(Another) Letter to cabinet.

sdfsdfsdfsdf By evan on May 09, 2018

Dear Premier, Cabinet members;

The Internal Services response team clearly mislead police, and your party, in order to cover up a career ending mistake. It is no longer inference based on available information; it is now an indisputable fact since the unsealing of critical court documents.

Mr Premier, you do owe the wrongfully accused 19-year-old “hacker” an apology. I believe you honestly thought the province was hacked, because that’s what you were told, but that’s simply not true. This has been clear to everyone in the industry for weeks. As I’m sure you’re aware, the police dropped the charges.​

You have been manipulated by the bureaucracy. Nothing will change that, what matters now is that you rectify the situation.

Read this: https://www.halifaxexaminer.ca/province-house/breaking-documents-show-how-provincial-employees-misled-halifax-police-in-the-foipop-security-failure/ . It contains excerpts from the documents used to procure information from the teenager’s ISP.

The Internal Services response team knew exactly who accessed the files, because a credit card was used. They accessed the site from their home IP address. These are not the fingerprints of a criminal. This is a Nova Scotian, whose government has failed him.

The police raid was clearly an abuse of power, but to be fair, they were lied to as well.

This is a gift. You have an opportunity to hold the response team, that is the Deputy Minister Jeff Conrad, the CIO Sandra Cascadden, and the CISO Robert Samuel, accountable for their actions in this case, and do so without adversely impacting the credibility of yourself and the Liberal party.

To be blunt: staff lied. The only alternative is they’re incompetent, but their professional credentials largely preclude that option. A Professional Engineer and a Certified Information Systems Security Professional have a responsibility to the public, to their profession, and to their code of ethics, that have all been grossly violated in this case.

Nova Scotians deserve better. You have a choice to make Mr Premier, you can hold them accountable, or you can continue to shield them and become complicit.

Silence is insufficient. I’m calling on you to do the right thing.

Evan d’Entremont

Applying PID loops to the Government

sdfsdfsdfsdf By evan on Apr 29, 2018

I was debating politics at 3 AM while roaming around downtown after AtlSecCon, and made a point that I think is worth fleshing out. The issue of elected senators came up, and whether they should be elected, how long the term should be, or if they should continue to be appointed.

Canada is a representative democracy; that is, we elect leaders who represent us in parliament. The government should in theory at any given time want the same thing as the average Canadian. The problem is, the average Canadian is a moving target. Personally, as a group, provinces, no matter how you split it up, beliefs, opinions, and information change. System control theory and political science are clearly at two entirely opposite ends of the academic spectrum but I made an analogy to PID loops that I think holds up.

A perfect democracy would vote on an issue per issue basis but that’s unfeasible for many reasons. Aside from manpower, there’s an episode of the Orville that both implements it, and scares the hell out of me, so it’s probably a bad idea. Let’s just assume that’s not happening. Instead, we elect members of parliament to represent us, roughly on geographical and cultural lines, and for a four-year term.

Senators are considered the “sober second thought.” They are appointed by the political party of the day and remain in that position until death. The question was, should senators also be elected? A lot of people have an issue with life appointments and the idea that unelected people should have the power to stop bills from becoming law. I would argue the opposite.

A PID loop is an algorithm for ‘holding an output to a specific value.’ The most common example is that of cruise control; the system manages the throttle to hold the vehicle at the desired speed. It even has to compensate for various things like driving up a hill or coasting down the other side. Just like how the government should reflect the average Canadian, even if popular opinion changes all of a sudden. It smooths out the transition.

PID loops have 3 parts: The Proportional, the Integral, and the Derivative. All three of these have different effects on the output.

The first thing you do is find the error. How far off are we? Just take the difference between the target and the current value. The PID acts on this error.

