FIREARMS FACTS - UPDATE
(Updated: October 11, 2002)
RCMP CAN’T BACK-UP THEIR STATEMENT THAT CPIC
COMPUTERS HAVE NEVER BEEN HACKED:
THEY JUST DON’T COLLECT THE INFORMATION
RCMP RESPONSES TO BREITKREUZ’S
ACCESS
TO INFORMATION REQUEST AND COMPLAINT
RCMP
FILE: 01ATIP-25127
BREITKREUZ’S ATI REQUEST – JUNE 6, 2001:
Reference being made to RCMP File:
01ATIP-02610 and to a letter dated March 08, 2001. For the period 1995 to
present, please provide records and reports that would demonstrate exactly how
the RCMP determined that “the number of penetrations to the CPIC system
through unauthorized connections is nil.”
RCMP INITIAL RESPONSE – JULY
26, 2001:
Please be advised that there are no reports or records specific to your request however our office has attached correspondence from Supt. David Gork of the R.C.M.P. Departmental Security regarding this issue.
E-MAIL FROM DAVID GORK TO RCMP ATIP
OFFICE DATED JULY 17, 2001: “As
per your request, the only answer that I can provide you with is to confirm that
systems used to monitor the overall system, has never indicated a successful
penetration of the CPIC system, and the system used is verified on a regular
basis.”
BREITKREUZ COMPLAINT TO
INFORMATION COMMISSIONER – JULY 26, 2001:
Once again, the RCMP’s response defies belief. Do they really want us to believe that in six years they never issued one report on the “effectiveness” of their computer security system at CPIC? Rather than pay Entrust Inc. $27 million to fend off computer hackers (National Post article, Page A5, July 3, 2001), why wouldn’t the government simply ask the RCMP to duplicate the CPIC success story in all the government’s computer systems?
…continued on Page 2
-2-
RCMP’S FINAL RESPONSE – JULY
10, 2002:
This is in response to your request under the Access to Information Act received on June 11, 2001, seeking access to reports that would demonstrate exactly how the RCMP determined that the number of penetrations of the CPIC system through unauthorized connections is nil and your subsequent complaint to the Information Commissioner of Canada. Please find attached an e-mail dated June 17, 2002 from Chief Superintendent David Gork, R.C.M.P. Departmental Security Officer. This document should clarify any ambiguity relating to your request and complaint.
E-MAIL FROM DAVID GORK TO RCMP ATIP
OFFICE DATED JUNE 17, 2002: “CPIC
is but one of many applications that are protected on the NPSN (National Police
Service Network) and attacks on the network cannot be broken down as to which
application is the intent of the attack. In
general, attacks are to gain access through the protective measures, and from
there to ‘look around’ for opportunities as to where the attacker ‘can
go’. Therefore there are no stats
that are collected that would indicate where any attacks are directed with the
NPSN.”
INFORMATION COMMISSIONER’S
INVESTIGATION – October 11, 2002
“During the course of our
investigation, my investigator met with officials from the RCMP and was provided
with a detailed and comprehensive explanation regarding the department’s
security systems. They confirmed
that CPIC is one of many applications protected within the National Police
Service Network and there is no way of determining what application is being
targeted, if an unauthorized access is being attempted.”
BREITKREUZ’S
OBSERVATIONS:
So, after more than a year, we learn that CPIC (Canadian Police Information Centre) is part of the National Police Service Network (NPSN) and the Chief Superintendent in charge of the NPSN now claims the RCMP has “no stats collected that would indicate where any attacks are directed with the NPSN” - including CPIC.
Thus, proving that the reason the “systems used to monitor the overall system, has never indicated a successful penetration of the CPIC system” is because the RCMP computer systems only collect information on attempted and successful penetrations of NPSN – NOT CPIC.
CONCLUSION:
The RCMP just don’t know if CPIC computers have ever been hacked and it seems
they like it that way. Otherwise,
they would have their computer systems collect the information wouldn’t they?