Vive Le Canada

Chief Statistician Responds To Concerns

Posted on Friday, May 14 at 09:56 by Jesse
1. Given the public concerns, we have decided to limit the scope of this contract strictly to the printing of questionnaires, the development of software and the provision of some specialized hardware. Under the new arrangement, only Statistics Canada employees will have access to completed census returns, both for the 2004 Census Test, as well as the 2006 Census. In other words, the group of Canadian companies headed by Lockheed Martin Canada will not carry out any of the operations associated with the Canadian Census - none.

2. Is there a legitimate need for any contracting out of even some preparatory work for the census? Given technological changes, the 2006 Census will have to be conducted in a manner that is different from previous censuses. We have to offer Canadians a user-friendly option to return their questionnaires via the Internet - with security that exceeds that used by on-line banking operations. Among other requirements, this necessitates the practically instantaneous scanning of even those questionnaires returned via the regular mail. These tasks are enormously difficult to implement: they require an on-line operation capable of tracking the census returns of over 12 million households from one end of the country to the other to ensure that at all times we know who returned their questionnaires by mail and who did so via the Internet; and the practically instantaneous scanning of over 12 million questionnaires. Statistics Canada simply has no experience with the development of software involved in a huge and specialised scanning and Internet operation. Consequently, it was decided that it would be more cost-effective to leverage outside expertise in the development of these systems.

3. When we decided to contract out the software development necessitated by the Internet, we wanted to be able to hold accountable the eventual contractor for the smooth functioning of the software and specialised hardware involved. We therefore specified that they must be responsible for the operation of the questionnaire scanning - of course, under our supervision and our own security arrangements so as to ensure the total security of Canadians' census returns up to the very high traditional standards of Statistics Canada. In addition, they were all to be sworn in under the Statistics Act and so be subject to all the confidentiality constraints and penalties to which regular Statistics Canada employees are subject. Statistics Canada was unqualifiedly certain that it could continue to be the guarantor of the confidentiality and security of census information.

4. The contracting was carried out with the most scrupulous and meticulous care. The group of Canadian companies headed by Lockheed Martin Canada submitted what was clearly the best bid, based on their experience in carrying out similar tasks in other countries' censuses.

5. To reiterate, even though Statistics Canada was unambiguously clear that it could protect confidentiality, we feel that public trust in the census is fundamental. Consequently, we have made arrangements to limit the contracting out of census work to nothing more than the provision of printing and specialised software and hardware. Under the new arrangements, all operational activities of the 2004 Census test and the 2006 Census will be carried out by regular employees of Statistics Canada - as in past censuses. Only employees of Statistics Canada, sworn to secrecy under the Statistics Act, and subject to significant penalties should their oath be violated, will have access to census returns. All completed census returns will be secured in facilities controlled by Statistics Canada. All of the Census data will be stored on a secure computer network, with no link outside of Statistics Canada. To verify this, we will have a security audit completed by at least three independent firms with expertise in Information Technology security.

The ability to produce high quality statistics is dependent on the trust of Canadians. Statistics Canada would never betray this trust by making available census returns to anybody outside of the Agency, especially a foreign country.

Ivan P. Fellegi
Chief Statistician of Canada


Note: Response from Chief Sta...

Contributed By


Topic


Article Rating

 (0 votes) 

Options




Comments

  1. by avatar whelan costen
    Fri May 14, 2004 5:09 pm
    This sounds like more of the same rhetoric, how can you have internet access and then have no outside connection to statscan; that makes no sense. Also why is it so important to have this census done through the internet, sounds like more b.s. and then they can claim that a hacker got the information. I can't get a sense of security from this email, I want to trust but it seems that they are just spinning us around to make us believe something is what it isn't!

    ---
    If I stand for my country today...will my country be here to stand for me tomorrow?