The proportional gain, or P, affects the output as a multiplier. If we’re off by 10 km/h, and the P gain is 0.1, then the speed will be adjusted by 1km/h every time the loop runs. It’s relatively slow, but effective. The problem with proportional control is the overshoot. Generally, with process control, you want the output to be close to the desired value at all times, and doing so requires a high gain. Let’s say the gain was 10, we’re doing 110km/h, and we want to be going 100km/h: The car would go from 110km/h, to 100km/h, but keep going down to 90km/h before the control loop had a chance to react. Then it will shoot back up to 110, back down to 90, and so on. It’s called an “undampened oscillation.” Obviously, that’s a bad thing. That also looks suspiciously like a government with no senate. Laws could be written, enacted, and repealed every 4 years. This would be like driving a car, but only slamming the brakes or flooring it. It’s not a comfortable ride. The country would have large swings in policy and law every time election comes around. Cruise control is likely preferable.

The integral, or I, in a PID loop effectively takes the average difference of the previous values, and uses it to dampen the output. You can think of it like the shock absorber in a car’s suspension. The car would bounce up and down without dampening. Instead of going from 110 to 100 to 90 and back, we go from 110 to 102, to 99, to 100, and then stay there. My argument is that the Senate is the integral.

Derivatives are rarely used in process control so let’s leave that out for now. We could model the Governor General as a derivative gain of 0, rubber stamping the law except under exceptional circumstances.

Since we model the parliament as a proportional gain, it is clear that the most effective way to maintain the output is to model the Senate after integral control. That is, get to the median quick, and hold there. Instead of throttling speed, it’s re-centering to match the average Canadian’s position on the political spectrum. Clearly politics is at least 2 dimensional (authoritarian vs libertarian, and economic left vs economic right) and this can be applied to both independently.

My immediate concern with elected senators is that they can no longer be modelled by an integral. If they can also change based on the whims of voters, then they simply become another proportional gain, albeit with longer terms My issue with this is that the output won’t necessarily settle in the middle. It would almost certainly have ‘resonant frequencies.’ When people vote for an MP, they’re likely to vote for a Senator on party lines. Officially, senators don’t have party affiliations anymore. Unofficially, they’re tribal creatures like the rest of us.

My point is, we need a damper, and I’m not sure if we can have that if Senators can be tossed out because the public disagrees with them. Once Senators are appointed, they can’t be removed by the government of the day, just as the proportional gain has no effect on the integral gain. They’re able to vote on their own, without a caucus to force their hand, and without the threat of elections.

Just as the integral looks at the previous speeds on the car, the Senate is representative of the government, historically, at various points over the last 30-40 years. A government appoints senators that align with their values at the time.  The longer ago they were brought in, the less they affect the average. In my opinion, it’s nearly a perfect analogy to PID loop control. A car would be undrivable with two proportional gains, and I worry if we remove life terms, that we’re going to go off the rails.

An open letter to the Premier and the Cabinet

sdfsdfsdfsdf By evan on Apr 13, 2018

Mr Premier,

I’m writing to you, and Cabinet Members, regarding the FOIPOP issue that’s been in the news. Based on the emergency debate today, and your responses in question period, I think it’s very clear that you have all been briefed incorrectly at best, and lied to at worst.

The issue at hand is not that the server was “hacked,” or “breached.” A server meant for publishing public FOIPOP documents was used for publishing *all* FOIPOP documents. At it’s core, this is a very simple and likely accidental leak of confidential documents.

Is it a crime to download publicly disclosed documents, from a public server, run by the Freedom of Information department, with no authentication, with no security, and with no access control? The answer is simply no. To be clear, the 19-year-old kid did nothing wrong.

It’s clear this person was somewhat technical, having scripted the download process. If they had any malintent whatsoever, they would have made some attempt to hide their identity. The fact that they were arrested so quickly based on an IP address means they didn’t.

Comments were made that this person *must* have been looking for personal information. Why would anyone assume that 4% of the documents on a public server contain confidential information?

The province is not the victim here. The citizens who entrusted their personal information to the government are. The kid who was charged with an offence under the anti-terrorism act for archiving public documents is.

