Can accused CAS hacker Kelley Denham get a fair trial in Perth Ontario?

 

 

By Sabrina Bedford, The Recorder and Times Friday, December 15, 2017. 

According to the suit, the personal information of the 285 clients was compiled into an electronic file, prepared for the service’s board of directors on new cases arising between April and November of 2015, but was not properly secured on the agency’s network. 

 

This made the list publicly available to anyone, they said, and in her affidavit Denham explained how she came into possession of the sensitive and confidential documents.

She said she found and clicked on an unrelated document on the website intended for the public. She deleted a portion of the URL, and she was taken to a directory of folders with documents, within which she found the document with the names of local families. 

She said she was never asked a username or password and was never faced with any security measures that impeded her ability to access the documents.

 

She said she attempted multiple times to advise the agency the confidential documents were available on the public website, beginning in February 2016, but the documents were still publicly available by late April 2016. This is when she decided to post the location of the report on the Facebook group where she claims she posted an image of a hyperlink, which was deleted by the group’s administrator within hours.

 

The suit initially alleged last year that someone hacked into the website to find the list, but lawyers for the plaintiff say an affidavit from Kelley Denham, the person who allegedly posted the location of the client list to Facebook and one of the defendants in the case, changed their course of action. 

 

“We initially believed, based on quotes from (FCS executive director) Raymond Lemay and news reports, that this was a case of hacking of the secured FCSLLG website intended only for members of its board of directors,” Sean Brown, a lawyer with Flaherty McCarthy LLP who represents the plaintiff, told The Recorder and Times in an email.

“It now appears that this is not the case. Rather, it appears that the FCSLLG website was completely unsecured between February and April 2016, with the full knowledge of FCSLLG.”

 

 

Lemay admits the report was on the FCSLLG's website but says it was hidden behind several layers of security including a password given only to the organization's board of directors.

 

"We suspect it was a hack. It might not have been a sophisticated one," says Mr. LeMay, the organization's executive director and I suspect that is the case," he adds.

"You have to go through the back door. You have to be looking for this," he says.

 

(Funny how Mr Lemay just assumes Kelley was looking for "it" when she found the list with her name on it.)

 

"The court process will determine whether there was negligence or not." I think that's the ultimate question.

 

WELL MR. LEMAY YOU CAN'T HIDE ANYMORE - IT'S TIME TO PUT YOUR MONEY WHERE YOUR MOUTH IS AND GET ON THE STAND AND FACE CROSS EXAMINATION.

-

-

 

FCSLLG : Annual Report 2016–2017.

 

Over the course of this year, one unexpected challenge the agency is still managing is related to a whistleblower informing the public to unprotected client information on our private website hosted on a US server (about as far from an internal server as you can get) that the agency was using as a sharing platform with other unnamed agencies and to make it easier for board members to access without a password. This challenge has remained an ongoing issue.

 

The costs associated with this breach and a totally unexpected massive increase in the costs of placements in group homes for the 198 children currently in our care led to an un-forecasted shortfall of about $792,292, though most of the increase is in the still mounting costs of stalling tactics, dirty tricks and corrupt lawyer fees in the upcoming $75 million dollar class action lawsuit - and this after many many years of generating enormous surpluses that we feel more than makes up for this unfortunate situation.

We continue to collude and collaborate with appropriate partners in the cover up and will continue to do so until all aspects of this matter are secretly resolved in the months ahead.

 

Any parties interested in reading the technical reports provided by FCSLLG's own expert on what really happened may not request or view the technical documents and you'll just have to take our word for what happened till it's revealed in the lawsuit.

There has also been much change in our management team with about half of the service managers being recently demoted and transferred away from front line positions.

 

Our leadership development activities are geared to prepare internal succession after no one answered our job "opportunities" ad, and all new managers have been in direct services with our organization – thus there is change but also continuity. 

Over the past year a few employees have retired, some are off on maternity leave or suddenly left extended vacations while others have left to pursue their careers elsewhere like rats fleeing a sinking ship.

 

About 70% of our Family Services workers have less than 2 years of experience with the organization or anything beyond a general two year diploma in social work. The agency's other service functions have proven more stable though we're unable to say what they are.

 

Also the agency has preemptively requested that the Ministry of Child and Youth Services conduct a financial review.

 

FCSLLG : Annual Report 2016–2017:

 

-

-

 

Lemay says his agency didn’t pay up. He says it used an offline backup of computer files to get the agency up and running again in about eight hours. 

 

Lemay says the ransomware attack cost his agency $100,000 to fix, an expense covered by his agency’s “cyber insurance.”

