[LabComm] BCGEU: Leave personal data with government where it belongs

[Adams, Carol]

FOR IMMEDIATE RELEASE

Friday, August 6, 2004

 

BCGEU:  Leave personal data with  government where it belongs

 

Only one way to keep British Columbians’

confidential information away from FBI

and the USA Patriot Act

 

There’s only one foolproof way to keep our personal and confidential information out of the hands of the FBI:  leave it in government where it belongs, the B.C. Government and Service Employees’ Union (BCGEU) said in its submission to the B.C. Privacy Commissioner today.

 

“The Campbell Liberals can try to build a fortress around our personal data but once it outsources information technology (IT) services to American linked companies, the FBI can use the USA Patriot Act to knock down any legal, constitutional or electronic walls to get British Columbians’ personal information,” said George Heyman, BCGEU president. “And once that information is released it’s impossible to predict how far within American agencies it will be distributed, or how it will be used.

 

“The B.C. government claims the risk to our privacy is minimal, assuring us that U.S. authorities would be unlikely to exercise their powers on Canadians. In this era of post 9/11 hysteria, where American authorities call Canada as a haven for terrorists, that’s an empty reassurance,” Heyman said.

 

“In our submission, we argue there’s every indication that for the United States, homeland security is its first, highest priority—the rights of its own citizens are a distant second, and it is unconcerned about the sensitivities of other nations.”

 

The BCGEU is rejecting the government’s claim that proposed amendments to B.C. privacy laws and “risk mitigation measures” negotiated into contracts with U.S.-based companies will be sufficient protection for British Columbians. The government can’t outsource and meet its obligations under privacy laws (FOIPPA).

 

“The Campbell Liberals think building firewalls and compelling U.S. companies and their Canadian affiliates to sign confidentiality agreements will protect our medical information and financial records from the prying eyes of the FBI. There’s no iron-clad guarantee. And there’s far too much at risk to find out after the fact,” Heyman said.

 

Personal information at risk through the outsourcing of Provincial Revenue functions alone includes everything from name, address, telephone number, SIN and family history to employment history, income, credit card and bank account numbers, and even charitable donations and mortgage details. The contract to administer MSP and PharmaCare includes access to an individual’s medical reports, psychological and mental health reports, x-rays, photographs, details of surgeries, prescription history, doctors’ names, and any restrictions on individual doctors prohibiting them from writing certain prescriptions.

 

Heyman criticized the government for ignoring widely reported problems with outsourced IT contracts. Media have reported difficulties with at least two of the American companies who have been awarded B.C. contracts. For example an EDS subsidiary in Texas, National Heritage Insurance Company, was accused in a state audit of overcharging $31.3 million in 2002 while administering the Medicaid program. The Campbell Liberals have contracted with an EDS subsidiary here to administer Provincial Revenue functions.

 

 

Maximus, the U.S. company that has been contracted to administer MSP and PharmaCare, has reportedly had contract difficulties in Wisconsin, Arizona and Connecticut. It reportedly cost over $1 million more to run an Arizona welfare-to-work pilot program than if it had been publicly administered by the state.

 

“Why would government continue to outsource when the risk is so high?,” said Heyman. “Jurisdiction after jurisdiction has experienced cost over-runs, system collapses, service delivery problems, over-charging. Now that the Patriot Act adds the risk of total disclosure of a vast quantity of personal data, it makes outsourcing simply irresponsible.”

 

The BCGEU was the first to raise the alarm about the implications of the USA Patriot Act on the government’s plans to contract out the administration of the MSP to the Arizona-based Maximus corporation. The union initiated a court challenge over the contracting out of MSP and requested a public inquiry into the growing number of contracts the government is negotiating with American multi-national corporations, including PharmaCare, government payroll, Provincial Revenue, disaster recovery, and workstation support services. In response to a growing concern by civil liberties groups, academics, unions, advocacy groups, legal community, and privacy commissioners elsewhere in Canada, B.C.’s privacy commissioner initiated a public inquiry.

 

A summary of the BCGEU submission to the B.C. privacy commissioner is attached. The entire submission is available at www.bcgeu.ca.