Your government made a mistake. A serious mistake, but a mistake nonetheless. That should have been the only story here. Unfortunately you have taken an absurd position, and by doing so committed a grave injustice. I’m calling on you, as public servants, to do the right thing and investigate this issue for yourself.

I’m happy to answer any questions you might have.

{signed}

Evan d’Entremont

Regarding the Freedom of Information “hack”

sdfsdfsdfsdf By evan on Apr 12, 2018

Update:

There is now a legal defence gofundme started by one of the CanSecWest organizers. Please donate what you can. This is a very important case, the government can’t be allowed to get away with this.

CBC has granted the teenager anonymity, but Jack Julian has a very good report on what happened from the teenagers point of view. 

/Update

Nova Scotia’s FOIPOP web service, much to the chagrin of reporters, has been unavailable for the better part of a week. Ironically, not much information has been provided on why. Today HRP and the Minister of Internal Affairs announced the web service had been “compromised” and a suspect was in custody. I’ll leave coverage of the subsequent political posturing to the news media, and instead focus on the actual attack and the implications this case has for security research in general.

The FOIPOP Webservice

Before I get into the details, I should explain what the provincial FOIPOP web service is and how it works.

It is a government-owned, subcontractor-run portal to pay for and receive FOIPOP reports. As a citizen, or as a reporter, you can pay $5 fee, and get access to government documents, from the normal course of their business, that are by and large considered to be public. In fact, there is a law, the Freedom of Information and Protection of Privacy Act that ensures those records are available to the public, with some restrictions. Those restrictions largely surround personal information. For example, I can request information about a project, but not about a person unless that person is me (or has given permission.)

Let’s get an idea of the scope of this breach. According to Global News,

On April 6, Unisys informed the province that between March 3 and March 5 more than 7,000 documents  were accessed and downloaded by a “non-authorized person.”

The province says that 250 of the documents contain highly sensitive personal information such as birth dates, addresses and social insurance numbers.

This implies there were 6750 documents that did not contain “highly sensitive” personal information and 250 that did.

As Tim Bousquet at the Halifax Examiner reported:

Part of my routine for writing Morning File is to daily check various government websites for new activity — provincial and federal tender offers, orders in council, and the Freedom of Information Office’s disclosure log.

That last is a bit of reporting theft — we reporters can see what each other has been working on, as the FOI office posts the disclosures given to other reporters two weeks after they’ve been released. More importantly, citizens can use the site to easily make their own Freedom of Information requests, pay the $5 application fee, track their requests, get an electronic record when the information is released, and like reporters do, look at other releases.

Considering 6750 of the documents did not contain “highly sensitive” personal information, and were therefore literally published publically by the government, that would imply to me that the actual scope of the breach is limited to 250 records.

The Attack

An unnamed 19-year-old man from Halifax (I’m calling him Mr. Big) was arrested, interrogated, and charged yesterday in relation to a “breach of a provincial government network” and was subsequently charged with “Unauthorized Use of Computer” which carries a penalty up to 10 years. As Deputy Minister Jeff Conrad told Global News

“There’s no question, this was not someone just playing around”

It would appear the government is not “playing around” either considering this charge carries the same maximum sentence as both rape, and creating child pornography.

We’ve established that 250 records were “highly sensitive,” the question is how did Mr. Big retrieve them? Surely the provincial government does it’s best to protect “highly sensitive” documents from hackers. Right?

The Exploit

I wish I could say the exploit was advanced. That it was complicated, that it was novel, or new; That the province simply had no chance against this bastion of elite hacker skills. The problem is I can’t even call it an exploit with a straight face. Ernie and Bert probably explain best.

The way the documents are stored is simple. They’re available at a specific URL, which David Fraser, a Halifax-based privacy lawyer, was happy to provide:

https://foipop.novascotia.ca/foia/views/_AttachmentDownload.jsp?attachmentRSN=1234

Document number 1235 is stored at https://foipop.novascotia.ca/foia/views/_AttachmentDownload.jsp?attachmentRSN=1235.