 

-

-

 

1,718 have signed THE PETITION. Let’s get to 2,500!

 

Kelley Denham, mother of four has been charged with theft under $5,000, mischief over $5,000, mischief to data, unauthorized use of a computer, traffick in identity information, and publication of identifying information all because she posted a picture (screenshot) of a hyperlink to Facebook.

 

Ms. Denham lodged complaints with both the Ministry and even Premier Kathleen Wynne's office, that personal information about the clients of Family and Children's Services of Lanark Leeds and Grenville, (FCSLLG) was accessible without password protection and that FCSLLG were fully aware that the information was readily accessible and unsecured. She also informed media both local and national. She exhausted every avenue to try to force FCSLLG to password protect the website or take it down.

 

This informs all of us that we are powerless to protect our private information when we contact the proper authorities or the media. They were advised of the situation months prior and refused to protect the information on their website. They knowingly left the private information of their clients unprotected and only acted to shut down their website when Ms. Denham went public. Ms. Denham is a whistle-blower, not a criminal and it would be in the public's best interest to drop all criminal charges against her immediately.

 

She said she attempted multiple times to advise the agency the confidential documents were available on the public website, beginning in February 2016 which result in FCSLLG hiring an IT person to identify the problem (in what FCSLLG refers to as the first breach) and make recommendations, the actual implementation or the recommendations were left up to an office flunky and a web designer - but the documents were still publicly available by late April 2016.

 

This is when she decided to post the location of the report on the Facebook group where she claims she posted an image of a hyperlink, which was deleted by the group’s administrator within hours. 

 

She said she did not hack any secure portals, rather the site was completely unsecured and she was able to access the a huge number of files going back years unimpeded.  

She is listed in the lawsuit as a defendant and is being charged with intrusion upon seclusion.  

 

According to her own website KelleyandDerek.com, she is also being charged criminally for matters in relation to this case that are still before the court, including:

 

Theft under $5,000, mischief over $5,000, mischief to data, unauthorized use of a computer, traffick in identity information, and publication of identifying information.

Brown said the evidence offered by Denham voluntarily in support of their notice of motion “directly contradicts the narrative pushed by FCSLLG at the time of this alleged breach.”

 

“Our own client, M.M., was not previously aware of the facts as alleged by Ms. Denham,” he said.  

 

“She believed and accepted the version of events offered by FCSLLG. She was both surprised and upset to read Ms. Denham’s Affidavit and learn that the version of events offered by FCSLLG at the time may not be true.” 

 

M.M., the plaintiff in the case representing the class action, wrote in an affidavit her family was the subject of a FCSLLG investigation for a brief period in April 2015. She said her file was soon closed and no action was taken against her family, and that the investigation was short-lived and found no wrongdoing on the part of her or her partner. 

 

“I did not expect to hear from FCSLLG again,” she wrote in the affidavit. 

But her name was included as one of the 285 made publicly available during the security breach, according to the suit.   

 

“The knowledge that my name was disclosed in the breached report has caused me distress, anxiety and humiliation. I fear that the fact my family was the subject of an FCSLLG investigation will brand both myself and my partner as child abusers, when this is categorically and unequivocally not true.”

 

None of the allegations have been proven in court.

 

-

-

MAY 5, 2018 — Your action is working! Let's keep up momentum to pressure the Crown to drop the remaining 4 charges! Last month in Nova Scotia, a teen was charged with the same crime, for almost the exact same thing. There's more at stake here than a criminal conviction. This unprecedented case will set the stage for the future of internet research in Canada. How you find and use information online, could be criminalized after Ms. Denham's trial this September. Sign, share, comment and consider a small donation to Kelley's defence fund at KelleyandDerek.com

 

AS OF MAR. 21, 2018 THE FOLLOWING CHARGES AGAINST KELLEY DENHAM HAVE BEEN DROPPED:

​Charges still pending against Kelley Denham;

Ms. Denham's trial has been scheduled for Sept. 19, 20, 26 and 27, 2018.

 

 

KELLEY DENHAM LEGAL DEFENCE FUND:

 

Any donation to help Kelley retain a new lawyer before her already re-scheduled trial date would be greatly appreciated.

 

-

-

 

Ontario's CAS grappling with how to monitor privacy breaches. July 17, 2017 ARTICLE SOURCE Toronto Star.

 

Child welfare workers who pry into electronic records of youth in care are impossible to track, critics warn, with an alert system for possible privacy breaches used only on select files.

