Unfair or Indefensible - Costs Against C.A.S.?

Testimony from the alleged CAS hacker trial transcript: PAGE 29/30 - 

2019: EXECUTIVE DIRECTOR RAYMOND LEMAY. I was just repeating what had been explained to me. That the security features of the website, when it was first installed, had not been turned on. That’s what was explained to me, and I am just repeating what I heard.

Q. So, all you know is whoever C.A.S. retained for you working in your position did something incorrectly with respect to the website that caused this issue?

A. That’s what, that’s what I understand, yes.

:::

2016:  ‘Disgruntled client’ posts names of 285 children’s aid families on Facebook. A Brockville-area children’s aid society reels after names of 285 clients were posted on Facebook. (did the alleged hacker copy and paste all 285 names and codes in one post or did she post a picture of a hyperlink?)

Lemay admits the report was on the FCSLLG's website but says it was hidden behind several layers of security including a password given only to the organization's board of directors.

"You have to go through the back door. You have to be looking for this," he says.

A link to the report was obtained by someone — "likely a disgruntled client" — who hacked the secure portal for board members on the society's website, he said. No staff or board members are suspected of the breach, he said.

"Our suspicion, which is a fairly firm suspicion, is that it is a current client who is very disgruntled, very unhappy with us," he said. "We have contacted the police. Our lawyer has sent a letter to the website owner as well as to this individual telling them what they are doing is, we think, illegal."

This is the second time in about three months that the organization has had to take down its website because of security concerns. An outside expert was brought in after a February scare to better secure the website. No sensitive information was revealed or even in danger in the first breach, Lemay says. He says they made the changes and were told the website was secure.

The website has been taken down while experts help the FCSLLG improve its security. This branch of children's aid says it is reviewing its policies when it comes to sensitive information and how it handles such documents.

https://www.thespec.com/news-story/6503453--disgruntled-client-posts-names-of-285-children-s-aid-families-on-facebook/

https://ottawa.ctvnews.ca/names-of-285-people-referred-to-children-s-aid-in-lanark-leeds-and-grenville-posted-online-1.2865944

:::

FCSLLG'S SELF TAUGHT INTERNET SECURITY EXPERT TESTIMONY

From the cross examination:

PAGE 98

DAVID SCHMIDT (SELF EMPLOYED INTERNET SECURITY EXPERT AND PROJECT MANAGER MARGRET ROW'S SON-IN-LAW AND FORMER EMPLOYEE)

Q. You – in the past – okay, first of all, I don’t think

if you explained, or if you did I don’t remember, you mentioned

WordPress, what’s WordPress?

A. WordPress is something called a content management

system. It is a piece of software that runs on a web server that

people can use to create a website.

Q. Okay.

A. Okay? It’s the most commonly used such tool on the

internet. It commands, I think, thirty five percent of all

internet websites use WordPress.

Q. And, back in February- sorry, yes, February to April

2016, Family and Child Services was using WordPress?

PAGE 103/4

Q. Okay. In the background, the website has to save all

the documents – or the webmaster has to save the documents

somewhere?

A. Correct.

Q. They are saved in the directory?

A. Correct. 

Q. Now, if this was properly set up you would have a

directory for the non-confidential information to the public

stuff?

A. Yes.

Q. And, you would have a directory for the confidential

information?

A. Correct.

Q. And, they’d be separate?

A. Yes.

Q. Okay. In this case they were not?

A. That is correct.

Q. Okay. And, if you were going to have a directory for

confidential information, one; it would be password protected?

A. Absolutely.

Q. It would be non-browseable?

A. Correct.

Q. And, nothing in it would be non-confidential?

A. Correct.

Q. Right

A. Unless, unless you were – so, for example, in the case

of a Board Portal, you might have a non-confidential document a

board member could see.

Q. That’s the thing...

A. But, realistically you would want a segregation

between that which should be public, and that which should not be

public.

Q. And, all those things that I listed, all of those

things did not occur back in 2016 when you were retained?

A. That is, that is correct.

105/6

Q. All lot of the time, or some times when information

gets out it gets out because someone has done something – I’m

going to call it dishonest, or nefarious...

A. Mm-hmm.

Q. And, what I mean by that is this, I will define it for

you; it’s like hacking. So, for example, you download a program,

or use certain code, or you do something to get past a username

and a password.

A. Breaching passwords, finding an exploit, or something

like that, yeah.

Q. Right. But, it requires, one; a certain level of

knowledge, right?

A. Mm-hmm.

Q. Yes.

A. Yes.

Q. I know you are nodding, but...

A. Sorry, yes. For the record, yes.

Q. And two; it would require excessive knowledge of a

certain amount of dishonesty on your part to try and get past a

username and password that is clearly intended to block you?

A. Dishonesty, interest in what’s behind it, yes,

absolutely.

Q. I’m not talking from a moral sense...

A. Yep.

Q. ...I’m talking from a computer sense, you are trying

to get past something that’s intended to stop you?

