All correspondence and internal documentation in relation to security and privacy concerns with the Metrocard services.
Chris Smith made this Official Information request to Canterbury Regional Council
The request was successful.
From: Chris Smith
Dear Canterbury Regional Council,
This is an Official Information Act Request.
I wish to request all non-draft internal documentation and any related correspondence regarding privacy issues discovered with the Metrocard services between the 1st January 2013 and the 10th November 2013.
Documentation should include (but is not limited to) any incident reports, change requests or official reports. Correspondence should include (but is not limited to) any email or transcripts between internal staff, contractors or members of the public that may have reported the flaws.
Yours faithfully,
Chris Smith
From: Charles Whatman
Canterbury Regional Council
Dear Chris
REQUEST FOR INFORMATION
Your request for information was received on 11/11/13. Under the Local
Government Official Information and Meetings Act 1987 Environment
Canterbury has 20 working days to respond to your request. Your request
has been passed to the person(s) responsible for responding and you will
be contacted as soon as possible but no later than 9/12/13.
Yours sincerely
Charles
------------------- Original Message -------------------
From: [1][OIA #1298 email]
Received: 11/11/2013 1:28 p.m.
To: ECInfo; Services, Customer
Subject: Official Information Act request - All correspondence and
internal documentation in relation to security and privacy concerns with
the Metrocard services.
Dear Canterbury Regional Council,
This is an Official Information Act Request.
I wish to request all non-draft internal documentation and any
related correspondence regarding privacy issues discovered with the
Metrocard services between the 1st January 2013 and the 10th
November 2013.
Documentation should include (but is not limited to) any incident
reports, change requests or official reports. Correspondence should
include (but is not limited to) any email or transcripts between
internal staff, contractors or members of the public that may have
reported the flaws.
Yours faithfully,
Chris Smith
-------------------------------------------------------------------
This is an OIA request done via the FYI website.
Please do not send progress updates as PDF files.
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
[2]https://fyi.org.nz/help/officers
If you find this service useful as an OIA officer, please ask your
web manager to link to us from your organisation's OIA page.
-------------------------------------------------------------------
References
Visible links
1. mailto:[OIA #1298 email]
2. https://fyi.org.nz/help/officers
hide quoted sections
From: Chris Smith
Good morning,
The response to this OIA request is now overdue.
If a response is not received shortly I will be lodging a complaint with the ombudsman.
Yours sincerely,
Chris Smith
From: Charles Whatman
Canterbury Regional Council
image005.png
2K
Download
image004.png
1K
Download
image006.png
1K
Download
image002.png
1K
Download
image001.png
5K
Download
image003.png
1K
Download
image001.png
25K
Download
image002.png
1K
Download
image003.png
1K
Download
image004.png
1K
Download
image005.png
7K
Download
image006.png
2K
Download
image007.png
0K
Download
Screenshot 2013 06 27 21 06 42.png
67K
Download
Screenshot 2013 06 27 21 07 07.png
73K
Download
Screenshot 2013 06 27 21 07 31.png
65K
Download
WRD000.jpg
0K
Download
Re SSL cert issue.html
18K
Download
image002.png
21K
Download
image001.png
9K
Download
image007.png
0K
Download
image001.png
24K
Download
RE Private disclosure of vulnerability.html
38K
Download
RE Private disclosure of vulnerability.html
40K
Download
Info regarding Hacker video.docx
13K
Download
View as HTML
FW Renew Your GeoTrust SSL Certificate.html
20K
Download
2013 07 30 INIT Jira Database entry.docx
16K
Download
View as HTML
Out of Office Metrocard.html
1K
Download
Fwd Private disclosure of vulnerability.html
21K
Download
FW Private disclosure of vulnerability.html
20K
Download
FW Private disclosure of vulnerability.html
23K
Download
