Thursday, June 10, 2021

Brampton’s unusual social media surveillance plan raising concern around privacy & abuse by senior staff


The City of Brampton refuses to reveal the company hired to surveil the social media accounts of local councillors, while some members are raising concerns over the controversial plan.

It was launched without council’s knowledge in January after two members had their social media accounts impersonated to swindle money from their unwitting followers.

Regional Councillor Martin Medeiros told The Pointer he is not taking part in the program and questions how the integrity of the ongoing surveillance will stand up to scrutiny. “As much as the scope you say is specifically around misuse or access, it can turn into something [negative] very quickly.”

The program asks members of council to rely on staff to ensure their accounts aren’t being misused and Medeiros doesn’t feel confident in staff’s ability. “I do see the possibility of misuse… with some of the situations at City Hall, I don't feel comfortable having a third-party accessing my accounts and my information.”

A number of recent events have contributed to his unease including the history of some staff “who were alleged to be part of a data cover-up in Niagara.”

Ontario’s Ombudsman released a scathing 2019 investigation report titled “Inside Job” detailing the fraudulent hiring of Carmen D’Angelo as Niagara Region’s CAO in 2016. Three senior Brampton employees, director of strategic communications, culture and events, Jason Tamming, assistant director of corporate projects Robert D’Amboise and chief administrative officer, David Barrick, were implicated in the report. It details alarming corruption behind a plot to get D’Angelo Niagara’s top job, the same position Barrick now holds in Brampton, after Mayor Patrick Brown oversaw his hiring despite what happened in Niagara.

Barrick, who worked under D’Angelo at the Niagara Region Conservation Authority, went offline to coerce senior staff to support his boss’s hiring in exchange for influence. Tamming, Niagara Region’s former head of communications, and D’Amboise, a former policy director, sent D’Angelo the questions and answers for the CAO hiring competition, which other candidates did not receive.

At one point, as the scandal was unfolding, senior staff who thought information in a closed meeting was being recorded, confiscated computer hardware and notes belonging to a local reporter. After widespread backlash, including from journalism organizations, over efforts to snuff out free speech and a heavy-handed approach to shut down opposing views, staff eventually apologized.

Now, at least three of the individuals linked to the controversial Niagara conduct hold senior positions inside Brampton City Hall, including the top job.

“I’d lie to you if I told you I trust all staff there,” Medeiros said. “I have concerns. I don’t know them. Some of them are probably very good people but they don't give me the same comfort level as if I knew staff for several years and had professional relationships with (them), and I would have more confidence if this service was needed,” Medeiros said, regarding the cyber-surveillance that was launched without even disclosing the plan to elected officials whose social media accounts would be monitored.

Duff Conacher, co-founder of Democracy Watch, told The Pointer in January it’s easy for anybody to do this sort of surveillance since access to such technology isn’t associated with security agencies – anyone can buy it. Even if a contract stipulates free speech rights and other constitutional protections are not to be violated, it doesn’t mean they won’t be, since it’s done in secret. “It’s something that can never be stopped, unfortunately.”

The Ottawa-based group advocates for transparency and accountability in all levels of government.

Social media activity is often unethical, but Canada’s Charter of Rights guarantees the protection of free speech.

The morality of online behaviour by some might be questionable but social media accounts attacking politicians are common and there’s nothing illegal about them, Conacher said. “Criticism is entirely legal under the Charter, especially of public officials.”

Conacher, a lawyer and former University of Toronto professor of law who specializes in good governance and the defence of democratic principles, also questioned why this wasn’t discussed in the public eye and with full transparency when staff initially decided on their own to hire a private surveillance firm, especially since the monitoring uses public funds. “They can spend money on this kind of thing if they want to, but it seems to be that they have undemocratic intent, and it's definitely a waste of the taxpayers’ money.”

Conacher previously told The Pointer he had never heard of a municipality doing this kind of surveillance.

He views any attempt to chill free speech as a “wrongful” action and silencing critics is something public officials should not be doing. “Criticism is not only entirely legal and constitutionally protected, but it's also healthy and needed if you want to have democratic government.” Social media platforms shouldn’t be shutting down pages unless the messaging turns to hate speech, libel, or defamation, he said.

The fear is that, even if the focus of the external surveillance is to prevent criminal activity (even though this should be handled by police authorities) such work could bleed into violations of people’s rights.

The Pointer tried to find out who was hired to do the controversial work.

“We cannot specify the name of the selected vendor as there is an inherent cybersecurity risk in sharing specific details of a selected firm,” City spokesperson Marta Marychuk wrote in an email, stating sharing this information publicly would expose “methods that are being used to secure an organization’s IT infrastructure.”