  2. by avatar Dr Caleb
    Fri May 14, 2004 5:47 pm
    A good explanation. It won't work for the tinfoil hat crowd, but I'm convinced LM has been moved to a position where they will not come into contact with our raw census data. I'd be more worried about IBM now than LM. Since I used to work for IBM, I'm not worried about them at all.<p> And yes C#, it is entirely possible to have the census on the Internet, and have it perfectly secure. For example, the data could be collected on a secure internet gateway (called an OFX Marble Gateway)- such as used for on-line banking - then once the data is collected, it could be moved to disc or tape, and have to be physically loaded back into the main census servers. Physical security is always the safest, but there are other ways. If they are using IBM AS/400's (or i5's as they are called now), all major banks use these for daily transactions - they have never had a single security hole in the last 15 years. Since they were created by IBM in the 80's, their security has never been broken. I've got over $2 million of AS/400's sitting 8 feet from me right now - trust me when I say they are secure :).<p><p>---<br>"History does not repeat itself, but it does rhyme" Mark Twain <br />
    "The greatest price of not participating in politics is being governed by your inferiors." Plato

  3. by avatar Jesse
    Fri May 14, 2004 6:01 pm
    *Ahem* They have never _found_ a security hole. That doesn't mean there aren't any, nor does it mean that crackers haven't found them and kept quiet about it.

    ---
    Jesse

  4. by avatar Dr Caleb
    Fri May 14, 2004 6:39 pm
    This is true. Perhaps I should rephrase - There has never been a published security hole, and I really doubt there is an unpublished one. IBM is amazingly tight lipped about such things though.<p> I do remember a couple years ago there was an issue with the cryptographic processor, which could be explioted as a hole, but it required physical access to the machine. AFAIK, there was never any proof-of-concept exploits for it.<p> <p>---<br>"History does not repeat itself, but it does rhyme" Mark Twain <br />
    "The greatest price of not participating in politics is being governed by your inferiors." Plato

  5. by FreeCanada
    Fri May 14, 2004 7:00 pm
    Whether or not there are any security holes is besides the point, imagined or otherwise. I am sure if the American government really wanted our information they could get it anyways.

    The real question is why should we be paying our tax dollars to a corporation that is involved with the making of weapons of mass destruction? Plus I would rather see a completely Canadian company get the contract.

    Let stats can explain that.



    ---
    If we are standing still we are moving backwards.

  6. by avatar Milton
    Fri May 14, 2004 9:16 pm
    I agree with you FreeCanada, why is Lockheed Martin (LM) involved at all. Why wasn't a 100% Mom and Pop Canadian firm awarded the contract? If Stats Can won't release the bids on this contract for public scrutiny the only way to view this contract is as a political payoff, IMHO.
    This statement by Stats Can is almost the same one that was issued under Fellegi's name last time. This time they added printing questionaires to the list of critical duties to be performed by LM.
    They hold us in such contempt that they don't even bother to write a new statement, they just add a couple of words to the old one.

  7. by avatar whelan costen
    Sat May 15, 2004 1:53 am
    Hum, Dr. Caleb thanks for the info, but still I can't be secure with this explanation, are you saying that software and hardware, as statscan says they are using from LM, couldn't have a backdoor or other ways to access the info, should the U.S. gov be interested in our info, for their own purpose and covered by the patriot act, we would still be vulnerable, wouldn't we?

    Also I agree, if we can't use a Canadian company for something this important, then do it the old way, it worked for us before why doesn't it work now?

    ---
    If I stand for my country today...will my country be here to stand for me tomorrow?

  8. by Kory Yamashita
    Sat May 15, 2004 9:08 am
    Whelan, we used to have 28 million people living in Canada. Now we have 30 million. We OBVIOUSLY can't count those extra two million the old way *rolls eyes*.

    Anyways, what Dr Caleb is describing sounds pretty secure. If the information goes directly to a 'secure' server and is then physically transported to another machine not connected to the internet, the majority of the information would be be untouchable over the internet.

    However, there is still a possibility that the forms submitted via internet are intercepted. The rest (an anticipated 80%) of the data would never come in contact with the internet. But that 20% would be as easy to steal as hacking a bank, which, as Doc described, has not happened since the release of these new servers in the 80's.

    In my opinion, the information is still somewhat vulnerable, but more importantly, I don't want my tax dollars to pay wages at Lockheed. I saw the interview Michael Moore did with the head of that Lockheed plant near/in Columbine. There's no way I'd pay nutcases like that guy to count for me (the other guy, not Moore).