A. That’s intended not to be, not to be accessed, yeah.

Q. Right. In this case the directory had no password,

nothing in it was intended to stop you from getting to it?

A. That’s correct.

PAGE 107

Q. Right. It doesn’t require a special knowledge to use

WordPress?

A. Not particularly.

Q. Right. And, because of that, it’s not actually, as

it’s set out by default, not intended for confidential documents

at all?

A. I guess not.

Q. Well, and the reason I say this is from what you said

which is that by default it has a browseable directory...

A. Yep, absolutely.

Q. ...that you could go to that doesn’t lock. So, by

default, a logical inference is, if you have a directory that’s

browseable where you can get to every document with no password,

that’s the default settings.

A. Absolutely.

Q. By default, it is not intended for confidential

documents?

A. That is true.

::::::::::::::::::::::::::::::::::::::

Here are the top 5 reasons for which you shouldn’t opt for a WordPress site if your part of a government funded multi-billion dollar private corporation with a legal obligation to protect client information:

Website builders are a perfect solution for - individuals and small businesses - to start a website without hiring a developer. However, finding the best website builder can be tricky for beginners.

 

WordPress is an open source software. It is free in the sense of freedom not in the sense of free beer. ... Open source software comes with the freedom for you to use, modify, build upon, and redistribute the software in any way you like without paying any fees.

What are the disadvantages of using WordPress?

 

WordPress is the most popular content management system. This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide. (Talk about putting children and clients at risk...)

 

Disadvantages of A WordPress Website.

 

Without a doubt, WordPress is the most used Content management system (CMS) in the world. With millions of users, it is widely praised and appreciated for its advantages. But, while the hype is still strong, many people overlook or are not aware that WordPress has certain weak points that might make them reconsider their decisions or options.

 

1. Vulnerability

 

Unquestionably the biggest disadvantage of WordPress is its security. WordPress is an Open Source platform, and it relies heavily on plugins and themes for customization. Both the plugins and the themes are developed by different people and companies and since there isn’t anyone monitoring them, they can easily contain bugs or malicious code lines. On top of this, as stated above, today, WordPress is the most popular content management system. This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide.

 

2. Can be expensive

 

While the WordPress itself is free, when looking at the whole picture there are significant costs. WordPress relies on plugins and themes for customization, and while there are some that are free, they are not always reliable or safe. Furthermore, if you want your website to stand out and your visitors to have a great you have to buy a theme, as the free ones are overused. With numerous updates coming out constantly, it can become quite expensive to keep your website up to date. Naturally, if you’re a WordPress designer, or have the knowledge you can make a lot of adjustments yourself, but most people need to use a plugin or a well-developed theme.

 

3. Needs frequent updates

 

Simply installing WordPress, is going to help you very much as this platform requires a theme and at least several plugins to work properly. WordPress updates can often render parts of your theme or some plugins usable. The more plugins you use, the more likely it is for you to encounter more compatibility problems. The whole maintenance process in WordPress can be quite challenging, and you have to be ready to make adjustments to your plugins and theme in order to have a functional website. If you don’t have the budget or the knowledge (design, programming), giving the fact that in general WordPress doesn’t offer support, and solutions can only be found on WordPress forums, chances are that you should choose another website solution for you.

 

4. SEO friendliness

 

WordPress is definitely an SEO friendly platform, but so is virtually any open source CMS. However, for the people with little to no SEO experience and knowledge, WordPress can create quite a few problems. Probably the most known one is caused by the WordPress’ category and tagging system. If the content is over-tagged or marked into many categories, Google will flag it as duplicate content, a fact that will affect your SEO rankings.

 

5. Customization needs Coding

 

To make certain change your WordPress site, you have to possess HTML, CSS and PHP knowledge. If you want to personalize in a unique way, or to enhance its design, you may find yourself needing to write numerous complicated code lines. If you’re in the category of people which possess the knowledge, things can go down smoothly, but if you try to write code without having the right expertise — most people in this category, you can make a lot of damage to your website.

IS THERE ANYWAY TO USE WORDPRESS AND GUARANTEE THE INTEGRITY OF THE SECURITY USED BY THE FREE PROGRAM/APP?

 

https://www.websitetooltester.com/en/blog/wordpress-alternatives/

 

https://www.wpbeginner.com/beginners-guide/how-to-choose-the-best-website-builder/

::::::::::::::::::::::::::::::::::::::

:::

Class action filed after cyber attack, privacy breach at Ontario children’s aid office

The suit names negligence and breach of confidence among the causes for legal action, alleging that the organization didn’t take proper measures to secure its data.

“They knew or ought to have known that the encryption of their computer systems, if any, was inadequate to protect against breach and compromise by computer hackers and they failed to take any or sufficient steps to remedy the same,” the claim reads. “They employed computer personnel and/or computer contractors who lacked the necessary skills, education, training, and expertise in computer data and security and encryption.”

Lemay acknowledged that the agency had struggled with security issues in the past, saying there had been a data breach involving less sensitive information in February.

Lemay said a third party had been called into tighten security on the board portal, but declined to discuss details because the matter is before the courts.