Guess where document 1236 is stored? This is not a new problem. In fact, it was recognized over a decade ago as one of the top ten issues affecting web application security. All Mr. Big had to do is add.

The software is manufactured by a company called CSDC Systems. As CBC reports;

“This is an isolated incident and no other CSDC products or customers have been impacted,”

I was able to find several American cities using the same software, and they all work the same. That would imply the system is working as designed. I believe them when they say the issue is isolated to NS because this is not an issue with the software but how it’s use by the province.

https://eservices.iowa.gov/PublicPortal/Iowa/IBON/common/display_attachment.jsp?AttachmentRSN=2908
https://lic.ok.gov/PublicPortal/OAB/common/display_attachment.jsp?AttachmentRSN=392874

These two sites are very interesting, because they use the same software, but are in a subfolder called “PublicPortal.” We’ll get back to that.

You can find them yourself, simply google “inurl:attachmentRSN”. Try it out, and you’ll notice the first few results are from none other than foipop.novascotia.ca.

I later found the same URL on the NS NDP website. The link doesn’t currently work as the province took the system down. That being said, Google was able to index and cache, several FOIPOP requests. This document specifically, number 7433, appears to have all contact information redacted, which imply it’s one of the ones explicitly posted for public consumption and representative of 6750 of the 7000 files.

To be crystal clear, Google able to access and continues to host several of the same documents Mr. Big is facing charges over.

The Charges

What are the actual charges? From the Canadian Criminal Code (emphasis mine):

Unauthorized use of computer
342.1 (1) Everyone is guilty of an indictable offence and liable to imprisonment for a term of not more than 10 years, or is guilty of an offence punishable on summary conviction who, fraudulently and without colour of right,
(a) obtains, directly or indirectly, any computer service;
(b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system;
(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or under section 430 in relation to computer data or a
(d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c).

In order to secure a conviction, the crown would have to prove beyond a reasonable doubt that the access was fraudulent.

Just as this isn’t a new problem, it’s not the first time it’s been before the courts. There are two very high profile cases.

The first, Aaron Swartz, the inventor of RSS downloaded millions of journals from a server at MIT.

“Aaron’s death is not simply a personal tragedy. It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts U.S. Attorney’s office and at MIT contributed to his death,” his family said.

Sadly, he killed himself while being railroaded by the US justice system.

The second, Andrew Aurenheimer,  was not only charged but convicted of an offence under the US Computer Fraud and Abuse Act. This exploit was almost identical to the FOIPOP issue at hand.

After being sentenced to 3 years in prison, and serving part of it, Aurenheimer’s case took an interesting turn. It was overturned by the US Court of Appeals.

It gets even more interesting, because according to the EFF (emphasis mine)

 Although it did not directly address whether accessing information on a publicly available website violates the CFAA, the court suggested that there may have been no CFAA violation, since no code-based restrictions to access had been circumvented.

The Defense

The question remains, was the access fraudulent?

Remember what I said about the other installations being called “PublicPortal”? And how 6750 of the 7000 records were public anyways, and how this system is literally designed for facilitating “access to information?” Looking at it further, there are no authentication mechanisms, no password protection, no access restrictions. It’s very clear that the software is intended to serve as a public repository of documents.

It’s also very clear that there at least 250 documents improperly stored there by the province. Documents that the province had a responsibility to protect, and failed.

Mr. Big asked for a document, the server returned it, as it’s supposed to. Then asked for them all, and unluckily for him, 250 of the 7000 were “confidential.” He didn’t even try to hide, apparently having been traced by his IP address.

Was that access fraudulent? It’s for the courts to decide, but I would argue no.

Had this system been audited, or looked at by any reasonably competent security professional, this would have been fixed before it became national news and an embarrassment to the province.

