What we examined
In 2012, we audited IT security for the transfer of traffic fines information between the government’s Justice Online Information Network system and its external partners’ systems. We examined the method the department used to receive the data, summarize and report on it and send summaries of fines back to ticketing partners and municipalities.
What we found
Unsecured transmission of ticket data
In 2012, we found that the department sent ticket data over the internet using an unsecured network protocol called FTP (file transfer protocol). FTP sends data in clear text and unencrypted over the internet. Ticket data includes details such as the driver’s licence number, name, address, date of birth and the specifics of the fine. The department also uses the JOIN application to produce and send reports to police services and to reconcile tickets they have sent to Justice. These reports were also sent to municipalities over the internet, in the same unsecured fashion.