As predicted by many, the Police’s new profit-based Firearms Safety Authority has suffered a major privacy and security breach. The only thing no one expected was that it occurred less than one month after the registers went live. So much for the much-vaunted “bank level security”:
The newly created Firearms Safety Authority has found themselves in the gun after another inadvertent leak of the details of Auckland firearms owners.
In an email sent shortly after noon on Wednesday, seen by the Herald, Auckland Central Police District firearms staff emailed more than 100 gun owners to warn them their listed firearms licence address may not be up to date.
Their email addresses, in many cases including their first and last names, were visible in the cc field, rather than hidden in the bcc section.
The visible addresses included various prominent Auckland residents, including lawyers, company directors, police officers and government officials.
The email was sent from the Auckland City Police District’s firearms email address and signed NZ police, but also carried the signature and logo of the new Firearms Safety Authority, set up to administer the newly launched gun register.
Asked whether it was police or the Firearms Safety Authority who sent the email, a police spokeswoman said it was the authority.
The sender attempted to recall the email shortly after it was sent, and also sent a second email asking recipients to delete the message due to an “error in sending”.
In a statement, Superintendent Richard Wilson, Te Tari Pureke Firearms Safety Authority director of operations, confirmed it had sent the email to 147 recipients revealing the email address of the recipients to fellow licence holders.
“This incident is being treated seriously by Te Tari Pureke, who have lodged this as a privacy breach and will be notifying the Office of the Privacy Commissioner,” Wilson said.
Wilson said it was not sent to any members of the wider public.
“A rapid review has determined that the privacy breach came about from human error when the email addresses were incorrectly pasted into the ‘cc’ (carbon copy) address field, rather than the ‘bcc’ (blind carbon copy) address field.”
NZ Herald
This is real amateur hour stuff and shows that Police and the newly minted Firearm Safety Authority have neither the required skills and discipline nor the information security ability to be in charge of anything more than the books at the local tiddlywinks club, much less looking after information security of the new gun register.
This is the second time the Auckland office has had a massive data breach and it appears Police have learned nothing from the last debacle.
It is real Keystone cops stuff: ‘Ummm, can we “unsend the email?”, anyone…anyone?’. It would be funny if it weren’t just so damn dangerous.
The spokesperson blithely says the email “was not sent to any members of the wider public”, but cannot possibly know that to be the case, especially when it has traversed multiple email servers, multiple routers and been viewed by God knows how many people. The recipients, or a recipient could have forwarded it. There is simply no way of knowing just how far that email spread.
But the Police will just dig in and pretend it isn’t that bad and carry on building the gangs’ shopping list in the gun register.
Police loftily exclaimed that they’d been gifted the Maori name for the Authority and it is emblazoned everywhere, but perhaps it might have been better to spend the koha that facilitated the “gift” on a basic remedial email and information security course for their incompetent staff.
As a licenced firearms owner, I am incensed by this breach, and it shows that yet again the Police are not fit and proper to manage such an important task.
I am now very, very reluctant to enter a single item in the register. I certainly have zero confidence that my information will ever be kept secure by the same Police organisation whose members routinely and illegally go trolling through my NIA file as Privacy Act requests have proven.
I even suffered through an extended presentation by Mike McIlraith at a recent Antique Arms meeting where he was at pains to tell the concerned members that the gun register and the new systems had “bank level security” and that all our details would be safe and secure. It was bullshit when he said it and it is bullshit now.
The man is an out-of-touch fool. He was warned numerous times about just such an event, yet bullied and cajoled and blustered his way forward, proving without a shadow of doubt that he is a living embodiment of the Peter Principle, which “observes that people in a hierarchy tend to rise to ‘a level of respective incompetence’: employees are promoted based on their success in previous jobs until they reach a level at which they are no longer competent, as skills in one job do not necessarily translate to another”.
Sitting behind the wire in Afghanistan, in the rear with the gear, in no way qualifies one to run complex IT systems.
The register is now fatally compromised, and trust in Police and the Firearms Safety Authority sinks even lower, mainly as a result of the hubris of Police in general and Mike McIlraith in particular.
Time for some responsibility and accountability as well as for heads to roll.
What is especially ironic is that one Antique Arms member specifically asked Mike McIlraith, in person and in front of me, if Mike McIlraith or anyone else would ever be held accountable or put their job on the line if there ever was the inevitable data breach and failure of systems and procedures. Mike McIlraith arrogantly told both of us that such a thing would never occur.
And yet here we are.
But here’s the interesting thing: how come the HR-skilled, Angela Brazier, who bizarrely was appointed Chief Executive of the Firearm Safety Authority, seems to only show up for positive PR photo ops but is suspiciously silent and absent when the proverbial hits the fan?
Help Fund Our NewsDesk
We are building a NewsDesk, hiring journalists and taking the fight to the mainstream media. Will you help fund our NewsDesk?
- For security reasons, credit card donations require Javascript. Please enable Javascript in your browser before continuing.
Your Donation
Your Recurring Donation
Donation Period *
Your One-Time Donation
Details First Name * Last Name * Email * Address Address 2 City State Postcode Country Afghanistan Åland Islands Albania Algeria Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belau Belize Benin Bermuda Bhutan Bolivia Bonaire, Saint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo (Brazzaville) Congo (Kinshasa) Cook Islands Costa Rica Croatia Cuba CuraÇao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Eswatini Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Republic of Ireland Isle of Man Israel Italy Ivory Coast Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island North Korea North Macedonia Norway Oman Pakistan Palestinian Territories Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Qatar Reunion Romania Russia Rwanda Saint Barthélemy Saint Helena Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Martin (Dutch part) Saint Pierre and Miquelon Saint Vincent and the Grenadines San Marino São Tomé and Príncipe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia/Sandwich Islands South Korea South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom (UK) United States (US) Uruguay Uzbekistan Vanuatu Vatican Venezuela Vietnam Wallis and Futuna Western Sahara Western Samoa Yemen Zambia Zimbabwe Phone Number Payment Name on Card * .StripeElement { border: 1px solid #ccc; padding: 1em; } #charitable_stripe_card_errors { color: #eb1c26; font-size: .8em; margin: .5em 0 0 0; } Credit/Debit Card Donate
Please share this article so others can discover The BFD.