RE Private disclosure of vulnerability.html
29K
Download
FW Private disclosure of vulnerability.html
30K
Download
FW Private disclosure of vulnerability.html
35K
Download
2013 09 12 Card 634274.pdf
56K
Download
View as HTML
FW Private disclosure of vulnerability.html
40K
Download
FW Private disclosure of vulnerability.html
37K
Download
RE Private disclosure of vulnerability.html
35K
Download
Re Private disclosure of vulnerability.html
35K
Download
RE Private disclosure of vulnerability.html
37K
Download
FW Private disclosure of vulnerability.html
24K
Download
FW Private disclosure of vulnerability.html
32K
Download
RE Private disclosure of vulnerability.html
29K
Download
Re WG Private disclosure of vulnerability.html
42K
Download
Fwd Private disclosure of vulnerability.html
18K
Download
Fwd Private disclosure of vulnerability.html
19K
Download
Fwd Private disclosure of vulnerability.html
19K
Download
Fwd Private disclosure of vulnerability.html
20K
Download
Re Private disclosure of vulnerability.html
18K
Download
RE Private disclosure of vulnerability.html
32K
Download
Fwd Private disclosure of vulnerability.html
25K
Download
Re Private disclosure of vulnerability.html
24K
Download
RE Private disclosure of vulnerability.html
37K
Download
Re AW Private disclosure of vulnerability.html
47K
Download
RE Metrocard.html
54K
Download
image001.png
9K
Download
image002.jpg
1K
Download
FW Private disclosure of vulnerability.html
43K
Download
13 09 27 SOP 2 3 Violence at Central Station.docx
19K
Download
View as HTML
13 09 27 Interchange Incident 1.docx
12K
Download
View as HTML
13 09 27 Interchange Incident 2.docx
13K
Download
View as HTML
13 09 27 Interchange Incident 3.docx
12K
Download
View as HTML
13 09 27 Interchange Incident 4.docx
14K
Download
View as HTML
FW Metrocard.html
56K
Download
image003.jpg
1K
Download
Re Private disclosure of vulnerability.html
36K
Download
Fwd Private disclosure of vulnerability.html
36K
Download
FW Private disclosure of vulnerability.html
41K
Download
Re Private disclosure of vulnerability.html
29K
Download
RE Private disclosure of vulnerability.html
44K
Download
FW Private disclosure of vulnerability.html
43K
Download
FW Private disclosure of vulnerability.html
44K
Download
RE Private disclosure of vulnerability.html
58K
Download
Re Private disclosure of vulnerability.html
44K
Download
Re Renew Your GeoTrust SSL Certificate.html
30K
Download
Re SSL certificate.html
4K
Download
RE Site Certificate message.html
21K
Download
FW Site Certificate message.html
38K
Download
Fwd Site Certificate message.html
35K
Download
RE not sure if this will be any help.html
18K
Download
RE ASB E Commerce DPS Load Form Metroinfo 03 04 13.html
16K
Download
FW ASB E Commerce DPS Load Form Metroinfo 03 04 13.html
22K
Download
DOB Flowback from a Presale EVENDpc to database.html
12K
Download
Response to your Email re Metrocards.html
5K
Download
64K Desfire Cards.html
2K
Download
RE 64K Desfire Cards.html
3K
Download
RE DOB Flowback from a Presale EVENDpc to database.html
14K
Download
Hacker.html
1K
Download
Re Metrocard threat.html
2K
Download
FW John Gallagher NZ Police.html
1K
Download
John Gallagher.vcf
0K
Download
Metrocard media statement.html
4K
Download
Re Metrocard media statement.html
15K
Download
FW unresponded to email.html
3K
Download
Metro Card.txt
1K
Download
View as HTML
Hi Chris,
Thank you for your Official Information Request.
Apologies for the delay in replying to you.
Please find attached all the correspondence in regards to regarding
privacy issues discovered with the Metrocard services between the 1st
January 2013 and the 10^th November 2013.
Kind regards,
Charles
From: Customer Services
Sent: Monday, 11 November 2013 2:26 p.m.
To: Charles Whatman
Subject: FW: Official Information Act request - All correspondence and
internal documentation in relation to security and privacy concerns with
the Metrocard services. EMAIL:04030044
FYI- I belive im correct in sending this to you. I have responded to the
customer letting them know we have received this.
------------------- Original Message -------------------
From: [1][OIA #1298 email]
Received: 11/11/2013 1:28 p.m.
