The other concerning aspect of this leak is the fact that the list was shared with a group of separatists, and the data on the list is basically everything you need to fraudulently sign someone up for the separatist referendum petition. Some separatists are claiming that certain ridings have had 92.9% of eligible voters sign the petition which is highly dubious: https://x.com/RiseOfAlberta/status/2049668987307303389.
Elections Alberta has now said they are going to check for this: "Verification after today’s date will include determining if any of the seeded names from the Republican Party of Alberta’s List of Electors are contained in any incoming petition." https://www.elections.ab.ca/resources/media/news-releases/me...
Respectfully to the American "this isn't that big a deal crowd": you're looking at it from the perspective that this is a commonplace occurrence in your country.
IANAL but I have filed privacy complaints in the past at both the federal and provincial level. For the last 26 years in Canada it has been illegal for personal information to be bought and sold on a whim; the person to whom the information applies is considered to be the owner and is entitled to be in control of how their information is used, and may revoke consent.
You have an entire country where institutions operate under the expectation that personally identifiable information isn't easily available like this (sans the usual data breaches). Those institutions are probably less prepared to deal with this data floating around everywhere than in a society where it is essentially a free-for-all.
My understanding is that when Elections Alberta shares the voter list with legit users (ie: sitting members of the legislature), it includes unique fictitious entries in the data. That way if there is a leak of the data, they can trace the source of the leak. Which they apparently have done.
I guess it's a form of a canary trap.
It reminds me of mapmakers including fake towns or other features in their maps, in case someone leaked them.
> Each electoral list legitimately released by Elections Alberta includes a certain number of fictitious — or "seeded" — names. These unique entries on each electoral list allow investigators to trace each dataset back to their source in the event of a breach.
I can't wait for our full
biometrics to be leaked every week due to every website and app trying to meet the rampant rise of global age-verification legislation.
If you'rea domestic violence survivor and your info was just leaked. There are a lot of Private Investigators who look for this information for exes etc.
"An Edmonton city councillor says he and his team are helping a woman facing intimate partner violence relocate with her children after her address was leaked in an alleged privacy breach by a separatist group."
The phone numbers in these data sets are weird and problematic, but the equivalent data in the US is usually public, and available for free to any registered candidate.
It appears that they registered as a party to get access to the data and them disseminated it publicly through a vibecoded app.
While this data may generally be public in the US, it usually isn't in Canada, and there's an expectation that parties don't publish the data and it is seeded to detect that.
A bigger problem is that people in Canada sign up for this list with the expectation that this data will remain reasonably private so now with this leak you have people who were willing to share their personal information to participate in the democratic process now afraid that their domestic abusers will be able to find them.[0] That really sucks.
There's also the awkward aspect of this in that the Alberta separatists are seemingly backed by American interests.
Yes, Elections Alberta provided the list to the Republican Party of Alberta. Whenever they do this, they salt the list with fake names so that if it gets leaked, they can then determine which copy was leaked. That's how we know this republican group provided it to this "Centurion Group"
I mean, it's not really optional for Canadians _not_ to sign up for the list. It's the official list of electors. If you're a citizen, you're going to end up on the voter list one way or another.
From what I've seen it appears that it was intentional in that their motivation was to give their canvassers for the separatism petition access to the data so that they could pad their numbers for the petition.[0]
They didn't mean for this to blow up in the public like this though. That part wasn't intentional. That part appears to be absolute incompetence or they just got sloppy after being treated with kid gloves by law enforcement for the past few years.
The whole thing is really suspicious. If you dig deeper on the Centurion Project, things start to get weird. The Centurion Project website has little to no information, archives of the site go back to just over a month ago, and the address and phone number are for a random UPS Store in Calgary.
I got really suspicious when I started looking into Parker himself. He spews the typical "right wing" rhetoric -- Globalists bad, COVID fake etc etc... but if he actually believes that, what was he doing on the board of directors for Ditchley, which contains various ambassadors to China and France, Editor in Chief of the Globe and Mail, CEO of Desjardins, etc?
In terms of "safety" this leak is a drop in the bucket. The greater concern would be that election systems are involved. If election information is unintentionally readable, it is also therefore potentially alterable.
It doesn't work that way -- it's not an open DB endpoint with misconfigured permissions, or something like that.
Up here there is a custom of sharing essentially a dump of the elector's table with every political party in the early days of an election.