“It’ll be up to the courts to determine whether or not there was neglect and who’s responsible.”

https://globalnews.ca/news/2662710/class-action-filed-after-cyber-attack-privacy-breach-at-ontario-childrens-aid-office/

:::

Five Reasons Experts are Bad Witnesses.

Reason #1: In some cases, experts have been known to base their conclusions on the facts alone.

Reason #2: Lots of alleged experts don't.

We all know expert witnesses who are terrific courtroom communicators, but there are many more who are surprisingly ineffective. Why do so many of them struggle in the courtroom?

https://www.theglobeandmail.com/news/national/disgraced-pathologist-charles-smith-stripped-of-medical-licence/article578634/

There’s no one answer but poor teaching is part of it. Most experts are not natural teachers. They are generally selected first for their subject matter expertise. They’re knowledge specialists. If they’re dynamic teachers or skilled communicators, that’s great, but it’s not the rule.

https://www.thestar.com/news/gta/2019/02/22/former-head-of-sick-kids-motherisk-lab-gives-up-medical-licence-amid-investigation.html

There are plenty of obstacles that can make it challenging for an expert to persuade or teach effectively: technical language, poor learning conditions, personality (not connecting with the jury or judge), the complexity of the evidence, credibility and bias and the effects of cross examination.  Let’s look at the first three of them.

'All of us can be harmed': Investigation reveals hundreds of Canadians have phoney degrees

https://www.cbc.ca/news/business/diploma-mills-marketplace-fake-degrees-1.4279513

The Expert’s Vocabulary

The expert’s language can contribute to the teaching problem. For one group of experts it’s instinctive to speak in the opaque jargon of their profession. They spent years learning the vocabulary and it has a precise meaning for them. A second group may think using big words makes them sound more professional and credible. They’re wrong. Big words push people away. A third group of experts is more cunning. They use technical terms to dodge and weave.

Motherisk hair test evidence tossed out of Colorado court 2 decades before questions raised in Canada

https://www.cbc.ca/news/canada/motherisk-colorado-court-case-1.4364862

I witnessed an example of an expert who combined the first and last reasons. She was a medical expert, a radiologist, who reviewed an X-ray and gave the opinion that a certain area in the lung with higher density was a “non-specific finding” and not evidence of a possible tumor. That’s a perfectly normal reading of an X-ray. Radiologists make that finding thousands of times a year.

What does the jury hear from the phrase “non-specific finding?” It hears vagueness and waffling. It hears a big dodge. Does it mean there’s nothing wrong or that there might be something wrong but we don’t know from what? Does it mean the higher density is “ill-defined” or of “uncertain significance?” It could mean any of them.

“Non-radiologists joke that the official shield of the Radiology Department is a weasel eating a waffle while sitting under a hedge.”

(Radiologists have a reputation within the medical profession for hedging their opinions. I have a family member who’s an ER doctor. He says that non-radiologists joke that the official shield of the Radiology Department is a weasel eating a waffle while sitting under a hedge. Juries may not understand the fine points but they can sense shiftiness.)

This reminds me of that oft-quoted passage in George Orwell’s Politics and the English Language: “The great enemy of clear language is insincerity. When there is a gap between one’s real and one’s declared aims one turns, as it were instinctively, to long words and exhausted idioms, like a cuttlefish spurting out ink.”  Doesn’t “non-specific finding” sound like a cuttlefish spurting out ink?

On cross examination the expert radiologist repeated “non-specific finding” about a dozen times in response to repeated questions about the higher density area. What does the jury hear?  It will hear the repetition of “non-specific finding” as if it’s an incantation. It will sound rehearsed. It did to me. It’s too bad because there was a simple fix.  All the expert needed to do was have an alternative phrase so that she didn’t sound so rehearsed.

Poor Learning Conditions

As a forum for teaching complex evidence, the courtroom functions partly as a classroom, but it’s not an easy place to teach. Even the design of the traditional school classroom has come under attack. In Brain Rules John Medina challenged its effectiveness:

“If you wanted to create an education environment that was directly opposed to what the brain was good at doing, you probably would design something like a classroom.”

If he thinks the school classroom is a bad learning environment, he should visit a courtroom. Jurors are denied many of the learning tools available to students. They aren’t permitted to read background material or do any Web research. They can’t ask questions (except in a few jurisdictions). They have no textbooks. They can’t discuss the evidence with anyone until jury deliberations. If there’s technical evidence, they’ll likely be “taught” by experts from each party and the “teachings” will conflict and confuse.

How can a juror learn under those conditions?  Any classroom in America that was set up this way would be roundly condemned for undermining the learning process and dooming students to failure. Yet that is what jurors face in most courts.  If we think that the jurors will compensate for these learning conditions that is expecting too much.

Personality

Some expert witnesses take their expertness a little too seriously. For some reason Larry Summers, former Secretary of the Treasury and former President of Harvard, always comes to my mind when I imagine a super smart but super smug expert. Summers is brilliant but socially clumsy. His analysis is often dazzling and luminous but there is an arrogance and detachment about him that pushes people away (or at least me).