An interesting question to consider; was Mr. Big even the only one to discover the flaw? From Global News:

“The employee was involved in doing some research on the site and inadvertently made an entry to a line on the site – made a typing error and identified that they were seeing documents they should not have seen,” Deputy minister Jeff Conrad told a technical briefing.

The government’s official position is that the flaw just happened to be rediscovered last week by a miscellaneous staffer. Apparently, when they raised the issue, the technical team discovered Mr. Big in the logs from a month prior.

They haven’t announced charges against the staffer, so presumably, they don’t consider that manipulation to be “fraudulent.”

Disclosure Theory

I have personally disclosed a vulnerability to the Province of Nova Scotia before, about 2 days before CBC picked up the story of a Russian website broadcasting webcam videos of children in a public school. It was surprisingly difficult to find someone to disclose it to. No one was willing to talk about it, or knew who should handle it. I eventually, via a friend at shared services, got in touch with someone who would take the report. They took it very seriously once the news broke.

To be clear, this is speculation, but it isn’t an unreasonable theory that Mr. Big disclosed the vulnerability to the province. Clumsily maybe, but I honestly believe they tried. I don’t buy the story that the province conveniently happened to discover the breach because someone else noticed the exploit a few weeks later. The system had been in place for over a year and a half, so the timing is suspect at best.

I believe the province failed in their responsibility to protect the data and is now railroading Mr. Big to cover it up.

Since the system is literally designed to serve public documents, the solution to this problem is likely to be costly. It’s easier for the department to blame someone than take responsibility.

In Conclusion

The use of the “Unauthorised Access” statute given the events that appear to have occurred is appalling. The province’s strategy so far has been to cover this up, and when they couldn’t keep it under wraps, bust down some kids door, interrogate him and seize his computers. The charges grossly outweigh the alleged offence, and arguably there was no offence.

I’m disgusted with both HRP and with the crown prosecutors office, for this display of Americanized justice.

If this kid broke the law, so did Google, let alone the giant issue this creates for the information security industry. If discovering a vulnerability can open you up to the same legal liability as manufacturing child pornography, suffice it to say that nothing will ever get disclosed again. Most people aren’t about to risk 10 years in prison to let the province or anyone else know somethings broken. This is generally recognized as a bad thing, weakening security across the board.

Putting confidential documents on a server designed to serve said documents to the public shows a clear lack of judgement, training, and understanding of the software and processes at hand. I think it’s abundantly clear that the blame lies at the feet of the province.

H2FPTF Hackers and green digital computer writing

 

Gold is not a currency

sdfsdfsdfsdf By evan on Feb 11, 2016

The latest bit of derp is that Canada is selling off half our gold reserves.

So what? Its a commodity, not a currency. It holds its value, but certainly doesn’t appreciate.

I have to agree with the feds on this one.

What I’m finding really amusing is the comments online

Trudeau is bankrupting our country

Trudeau sold off half our gold!

And so on. To be fair, it was the minister of finance, but people are too busy being outraged…

Here’s where it gets funny:

image

Canada’s gold holdings by year. Notice the giant dip in the 80’s and early 90’s, and remember who was prime minister?

Mulroney, and Campbell. Both conservatives. Sold 800x as much gold as the liberals just did.

In short, people are ignorant.

NS Film Tax Credit: A rational analysis

sdfsdfsdfsdf By evan on Apr 09, 2015

Edit: I’m told this isn’t an proper analysis by one of the writers of the Ivany Report. He went to Harvard. I know this because he told me so. He never did get back to me with a list of issues.

It’s a blog post. Take it as you will.

The Preamble

I have been fairly vocal against the NS Film Tax credit for the past few weeks. I am happy to reconsider my position given evidence; but as of now I am firmly of the opinion that if everyone understood whats going on there would be outrage.

If you read anything; let it be this: We were losing $5M a year. After changing the tax credit it’s not only sustainable, the refundable portion is is still 12.5% to 16.3% of salary. For scale, the RBC payroll rebate is only 5%-10%.