 

- 30 -

 

Contact:  Carol Adams, (604) 291-9611

 

cope 378

 

QUICK FACTS

 

Powers of the USA Patriot Act

 

Act dramatically expands the authority of U.S. federal agencies by giving them unchecked search powers and secret processes.

Act permits:  

•     greater access to business records

•     increased use of secret searches

•     increased ability to do surveillance, wiretapping

FBI can obtain an order to search any type of record and does not have to go through any judicial assessment.

FBI can investigate an individual with no obligation to show probable cause.

No procedure to challenge an order for disclosure.

Failure to comply with an order constitutes contempt.

Anyone served with an order for disclosure is forbidden from telling anyone that the order exists.

Individuals will not even know that their personal information has been handed over to authorities.

 

Five contracts being outsourced by B.C. government

Details of personal information at risk

 

1.  Provincial Revenue

B.C. government is contracting with EAS Advanced Solutions Inc., a subsidiary of EDS Canada which is a subsidiary of EDS International, an American corporation, to provide access to all its records.  Services include account management, billing, payment processing, and collections.

 

Gives access to confidential financial and personal information of many British Columbians:

     driver’s licence records, vehicle registration information, insurance information 

     income assistance and student loan applications

     medical information (all MSP billing history)

     ambulance (where you were picked up and driven to)

     SIN

     birthdate

     address (current and historical list of address from opening of any account to present)

     personal property and asset information

     credit information

     liabilities (who you owe money to currently and in the past, how much, monthly payments, credit card numbers)

     bank account #s

     if you are an owner (or otherwise) of a company

     place of employment (current and historical)

     your income and sources of income (EI, etc.)

     income of your spouse or common law partner

     amount of child support payment you receive or pay

     amount  of child tax benefit and/or GST you receive

     your monthly expenses (rent, mortgage, how much you spend on food, telephone, cable, utilities, bus passes, car loan, child care, clothing)

     stocks, bonds, RRSPs

     BC Online:

o     Personal Property Reg.

o     Site Registry

o     Corporate Registry

o     BC Assessment

o     Land Titles 

o     Rural Property Tax

     Home Owner Grant (current and history of houses or property owned)

     Skip Trace Unit (BC Hydro uses to search out of province driver’s licence in Canada or U.S.)

     Equifax (all credit information; an inquiry by Provincial Revenue does not show up in Equifax history sent to individual)

 

EDS record:

EDS ran the Medicaid rolls in Florida.  It was widely reported in the media that in its first two years, EDS racked up $260 million in errors, failed to remove 235,000 ineligible people from the rolls, was blamed for $232 million worth of mistakes in the Aid for Dependent Children and Food Stamp programs.  In Indiana, media reported an EDS computer system created a major backlog processing Medicaid claims.  Reportedly, after one year, Indiana’s hospitals were on average 136 days behind in receiving Medicaid payments and nursing homes were owed $86 million in back claims. (source: Eye on Privateers, Sept. 1999 AFSCME).

 

In Texas, a state audit revealed the contractor that had administered the Medicaid program for 25 years overcharged the state by $31.3 million in 2002, and $20 million the previous year.  The contractor, National Heritage Insurance Co., is a subsidiary of EDS Corp. – the parent company that the B.C. government is contracting to administer Provincial Revenue.  The company lost the contract following a year-long probe by the Texas Attorney-General’s Office into alleged contract violations including overbilling, improperly hiding expenses, charging taxpayers for an executive’s luxury apartment, and questionable employee bonuses.  (Knight-Ridder/Tribune, June 12, 2003).  EDS reportedly racked up $260 million in errors when it failed to remove 235,000 ineligible people from the Medicaid rolls in Florida, and was blamed for $232 million worth of mistakes in the Aid for Dependent Children and Food Stamp programs (Eye on Privateers, September 1999, AFSCME).

 

EDS is also responsible for a flawed computer system to track international students as part of the tighter security measures in the U.S. that routinely loses sensitive information about foreign students and faculty.  Schools have also been unable to print documents of international students and visiting scholars in order to obtain visas, impeding their entry into the country.  A student from Thailand visiting a university in Washington, D.C. was arrested because the computer database incorrectly listed her as having dropped out.  (Knight-Ridder/Tribune, March 17, 2003).

