Due to the proximity to the United States, everyone calls what I send out FOIs. The thing is that the Vancouver Police Department request that I sent was the first FOI that I ever sent. Everything that I sent the Federal Government is an ATIP, that is, it either under the Federal Access to Information act or the Privacy Act in Canada. However, due to the recent issues with the PRIME-BC system, and the amateurish nature of PRIMECorp’s 2009-2010 Annual Report, I decided to FOI the Solicitor General’s office. In British Columbia, they ask you to call the ministry first before using FOI, but because of my firm belief that the BC Liberals are full of shit, I went straight to the FOI form.
Now, the concept of the FOI form, which is right here</a>, is awesome. In practice, you may notice that this form is missing an SSL Certificate. Not only that, the site times out when you try to force SSL on it. And, while the site claims the following:
Personal information contained on this form is collected under the Freedom of Information and Protection of Privacy Act and will be used only for the purpose of responding to your request.</em>
In reality, the lack of an SSL Certificate in the year 2011 violates this very act. In fact, it violates the following:
30 A public body must protect personal information in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.</em>
The BC Government is currently in violation of their own law by not providing a SSL certificate. Now, I know pretty well how broken SSL is these days, but this has NOTHING AT ALL, and when even this blog has a fucking SSL cert, I’m pretty sure the BC Government can swing the $100/year it costs to purchase one to fulfill this requirement. Here’s the letter that I sent them:
I recently filled out the FOI form on the BC Government website. I am happy that you allow for people to file these requests online, but I noticed that this form does not have an SSL certificate. This form is currently setup so people have to have their Address, Phone Number and E-Mail Addresses sent unencrypted over the Internet, as well at their initial request for information if they want the convenience of not having to send a letter, or fill out a paper form. Not only that, anyone who is using any public wifi (such as at Vancouver Public Library or Starbucks) could be sending their information through the air such that it could be intercepted by anyone.
Could you please let me know whether your department plans to add a SSL certificate, and if so, the timeframe that it would be implemented? Also, if your department plans to not implement this, would you please let me know the reasons why? I feel that privacy just as important as the right to know and I hope that you feel the same way. If you could respond, that would be greatly appreciated.
Thank You </em>
That being said, the fact that you can submit information to the government and it actually goes somewhere is pretty cool, and it’s much better than fishing for the right department or ministry on the Treasury Board of Canada’s homepage, then filling out the forms, then mailing a $5 cheque to the Govt department, only to have it cashed two months later.