 

The challenge of tracking who is using the system isn't unique to the new system, as previous independent children's aid society databases faced the same problem, according to Elman.

 

 

 

 

The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance. The Juniper Networks ISG1000 and ISG2000 Integrated Security Gateways are purpose-built security solutions that leverage a fourth-generation security ASIC, along with high speed microprocessors to deliver unmatched firewall and VPN performance. Integrating best-inclass firewall, VPN, and optional Intrusion Detection and Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and application-level protection for critical, high-traffic network segments.

 

Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.

 

Optional Integrated IDP:

 

The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances.

 

The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection.

 

The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, unauthorized users and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.

 

-

-

 

Information on all public sector organizations, covered under the Public Sector Salary Disclosure Act, with no employees who earned $100,000 or more in 2017.

Brown Derrick $101,674.15 $158.34 FCSLLG  Human Resources Manager

Eastwood Jennifer $116,121.74 $140.07 FCSLLG  Director of Corporate Services

Edmundson Nicola $101,143.12 $158.34 FCSLLG  Senior Counsel

Fleet Michael $106,097.47 $158.34 FCSLLG  Director of Service

Harper Penny $101,610.27 $158.34 FCSLLG  Manager of Finance

Jonkman Debbie $104,048.11 $927.59 FCSLLG  Service Manager

Knapp-Fisher Cathie $111,006.23 $158.34 FCSLLG  Director of Operations and Innovation

Leblanc Dana $102,348.80 $158.34 FCSLLG  Service Manager

 

 

Marcotte Erin Lee $106,097.47 $158.34 FCSLLG  Director of Service

Morrow Cynthia $103,591.80 $158.34 FCSLLG  Service Manager

Simon Siju $106,462.80 $158.34 FCSLLG  Service Manager

Thomas Stephanie $101,611.80 $158.34 FCSLLG  Service Manager

Von Cramon Karynn $112,779.01 $158.34 FCSLLG  Manager of Legal Services

 

-

-

 

By Ronald Zajac, Recorder and Times Monday, April 3, 2017 

 

Family and Children’s Services of Lanark, Leeds and Grenville contributed 14 names to the 2016 Sunshine List, led by former director of operations and innovation Kimberley Morrow, who earned $135,132.45 ($158.34 an hour), followed closely by the organization’s executive director Raymond Lemay, at $126,404.79 ($6,271.86 an hour).

 

Manager of Legal Services Karynn Von Cramon made $111,941.48 ($158.34 an hour).

Director of Corporate Services Jennifer Eastwood earned $114,935.99 ($158.34)

-

-

 

Description: Transcript of April 8th, 2014 “In Focus” interview by Bob Perreault from Lake 88.1 FM in Perth and Andreas Von Cramon, Supervisory Duty Counsel Criminal/Family Law and Nathalie Champagne, District Area Director, Ottawa Region. 

Anderas von Cramon Supervisory Duty Counsel Family, Criminal Law in Brockville, Lanark, Leeds and Grenville and is married to the CAS in house lawyer for FCSLLG, Karynn Von Cramon. 

 

Anderas von Cramon operates a free family law clinic for families dealing with the CAS out of the courthouse to provide advice to people and to help them to prepare for family law cases, or to try to resolve their family cases outside the court. (sign consent forms and service agreement) 

Parents go in praying for competent representation and good advice and instead get someone willing to bill legal aid to guide the parents through the process of having all their rights, dignity and children stipped away from them. According to legal aid right now family lawyers willing to accept legal aid bill an average of $40 000 dollars per case for not filing documents or filing them after the court has already granted the society a supervision order.. Or the society requests the judge order the parents to sign consent or service agreements after the parents have refused to sign anything and the judges oblige the society by ordering the parents to just cooperate.

 

Anderas von Cramon also gives basic help drafting documents. Basic means what? It means no help swearing in and filing documents or serving the document before the deadline - which means he does less than nothing. 

 

-

KELLEY DENHAM LEGAL DEFENCE FUND:

Any donation to help Kelley retain a new lawyer before her already re-scheduled trial date would be greatly appreciated.

-

 

A corporate structure in which a single legal entity is comprised of a core and several cells that have separate assets and liabilities. The protected cell company, or PCC, has a similar design to a hub and spoke, with the central core organization linked to individual cells. Each cell is independent of each other and of the company’s core, but the entire unit is still a single legal entity.