Motherisk tests 'felt like junk science,' says lawyer in Colorado case.

https://www.youtube.com/watch?v=WIJqYz91ceU

You get the sense that he doesn’t really care about you as a person or understand you. He cares about Himself. Juries have a nose for that kind of person. They do not like the attitude.  Now there are expert witnesses who can be arrogant and luminous but they are effective because they have a streak of humor or empathy or other human quality.  It doesn’t need to be a lot.

Here’s a story about how a good personality won the day. Bob was a software engineer and expert witness in a complicated patent case. He had never testified in court. His testimony was going to be very technical. He was a university professor who taught mostly graduate courses, and he spoke in the heavy jargon of his specialty. We didn’t have enough time to re-wire his language habits. Demonstrative exhibits were not going to help much. Our goal was limited. We wanted the jury to like him better than the other party’s software expert.

During his trial preparation we asked him how he got interested in the software field. He told a charming story about how a girl in high school led him to that career path. We asked him the same question early in his direct examination. The jurors clearly loved the story. They probably didn’t understand much about his testimony but they had a good feeling for him as a person. The other party’s software expert came off as cool and detached. Bob won the battle of experts simply by being a nice man.

Posted on July 10, 2015 by Mark G. Phillips

http://witnessready.com/index.php/2015/07/10/three-reasons-expert-bad-witnesses/

PAGE 108/9/10

Q. ...etcetera. When you were retained in February you 

made a list of all of the problems with the website, right?

A. Yes.

Q. Okay. So, I am going to go through that list with

you, okay?

A. Absolutely.

Q. So, number one; if you are going to put confidential

information, like a Board Portal, the most secure way to do it is

you don’t even put it online. You put it in an intranet system,

like an internal system...

A. Absolutely, that’s right.

Q. Sorry, just let me finish...

A. Sorry.

Q. ...because the transcript becomes really difficult to

follow. So, there is an intranet, an internal system, yes?

A. Yes.

Q. And, you then use what’s called a V.P.N to access that

intranet if you are not on that network, right?

A. Yes.

Q. So, for example, the intranet would be accessible from

your work place only?

A. Typically, yes.

Q. And, if you wanted access from home the board members

would then have access via a V.P.N., yes?

A. Correct.

Q. Which requires a username and password, yes?

A. Yes.

Q. To get in?

A. Yes.

Q. That’s the most secure?

A. That is. 

Q. Very difficult to hack?

A. Correct.

Q. You don’t come into any of these problems, right?

A. Correct

Q. And, it is very clear, this is confidential, no one

can get into it?

A. Absolutely.

Q. Okay. If you are one step worse than that, which is

not quite as secure...

A. Yep.

Q. You are going to put it on its own separate website,

yes?

A. Yes.

Q. Aside from non-confidential information?

A. Correct.

Q. You are going to require a username and password?

A. For everything.

Q. Well. So the one, you are going to require a username

and password for the website?

A. Correct.

Q. Then, you will make sure that the directory is not

browseable?

A. Correct.

Q. Then, you would make the documents password protected

in the event that for some reason something went wrong, it makes

it very clear that you can’t get here?

A. Yes, that is correct.

Q. None of those things happened in this case?

A. My understanding is that you are right.

Q. Right. We are here for your understanding. 

A. Yes, absolutely.

Q. Okay.

A. I mean, I know that they did post some documents that

were passworded, but by and large the documents that they posted

for the board members were not password protected.

Q. So, I was about to go there next. Obviously the

person who did this had the ability to password protect because

some of the P.D.F. documents were password protected?

A. That is correct.

Q. But, the document in question, or one of them, which

is this Excel spreadsheet...

A. Yep.

Q. ...that we went through the log sheet, the log lines

on, that one was not?

A. Correct.

Q. Right. Now, you gave us one way in which you can find

out that it’s open, okay?

A. Yes.

Q. And, that was the whole purpose of you creating this

fake website?

A. Yep. It was demonstration.

Q. Which is just to show us how someone could figure out

that, “Hey, this is open directory”?

A. Yes.

::::::::::::::::::::::::::::::::::::::::::::::

The ISG Series Integrated Security Gateways.

(estimated cost $40 000)

The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance. The Juniper Networks ISG1000 and ISG2000 Integrated Security Gateways are purpose-built security solutions that leverage a fourth-generation security ASIC, along with high speed microprocessors to deliver unmatched firewall and VPN performance. Integrating best-inclass firewall, VPN, and optional Intrusion Detection and Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and application-level protection for critical, high-traffic network segments.

 

Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.

 

Optional Integrated IDP:

 

The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances.

 

The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection.

 

The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, unauthorized users and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.

https://www.terabitsystems.com/juniper/integrated-security-gateways/ns-isg-2000-sk1

https://netpoint-dc.com/blog/wp-content/uploads/2015/11/1100036-en.pdf

::::::::::::::::::::::::::::::::::::::::

PAGE 112

Q. And, the result will be it’s Google searchable?

A. That is correct.

Q. Right. So, in this case we know it’s an open

directory?