The Debate

Invariably I’m met with one of two responses. “Save Sunnyvale” (an appeal to emotion)
and “But it brings in $140M” (a straw man.) I hope to address both of these and the underlying issues here.

Taxes and finances are a difficult topic to cover in 140 characters. To understand this issue you need a basic knowledge of accounting and refundable / non refundable tax credits.
I’ve been attempting to simplify it down to 140 characters and basic math but I feel that is adversely affecting my position at this point.

The truth is; it’s ignorance. I can assure you the industry is well aware of their sweet deal
and wants to hold on to it by any means necessary. If people understood the issue they’d be less likely to rally under the banner of a fictional trailer park. I’m not saying people are ignorant in general, but there are only so many times I can hear “Economics have nothing to do with a provincial budget.” before losing my mind.

The Economics

I’ve been told “it’s not black and white.” Hate to rain on your parade but it’s discrete math. It’s literally black and white. What is being discussed isn’t by definition a handout. It’s not a subsidy. It’s a tax credit.

As such, I believe we should talk about it in financial and accounting terms. If we want to discuss it on its merits, and look at the social implications of subsidizing film in Nova Scotia, we can and should stop treating it as a tax refund and treat it as a subsidy. We would still need to discuss whether or not we can afford a subsidy, but at least then we can have a fair and transparent discussion on the matter.

The Straw Man

For reference, a straw man argument is when one sets up a lesser argument then knocks the lesser argument down.

In the discussions around the film tax credit a common theme is that the province is spending $20M and generating $135M. On its face it’s really easy to look at that and say “Well obviously its bringing in $115M” and that’s where most people stop. While true, this is not the issue with the tax credit. This fallacy makes discussion difficult.

The issue is that the province is arguably losing money on the tax credit. The province spends $20M, which results in $135M in sales. The provinces return, in the form of tax revenues, is only about $15M. That’s a much less rosy picture. The province spends $20M and only makes $15M back? That means we’re losing $5M per year!

That’s right.

Think about it this way (coming back to basic math here.) If Walmart has a TV in stock, on sale for $550, and sells 100 of them that’s a lot of sales ($55000). But what is the return on that investment? We know what was spent; was it worth it? Did they see a return?

To know that we have to go further. What did Walmart spend on the TV? Say Walmart spent $600 per TV, sold them each for $550, and had $55000 in sales. Was that a good investment?

No. While they had spent $60000 ($20M) they sold them for $55000 ($15M)in sales losing $5000 ($-5M) in the process. That $15M is a fair estimate based on data available. In a perfect world with optimistic assumptions it still falls under $20M. If any industry or government representatives have figures on tax revenues, please send it to me.

My position all along has been that the tax credit is effectively a cash payment which has been rebuked by a few prominent members so I want to go over the actual differences between a cash payment and a tax credit.

To do so requires some differentiation. There are two types of tax credits. The first is a “nonrefundable” and the second is a “refundable”. The biggest difference is that the former cannot lower your taxes owed below zero. The latter can. A refundable tax credit can and often does push taxes owed below zero. When someone owes -$500 in taxes, they recieve a cheque for the difference.

In that way, a refundable tax credit and a cash payment have the exact same effect on a balance sheet. The province has less revenue, the business has less expenses. To claim that the tax credit is a credit, not a payment, is a semantic difference at best.

The Appeal to Emotion

As if one logical fallacy wasn’t enough, there’s another in play. The “appeal to emotion.” This is when someone uses emotions to win an argument without debating relevant facts. This happened in two ways. Save Sunnyvale, and threats to leave.

The film industry are masters of manipulating emotions. It’s their day job, to act and convince the viewer of the story. They got big names like Snoop Dogg, Carrot Top and Axl Rose to show support. They’re performers. They performed.

