Auditor General finds flaws in criminal justice security
Ministry of Justice responds with tightened access to information and enhanced security
B.C. Auditor General John Doyle has found serious problems within the province's criminal justice security system, according to a report released Thursday.
The computerized security system, known as JUSTIN, was implemented in 2001 to support the administration of criminal cases from initial submission through to the court process.
Doyle's audit reviewed how well data was protected within the system, simulating attacks and examining user access and controls.
In a statement issued Thursday, Doyle said there was a serious lack of controls to protect JUSTIN information from inappropriate access.
"Information in the JUSTIN system is not safe from motivated individuals looking to gain access to it," he said.
"Equally concerning, there is very little chance that the ministry would ever know that this unauthorized access had occurred."
The audit findings were due to be announced in December 2012, but this was delayed to give the Ministry of Justice more time to respond to the report's 100 recommendations.
Minister of Justice and Attorney General Shirley Bond said she had since accepted all Doyle's recommendations and directed staff to take immediate action.
"Information security for B.C.'s justice case-tracking system has been reinforced with stronger defence mechanisms to prevent unauthorized and inappropriate access," she said in a written statement.
Bond said that as a result of Doyle's recommendations, the ministry had tightened access to sensitive information, enhanced security controls and put in place new monitoring capabilities.
The minister also said an ongoing project would address any remaining gaps and ensure continuous improvement of the security of the JUSTIN system.
"Information security is of vital importance in the 21st century. The ministry has every confidence in the JUSTIN system's security and how it guards against inappropriate access and protects sensitive data from unauthorized eyes."