A. Mm-hmm.

Q. We know that – yes?

A. Yes.

Q. We know that it’s not password protected?

A. That is correct.

:::

2018: Ransomware attacks hit two Ontario children’s aid societies.

Ransomware attacks at two children’s aid societies have spurred the Ontario government to tighten cybersecurity around a new, $123-million provincial database for children in care.

Officials with the other agency — Family and Children’s Services of Lanark, Leeds and Grenville — claim they saw an English ransom message flash on their computer screens, demanding $60,000, when they tried to access their database in November.

“It encrypted most of our servers,” says the Lanark agency’s executive director, Raymond Lemay. “No data was taken out of our system. It was just an attempt by whatever you call these people to get a ransom.”

Lemay says his agency didn’t pay up. He says it used an offline backup of computer files to get the agency up and running again in about eight hours.

:

Backup copy or was there two sets of books? 

To cook the books is an idiom describing fraudulent activities performed by corporations to falsify their financial statements and God knows what else when it comes to the Ontario CAS..

:

Lemay says the ransomware attack cost his agency $100,000 to fix, an expense covered by his agency’s “cyber insurance.”

How does that make any sense? FCSLLG could have paid $60 000 and then fixed the problem and maybe the police could have tracked the money back to the bad guys but choose instead to pay $100 000 to regain control of their computers?

Cybersecurity experts from the province’s Ministry of Children and Youth Services, along with a private internet security firm, swooped into the agency to neutralize the malware in the infected servers.

“It took them about three weeks to find the needle in the haystack,” Lemay says.

The ransomware attack locked the agencies out of local online files that contained private information on the children and families they serve.

The computer virus attacked while the Lanark agency was uploading its data to a centralized database known as CPIN. It will allow societies across Ontario to share information more easily and better track how children in foster care and group homes are doing.

“They might have taken advantage of vulnerabilities that occurred because we were changing over to a new system,” Lemay says of CPIN. That’s one of the hypotheses, but we don’t know for sure.”

https://www.databreaches.net/ransomware-attacks-hit-two-ontario-childrens-aid-societies/

https://www.thestar.com/news/insight/2018/02/22/ransomware-attacks-hit-two-ontario-childrens-aid-societies.html

:::

PAGE 44/45/46/47/48

PROJECT MANAGER MARGRET ROW

Q. So, you know there is a breach in February, there is a

breach in April, you make the decision in April for the website

to eventually go back up. Do you know what the breach in

February was? What caused it?

A. We understood that board documents were posted,

interspersed in an interview that had been surreptitiously

recorded and posted to Facebook, YouTube, and Liveleaks.com.

(THIS IS THAT VIDEO AND IT WAS MISS DENHAM WHO MADE FCSLLG AWARE OF IT IN AN EMAIL SENT TO KIM MORROW MOMENTS AFTER POSTING THE VIDEO TO YOUTUBE https://www.youtube.com/watch?v=kq6JCx5FlfA&t=1281s)

Q. Okay. So, I think my question wasn’t clear. I know

that’s how it came to light for C.A.S, but my question more is,

were you, did you ever become aware as to how that individual got

that information, got that document?

A. No.

Q. So, you’ve never been aware in your roll what the

security breach of your website was, like, what caused it

technically?

A. Oh, I beg your pardon, the technical issue was that

directory tree that lists what files are on the website was

visible.

Q. So, it’s actually a bit more than that. What happened

was you had two systems. One was all of the public documents that

were intended to be in the public’s view, correct?

A. Correct.

Q. And in that exact same spot, under the same months,

arranged by months, folders with months in them, were the

documents on the confidential site, correct?

A. That’s my understanding.

Q. Right. So, the intention was you go on the interface,

and you put in a username or password for the confidential site?

A. Yes.

Q. Correct. Or, you go to the public sphere and you have

access to those things, correct?

A. Correct.

Q. But, all somebody had to do was go to the address bar,

put in the address of a certain month, year, and date, and they

would get the directory of everything that C.A.S. had saved?

A. That’s correct.

Q. And, that included both public and private documents?

A. That’s correct.

Q. You didn’t have to put any password?

A. That’s correct.

Q. You didn’t have to do anything – of any dishonesty,

you just have to put in a link, anyone could have done it?

A. Anyone did

Q. Right. And, the problem is, whoever created your

website back whenever it was created, left that function open,

correct?

A. Correct.

Q. And, the function I am referring to is that ability to

put in any U.R.L. at the top, in the address bar, and be able to

browse whatever you want to browse?

A. That’s correct.

Q. Thereby putting it all in the public’s view?

MR. CORBELLA: Well, I guess that’s the whole issue of the

legal argument, Your Honour.

MR. MANSOUR: We can excuse the witness if my friend has

an issue, and I can explain why I am asking the question.

THE COURT: I think that would be – if you want to just

wait outside I’ll hear from the lawyers, and then we will 

call you back in.

