Privacy Commissioner rules on CHRC WiFi Hacking Allegations after a shockingly poor investigation
On January 29, 2009, the Privacy Commissioner of Canada released their decision of a complaint filed by Nelly Hechme against the Canadian Human Rights Commission for hacking her internet account. The decision of the Privacy Commissioner was that Mrs. Hechme’s complaint was “not well founded”.
Summary of the PrivCom’s decision can be found at: http://www.privcom.gc.ca/cf-dc/pa/2008-09/pa_20090127_e.asp
Media Reports can be found at:
· Human rights body cleared of privacy breach National Post
· Probe finds no evidence that rights agency hijacked woman's The Canadian Press
· CHRC cleared of "hacking" allegation Western Standard
According to the summary provided by the Privacy Commissioner, they conducted “numerous on-site interviews with CHRC officials.” While the Privacy Commissioner did interview the Canadian Human Rights Commission, they refused to accept close to 200 pages of documents filed by Marc Lemire which documented the allegations. (See below for a copy of the letter to Lemire by Privacy Commissioner)
The Privacy Commissioner did not even once interview Marc Lemire, or any one else involved.
While, the victim in this matter, Nelly Hechme, did file the Privacy Act complaint, she was not aware of all the facts and background which brought these allegations to light. Mrs. Hechme, was simply targeted by the CHRC and as such she could not have provided all the evidence to the Privacy Office that Marc Lemire, Barbara Kulaszka or a handful of others could have.
This shows the complete lack of any real investigation, and calls into question any decision made by the Privacy Office. How can the Privacy Commissioner make any reasonable determination of the facts, when they only spoke to one side and refused documentation from the other?
The Canadian Human Rights Commission has already shown, time and time again, they are willing to go to almost any lengths to conceal their activities. In fact, the CHRC even went as far as claiming “National Security” to stop the subpoena of Bell Canada’s records for their activities. At the Federal Court of Canada, the CHRC abandoned their claim so that the Federal Court could not rule on their objections.
The shockingly poor investigation by the Privacy Office is so pathetic, they could not bring forth a single piece of evidence to show that the allegations by Lemire were in any way incorrect.
Instead they theorize that:
“Technological experts have indicated that, most likely, but without certainty, the association of the complainant’s IP address to the CHRC was simply a mismatch on the part of a third party, which could have occurred in a variety of ways not involving the CHRC”
Who are these technological experts? And where is a single shred of proof that it was a mismatch? Are they claiming that Bell Canada provided the wrong information? If so, where is their evidence? Alain Monfette, director of the law enforcement support team for Bell Canada swore under oath about the owner of the IP address.
The facts surrounding the allegations of WiFi hacking by CHRC staff are both compelling and comes mostly from testimony of CHRC employees themselves!
Particulars of WiFi Hacking Allegation:
December 8, 2006 at 3:29pm: Dean Steacy, an investigator at the Canadian Human Rights Commission logged onto the Stormfront.Org website using the pseudonym “Jadewarr” and printed off a post entitled “Italy for Italians” This print out, showed the date of printing was December 8, 2006. This document was entered into evidence by the CHRC at the Beaumont CHRT hearing on December 12, 2006.
March 25, 2007, Lemire accessed the Stormfront.Org member public profile for user “Jadewarr”. The user profile shows that the last activity (last logon) was 12-08-2006 03:29PM. As well it showed the E-mail address email@example.com.
March, 2007, Don Black, the owner of Stormfront provided the IP address and e-mail address associated with the Stormfront member “Jadewarr”
The IP address used to log into Stormfront.org on Dec 8, 2006 was:
· IP Address: 188.8.131.52
· Host Name: bas2-ottawa23-1177597387.dsl.bell.ca
March 3, 2008: the Canadian Human Rights Tribunal issued a subpoena of Bell Canada’s records for the “Jadewarr” information.
March 25, 2008, Alain Monfette, director of the law enforcement support team for Bell Canada , testified that the owner of the IP address 184.108.40.206 on December 8, 2006 at 3:29PM was:
XXX Laurier Ave XX
Ottawa , Ontario
User ID: XXXXXXXX
Connection date and time: December 7, 2006 from 18:37:22 to December 8, 2006 at 21:35:56
March 25, 2008, Dean Steacy testified under oath that he used the “Jadewarr” account on Dec 8, 2006 and that he printed the webpage which was filed as evidence in the Beaumont case. Dean Steacy also testified that: John Chamberlin, Sandy Kozak and his assistant also had the password to the “Jadewarr” account. It was also possible that Richard Warman had the password, but Mr. Steacy did not give it to him.
March 26, 2008, the National Post newspaper reported: “Reached by phone last night, Ms. Hechme, 26, told the National Post she has no connection to the tribunal, has never known any of the investigators, and has never accessed a Web site as Jadewarr. She said that in the relevant period in 2006 she did have a Bell Sympatico account with a wireless connection that was not password controlled, meaning anyone within range of her apartment could have accessed the Internet with it. “
(Mrs. Heckme’s home is a block away from the CHRC’s offices in Ottawa)
BACKGROUND OF HACKING COMPLAINT:
The complaint filed by Lemire alleged that:
On December 8, 2006 at 3:29pm (EST) Dean Steacy and/or John Chamberlin and/or Sandy Kozak, used the pseudonym “Jadewarr” to access the Stormfront.Org website. In order to hide their identity, the respondents wilfully and with malicious intent connected to the unsecured wireless access point of Nelly Heckme, without her knowledge and/or approval, in violation of Canadian law and the Privacy Act.
Along with this complaint, Lemire sent copies of all the relevant transcripts, affidavits and other material.
All the material was returned by the Privacy Commissioner on April 23, 2008 with a letter that stated:
Dear Mr. Lemire:
This is further to your correspondence of April 7, 2008, which was received in this Office on April 16, 2008. Specifically, you advised of an incident in which it is alleged that the Canadian Human Rights Commission (CHRC) contravened the provisions of the Privacy Act (the Act) by accessing an individual’s wireless internet connection without that individuals authorization.
I note, however, that your concern pertains to another individual and does not constitute your personal information as defined in Section 3 of the Act. As such, we are unable to respond to you further in this matter.
Manager, Inquires Unit