Q&A: What's the big deal if the Sask. premier uses private email anyway? - Action News
Home WebMail Saturday, November 23, 2024, 08:51 AM | Calgary | -12.1°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Saskatchewan

Q&A: What's the big deal if the Sask. premier uses private email anyway?

A computer science expert breaks down the risks of doing government business on private severs and accounts

A computer science expert breaks down the risks of doing government business on private servers and accounts

Premier Brad Wall's spokesperson says he will only use a government email to do government business. (Mark Taylor/Canadian Press)

Saskatchewan Premier Brad Wall took some heat this week from the Opposition about doing government business from a private account.

Although Wallat firstsaid he would continue to use a private account, a spokesperson later said he would stick to a government account and server when it comes to government matters.

David Gerhard is a professor of computer science at the University of Regina.

He spoke to CBC News and brokedown what all the fuss is about over private accounts and what the risks are.

David Gerhard, professor of computer science at the University of Regina, believes premier Brad Wall's use of private email is partly a problem because of the perception that he may be hiding information.

Q: What is a private account and a private server when you're a government worker?

Gerhard: The government provides email for you, just like any company would provide an email address and email access. A private server is when the person who's getting those emails has decided to do that themselves, so they'll hire somebody to set up a server or they'll set up a server themselves. They might use that to access their government email, or they might have another email address that they would forward their government email to or from.

Q:What happens when the premier leaves office?

Gerhard:This is actually the big problem with using privateemailaccounts and private servers.Theemailaddress that's issued by the government is more connected to the office of the premier than the person of Brad Wall, and so when somebody else becomes premier, they see all of thoseemails, they become that person and they start to use thatemailaccount. If somebody's using their own privateemailaccounts and their own private servers that information doesn't necessarily translate to the new premier.

Q:What if Brad Wallsays he will transfer over all theemailswhen he leaves?

Gerhard:If he does then that's great, but again the problem is accountability and auditing. We don't know for sure if everyemailthat he transfers is everyemailhe's ever received on that private server. We don't knowfor surethe way that that private server is set up unless he gives us direct access to the entire server and lets us go through all the security and every network access that that server has ever had.

Q:Is it easier to hideemailson aprivate account when there's, for example, a freedom of information request

Gerhard:Absolutely. Because the server is private, we don't know the way that it's been set up, we don't know whatemailsgo through there, so it would be possible to hide information. Now, nobody's saying that that's what happened, but that's the problemit's at least possible and that means it's a problem.

Q:Why would someone use a private account or private server when they have aprofessionalemailaccount already?

Gerhard:Often, professional accounts are secured to the location that they're meant to be used from, so from government accounts and corporate accountsoften you can only access those on campus, so to speak, in your office or at the place that you're meant to be using them. And if you work from home, say, or work on the road, it might be more difficult to get access to those kind of connections. That's one reason to do that.

Another reason is to do that is to try and get accessmaybe in an appropriate way.

Q: Is it easy to take your laptop from work home and connect to a server?

Gerhard:These days, corporate and government clients will often set up what's called a virtual private network. That establishes a secure connection from a laptop that's owned by the organization back to the servers that are also owned by the organization. So it's possible to work from home using a VPN, but sometimes people decide to do other things instead.

Q: When you're a government worker and you use a private account or private server, there are certain measures you have to take to secure your account, right?

Gerhard:You're expected to use encryption and appropriate authentication. Encryption means that the information is sort of jumbled up when it's sent across the network and that means somebody spying in on it can't read it. Authentication means a way to prove you are who you say you are, so a password, but that's usually not good enough these days. We use two-factor authentication, which means a password and something else like access to a physical deviceor a biometric, like a fingerprint.

Q: If we compare private accounts or private servers to government accounts and servers, which is more secure?

Gerhard: These technologies are not necessarily limited to one organization or another, so it's possible to set up a private server that has all the same security authentication parameters as a government-issued server. The problem is accountability. We don't know what the server was like [that] Mr. Wall was using. We know what the government servers are like because they're accountable. We have records, we see who set them up, and we can tell whether they are appropriately secured. But the private system that people use, we don't know if they're secured properly or not and that's the real problem.

Clarification:Due to incorrect information provided to CBC by David Gerhard, a previous version of this story said a new premier has access to the previous premier`semails. In fact, a new premier does not have access toemailsfrom their predecessor, according to the government.

Corrections

  • Due to incorrect information provided to CBC by David Gerhard, a previous version of this story said a new premier has access to the previous premier`s emails. In fact, a new premier does not have access to emails from their predecessor, according to the government.
    May 15, 2017 4:35 PM CT