Another revenge leaking from Nats

Written By: - Date published: 8:30 am, October 17th, 2012 - 31 comments
Categories: accountability, Ethics, paula bennett - Tags: , , , ,

The incompetence of Paula Bennett’s Ministry of Social development is truly unbelievable. They left confidential information accessible from public kiosks. It came out early on that they were warned of the vulnerability in July last year by a beneficiary advocate – and they did nothing. Yesterday it emerged that they were also warned by an IT company – and they did nothing!

IT firm warned WINZ of kiosk issues last year

The Ministry of Social Development was warned by an IT company last year that private client information could be accessed on its public computer kiosks.

But the system flaws are only being fixed now – a year-and-a-half later – after blogger Keith Ng accessed tens of thousands of confidential documents.

In April last year security experts from leading international IT company Dimension Data were contracted to hack Work and Income kiosks to find vulnerabilities in the system. Yesterday the Ministry of Social Development CEO said the company didn’t find anything wrong, and today the story changed.

“Dimension Data raised issues with MSD, MSD paid them $10,000 to do that and then did nothing to follow up the problems they identified,” says Labour social development spokeswoman Jacinda Ardern.

Then of course, there was the third warning from Ira Biley. He approached the MSD, and requested a reward for his information (much like Dimension Data was paid 10K). When this was declined he tipped off Keith Ng, and the rest is history. Naturally the Nats (and their odious proxies), looking for any kind of distraction, have attacked him. Continuing the piece above:

Ms Bennett and her staff have been accused of intentionally leaking Urewera 17 member Ira Bailey’s name to the media. He tipped Mr Ng off, having failed to get money from the Ministry of Social Development for pointing out the system flaws.

“He was asking for a reward – I believe that was the word that was used – so you can sort of take from that what you want to,” Ms Bennett says.

Ms Bennett says … no one was under any obligation to keep Mr Bailey’s name secret But the Opposition will keep asking for an investigation into what it believes was a revenge leak.

Earlier this year the Privacy Commissioner concluded that Paula Bennett broke the law in leaking the private details of two beneficiaries. Bennett refused to accept the conclusion, and said that she could leak details again in the future. Sure enough she appears to have done so again. Naturally Key (who joined in the attack) will not hold her to account. So (in Bennett’s own words eh) you can sort of take from that what you want to…

31 comments on “Another revenge leaking from Nats ”

  1. marsman 1

    All this shows Paula Bennett up for the spiteful nasty wee creature she obviously is. Ira Bailey did her and her incompetent Department a huge favour and what does she do? She turns around and tries to blacken his name. Nasty is too kind a word.

  2. karol 2

    Under Andrew Geddis’s post on the issue, one of the commenters claims that he heard on RNZ yesterday, that Ira Bailey didn’t ask for money to report the holes to the MSD.  John Norma said:
     

    in which an Ira Bailey was questioned and heard to deny asking for money or like payment for his contribution or IT assistance etc..

     
    Can anyone confirm this?

    • Stephen 2.1

      It’s not quite as clear cut as that. Listen to:

      http://www.radionz.co.nz/national/programmes/checkpoint/audio/2535731/massive-breach-of-security-at-the-msd.asx

      Ira said he asked whether they had a reward program. They didn’t get back to him, so he told Keith. Then they did get back to him, and he said hey, I told Keith, you can get all the details from him. (My paraphrases.)

      Incidentally that interview is a damned good list. Ira lays out what he found in more detail than Keith reported initially. It’s really damning.

      • marty mars 2.1.1

        Yes I heard that interview too and he did quite a lot to alert them to the issue. I note in the NZH article Ira says,

        I called up on Monday 8th October to say there was a security leak and ask who to talk to. And I also asked was there an incentives scheme about security flaws, which is what Google and Facebook do.

        http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10840789

        Asking about an incentive scheme for discovering security flaws is not the same as demanding payment IMO.

      • weka 2.1.2

        Here’s the timeline (from what I can tell from the Checkpoint interview with Bailey)

        Friday (5th Oct): Bailey visits Newton kiosk, sees security breach within a few minutes of looking.

        Monday morning: He goes to a different WINZ office, uses a kiosk and sees breach is there too.

        Phones MSD at 10am, says he wants to report a security breach, gets put through to an answerphone. Doesn’t leave a message.

        Phones back, leaves a message with name and phone number.

        Tues: no call back from MSD, gives story to Keith Ng.

        Weds: MSD contact him, he tells them he has given details to a journalist. MSD wants details of problem, but Bailey refers them to Ng for the information. He apologies for this in the RNZ interview, but says that at the time he thought the story needed to be told and not covered up (if he told the MSD directly they would close the kiosks and the story would be lost).