It’s unclear why the City of Brampton’s “IT infrastructure” is an issue of concern, after two members of Council, Mayor Patrick Brown and Councillor Rowena Santos, had social media accounts impersonated to coerce their followers to send money to the impersonator(s).

It triggered staff to hire a private company to surveil council accounts, without telling members, who eventually found out the firm was hired early in the year without their knowledge.

Hired in January, the vendor “scans and monitors the internet and dark web” to determine if accounts of council members are being misused or impersonated. Marychuk said the service would allow compromised accounts to be identified and dealt with, but did not specify what this meant. The Pointer asked if the vendor had any success so far, but the question was not answered.

Shortly after the company began its work, councillors learned about the arrangement through an internal email. Some expressed concern that the decision was made without their consent.

They demanded staff provide more detail of the plan, and it was eventually agreed that council members could opt in or out of the ongoing surveillance of their social media accounts.

Regional Councillor Gurpreet Dhillon, who initially decided to take part in the program, said it “has not been of any benefit” to him and he’s looking to be removed from the ongoing surveillance program. “The one update I did receive was advising me of my own accounts as potential threats,” he told The Pointer.

The chosen vendor was one of eleven bidders. Marychuk said the selection was done through a direct purchase, which, according to the City’s purchasing bylaw, can only be done if a contract does not exceed $25,000. If this is the case, department heads have the authority to make the purchases without getting approval from council. The approximate $1,000 cost for each member will come out of their council-expense budget if they choose to take part in the one-year pilot program. “For services that are specialized and time-intensive, it may be deemed prudent to seek a qualified third party vendor.”

Based on the reaction many members of council had at the January 20 Committee of Council meeting, the vendor’s hiring was not previously discussed. Members of council were only provided with a briefing note explaining the steps the City had already taken to enhance cybersecurity, which included hiring the private surveillance firm.

Staff said they took action after social media accounts made to look like they belonged to Santos and Brown were allegedly used to defraud residents. According to information shared at the meeting, an outside party impersonated accounts and reached out to residents to solicit money for a processing fee for a COVID-19 grant.

It’s not clear why staff didn’t rely on Peel Police or another authority that deals with criminal activity including cyber fraud.

“City staff rely on the resources provided through the annual budget process to enhance and secure the City’s IT infrastructure,” Marychuk said. “Through this monitoring and identification process, if instances are found where impersonation has occurred, that information is provided to City staff who then consult with Peel Regional Police for review where appropriate.”

She did not explain how the impersonation of social media accounts for council members relates to a threat to the City’s IT infrastructure. That was the repeated justification used for the private surveillance even though they do not seem related. It’s unclear why, if there is a concern for the IT infrastructure, this is not treated as a separate need, and the appropriate cybersecurity safeguards are put in place, without having to draw in seemingly unnecessary monitoring of social media accounts belonging to elected officials, which opens the possibility of political abuse.

As Conacher said, it’s next to impossible to know what is actually being monitored and how the information is being used, once private surveillance begins.

Constable Sarah Patten told The Pointer Peel Police was contacted in October 2020 and the situation is now out of the force’s hands.

“Peel Police have concluded their part of the investigation. It was determined that the suspects involved reside out of province and the investigation has been turned over to the RCMP.”

Medeiros doesn't believe the private surveillance is a good use of taxpayers’ money. “I just think it sets a bad precedent if we're going to start using taxpayers’ money to monitor our own social media accounts,” he told The Pointer. Dhillon echoed the sentiment. Regional Councillor Pat Fortini said much of the same when explaining why he didn’t partake in the program, saying it’s “not right for taxpayers to pay for this.”

City Councillor Jeff Bowman does not agree and believes the cost is a good “value for my expenses, if it can prevent theft of contacts etc.”

It’s not clear how the $1,000 per council member is broken down and if it fluctuates based on the number of outside accounts being scanned.

Because the City does not have official corporate accounts, and all social media accounts run by members of council “are deemed personal in nature,” Marychuk said, members can have more than one account (a professional and a personal) on a specific platform monitored. Brown, for example, has one Facebook page listing him as mayor, and Facebook, Instagram, and Twitter accounts he frequently posts on.

Medeiros believes there are other mechanisms to keep accounts safe, including getting accounts authenticated, and says education should play a bigger role to help people differentiate fake accounts from real ones. “I just think it's a question of more adequate education and raising awareness, and not so much on the integrity and safety of our accounts.”

Email: nida.zafar@thepointer.com
Twitter: nida_zafar
Nida Zafar, Local Journalism Initiative Reporter, The Pointer

No comments:

Post a Comment