Canadian Gun Registry as a Shopping List


March 11, 2006, 12:02 AM
From the Toronto Sun:

In the wake of firearms thefts, it's possible the gun registry is not as secure as touted
A fortnight ago, and in the wake of another calculated but seemingly out-of-the-blue robbery of a registered gun collector, even the Toronto Star finally entertained the possibility that the national gun registry might have been compromised and that sensitive information might have leaked to criminals.
Trouble is, this is hardly cutting-edge news.
Legitimate gun owners -- including cops and ex-cops who are shooting club enthusiasts -- have been publicly pointing their finger at the Canadian Firearms Centre registry, particularly since its database is linked to the Canadian Police Information Centre (CPIC), the all-things-criminal computer operated by the RCMP under the stewardship of National Police Services.
There are, of course, the usual suspects who will quickly deep-six such a notion, among them Wendy Cukier, president of the Coalition for Gun Control, who maintains gun collectors either talk too much or are followed home from the gun clubs to which they belong.
As for the gun registry being compromised, Cukier said it is "silly" to believe this could possibly happen.
"It's as secure as the police CPIC," she has said.
If that is truly the case, then licensed gun owners and collectors have some legitimate concerns.
According to an Access to Information request -- File: 03ATIP-20402 -- which was filed in late 2003 and responded to in early 2004, the federal force admitted that there were 1,495 breaches of the CPIC system reported between 1995 and 2003, and that 306 of those breaches had been confirmed, with another 121 cases categorized as still under investigation.
According to the RCMP, all these breaches of the CPIC system were considered to be inside jobs by those with security-cleared access to the database, complete with its link to information stored in the national gun registry.
The sanctions imposed were as follows:
* Six individuals were either demoted, fined, put on probation or imprisoned. (Note: There was no further breakdown as to the severity of the sanction imposed, i.e. demotion or fine, probation or imprisonment, and that goes for the remainder of sanctions handed down.)
* Forty-four individuals were charged, convicted, disciplined or counselled.
* Thirty-five individuals were retrained in CPIC policy regarding operational guidance.
* Eighty-eight individuals were reprimanded or dismissed or had their resignations accepted.
* Forty-seven individuals were suspended or penalized by a loss of pay.
* Sixty-five individuals received what was referred to as "other warning."
The RCMP, in its response to the access to information request, was adamant, however, that only internal personnel had breached the system and that the "number of penetrations to the CPIC system through unauthorized connections is nil."
This left Tory MP Garry Breitkreuz, the most aggressive critic of the registry, incredulous.
If the CPIC system was so perfect that it had never been hacked by an outsider, then why, asked Breitkreuz, did the Canadian government pay a private company $27 million to develop safeguards for government computers rather than simply ask the RCMP to duplicate its "CPIC success story" and apply it in every federal department?
The follow-up answer from RCMP Chief Supt. David Gork, the federal force's departmental security officer, was not one that mirrored the initial response.
As Supt. Gork put it, "CPIC is but one of many applications that are protected by the National Police Service Network (NPSN), and attacks on the network cannot be broken down as to which application is the intent of the attack.
"Therefore," he concluded, "there are no stats that are collected that would indicate where any of the attacks are directed."
In other words, the RCMP has no way of knowing if CPIC had been breached by outside hackers, let alone if it has ever been attacked by unauthorized parties, because there was no qualitative tracking system in place.
That alone ensures that CPIC cannot be described as fail-safe, even if anti-firearms crusaders such as Wendy Cukier wish to believe it is "silly" to think otherwise.
The fact that computer hackers broke through federal firewalls several times in 2003 should have opened even the most blinkered eyes to the possibility that CPIC is vulnerable -- particularly since one of the networks compromised by those hackers was the department of national defence, complete with its treasure trove of highly classified records.
According to a 2004 Canadian Press report based on Access to Information documents, the defence department's computer incident response team tracked 160 breaches of its security system, supposedly the most impregnable due to its role in protecting Canada's national security secrets from cyber-terrorism and international espionage agents.
If it can happen there, it can happen anywhere.
If there are still doubters, however, then perhaps those doubters should make their way to the website of the Ontario Federation of Anglers and Hunters.
In their April hotline, the organization tells the story of former firearm registry webmaster John Hicks -- who has never owned a gun -- who warned authorities that the supposedly impregnable registry site was an easy target.
"It took some $15 million to develop it, and I broke into it in about 30 minutes," he said, indicating he warned his superiors repeatedly before resorting to filing an official complaint with the privacy commissioner.
"Basically, a 16-year-old kid could have broken into that system in a heartbeat."

If you enjoyed reading about "Canadian Gun Registry as a Shopping List" here in archive, you'll LOVE our community. Come join today for the full version!
March 11, 2006, 12:08 AM
Whether or not the Canadian Firearms Registry data base can be hacked or not is moot. The damm thing costs $90 million per year to maintain and that in itself will bring it down, that and the Conservative promise to abolish the registry when they asumed office. The long gun registry will be history after March 23 when Parliament convenes. The handgun registry is a tougher political sell, remember the Conservatives have a minority government, but I suspect many aspects of C 68 will be amended to get rid of the beaureaucratic nonsense that it is cluttered with.

Take Care

March 11, 2006, 04:12 AM
Yea there was a small article in the paper about the registry employee stating how easy it was to hack in. Not very surprising, but still worrying, and disgusting.

March 11, 2006, 06:09 AM
I keep my fingers crossed for you guys, a win for you is a win for us.

March 11, 2006, 06:38 AM
Robert, why not keep the software in operation, but change the database? Make it a register of "dangerous politicians". I have a few down here in the USA whom I'll nominate for inclusion...

March 11, 2006, 09:58 AM
I doubt the data base is big ehough to contain the list of idiots who have sucessfully ran for office in both our countries. Martin, Bush, Ted Kennedy, Feinstein, Rock (the instigator of our registry), Clinton, Ginty (The present premier for Ontario, and these are just the more recent headline grabbers.

Churchill was once quoted as saying, "If you want to find out the worse thing about a democracy, just talk to a voter for five minutes."

Ah well, there are times I think our respective countries are being driven by drunk drivers on a binge but maybe I am being to critical....let's hope/pretend the present bunch know what they are doing, makes sleeping easier.

Take Care

March 11, 2006, 11:53 AM
That was British Columbia's premier, and he was out of the country:)

If you enjoyed reading about "Canadian Gun Registry as a Shopping List" here in archive, you'll LOVE our community. Come join today for the full version!