        And he clarifies that in that conversation with MSD he asked about a rewards program (like Facebook have), was told no, so he said ok here’s the information (and referred them to Ng).

  3. pane3lope piztaupe 3

    the buck stops with paula bennet. MSD have known for a year this was a problem and did NOTHING! how dare she pontificate about ‘vulnerable’ children when she herself has laid them wide open to abuse through her lack of action. now there will be an expensive enquiry, more jobs for the boys. MSD perpetually treats the poor as less than human, and this inattention to a serious problem illustrates that. after the natasha fuller debacle this privacy waiver was developed to try to intimidate people from speaking publicly and freely:

    Privacy Consent

    I authorise the
    Ministry of Social Development (and the responsible Minister) to
    publicly disclose information in response to any information I have
    given to the media, including any other information that is necessary to
    respond to questions arising from media coverage.

    it seems poor people have no human rights in nz
    »

  4. Hippynz 4

    Interesting that Paula can “refused to accept the conclusion” by ” the Privacy Commissioner”. She gets to choose what laws she obeys, yet every average non-MP person does not. The laws of the country should apply to her as well.

    • tc 4.1

      That’s what NACT does, laws are for the great unwashed not the elite wealth generating 1%’ers.

  5. LBC 5

    Bennett leaks so often they should make her Minister for Leaky Buildings.

  6. weka 6

    Yes Bennett is a vindictive cow who will use people for her own ends. But….
     
    Earlier this year the Privacy Commissioner concluded that Paula Bennett broke the law in leaking the private details of two beneficiaries. Bennett refused to accept the conclusion, and said that she could leak details again in the future. Sure enough she appears to have done so again.
     
    There is a difference between those women on the DPB and Ira Bailey. The beneficiaries have a legal right to not have information held about them by a govt department for a specific purpose used for another purpose or made public without their consent.
     
    Ira Bailey is a freelancing IT professional who contacted a govt department, possibly to acquire paid work, possibly just as a private citizen letting them know of a problem. If it’s the former, then while privacy might be the considerate and sensible thing to do, it’s not anything close to the kind of privacy rights established by the Privacy Act. Bailey is not a client of WINZ or the MSD. Nor is he a staff member. I doubt that the Privacy Act applies.
     
    I find it hard to believe that Bailey would be so naive to think that his identity would remain private once the story hit the media.
     
    Of course Bennett and co have just done NZ and the public sector a huge disservice. Who is going to want to notify them now if they discover a serious problem that would likely result in media coverage?

  7. ianmac 7

    Do not cross Big Momma Bennett. She will set the spy hounds onto you and you will have no defence when she leaks all over you. BEWARE!

  8. xtasy 8

    “PRIVACY? Huh, come on to me with bloody damned privacy”, Paula Bennett thinks and says.

    “I set the rules, and if you want to take me, my Ministry and WINZ on – sign at the dotted line, before we talk to anyone from the media, or you personally, about the criticism you dare to direct at us”:

    The following is the very link leading to the MS Word type OFFCIAL “privacy consent form” that MSD expect clients to sign, when they “dare” to talk to any media about “issues” with Work and Income or the Ministry. Only once such a consent is given, will MSD or WINZ consider answering to allegations or accusations, and then it will be ON THEIR TERMS! It is down-loadable from the main MSD website:

    http://www.msd.govt.nz/about-msd-and-our-work/newsroom/index.html

    That “consent form” – giving extensive authority to MSD/WINZ to disclose and say publicly virtually ANYTHING they consider “relevant” to matters raised (tickle your phantasy or imagination re what that means), it is also found and down-loadable directly via this link:

    http://www.msd.govt.nz/documents/about-msd-and-our-work/newsroom/privacy-consent-form-feb-2011.doc

    In relation to having this form made available to certain media, someone mentioned the following person as one of those responsible for “privacy consent” and “media matters”:

    Nick Bohm – Media Advisor, National Media Team
    Phone: 0-4 978 4176 (direct) : 0-29 275 6993 (mobile) : 42176 (internal) : http://www.msd.govt.nz
    Ministry of Social Development, Bowen State Building, Bowen Street, PO Box 1556, Wellington 6140

    The text says:

    Privacy Consent

    I authorise the Ministry of Social Development (and the responsible Minister) to publicly disclose information in response to any information I have given to the media, including any other information that is necessary to respond to questions arising from media coverage.

    Name: …………………………………………………………………..

    Phone contacts including mobile: ………………………………………………..

    Signature: ………………………………………………………

    N.B – Recognising that people may find it difficult to sign and return this form in a timely manner, we will accept the consent form without a signature if we are satisfied that it has been sent from the individual’s email address.