This dump is seeded with some fake data before being released to a single political party, so if said party gets up to shenanigans, we know about it. These of course do nothing to prevent privacy violations, only to detect and punish them after the fact.
Personally I think this is a dated system from a bygone era, as there is obvious risk of permanent harm via election fraud in an environment where politics actors are highly motivated. If you believe Canada is an evil woke empire from which you must protect your sons, you will likely not care about Canadian electoral law.
Electorate data should be maintained by the political parties themselves, and guarded like nukes. New political parties should put in the hoofwork to build their own damn lists.
Disaster? I remember when they would print up big books with everyone's address and telephone number. Then they would distribute these to everyone. While this wasn't exactly the same as the voting list, it was usually pretty close.
At least in Germany, you'd have to opt in to your name and address being included in the phone book. So no, it's not remotely close to getting your personal details leaked publicly.
>Security experts say a leak of Alberta’s provincial list of voters – nearly three million names, addresses and phone numbers – has created a potential public safety and political interference crisis that could have ramifications for decades.
Name, address and phone number is generally just public information here in Norway. You can literally just check the phone book for this. You can opt out of this but few people do.
How is any of this information leaking cause for concern?
The people who've opted out of the phone book for reasons like "stalkers", etc., would probably be pretty upset with this, even if they're "few people"
Other commentators are rightfully pointing out that this information is open public in other jurisdictions, and that Albertans' information is almost certainly already being shared and sold.
I believe the reason why this has become such a large news story is the tension between Alberta (and the west) and the rest of Canada. Alberta has rising separatist sentiment, a premiere who is extremely popular in Alberta and extremely unpopular outside of Alberta, and is on average more right wing compared to the rest of Canada. In both the media coverage and popular sentiment, this incident has been used to show Alberta and its government in a bad light, despite it not having anything to do with the party currently in power.
As long as it makes Alberta look bad it's an excuse to attack Danielle Smith and the UCP, and Albertians in general. Other Canadians eat up negative Alberta news like nothing else, and the media will no doubt provide them with the type of news that they crave. If this happened in any other province it would get 1/10th the coverage and outrage. Instead you have people online calling for Smith to face prison time for something she was not involved in. The media gets their views and the people get their ragebait.
In the UK it's semi-public. The full register is available to politicians and credit reference agencies. You can inspect the register by attending in person at your local council office. You don't get a copy.
There's also the edited register, which anybody can buy a copy of. You only appear in this list if you opt-in when you register. I don't know why anybody does.
It is, but that's not the route they took. Another registered party (the Republican Party of Alberta) received the information legally, then shared it all with this group (likely illegally or at least against some rules). There's now speculation that the separatist group used it to add names to their petition since they required X number of signatures. For example, the group has claimed some communities had over 90% of electors sign the petition. Which most people would claim is really hard to physically do and also counter to the general polling in the province that finds about 25% of citizens support separation.
While breaches like this should not continue to happen, almost everyone’s personal information has been leaked on the internet at this point. This article seems a bit alarmist on the potential harm.
I think that's a fair take for most people in the leak, but there are people who try to keep their address a secret for their safety (investigative journalists, witnesses of crimes, judges, lawyers, police officers, etc). They often have a PO box for situations when they have to enter an address (online purchases) or they buy everything in their partner's name (including their house). When their names are leaked elsewhere, their home address is not usually in those leaks. This is a unique type of leak that could be very harmful.
The other concerning aspect of this leak is the fact that the list was shared with a group of separatists, and the data on the list is basically everything you need to fraudulently sign someone up for the separatist referendum petition. Some separatists are claiming that certain ridings have had 92.9% of eligible voters sign the petition which is highly dubious: https://x.com/RiseOfAlberta/status/2049668987307303389.
Elections Alberta has now said they are going to check for this: "Verification after today’s date will include determining if any of the seeded names from the Republican Party of Alberta’s List of Electors are contained in any incoming petition." https://www.elections.ab.ca/resources/media/news-releases/me...
Sounds like an "active measures" operation.
Respectfully to the American "this isn't that big a deal crowd": you're looking at it from the perspective that this is a commonplace occurrence in your country.
IANAL but I have filed privacy complaints in the past at both the federal and provincial level. For the last 26 years in Canada it has been illegal for personal information to be bought and sold on a whim; the person to whom the information applies is considered to be the owner and is entitled to be in control of how their information is used, and may revoke consent.
