[nSLUG] NS 4.7x [was: Add yourself to the nSLUG member blogs wiki page]

gnwiii at gmail.com gnwiii at gmail.com
Sun Jan 14 09:10:29 AST 2007


On 1/13/07, Mike <mspencer at tallships.ca> wrote:
>
> jpb> ...same problem with the NS licence plate renewal site....I wrote
> jpb> them a few time explaining that I couldn't renew my plates on
> jpb> line, that coming into an office or using M$ was not an option
> jpb> due to security reasons.
>
> Did I parse that right?  You can't/won't go into a registry office in
> person for security reasons?
>
> gnwiii> Next time a politician knocks on your door, ask why the
> gnwiii> government continues to support expensive, proprietary,
> gnwiii> insecure systems from M$ when other governments are using
> gnwiii> better technology...
>
> Do you happen to know, George, what system the Motor Vehicle Registry
> uses to store it's vehicle registration and driver license data?  A M$
> system in NS?  A M$ system elsewhere?  Outsourced to any system outside
> of Canada?  Here's why I ask (drifting even further off topic):

I don't know anything about DMV, but this is a good time to mention
the experience of my father-in-law, who retired to rural Maine and
became involved with the local town government in various volunteer
jobs.  Some anomalies came up in the property valuations.  To
investigate these, he asked for a copy of the database.  A small town
with no IT dept. can't do all the record keeping itself, so they hire
a contractor to maintain the database and produce the various reports
for accounting and reporting to state and federal agencies.  The
contractor wanted
$10k to produce a custom report for my father.  He went to court and
got a judgement requiring the contractor to produce a copy of the
database.  He then bought the software (commercial database package)
and discovered an audit trail in the database.  The anomalies were due
to the contractor fudging records in favor of her relatives.

Public police, tax, and property records have also been used in
identity theft. Typos in these records have caused some individuals
real problems.

There is way to much personal data in public records, and very little
real control over the security and integrity of these records.  I have
had problems with propery tax record keeping in 2 different municipal
governments in NS.   There is no federal or provincial oversight of
these systems, and no federal oversight of provincial systems.

In the US there are federal standards efforts (such as using
encryption on all laptops, which will likely result in increased loss
of data due to forgotten passwords), but it is too soon to tell if
these will be effective or simply a cash cow for companies that sell
"security" tools.  It has been an uphill battle to get standards for
voting machines in the US -- few people are trying to do anything
about the way local governments manage data.  In Canada my impression
is that the large banks provide many of the financial services to
local governments, and tend to take the attitude that they can handle
security without regulation or external policing.

It doesn't really matter what system is used to manage DMV records in
NS. What does matter is that there is no public, transparent, system
that offers assurances against data loss or leakage.  Can you get a
record of all accesses to your data?  If there is leakage, will you be
notified?
If there is an error, can you get it fixed?

There have been a number of "clerical" errors resulting in prisoners
being released early and automobile accident reports being "mislaid".
Are these symptoms of widespread data management failures in
governments?  The public has learned to expect erratic behaviour from
computing systems, so are willing to overlook glitches that may be
signs of real problems.

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia

!DSPAM:45aa2bc7283741380818590!




More information about the nSLUG mailing list