MR. MANSOUR: There isn’t much that turns on this. The

witness has said she (indiscernible) anyways, but my

point to the witness was, to the best of her knowledge,

anyone in the public could have accessed this with no

active dishonesty as far as she is aware. That is my

question. I’m not asking her to define what a publics

sphere is, my question was poorly worded. But, my point

to the witness, how I intended it is, to the best of your

knowledge, anyone could have done this, Ms. Denham, or

anybody else could have went online and browsed through

this, that’s it.

MR. CORBELLA: And, she’s answered that, Your Honour. I

think – but the next question was, and that put you into

the public’s sphere, and that’s where the whole point of

the legal argument we are having here. Again, there is

not much contention here, but I think her commenting on

what is or what isn’t in the publics sphere is for Your

Honour to decide.

MR. MANSOUR: I can reword. I’m not trying to tip the

witness or anything.

THE COURT: That’s fine. It seems to me that you are at

agreement in any event.

MR. MANSOUR: Yes. I’ll reword the question, that’s fine.

I think – my friend is right. I’ll reword. I only asked

the witness to be excused out of caution.

THE COURT: I wonder if she could be brought back in.

Q. I think my question was a little bit confusing. So,

let me re-ask you the question. I think you have already 

answered it, but let me ask you again. As far as you are aware, at the time when the security breach existed, anybody could have gone on line and accessed those documents if they went to that directory?

A. If they understood the concept of backing out.

Q. Right. So, anybody that put in what was put in the

U.R.L, with that knowledge of how a U.R.L. works, or how folders work within a website, as far as you are aware, could have gone and accessed it?

A. That’s correct.

Q. Okay. Now, prior to this date, were you always in

charge of the website, or is this something that just when you

decided to launch a new website it became your purview?

A. No, it became my purview in November of 2015 when I

assumed the role, when I assumed the communications project. The

website redesign was one part of our communications project.

Q. And, during that time you wouldn’t have been involved

of the storing of the confidential documents?

A. That is correct. I was not.

Q. Okay. But, when you decided to take down the website,

you decided to take down the website because you weren’t sure what the security breach was, and so you wanted to make sure that – shutdown, and make sure you fixed whatever it was?

A. That’s correct.

Q. No, I’m assuming security is quite important to

C.A.S.?

A. Yes.

Q. If you had found out some other way about the same

security breach, or any security breach, you would have taken the same step, which is shut down the website?

A. Yes.

Q. So, if your I.T. department came to you and said, hey,

I think there is a problem, no one has accessed it, but there was a problem, you would have taken the same step of shutting it

down?

:

A. Our I.T. department had nothing to do with the

website.

:

Q. Ma’am, I’m putting to you a hypothetical. If your

I.T. department came to you and said there was a security breach on your website...

A. Yes.

Q. ...no one has accessed it yet. Would you have taken

it down still?

A. Yes.

MR. MANSOUR: Thank you. Those are all my questions.

MR. CORBELLA: No re-examination, Your Honour. 

:::

Download a copy of the Alleged CAS Hacker Trial Transcript Now

@ https://unpublishedottawa.com/letter/247562/alleged-ontario-cas-hacker-trial-update-190814

LOOK FOR THE PDF: 

https://unpublishedottawa.com/sites/unpublishedottawa.com/files/letter/118289/Denham.pdf

:::

Flaherty McCarthy LLP: Our Firm has chosen to represent Class Members in several important Class Proceedings. These claims have involved mass torts, Consumer Protection issues and privacy breaches.

We have recently successfully certified a privacy breach class action involving the Children’s Aid Society of Lanark, Leeds and Grenville.

We have successfully prosecuted the following claims:

Wilkins v. Rogers Communications Inc., 2008 CanLII 56715 (ON SC)

Rowlands v. Durham Region Health, et al., 2011 ONSC 2171 (CanLII)

Travassos v. Tattoo, 2011 ONSC 2290 (CanLII)

Drew v. Walmart Canada Inc. 2017 ONSC 3308 (CanLII)

 

We are in the process of prosecuting the following claims:

Blood-borne disease exposure: Rizzi v. Dr. Vivek (Vick) Handa, Upper Middle Dental and Vick Handa Dentistry Professional Corporation

Solicitor’s Negligence claims against three Immigration Lawyers: Hohots, Jaszi and Farkas

Medical Device  and disease exposure: Nardi v. Sorin Group Deutschland GMBH

 

We remain committed to commencing and prosecuting valid and important claims that are best served by a proposed Class Proceeding.

Should you have an issue or concern that may be shared by others, such that a Class Proceeding may be appropriate, please contact:

In Toronto, contact Sean Brown.