 

2.  MSP and PharmaCare

B.C. government is contracting administration of MSP and PharmaCare to a Canadian subsidiary of Maximus, an American corporation.  

 

Gives access to British Columbians’ private medical information:

     medical reports

     psychological reports

     mental health reports

     x-rays

     photographs

     operations reports

     which doctors a person visits

     15 months of drug history, drug expenditures, and any methadone use

     patient restrictions

     doctor restrictions (disallowing doctor from writing certain prescriptions)

     residency in long term care facilities

     if you’re a diabetic

     special authorities you may have for drugs not normally covered

 

also:

     date of birth

     family status and history

     address

     phone number

     criminal record (in order to determine whether a beneficiary is in jail)

     employment history

     income

     financial information including bankruptcy (to determine eligibility for premium assistance)

     immigration and refugee status

     disabilities

 

Maximus record:

Maximus cost the people of Arizona $1 million more to run a welfare-to-work pilot program than had it been publicly administered by the state.  A Wisconsin State 2001 Legislative Audit Report found Maximus spent more than $400,000 on unauthorized expenses and $1.6 million the company couldn’t properly document.  In Connecticut, half of the 17,000 bills Maximus was supposed to pay to child care providers were over 30 days late.  (Dollar & Sense, January 2001)

 

3.  Government payroll

B.C. government is contracting with TELUS to deliver all payroll and information management services for the B.C. government.  The contract was initially going to be awarded to a consortium of TELUS, Accenture and Sierra Systems Group.  Accenture has been dropped.  Sierra Systems will continue to be a member of Team TELUS, responsible for “long-term systems development”.

 

Gives access to personal information of over 30,000 public service employees:

     contact information

     SIN

     birth dates

     income

     benefits

     all leaves taken (sick, parental, medical, dental, adoption, appointments, union, disciplinary, maternity)

     pension (start date, how much you pay into pension, how much government pays)

     charitable donations made 

     garnishment 

     Canada Savings Bonds (amount of contribution)

     personal income that is reduced at source because of special circumstances

 

4.  Disaster Recovery

B.C. government is contracting with Sungard, an American corporation, to provide recovery of government data in the event of a disaster.  The contract includes running annual tests to ensure the recovery system is in place.  Beginning March 8, 2004, the Ministry of Management Services has been shipping tapes of enormous amounts of government data to Sungard in Philadelphia.  Data is sent as is with no encryption or coding.

 

Gives access to all government data on the mainframe which is then stored offsite in Philadelphia in the event of a disaster for later recovery.

 

5.  Workstation Support Services

B.C. government is contracting with ISM Canada, a subsidiary of IBM, to provide all information technology services for all government departments.  

 

Gives access to everything on the government’s computer system:

     every email in government

     access codes

     all legislature workstations (including premier’s office); everything on individual hard drives

     highly sensitive files (cabinet documents, intergovernmental documents, etc.)

 

 

Why contractual, technological and 

legal risk mitigation strategies won’t work

 

To date, no contract with such safeguards has been negotiated with any contractor.

The proposed mitigation strategies are untested.

U.S. courts have already dismissed corporate non-disclosure agreements.

There’s no firewall or other technical means that can’t be by-passed.

U.S. government places its own security before other concerns and U.S. courts will assert their jurisdiction to the fullest extent when there is a real or perceived threat to U.S. security.

U.S. courts have power to order disclosure of records beyond their borders.

U.S. believes Canada is a haven for terrorists and is interested in access to databases.

U.S. has demonstrated little concern for sensitivities of allies, or rights of its own citizens; it has a history of abusive search and surveillance, and invasion of privacy rights.

Having international treaties like MLAT does not guarantee the U.S. government will refrain from using Patriot Act.

Even if mitigation strategies were agreed to and included in the contract, the proposal that a violation would mean the termination of the contract would leave British Columbians without critical services.

 

 

cep 467   cope 378

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bcfed.net/pipermail/labcomm/attachments/20040806/d984eb38/attachment.html>