To: ECInfo; Services, Customer
Subject: Official Information Act request - All correspondence and
internal documentation in relation to security and privacy concerns with
the Metrocard services.
Dear Canterbury Regional Council,
This is an Official Information Act Request.
I wish to request all non-draft internal documentation and any
related correspondence regarding privacy issues discovered with the
Metrocard services between the 1st January 2013 and the 10th
November 2013.
Documentation should include (but is not limited to) any incident
reports, change requests or official reports. Correspondence should
include (but is not limited to) any email or transcripts between
internal staff, contractors or members of the public that may have
reported the flaws.
Yours faithfully,
Chris Smith
-------------------------------------------------------------------
This is an OIA request done via the FYI website.
Please do not send progress updates as PDF files.
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
[2]https://fyi.org.nz/help/officers
If you find this service useful as an OIA officer, please ask your
web manager to link to us from your organisation's OIA page.
-------------------------------------------------------------------
Charles Whatman
Advisory Officer I [3]Logo
Environment Canterbury
PO Box 345, Christchurch 8140
Customer Services: 0800 324 636
Pollution Hotline: 0800 76 55 88
[4]Facebook [5]Twitter
[6]YouTube
Facilitating sustainable development in [7]ecan.govt.nz
the Canterbury region
References
Visible links
1. mailto:[OIA #1298 email]
2. https://fyi.org.nz/help/officers
4. http://www.facebook.com/EnvironmentCante...
5. http://twitter.com/ECan
6. http://www.youtube.com/user/ecangovt
7. http://ecan.govt.nz/
hide quoted sections
From: Chris Smith
Good Afternoon,
Thank you very much for the detailed response.
A quick look through some of the attachments indicates that there may be some sensitive information contained within.
e.g:
https://fyi.org.nz/request/1298/response...
If this information is used for authenticating to sensitive services (i.e. appears to be for dps/credit card processing) they should be changed immediately as the information included in the response should now be considered public.
Yours sincerely,
Chris Smith
From: David Stenhouse
Canterbury Regional Council
Hi Chris
Thanks for your vigilance in checking the OIR documents for anything sensitive. I can confirm that there is no issue with the information in the email as it is not current.
Thanks again and I wish you and your family well for Xmas and the new year.
David Stenhouse
Manager Public Transport
Environment Canterbury
Ph: 021 226 6987
-----Original Message-----
From: Chris Smith [mailto:[OIA #1298 email]]
Sent: Thursday, 12 December 2013 2:06 p.m.
To: Charles Whatman
Subject: Re: Official Information Act request - All correspondence and internal documentation in relation to security and privacy concerns with the Metrocard services
Good Afternoon,
Thank you very much for the detailed response.
A quick look through some of the attachments indicates that there
may be some sensitive information contained within.
e.g:
https://fyi.org.nz/request/1298/response...
If this information is used for authenticating to sensitive
services (i.e. appears to be for dps/credit card processing) they
should be changed immediately as the information included in the
response should now be considered public.
Yours sincerely,
Chris Smith
-----Original Message-----
Hi Chris,
Thank you for your Official Information Request.
Apologies for the delay in replying to you.
Please find attached all the correspondence in regards to
regarding
privacy issues discovered with the Metrocard services between the
1st
January 2013 and the 10^th November 2013.
Kind regards,
Charles
From: Customer Services
Sent: Monday, 11 November 2013 2:26 p.m.
To: Charles Whatman
Subject: FW: Official Information Act request - All correspondence
and
internal documentation in relation to security and privacy
concerns with
the Metrocard services. EMAIL:04030044
FYI- I belive im correct in sending this to you. I have responded
to the
customer letting them know we have received this.
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[OIA #1298 email]
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an OIA officer, please ask your
web manager to link to us from your organisation's OIA page.
-------------------------------------------------------------------
hide quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Offensive? Unsuitable?
Requests for personal information and vexatious requests are not considered valid requests for Official Information (read more).
If you believe this request is not suitable, you can report it for attention by the site administrators
Report this request
Chris Smith left an annotation ()
Response is late, will give them a couple days and chase up on Thursday-ish
Link to this