facts with the people most affected. Typical Ontario Liberal nanny state policies.. Bad Dalton. Down boy, stop humping granny's leg!

WHat is Canada's population? (0)

Anonymous Coward | more than 2 years ago | (#40715181)

2.4 million is approximately 8% of the Canadian population

Re:WHat is Canada's population? (0)

Anonymous Coward | more than 2 years ago | (#40715749)

Or, about every single person on Ontario who voted last provincial election.

Well, I'm Probably On The List (3, Insightful)

TheSpoom (715771) | more than 2 years ago | (#40715203)

So congratulations to the thief (or finder) for now knowing my birthday and former address.

Re:Well, I'm Probably On The List (0)

Anonymous Coward | more than 2 years ago | (#40716181)

As well as the multitudes of solicitors and spammers who now have that LITERALLY VALUABLE information.

Just because you dont see the value doesn't mean it isnt there.

Re:Well, I'm Probably On The List (1)

TheSpoom (715771) | more than 2 years ago | (#40717189)

In my case, the information is not that valuable. I'm a rather easy person to find, it doesn't include my email address, and the address no longer corresponds to me.

can only be accessed and read by... (3, Insightful)

game kid (805301) | more than 2 years ago | (#40715251)

The information contained on the two sticks wasn't encrypted and the sticks themselves weren't password-protected - as they should have. Still, it can only be accessed and read by using internal Elections Ontario proprietary software or specialized commercial software applications.

...and the thieves, once they (quickly) figure out how the fields are arranged and stored.

Re:can only be accessed and read by... (1)

GameboyRMH (1153867) | more than 2 years ago | (#40716077)

Yeah nothing that can't be cleaned up with a hex editor and a small script.

Fuck it (1)

SilverJets (131916) | more than 2 years ago | (#40716535)

I'm going to go out get a bunch of credit, rack it right up, and then claim my identity was stolen. The banks can go after Elections Ontario for the bill.

Re:Fuck it (1)

quacking duck (607555) | more than 2 years ago | (#40719755)

And if they're successful, your tax dollars goes to the bank.

More importantly, MY tax dollars also go to the bank for your selfishness.

I'll assume you were joking.

"How an individual voted"??? (1)

mark-t (151149) | more than 2 years ago | (#40716653)

Why would anyone be remotely concerned about this?

*NOBODY* knows how a given individual voted in Canada, unless that individual tells somebody. They might be able to tell if or when you voted... and of course where you were at when you voted, but there is no possible way, short of doing something that *WILL* get you put under arrest (with a likely prison sentence), knowing how somebody else voted in any federal or provincial election is just not going to happen unless you can get them to tell you. And even then, the only way you could know for sure that they weren't telling the truth if they decided to lie about it is if they claimed to vote for somebody who received zero votes at the polling station where they voted (which in my experience working at those stations a few times isn't terribly likely, because even the weirdest ones on the ballots that you might think wouldn't get any votes always seem to get the odd person or persons voting for them at any given station).

Re:"How an individual voted"??? (2)

Pope (17780) | more than 2 years ago | (#40716859)

Really, it's like a lot of information that's technically "publicly" available, but scattered among multiple incomplete sources. This leak compiles a lot of that public info into one easy to digest package.

It's like how a lot of property ownership information was "publicly" available, but getting off your ass, down to City Hall, and filing the proper information requests. Once it hits the 'net, the effort needed to access that information en masse drops drastically. Then you can do nefarious things with it.

Re:"How an individual voted"??? (1)

mark-t (151149) | more than 2 years ago | (#40717395)

I know.... I'm just surprised that anyone would have figured that how a person voted could have ever hoped to make it into that kind of list.

Ever read the phone book? (0)

Anonymous Coward | more than 2 years ago | (#40716919)

I live in one of the affected ridings, but who cares? Ok, so my birthdate wouldn't be in the whitepages, but it's sure on Facebook. This information isn't private. It's the same stuff that's been in the phonebook for decades.

Why the fsck ? (1)

Hamsterdan (815291) | more than 2 years ago | (#40717013)

Why was that info on a USB stick (for one), and why wasn't that info protected?

Whew (0)

Anonymous Coward | more than 2 years ago | (#40721249)

I'm glad I didn't bother to vote in the last provincial election

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>