In early August, we had the first call about the missing data from Elections Ontario. Click here for more detail. Most people get the point that Elections Ontario is the independent entity responsible for running Ontario elections. In case you were wondering, here is the synopsis in point form:
- To ensure complete independence of the conduct of an election, all provinces and the federal government have independent, “arm’s-length” agencies who conduct enumeration (i.e. determine who is eligible to vote), administer the election, and announce the results;
- The Government of Ontario funds Elections Ontario, just like it funds the courts. The government does not run or administer the courts, the police or the conduct of an election;
- None of the poltical parties oversee or influence Elections Ontario, or are in any way connected with Elections Ontario. To re-state the point: the Liberals, Conservatives and NDP had no influence on the conduct of the Elections Ontario staff who lost the data. Neither the Legislative Assembly nor the Government of Ontario oversees the actions of Elections Ontario.
It is this independence of Elections Ontario, and the trust that people must, by definition, have in the agency that makes its compromising of personal data that much more serious. The degree to which we trust Elections Ontario to be impartial, to collect accurate voter information and to ensure that our elections are fair, honest and unbiased makes it all the more imperative that Elections Ontario get its data act cleaned up. See below for how.
What might be done
In the next section, I’ll discuss the USB key and why to avoid it. In business and government terms, there is no reason to keep data or documents of any significance whatsoever on a USB key. In lieu of a cheap and insecure USB key, today’s data road warrior can substitute a USB internet access stick from your carrier of choice, be that Bell, Rogers or whoever.
Data should be entered, or documents created and/or amended, on a server operating through a secure Virtual Private Network (VPN). Individuals and small businesses can use such services as SkyDrive (from Microsoft), iCloud (from Apple) or Google Docs.
The long and short of it is that USB keys are too easy to lose and far too insecure. If anything matters, it should not be kept on a USB key. Period. There is a better, more secure, and very affordable way to protect a document and not run the risk of having it kept on an insecure USB key that is far easier to lose than we would all like to admit.
And to be personal…
I have a USB key. I have, in the past, carried it with me, and used it. I have also left it in a computer I have been using more than once. I have always found my USB when I have left it somewhere. The last time, this spring, that I forgot it in a computer I was using, I looked at what was in the USB key after I recovered it (it was right where I had left it), and came to the conclusion that my SkyDrive acount was the better alternative by far.
I was not carrying anything important or sensitive on my USB key. However, that’s not the point. I took everything work-related off the USB key, and put it on my SkyDrive account. We had the discussion at the office too. The staff were going to agree with me one way or another, but we honestly did agree on not using USB keys for anything government-related. And that was before the data horse left the Elections Ontario barn.