You have an entire country where institutions operate under the expectation that personally identifiable information isn't easily available like this (sans the usual data breaches). Those institutions are probably less prepared to deal with this data floating around everywhere than in a society where it is essentially a free-for-all.
My understanding is that when Elections Alberta shares the voter list with legit users (ie: sitting members of the legislature), it includes unique fictitious entries in the data. That way if there is a leak of the data, they can trace the source of the leak. Which they apparently have done.
I guess it's a form of a canary trap.
It reminds me of mapmakers including fake towns or other features in their maps, in case someone leaked them.
" reminds me of mapmakers including fake towns or other features in their maps, in case someone leaked them."
Sounds the same to me, but are you sure they are doing it like this, or you guess?
This practice was confirmed by Elections Alberta:
> Each electoral list legitimately released by Elections Alberta includes a certain number of fictitious — or "seeded" — names. These unique entries on each electoral list allow investigators to trace each dataset back to their source in the event of a breach.
https://www.cbc.ca/news/canada/edmonton/elections-alberta-vo...
I can't wait for our full biometrics to be leaked every week due to every website and app trying to meet the rampant rise of global age-verification legislation.
If you'rea domestic violence survivor and your info was just leaked. There are a lot of Private Investigators who look for this information for exes etc.
"An Edmonton city councillor says he and his team are helping a woman facing intimate partner violence relocate with her children after her address was leaked in an alleged privacy breach by a separatist group."
The phone numbers in these data sets are weird and problematic, but the equivalent data in the US is usually public, and available for free to any registered candidate.
It appears that they registered as a party to get access to the data and them disseminated it publicly through a vibecoded app.
While this data may generally be public in the US, it usually isn't in Canada, and there's an expectation that parties don't publish the data and it is seeded to detect that.
A bigger problem is that people in Canada sign up for this list with the expectation that this data will remain reasonably private so now with this leak you have people who were willing to share their personal information to participate in the democratic process now afraid that their domestic abusers will be able to find them.[0] That really sucks.
There's also the awkward aspect of this in that the Alberta separatists are seemingly backed by American interests.
[0] https://www.cbc.ca/news/canada/edmonton/edmonton-city-counci...
> and it is seeded to detect that.
Do you mean that there are "paper town"-like entries in the dataset to make it obvious when one has leaked?
Yes, Elections Alberta provided the list to the Republican Party of Alberta. Whenever they do this, they salt the list with fake names so that if it gets leaked, they can then determine which copy was leaked. That's how we know this republican group provided it to this "Centurion Group"
I mean, it's not really optional for Canadians _not_ to sign up for the list. It's the official list of electors. If you're a citizen, you're going to end up on the voter list one way or another.
This data is just generally often available in the US, https://northcarolina.votermaps.org/?#16.76/35.78541/-78.779... (agree it is bad though!)
It was left up in an unprotected state by Alberta separatists. Intentional?
From what I've seen it appears that it was intentional in that their motivation was to give their canvassers for the separatism petition access to the data so that they could pad their numbers for the petition.[0]
They didn't mean for this to blow up in the public like this though. That part wasn't intentional. That part appears to be absolute incompetence or they just got sloppy after being treated with kid gloves by law enforcement for the past few years.
[0] https://imgur.com/a/JDltJg7
The whole thing is really suspicious. If you dig deeper on the Centurion Project, things start to get weird. The Centurion Project website has little to no information, archives of the site go back to just over a month ago, and the address and phone number are for a random UPS Store in Calgary.
I got really suspicious when I started looking into Parker himself. He spews the typical "right wing" rhetoric -- Globalists bad, COVID fake etc etc... but if he actually believes that, what was he doing on the board of directors for Ditchley, which contains various ambassadors to China and France, Editor in Chief of the Globe and Mail, CEO of Desjardins, etc?
https://web.archive.org/web/20230313213623/https://www.ditch...
Quite possibly all those other people believe something like that. The "elites" are vulnerable to Internet brain worms like everyone else.
That's a bit of a stretch, it's more plausible that Mr. Parker is a plant
In terms of "safety" this leak is a drop in the bucket. The greater concern would be that election systems are involved. If election information is unintentionally readable, it is also therefore potentially alterable.
It doesn't work that way -- it's not an open DB endpoint with misconfigured permissions, or something like that.
Up here there is a custom of sharing essentially a dump of the elector's table with every political party in the early days of an election.
This dump is seeded with some fake data before being released to a single political party, so if said party gets up to shenanigans, we know about it. These of course do nothing to prevent privacy violations, only to detect and punish them after the fact.
