By

City of Vancouver Fails at Privacy

So, there's a municipal election coming up. I don't blame you for not knowing about it, since it's a very boring affair where the party with the most developer dollars manages to convince the electorate to stay home by being boring and bland. Each side claims to be from the community and talks about the environment or transparency. Anyway, as a renter in Vancouver who has no hope of owning, I decided to see about updating my voting registration. I then went to the City of Vancouver website and found the following:

Seriously? No crypto? This is 2014, I can't expect this to be real. Turns out there is crypto, but it's going to a non CoV owned website called voterview.ca.

So, who is voterview.ca, I just get a login page when I go here. But I do notice that I can go to another website, datafix.com and see that this is hosted by DataFix, a company out of Toronto, and the servers themselves are in New York on Peer1. This leads to more questions than answers, like why is VoterView.ca gatehring Social Insurance Numbers and does this violate BC Privacy Law. I know that it doesn't violate federal privacy law, but this definitely leads to a lot of questions about data security during an election period. What's amazing is how fast I was able to find this out.

Even if DataFix is totally lawful and above board (which they probably are in most provinces), I really think there needs to be a little more transparency with how the data is being collected, namely whether there's SSL. Right now this could easily be hijacked and used for identity theft as it currently is setup.