• Home
  • About
    • About Christopher di Armani
    • Disclosure Statement
    • Code of Ethics
    • Privacy Policy
  • Contact
  • Gun Laws 101
  • FPO Violators
  • Store
  • Donate
  • Hire Me

Christopher di Armani.com

In Praise of Individual Rights and Freedoms

  • Top 25
  • Big Brother
    • Access To Information
    • Bureaucratic Incompetence
    • Bureaucrat’s Rule #1
    • Censorship
    • Feeding at the Government Trough
    • Lemonade Freedom
  • Common Sense
    • Expressions of Gratitude
    • Good Samaritans
    • Good Stuff
    • In Memoriam — Remembering our Heros
    • Life
    • Personal Responsibility
    • Politically Correct Madness
  • Courts
    • Abusive Prosecutions
    • Civil Forfeiture
    • Human Rights Tribunals
    • Judicial Corruption
    • Justice Denied
    • Justice System Abuses
    • Police Sentencing Double-Standards
    • Prosecutorial Misconduct
    • SLAPP Lawsuits
  • Crime
    • Abuse of Trust
    • Canadian Mass Murders
    • Firearm Prohibition Orders
    • Human Depravity
    • Immigration Issues
    • Racism
    • Restraining Orders
    • Sexual Predators
    • Violent Criminals
    • Wrongful Convictions
  • Guns
    • Concealed Carry
    • Dial 9-1-1 and Die
    • Firearms Act
    • Fun Gun Stuff
    • Gun Control
    • Gun-Free Zones
    • Gun Politics
    • Gun Registration
    • Negligent Discharges
    • Target Shooting Competitions
  • Islam
    • Canadian Islamic Disgraces
    • Islamic Terrorism
    • Radical Islam
    • Sharia Law
    • The Religion Of Peace
  • Police
    • Abuse of Police Authority
    • Filming Police
    • Great Police Officers
    • Officer Down
    • Police Brutality
    • Police Corruption
    • Police Misconduct
    • RCMP Accountability
    • RCMP Hall of Shame
    • Warrantless Searches
  • Politics
    • Elections
    • Ethics in Politics
    • Political Antics
    • Political Corruption
    • Social Justice
    • Stupid Human Tricks
    • Union Bay Improvement District
  • Rights
    • Charter of Rights and Freedoms
    • Constitutional Violations
    • Freedom of Assembly
    • Freedom of Religion
    • Freedom of Speech
    • Property Rights
    • Privacy Rights
    • Self-Defense
    • Unreasonable Search and Seizure

NFA Membership List Exposed on the Internet — Personal Information Privacy is a Corporate Responsibility

Published September 22, 2013 by Christopher di Armani Filed Under: Privacy Rights, Rights


NFA-Website-LogoGuarding personal information is a corporate responsibility and one that must be taken seriously by both individuals and the companies they do business with.  This fiduciary duty was, unfortunately, broken by Canada’s National Firearm Association on their website, NFA.ca.

The news broke on the Canadian Gun Nutz forum on September 22, 2013 at 02:23 AM in a post titled “NFA Membership – Full Names visible to public” after the original poster notified the NFA about the security leak on their website.

“I noticed today that full names of people who purchase NFA memberships are visible to the internet public. I don’t want to post the url, but I found it today searching various things. I’ve sent an email to the NFA about it,” wrote CGN user mstoetz1.

The leaked information was removed from the NFA’s website by Sunday morning, although cached copies of the data were still available through Google’s search engine cache if you used certain search terms.

CGN user Over_Kill wrote:

NFA and/or their web company need to fix this ASAP. Over 4,600 names on that list with first/last names, contribution amount, and date of contribution. No address information though (and thank goodness).
Just out of curiosity, I picked a unique name at random (something I thought was a rare name), plugged it into Google with the word “guns”, and found a “like” on facebook for a firearms company in Ontario, that lead me to the facebook profile of the person on the list, and his address (town/province only). It was a small town, so a quick trip to canada411.ca with the name and town, got 2 listings for that name in that town with address and phone number.
As I said, the NFA list doesn’t contain address or phone number information, but anyone wanting to find that information could do so for at least some portion of the list, and with reasonable accuracy.

This obviously was not done on purpose, as no organization willingly posts the names of their members online without first obtaining permission, but it does highlight the necessity for every organization to take privacy seriously, something the National Firearms Association, or at the very least Chameleon Creative, the NFA’s web services provider, did not.

Shawn Bevins, spokesperson for the NFA, wrote:

The information has been removed and no information has been compromised, according to our admin log none of this information was downloaded or copied.

Unfortunately, Mr. Bevins is not a security professional, nor does he know much about what an admin log will or will not show.  CGN User Alter3D set him straight, however.

Firstly, thank you for your quick action in dealing with this when the problem was brought to light. That’s probably one of the fastest, most professional responses to a security problem that I’ve seen — and I deal with a lot, since I work in IT.
That said, my IT knowledge also calls “bollocks” on your claim that none of the information was downloaded or copied. Every single person who viewed that list “downloaded” it, even it it stayed in their web browser, so if you’re claiming that no one downloaded it, I can tell you, categorically, that you’re wrong, because at least 4 people in this thread (myself included) have “downloaded” it to view it in their browser. Your “admin logs” would have NO WAY to know if someone copy/pasted it out of their browser and into, say, Excel.
If you mean that people’s personal details like address, credit card info, etc was not compromised is a different issue that I would be willing to believe, but the list as exposed by the OP was definitely downloaded and could have been easily copied.

Shawn Bevins tried mitigating the NFA’s public relations nightmare but he only succeeded in digging himself and his organization a bigger PR hole.

