FIREARMS FACTS - UPDATE

(Updated: October 11, 2002)

 

RCMP CAN’T BACK-UP THEIR STATEMENT THAT CPIC COMPUTERS HAVE NEVER BEEN HACKED:

THEY JUST DON’T COLLECT THE INFORMATION

 

RCMP RESPONSES TO BREITKREUZ’S

ACCESS TO INFORMATION REQUEST AND COMPLAINT

RCMP FILE: 01ATIP-25127

 

BREITKREUZ’S ATI REQUEST – JUNE 6, 2001:

 

Reference being made to RCMP File: 01ATIP-02610 and to a letter dated March 08, 2001. For the period 1995 to present, please provide records and reports that would demonstrate exactly how the RCMP determined that “the number of penetrations to the CPIC system through unauthorized connections is nil.” 

 

RCMP INITIAL RESPONSE – JULY 26, 2001:

 

Please be advised that there are no reports or records specific to your request however our office has attached correspondence from Supt. David Gork of the R.C.M.P. Departmental Security regarding this issue.

E-MAIL FROM DAVID GORK TO RCMP ATIP OFFICE DATED JULY 17, 2001:  “As per your request, the only answer that I can provide you with is to confirm that systems used to monitor the overall system, has never indicated a successful penetration of the CPIC system, and the system used is verified on a regular basis.”

 

BREITKREUZ COMPLAINT TO INFORMATION COMMISSIONER – JULY 26, 2001:

 

Once again, the RCMP’s response defies belief.  Do they really want us to believe that in six years they never issued one report on the “effectiveness” of their computer security system at CPIC?  Rather than pay Entrust Inc. $27 million to fend off computer hackers (National Post article, Page A5, July 3, 2001), why wouldn’t the government simply ask the RCMP to duplicate the CPIC success story in all the government’s computer systems?

 

                                                                                                                       …continued on Page 2

 

 

 

-2-

 

RCMP’S FINAL RESPONSE – JULY 10, 2002:

 

This is in response to your request under the Access to Information Act received on June 11, 2001, seeking access to reports that would demonstrate exactly how the RCMP determined that the number of penetrations of the CPIC system through unauthorized connections is nil and your subsequent complaint to the Information Commissioner of Canada.  Please find attached an e-mail dated June 17, 2002 from Chief Superintendent David Gork, R.C.M.P. Departmental Security Officer.  This document should clarify any ambiguity relating to your request and complaint.

E-MAIL FROM DAVID GORK TO RCMP ATIP OFFICE DATED JUNE 17, 2002:  “CPIC is but one of many applications that are protected on the NPSN (National Police Service Network) and attacks on the network cannot be broken down as to which application is the intent of the attack.  In general, attacks are to gain access through the protective measures, and from there to ‘look around’ for opportunities as to where the attacker ‘can go’.  Therefore there are no stats that are collected that would indicate where any attacks are directed with the NPSN.”

INFORMATION COMMISSIONER’S INVESTIGATION – October 11, 2002

 

“During the course of our investigation, my investigator met with officials from the RCMP and was provided with a detailed and comprehensive explanation regarding the department’s security systems.  They confirmed that CPIC is one of many applications protected within the National Police Service Network and there is no way of determining what application is being targeted, if an unauthorized access is being attempted.”

  

BREITKREUZ’S OBSERVATIONS:

 

So, after more than a year, we learn that CPIC (Canadian Police Information Centre) is part of the National Police Service Network (NPSN) and the Chief Superintendent in charge of the NPSN now claims the RCMP has “no stats collected that would indicate where any attacks are directed with the NPSN” - including CPIC. 

 

Thus, proving that the reason the “systems used to monitor the overall system, has never indicated a successful penetration of the CPIC system” is because the RCMP computer systems only collect information on attempted and successful penetrations of NPSN – NOT CPIC.

 

CONCLUSION: The RCMP just don’t know if CPIC computers have ever been hacked and it seems they like it that way.  Otherwise, they would have their computer systems collect the information wouldn’t they?