    -KY

    ---
    Kory Yamashita

    "What lies behind us and what lies ahead of us are tiny matters compared to what lies within us." - Oliver Wendell Holmes

  9. by Anonymous
    Sat May 15, 2004 7:59 pm
    <blockquote>Whelan, we used to have 28 million people living in Canada. Now we have 30 million. We OBVIOUSLY can't count those extra two million the old way *rolls eyes*. Anyways, what Dr Caleb is describing sounds pretty secure. If the information goes directly to a 'secure' server and is then physically transported to another machine not connected to the internet, the majority of the information would be be untouchable over the internet. However, there is still a possibility that the forms submitted via internet are intercepted. The rest (an anticipated 80%) of the data would never come in contact with the internet. But that 20% would be as easy to steal as hacking a bank, which, as Doc described, has not happened since the release of these new servers in the 80's. In my opinion, the information is still somewhat vulnerable, but more importantly, I don't want my tax dollars to pay wages at Lockheed. I saw the interview Michael Moore did with the head of that Lockheed plant near/in Columbine. There's no way I'd pay nutcases like that guy to count for me (the other guy, not Moore). </blockquote> KY Jelly - get a clue. The contracts are put out for public bidding...everyone else lost. 28 or 300 million...doesn't matter: the census is hard to do period. If you think you can do it, then start a company and compete with LM/IBM. I bet you will have a hard time doing everything in their contract (printing, software, hardware, integration, QA, hiring all the ppl to key, training, integrated test, ect.). And oh yeah...I bet you can't do all of that^^ in the required time frame: the RFP was put out about a year ago...LM/IBM already have a working system in test mode. I'm impressed. From the stat can website "Eligible firms had to demonstrate the ability to work under Statistics Canada's stringent security, quality, cost and timeframes. They also required significant experience in providing the hardware and software required for the census." Does that sound mom and pop to you, KY? Personally, I think you are a fool if you think the internet data can be intercepted from anywhere. It all boils down to security INSIDE stat can. Since we are the ones running the show, you should feel more comfortable, right? If your beef is with LM then why not push for a law that would ban military contractors? OH WAIT! Can't do that, now can we? How many other military contractors are there in the world? How many private/civil systems are built by those same military contractors? Thousands. <ul>WHY DO YOU THINK THAT IS SO?!?! BECAUSE THEY ARE GOOD AT WHAT THEY DO!!</ul> Wouldn't want mom and pop working on jet aircraft, heavy weapons disposal, or space flight, would you? Didn't think so. It all boils down to process, procedure, know-how, skills, control, vision and quality. LM/IBM have those skills and will probably meet all of the requirements, on time and within budget. How much did the 2001 census cost? How long did it take to get the data? How accurate was it? I bet LM/IBM do it for a fraction the cost and are in the high 90's on accuracy. You do want your data captured correctly, don't you? Get a clue.

  10. by avatar Jesse
    Sat May 15, 2004 9:12 pm
    <blockquote> Wouldn't want mom and pop working on jet aircraft, heavy weapons disposal, or space flight, would you? Didn't think </blockquote> Well no, you wouldn't, because most people have more productive jobs that don't involve killing other people. Further, what exactly do jet aircraft or weapons have to do with census data? There is very little expertise that is shared between gathering population data and building bombs. <blockquote> so. It all boils down to process, procedure, know-how, skills, control, vision and quality. LM/IBM have those skills and will probably meet all of the requirements, on time and within budget. How much did the 2001 census cost? How long did it take to get the data? How accurate was it? I bet LM/IBM do it for a fraction the cost and are in the high 90's on accuracy. You do want your data captured correctly, don't you? Get a clue. </blockquote> <p> So you're saying that an independent contractor whose primary business is building military equipment will do a better job at the census than Stats Canada, an organisation which has been specialising in the field for <A href="http://www.statcan.ca/english/about/jt.htm">over 300 years</a>? </p> <p>---<br>Jesse <br />

  11. by Perturbed
    Sun May 16, 2004 5:47 am
    Just so everyone knows, it's the "National treatment" clause of NAFTA that prohibits our government from favouring Canadian companies over Ameircan companies. THAT IS WHY THEY SAY THIS B.S. ABOUT A "FAIR & OPEN BIDDING PROCESS." That's the culprit right there--NAFTA and the goddam national treament clause. OUr govenrment honours even this, a the easiest clause to break.