Our system tracks all IP address’s that access our site and logs those addresses, we will pull every single IP address that gained access to the NFA\ORDER page going back to 2010 .We will then run an IP finder report to know where the hits came from. Finding out who accessed the page is easy. Stealing private information including copy & paste is a crime. If anyone here has saved information found on this link, we require that it be destroyed immediately. There are copyright disclaimers on our web page and those rights will be enforced.

The National Firearms Association posted their membership list publicly, if unintentionally.  Anyone accessing that publicly-available data isn’t stealing anything. Bevins claim that anyone “stealing” private information would be charged with a crime is completely missing the point.  This is the NFA’s failure and nobody else’s.

There is no copyright infringement by accessing this readily-available information.  It is, however, a violation of the National Firearms Association’s own privacy policy, which states in part:

Canada’s National Firearms Association (the Association) is committed to protecting the privacy of members whose personal information is held by the Association through responsible information management practices.  Any personal information provided to Canada’s National Firearms Association is collected, used and disclosed in accordance with the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the Freedom of Information and Protection of Privacy Act (BC Personal Information and Privacy Act -PIPA).

The fault here is NOT with anyone who accessed supposedly confidential data, but with an organization that claimed to take the protection of personal information seriously and did not.  Pointing fingers at others for their own mistake simply won’t cut it.

CGN user Over_Kill put it best when he wrote:

Absolutely horrendous security on the NFA’s part. Why is this info even on an outward facing server in the first place?
What the NFA should be doing is giving a VERY humble apology to EVERYONE LISTED ON THAT PAGE, and soon. Yes, my name was on that page as well, and this astounding failure on the NFA’s part will make me think long and hard before I renew my membership in an organization that clearly (in my opinion) doesn’t take security and privacy seriously.

Privacy and security of personal information is not joke. Every organization must take that duty seriously.  It is unfortunate that the National Firearms Association and/or Chameleon Creative did not.

They are, however, to be commended for taking action quickly as soon as they were made aware of the issue.

Author

  • Christopher di Armani
    Christopher di Armani

    Christopher di Armani is a freedom-loving Amazon bestselling author and current events commentator from Lytton, BC, Canada, who strives to awaken the passion for liberty inside every human being.

Check your inbox or spam folder to confirm your subscription.

Tags: Blair Hagen, Canada's National Firearms Association, featured, fiduciary duty, NFA, privacy failure, privacy violation, security and privacy, Shawn Bevins, Sheldon Clare

Did you find value in this article?

If you found this article useful or it contained valuable information and you want to thank me, the best way is to buy me a coffee or two.

1. Send an Interac eTransfer to author @ christopherdiarmani.net (remove spaces)

2. Send via PayPal using this link: https://www.paypal.me/ThatLibertyGuy

3. Use your credit card in my online store to support me with a one-time donation, a monthly recurring donation, or an annual donation. See these links for all the details about the thank-you gifts I offer my supporters.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to my commentaries

Check your inbox or spam folder to confirm your subscription.

  • Email
  • Facebook
  • Pinterest
  • RSS
  • Twitter

Latest Tweets

Follow @ThatLibertyGuy

Christopher di Armani 🇨🇦 🇺🇸
@ThatLibertyGuy

  • New comment: Edmonton Police Service Constable Adam Kube Refused Any Appeal In His Termination for Corrupt Practices christopherdiarmani.com/10846/police/p…
    about 1 week ago
    Reply Retweet Favorite
  • A big shout out to @CandiceMalcolm, @AndrewLawton, @AnthonyFurey and the entire team at @TrueNorthCentre for sendin… twitter.com/i/web/status/1…
    about 2 weeks ago
    Reply Retweet Favorite
  • For earthly princes lay aside their power when they rise up against God, and are unworthy to be reckoned among the… twitter.com/i/web/status/1…
    about 4 weeks ago
    Reply Retweet Favorite
  • New comment: Paul Rogan Passes: The End of an Era christopherdiarmani.com/18908/common-s…
    about 1 month ago
    Reply Retweet Favorite
  • To restore common sense to our nation, this is the path. The political left works around the clock and around the… twitter.com/i/web/status/1…
    about 1 month ago
    Reply Retweet Favorite

Most Popular This Week

  • All that is required for evil to triumph is for good men to do nothing
  • How did Live-Streaming Rape Become a ‘Thing’?
  • Yvon Mercier: From RCMP Depot Trainer to Double-Murderer
  • Dale Merle Nelson’s 1970 Murder Spree in Creston, British Columbia
  • Escaped Mental Patient William Bernard Lepine and the 1972 Kettle Valley Murders
  • Edmonton Police Service Constable Adam Kube Refused Any Appeal In His Termination for Corrupt Practices
  • OPP Sergeant Jamie Gillespie Pleads Guilty to attempting to intercept private communications

Most Popular This Month

  • Yvon Mercier: From RCMP Depot Trainer to Double-Murderer
  • All that is required for evil to triumph is for good men to do nothing
  • How Many Uniformed Mall Thugs does it Take to Subdue One Young Woman?
  • Dale Merle Nelson’s 1970 Murder Spree in Creston, British Columbia
  • OPP Sgt. Mike Dolderman’s Sexual Assault Trial Delayed Again
  • OPP Sergeant Jamie Gillespie Pleads Guilty to attempting to intercept private communications
  • How did Live-Streaming Rape Become a ‘Thing’?

© 2004–2023 ChristopherDiArmani.com | All Rights Reserved

Close

Buy me a cup of coffee

A ridiculous amount of coffee was consumed in the process of writing these articles. If you enjoy my work, please buy me a coffee or two to keep me going!