In Whitby, contact Todd McCarthy.

http://www.fmlaw.ca/practice-areas/class-proceedings/

M.M. v. Lanark, Leeds and Grenville Children’s Aid Society, 2018 ONSC 5032 (CanLII)

[6]               Now before the court are several motions for a diverse mix of procedural and evidentiary orders.

a.      M.M. seeks to discontinue her action against Ms. Denham.

b.      The Society, which, as noted above, had crossclaimed against Ms. Denham, seeks an Order converting its Crossclaim into a Third Party Claim and converting Ms Denham’s Crossclaim into a Counterclaim in the Third Party Action.

c.      The Society seeks an Order that the Third Party Action including its Counterclaim be case managed in Toronto as a part of the class action and be tried together with or immediately following the class action.

d.      The Society seeks a sealing order. The sealing Order is said to be required to address confidentiality concerns arising because of s. 87 (8) of the Child Youth and Family Services Act, 2017[3] and s.70(1) of the Children's Law Reform Act.[4]

e.      Ms. Denham does not oppose the continuation of the crossclaims within a Third Party Action, but she opposes the request for case management in Toronto and asks the court to transfer the Third Party Action to Perth, where she lives and where apparently she will have a lawyer prepared to act for her in defending the Third Party Action and in prosecuting her Counterclaim.

[7]               The request for a sealing order, which was not opposed, should be granted.

https://www.canlii.org/en/on/onsc/doc/2018/2018onsc5032/2018onsc5032.html

https://www.canlii.org/en/on/oncswssw/doc/2019/2019oncswssw4/2019oncswssw4.html

:::

Canada: What Are The Consequences Of Filing A False Police Report In Canada?

By now we have all been subjected to the tragic details of television star Jussie Smollett's alleged attack in Chicago earlier this year. When the news broke initially, it seemed as though Smollett was a survivor of what appeared to be a hate crime and his colleagues within the entertainment business did not hesitate to express their support and vocalise the need for change. It was and still is a media frenzy.

However, as the evidence unfolded, it quickly became apparent that the crime itself could have been fabricated and orchestrated by Smollett himself. Subsequently, the actor now faces charges for filing a false police report and the story has raised an all important question about the repercussions for such actions.

What are the offences someone can be charged with under the Criminal Code of Canada for filing a false police report or lying to the police?

The offence under the Criminal Code which would be most applicable is committing public mischief under section 140. That section states:

140 (1) Every one commits public mischief who, with intent to mislead, causes a peace officer to enter on or continue an investigation by

making a false statement that accuses some other person of having committed an offence;

doing anything intended to cause some other person to be suspected of having committed an offence that the other person has not committed, or to divert suspicion from himself;

reporting that an offence has been committed when it has not been committed; or

reporting or in any other way making it known or causing it to be made known that he or some other person has died when he or that other person has not died.

The purpose of the law is to discourage and punish false reporting and of course to prohibit people from falsely accusing others. Making a false statement transpires when the person makes the statement with the intention of misleading justice. One cannot be convicted if it is determined that they genuinely believed the statement to be true at the time it was made.

The penalties for committing public mischief are outlined at section 140(2) of the Criminal Code. If the Crown Attorney perceives the case as serious and elects to proceed by indictment, then an accused who is found guilty is potentially liable to imprisonment for a term not exceeding five years. If the Crown decides to proceed summarily (less serious case) and an accused is found guilty then they are liable to a fine of not more than five thousand dollars or to a term of imprisonment not exceeding six months or to both. The actual punishment imposed for those convicted will vary according to the facts of each case and the circumstances of each offender.

In addition to public mischief, there are several other offences under the Criminal Code that a person could find themselves charged with if they file a false police report or lie to the police. These include the following:

Perjury under section 131 of the Code if the person, with intent to mislead, knowingly gives a false statement under oath, affirmation, by affidavit, solemn declaration or deposition;

Fabricating Evidence under section 137 of the Code if the person, with intent to mislead, fabricates anything (such as a police report) with the intent that it shall be used as evidence in a judicial proceeding; and

Obstructing Justice under section 139 (2) of the Code if the person wilfully attempts to obstruct, pervert or defeat the course of justice.

These offences involving the misleading of justice and which include lying to the authorities are taken very seriously. This is clear when looking at the potential and maximum penalties under the Code. Perjury and fabricating evidence are indictable offences with potential prison terms of up to 14 years, while obstruct justice under 139 (2) of the Criminal Code is an indictable offence with a maximum sentence of imprisonment for 10 years.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

http://www.mondaq.com/canada/x/787224/Crime/What+Are+The+Consequences+Of+Filing+A+False+Police+Report+In+Canada

https://laws-lois.justice.gc.ca/eng/acts/c-46/section-140.html

Elements of a Defamation Lawsuit

Defamation law changes as you cross state borders, but there are some accepted standards that make laws similar no matter where you are. Generally, in order to win your lawsuit, you must show that:

Someone made a statement;

The statement was published;

The statement caused you injury;

The statement was false; and

The statement did not fall into a privileged category.

1. The Statement - A "statement" needs to be spoken (slander), written (libel), or otherwise expressed in some manner. Because the spoken word often fades more quickly from memory, slander is often considered less harmful than libel.

2. Publication - For a statement to be published, a third party (someone other than the person making the statement or the subject of the statement) must have seen, heard or read the defamatory statement. Unlike the traditional meaning of the word "published," a defamatory statement does not need to be printed. Rather, a statement heard over the television or seen scrawled on someone's door is considered to be published.