    What I am not clear about, is this: what determines the winning bid, in a close decision? Cost? Quality? It appears not nationality......I'm just confised, because couldn't a government just break this clause easily, by teasing foriegn companies with every intention of giving a contract to a Canadian company?

    ..............Just wondering.

  12. by Perturbed
    Sun May 16, 2004 5:57 am
    P.S. --this shows us the Liberals truly are more allied with corporations that our nation: corporatism over nationalism, of course.......it's not that Lockheed Martin makes planes, or even nukes that bothers me, it's the land mines and cluster bombs--BOTH vicious and totally illegal internationally.....not that I like the nukes, but at least they aren't currently using the nukes.....HOWEVER, I forgot about DEPLETED URANIUM, which Lockheed-Martin also makes, and the U.S. does use, also illegal......after seeing on the internet what this stuff does to babies, I wasn't too pleased......not for the sqeamish AT ALL. Go find the pictures at ericblumrich.com if you like, but you won't enjoy them.

  13. by 4Canada
    Sun May 16, 2004 9:03 am
    Hi Perturbed,

    The damage done to people and the environment with depleted uranium is unconscionable. Our government supporting a company like LM makes them just as responsible for these crimes against humanity as the people landing the bombs.

  14. by Anonymous
    Sun May 16, 2004 7:46 pm
    <blockquote>Well no, you wouldn't, because most people have more productive jobs that don't involve killing other people. </blockquote> Get it right: the military kills people...these guys are building computer systems for collecting data off the internet and paper forms. <blockquote>Further, what exactly do jet aircraft or weapons have to do with census data? There is very little expertise that is shared between gathering population data and building bombs. </blockquote> I will tell you what is in common with both: a customer with a need that could not be filled in house and budget for doing it via contractors. I bet these guys could build anything you asked them for...it just so happens that their main customer (DoD) asks for a lot of military hardware/systems. Don't fault them for having a lot of different customers. Don't fault Stat Can for not being able to do it in house either...they are statistics geeks, not computer geeks. ;-) <blockquote>So you're saying that an independent contractor whose primary business is building military equipment will do a better job at the census than Stats Canada, an organization which has been specializing in the field for over 300 years? </blockquote> Yes. Question: If you had your choice of two cars for the same exact price, the only difference in the cars was that one met 90% of your needs and the other 98%, which car would you pick? The car that meets 98% of course! Getting back to the topic...How accurate was the 2001 Census data collection? 85%? 90%? How accurate does LM/IBM need to be per their contract (I've checked Stat Can's website...can't find answer)? I bet it is higher..much higher (e.g. 96%+). Ask yourself this...is 85% acceptable under any circumstance when dealing with this kind of data? Think about what this data will be used for...building roads, improving schools, expanding health care...pretty important stuff...forget to tally a small town correctly and services to that town dry up. Stat Can obviously knows who their customers are (tax payers) and wanted more from the $$$ allocated for 2006. The result was an RFP and a contract to do more than what they could do themselves. What about cost? How much did 2001 cost? How much will 2006 cost? Wouldn't be surprised if it were about the same. <br><br>Don't you want more for the same price? <br><br>Wouldn't you want Stat Can to focus their energy on producing better analysis of the data (that's what their primary job is, btw...produce statistics...not build computer systems)? <I>Because of these technological changes, Statistics Canada realized that this census would have to be conducted in a different manner from previous censuses. Accordingly, Statistics Canada sought assistance with the development of software required to undertake the census.</I> By outsourcing, it frees them up to do their job better. Win win for us Canadians in the end. LM/IBM will do a better job on the data collection because they have a history with doing these kinds of systems. That's why they were hired, they do computers. Leave the number crunching up to Stat Can. That's why they were hired, they do numbers. One more thing...The census isn't new to Lockheed: http://www.census.gov/dmd/www/dropin2.htm http://www.unece.org/stats/documents/2003/05/census/wp.11.add.1.e.pdf



view comments in forum


You need to be a member and be logged into the site, to comment on stories.



Latest Editorials

more articles »

Your Voice

To post to the site, just sign up for a free membership/user account and then hit submit. Posts in English or French are welcome. You can email any other suggestions or comments on site content to the site editor. (Please note that Vive le Canada does not necessarily endorse the opinions or comments posted on the site.)

sitemap | feeds | privacy | copyright | contact
canadian bloggers | canadian news