    Send to reporter or fax 04 918 0066 or email nationalmediateam@msd.govt.nz

    The use of this particular form raises very serious legal questions. The text of the “privacy consent form” is highly inappropriate, so that even a lawyer described it as “shocking”. It basically gives the Ministry authority to PUBLICLY make available virtually ANY information considered “relevant” to a matter raised by a client to the media. This means the “wider public”, as I would understand it. NO advice os given that clients can legally use their own, clearer and more restrictive forms for giving consent to media and MSD or Work and Income.

    So does anybody WONDER, why these days, and after what Bennett did to the two solo mums three years ago, NOBODY DARES TO GO TO THE MEDIA AND RAISE ISSUES ANYMORE?!

    Someone said to me, the consent form text sounds like “implicit intimidation” and tells clients: “Don’t bite the hand that feeds you!”

    So much for the rights of individual clients!

    Thanks Paula!

    • AsleepWhileWalking 8.1

      Someone should ask Steven Price (comments on media and privacy law on his blog) what he thinks about this. I’d like to hear what he makes of it all but sadly notice that he has avoided any comment on this issue so far.

  9. brybry 9

    Time to turn the tables and leak the leakers sordid past.

  10. captain hook 10

    so what about his sordid past.
    that does not mean if he tells the truth then it is not true.

  11. ropata 11

    I’m surprised that Imperator Fish posts haven’t appeared here more often. Here’s part of “A Day in the Life of Paula Bennett” 🙂

    2:12 pm

    I asked for a cappuccino, not a latte! It’s totally unacceptable that I am being treated this way by café staff. Let’s see how they like having all their financial records released to the public. I’m sorry if that sounds a little drastic, but they made the decision to serve me the wrong coffee.

    2:24 pm

    Called Peter to find out if I could get their IRD records. He burbled something about tax secrecy. God, he’s a boring old man.

    [lprent: I will see about getting some more reposted. I happen to know that the most assiduous repost editors are bogged down in work and/or family. I am in the former category. ]

  12. Jenny 12

    Vengence is mine saith the Paula

  13. Red Rosa 13

    And PB’s charm and generosity have won her a place on Facebook…

    http://www.facebook.com/PaulaBennettHasToGo

    • AsleepWhileWalking 13.1

      Ooooh, nice FB link! Thanks. Need to make that come up for everyone MUCH higher up on a page.

  14. captain hook 14

    I think she is a bit like mike tuson.
    she wouldn’t be able to get a visa to enter a civilised country.

  15. Lucy 15

    Just wondering if anyone here has actually heard of the Protected Disclosures Act 2000 (aka the Whistleblower’s Act)? It seems that everyone’s just assuming that the message about the hole got lost somewhere in the last 18 months of bureaucracy. If any of the staff had known about this Act, would they have used it to blow the whistle on their bosses? I’ve written some more about this here: http://www.leftoutnz.wordpress.com/2012/10/17/msd-and-the-pda-aka-the-whistleblowers-act-wtfmsd/

    • xtasy 15.1

      Lucy: Honestly, your comment is on the more enlightening side here, and you may soon feel a bit “lonely”. Yes, there are some intelligent ones here too, but maybe they need a bit more “fodder” to be convinced by this comment.

      But yes, that is a piece of legislation that should be used and applied more, but as I read, it is only applicable of very serious cases, where there may be justification to go that far, to safeguard the public and department or agency in question to be protected from illegal activities and the likes. It is more for use of staff within.

      I presume though, and that is going my personal and other experiences, that the average and even higher ranked staff members within MSD and WINZ are not ones that have “nurtured” grey matter to the ultimate beneficial level, that rather are so grumpy due to low pay, internal PC and other limitations, they rather are pre-occupied with thinking badly and nastily about the clientele they are supposed to “help” and “look after”, they would have little inclination, idea or inspiration, to even examine the work environment they work under day by day.

      I feel almost certain, that they would have been too ignorant, too pre-occupied and plain dumb to realise what gaps existed. Outside contractors did detect the faults, but WiNZ staff and management were too up themselves to really bother looking into this thoroughly.

      I have pointed clear things out to many people, they would not get it, even if they fell over it!

      So it is like the blind leading the blind, which is what I see about me every day, as common behaviour in “Aotearoa NZ” (“sheeples” and “lemmings” may be best descriptors).

      Sorry, you are too smart to convince, they will NEVER get it, and DO NOT WANT to get it! Well admittedly some will, but they are the struggling minority trying to “drum” sense into the rest here.

      Good luck!

The server will be getting hardware changes this evening starting at 10pm NZDT.
The site will be off line for some hours.