Personally I think this is a dated system from a bygone era, as there is obvious risk of permanent harm via election fraud in an environment where politics actors are highly motivated. If you believe Canada is an evil woke empire from which you must protect your sons, you will likely not care about Canadian electoral law.
Electorate data should be maintained by the political parties themselves, and guarded like nukes. New political parties should put in the hoofwork to build their own damn lists.
Disaster? I remember when they would print up big books with everyone's address and telephone number. Then they would distribute these to everyone. While this wasn't exactly the same as the voting list, it was usually pretty close.
At least in Germany, you'd have to opt in to your name and address being included in the phone book. So no, it's not remotely close to getting your personal details leaked publicly.
>Security experts say a leak of Alberta’s provincial list of voters – nearly three million names, addresses and phone numbers – has created a potential public safety and political interference crisis that could have ramifications for decades.
Name, address and phone number is generally just public information here in Norway. You can literally just check the phone book for this. You can opt out of this but few people do.
How is any of this information leaking cause for concern?
This is not publicly available information in Canada. One very real concern here is that domestic abusers will now be able to find their victims: https://www.cbc.ca/news/canada/edmonton/edmonton-city-counci...
The people who've opted out of the phone book for reasons like "stalkers", etc., would probably be pretty upset with this, even if they're "few people"
Canadians generally think that buying and selling their information is illegal so it's not happening, which is why this is news.
They're right that it's illegal but definitely wrong about it not happening.
The damage to privacy from this is likely much less then the average person realizes.
(an American living in Canada's perspective)
Other commentators are rightfully pointing out that this information is open public in other jurisdictions, and that Albertans' information is almost certainly already being shared and sold.
I believe the reason why this has become such a large news story is the tension between Alberta (and the west) and the rest of Canada. Alberta has rising separatist sentiment, a premiere who is extremely popular in Alberta and extremely unpopular outside of Alberta, and is on average more right wing compared to the rest of Canada. In both the media coverage and popular sentiment, this incident has been used to show Alberta and its government in a bad light, despite it not having anything to do with the party currently in power.
As long as it makes Alberta look bad it's an excuse to attack Danielle Smith and the UCP, and Albertians in general. Other Canadians eat up negative Alberta news like nothing else, and the media will no doubt provide them with the type of news that they crave. If this happened in any other province it would get 1/10th the coverage and outrage. Instead you have people online calling for Smith to face prison time for something she was not involved in. The media gets their views and the people get their ragebait.
Smith was friendly with Parker.
Attended his wedding, did softball interviews with his wife who worked for a ring wing media site.
See this is what I mean. "She was friendly" therefore she must be responsible!! Lock her up!!!
So here in the Midwest USA, I can go to election commission and legally obtain the voter registration file.
It, by law, is public. Anybody who asks for it must be provided the file. Naturally the law is pre-internet and ignorant of abuses you can do.
But I'm not sure how this leak compares. Is it party affiliations and loads of PII to the point of impersonation?
In the UK it's semi-public. The full register is available to politicians and credit reference agencies. You can inspect the register by attending in person at your local council office. You don't get a copy.
There's also the edited register, which anybody can buy a copy of. You only appear in this list if you opt-in when you register. I don't know why anybody does.
Yeah, it almost sounds like the leaked information was... effectively the white pages for the area. ie name, address, and phone number
It is, but that's not the route they took. Another registered party (the Republican Party of Alberta) received the information legally, then shared it all with this group (likely illegally or at least against some rules). There's now speculation that the separatist group used it to add names to their petition since they required X number of signatures. For example, the group has claimed some communities had over 90% of electors sign the petition. Which most people would claim is really hard to physically do and also counter to the general polling in the province that finds about 25% of citizens support separation.
So... the far right pro-Trump separatists in Alberta suddenly have name , address and phone number of any "woke" they want to harass.
What can go wrong...
While breaches like this should not continue to happen, almost everyone’s personal information has been leaked on the internet at this point. This article seems a bit alarmist on the potential harm.
I think that's a fair take for most people in the leak, but there are people who try to keep their address a secret for their safety (investigative journalists, witnesses of crimes, judges, lawyers, police officers, etc). They often have a PO box for situations when they have to enter an address (online purchases) or they buy everything in their partner's name (including their house). When their names are leaked elsewhere, their home address is not usually in those leaks. This is a unique type of leak that could be very harmful.