3. Injury - To succeed in a defamation lawsuit, the statement must be shown to have caused injury to the subject of the statement. This means that the statement must have hurt the reputation of the subject of the statement. For example, a statement has caused injury if the subject of the statement lost work as a result of the statement.

4. Falsity - Defamation law will only consider statements defamatory if they are, in fact, false. A true statement is not considered defamation. Additionally, because of their nature, statements of opinion are not considered false because they are subjective to the speaker.

5. Unprivileged - Lastly, in order for a statement to be defamatory, it must be unprivileged. You cannot sue for defamation in certain instances when a statement is considered privileged. For example, when a witness testifies at trial and makes a statement that is both false and injurious, the witness will be immune to a lawsuit for defamation because the act of testifying at trial is privileged.

:::

"[A]buse of process (is) the intentional use of legal process for an improper purpose incompatible with the lawful function of the process by one with an ulterior motive in doing so, and with resulting damages."

"In its broadest sense, abuse of process may be defined as misuse or perversion of regularly issued legal process for a purpose not justified by the nature of the process."

Abuse of power, in the form of "malfeasance in office" or "official misconduct," is the commission of an unlawful act, done in an official capacity, which affects the performance of official duties. ... Abuse of power can also mean a person using the power they have for their own personal gain.

The act of using one's position of power in an abusive way. This can take many forms, such as taking advantage of someone, gaining access to information that shouldn't be accessible to the public, or just manipulating someone with the ability to punish them if they don't comply.

Covert and overt abuse of power: Covert: covert means that something is hidden, in the case of power, it would mean that someone is concealing their abuse of power from the public/other service users/other care workers. Covert abuse of power can happen in any setting.

Representing FCSLLG in the class action is Fasken who was present at Miss Denham's college hearing and present at the criminal proceedings making suggestions a'plenty.

Fasken formerly Fasken Martineau DuMoulin, is an international business law firm with approximately 700 lawyers and offices in Vancouver, Surrey, Calgary, Toronto, Ottawa, Montréal, Québec City, Beijing, London and Johannesburg. On 29 November 2017, the firm announced that it is changing its name to Fasken.

(I bet Fasken lawyers don't come cheap)

:::

Please draw your attention to Note 3 in the 2019 FCSLLG financial statements, which indicates that the Society's operating fund expenses exceeded revenues by $1,114,539 during the year ended March 31, 2019 and, as of that date, the Society's current liabilities exceeded its current assets by $3,827,221.

As stated in Note 3, these events or conditions, along with other matters as set forth in Note 3, indicate that a material uncertainty exists that may cast significant doubt on the Society's ability to continue as a going concern.

Our opinion is not modified in respect of this matter.

MATERIAL UNCERTAINTY RELATED TO GOING CONCERN

At March 31, 2019 the Society had a negative working capital of $3,827,221 and the operating fund expenses exceeded revenues by $1,114,539, which when added to the operating fund excess of expenses over revenues incurred in the last 3 years, resulted in an accumulated operating fund deficit

of $3,364,522.

The Society requested a temporary increase of $120,000 to its line of credit near year end to meets its obligations and its balanced budget fund was fully depleted during the year ended March 31, 2018.

4. ACCOUNTS RECEIVABLE

2019 2018

Due from other societies $ 51,581 $ 82,698

Ministry of Children, Community and Social Services 11,063 621,644

Interfund 597,352 613,539

General 426,869 307,519

$ 1,086,865 $ 1,625,400

https://fcsllg.ca/wp-content/uploads/2019/08/Audited-Financial-Statements-Fiscal-2018-2019-003.pdf

ONTARIO BROADER PUBLIC SECTOR (BPS) SUPPLY CHAIN CODE OF ETHICS

Goal: To ensure an ethical, professional and accountable BPS supply chain. Personal Integrity and Professionalism.

(after refusing to register with the College of Social Work and refusing to just willing cooperate with the Ombudsman or the former Child Advocate - is this compliance how the society justify calling themselves professionals?)

Individuals involved with Supply Chain Activities must act, and be seen to act, with integrity and professionalism. Honesty, care and due diligence must be integral to all Supply Chain Activities within and between BPS organizations, suppliers and other stakeholders.

Respect must be demonstrated for each other and for the environment. Confidential information must be safeguarded. Participants must not engage in any activity that may create, or appear to create, a conflict of interest, such as accepting gifts or favours, providing preferential treatment, or publicly endorsing suppliers or products.

Accountability and Transparency

Supply Chain Activities must be open and accountable. In particular, contracting and purchasing activities must be fair, transparent and conducted with a view to obtaining the best value for public money. All participants must ensure that public sector resources are used in a responsible, efficient and effective manner.

SCMA™ Code of Ethics for Professionals in the field of Supply Chain Management.

Affecting and Accepting Responsibility

https://scma.com/en/about-scma/join-scma/code-of-ethics

:::