 

The basic principle behind cell organization is simple: By dividing the greater organization into many multi-person groups and compartmentalizing and concealing information inside each cell as needed, the greater organization is more likely to survive unchanged if one of its components is compromised and as such, they are remarkably difficult to penetrate and hold accountable in the same way the mafia families, terrorist organizations and the Ontario Children's Aid Societies are.

 

BREAKING DOWN 'Protected Cell Company (PCC)

 

A protected cell company operates with two distinct groups: a single core company and an unlimited number of cells. It is governed by a single board of directors, which is responsible for the management of the PCC as a whole. Each cell is managed by a committee or similar group, with authority to the committee being granted by the PCC board of directors. A PCC files a single annual return to regulators, though business and operational plans of each cell may still require individual review and approval by regulators.

 

Cells within the PCC are formed under the authority of the board of directors, who are typically able to create new cells as business needs arise. The articles of incorporation provide the guidelines that the directors must follow.

 

The current hierarchical corporate structures that dominate our economies have been in place for over 200 years and were notably supported and defined by Max Weber during the 1800s. Even though Weber was considered a champion of bureaucracy, he understood and articulated the dangers of bureaucratic organisations as stifling, impersonal, formal, protectionist and a threat to individual freedom, equality and cultural vitality.

 

 

THE PERTH CROWN CONTINUES TO FIND NEW REASONS NOT TO DISCLOSE INFORMATION TO CLASS ACTION LAWYER SEAN BROWN DELAYING THE DISCLOSURE UNTIL AFTER  THE CRIMINAL TRIAL WHILE LAWYERS FOR THE CAS (FCSLLG) ARE SEEKING AN ORDER TO SEAL THE COURT RECORDS FROM THE PUBLIC.

-

 

KELLEY DENHAM LEGAL DEFENCE FUND:

Any donation to help Kelley retain a new lawyer before her already re-scheduled trial date would be greatly appreciated.

 

-

 

Do your staff know how to respond to a privacy complaint? Do your staff, volunteers, or directors login to a server to access documents remotely? Have you done a security assessment to ensure that the access is secure? Do they know how to manage confidential documents once they have downloaded them?

 

You Can Use This Privacy Breach Example to Review and Improve Your Practices

Do you store confidential documents on your website? After all, a website is a type of a file server accessible from an internet connection that is often hosted by a third party. There is often a public access and a members-only side for authorized users to login and view and download documents.

 

Maybe you intended only authorized users to access the file – but are you sure that it is secure? Here's what can happen if your confidential documents can be found by the public!

 

In 2016, personal information of the 285 clients was compiled into an electronic file, prepared for the service’s board of directors on new cases arising between April and November of 2015, but was not properly secured on the agency’s website. The files were subsequently viewed by the public.

 

 

An alleged privacy breach at Family and Children’s Services of Lanark, Leeds and Grenville (FCSLLG) of Brockville, Ontario in 2016 has led to the agency being sued for negligence, invasion of privacy and a breach of the Canadian Charter of Rights and Freedoms.

 

The personal information of the 285 clients was compiled into an electronic file, and prepared for the service’s board of directors to review in the course of their business.

The list was publicly available to anyone, who knew the correct URL website address.

Someone accidently ‘found’ the website address and saw the confidential information. She notified the FCSLLG and warned them that the information was available to the public. When she did not receive a response from FCSLLG that acknowledged her concern and correct the problem, she posted the information on Facebook.

 

The lawsuit seeks $25 million in general damages, $25 million in special damages and $25 million in punitive, aggravated and exemplary damages.

 

The lawsuit alleges that the FCSLLG website was completely unsecured between February and April 2016, with the full knowledge of FCSLLG.

 

Privacy Nuggets You Need to Know:

 

We can only wonder about the outcome of the breach if the staff at the agency had promptly responded to the privacy breach complaint. It is possible that if the agency had secured the information immediately and limited any further disclosure that the lawsuit might had been avoided.

 

Know how to properly respond to a privacy and security complaint or privacy breach. Create or review your written procedures now!

 

Identify and train a privacy officer in your business.

 

This unfortunate breach is a good reminder for all businesses to follow-up with your information technology and website host support to ensure that your server has been properly secured and training provided to staff to properly upload files to the secure server. In addition:

 

Consider hiring a managed service provider to ensure secure access only to authorized users. If you allow remote access to confidential information, you can’t afford not to have experts to help you!

 

Know how to secure documents on your file server.

 

Make sure that your authorized users know how to securely manage the documents after they have downloaded them from your secure file server.

 

There are many privacy breaches in the news each day. The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain.

 

When we know better, we can do better.

 

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

 

Jean L. Eaton, Your Practical Privacy Coach