It’s a smart move. Honestly people like the trailer park boys more than bankers or ferry crews. It doesn’t mean they’re right. What do they do though? Threaten to leave. No one likes lost jobs. No one likes unemployment. We need to keep young people in NS. This isn’t what the Ivany Report suggested though. Young people shouldn’t threaten to leave, to create The Sudbury Park Boys, if they aren’t being paid to stay.

As soon as the tax credit cuts were preliminarily announced a concerted social media campaign was begun by industry leaders. The Trailer Park boys being some of the most vocal and even being interviewed in character.

Responsible journalism was found shuddering in a wrecked Trans Am when the CBC literally put fictional drug dealers on TV to discuss the merits of a tax credit.

The Cut

The actual budget was released today, with a film tax credit.

The industry is still threatening to leave.

Here’s the thing; It’s not the exact same tax credit but very similar. It’s still worth 50%-65%. The difference is it’s 75% non-refundable.

Remember those negative tax payments from earlier? Now only 25% of the 50%-65% can be paid out as (effectively) cash.

Lets run some numbers again.

Say a film company brought in $100,000 and paid $90,000 in salaries. As of yesterday they’d owe $3,000 in tax, and get a refund of $45,000 for a total negative tax payment of -$42,000.

In the new budget, that same company would bring in $100,000, pay $90,000 in salaries, owe $3,000 in tax. Only $11250 of the credit is now refundable. The difference that will “kill the industry” and they are threatening to leave over is now that 75% of a negative tax payment.
Granted, their books aren’t as rosy. But they are for profit businesses, and we were losing money subsidizing them. It wasn’t sustainable. Now, it actually is. The province should break even or slightly better which makes the credit worth it.

The Reality

An inevitable response to dissent regarding the tax credit is “But we gave RBC money”

OK. Two wrongs doesn’t make a right, but was that even wrong? Looking at it, again as a financial investment, not a subsidy, what is the return on that investment? Lets look at how much we’re giving RBC and compare it to the post-change film tax refunds.

The RBC credit is up to $22M over 10 years for up to 500 employees. Do the math.

$5M / 500 people / 10y means a refund of $4400 per person. To put that in perspective the NSBI business plan says that payroll rebates are between 5% and 10%.

The NS Film credit is 25% refundable of 50-65%. That’s 12.5% to 16.3%

Lets reiterate those numbers. The RBC credit is between 5% and 10%, the Film credit after the reduction is 12.5% to 16.3%.

The film industry is planning on leaving because we’re only giving them twice as much as it took to coax RBC to come here. After cuts.

The Conclusion

The response scares me. It means we need to either spend more money on education, or at least spend it more wisely (As we all know, mirochondria are the powerhouse of the cell.)

Even today, after the cuts were revealed to be reasonable, people responded with “I’ll never vote again!” Since when did ignoring an issue resolve it?!

We can afford the tax credit now. It’s still a very good return for the film companies. It’s certainly more than most industries. If you feel my analysis was wrong, I encourage you to show me otherwise. I really do welcome rational and reasonable debate.

As it was we were losing money. We were spending $20M a year to get $15M which is a fairly poor investment. Debt can be a good thing. But not without the means to pay it back. By doing so we are borrowing from our future.

But most of all, we need to start thinking rationally. We’re living in the aftermath of the boomers borrowing from us, and if we do the same there will be nothing left.

Save the library; Its our only hope

sdfsdfsdfsdf By evan on Feb 25, 2015

Update: I ended up hearing back from Waye Mason right away, and Savage a month later saying the information in The Coast was inaccurate.

 

Dear Mr. Mayor, Councillor Watts, and Councillor Mason,

Regarding this news article: http://www.thecoast.ca/RealityBites/archives/2014/12/09/volta-labs-wants-the-old-library

Halifax, as I’m sure you’re aware, is bleeding population. Our past is dying of old age, and our future is moving out west; to Ontario, to Alberta. There is one industry that isn’t running away as fast as they can. Tech. As I’m sure you’re aware, even Google has recognized Halifax as a (as much as I hate to say it) world-class city.

Up until just last week, I was planning on leaving Halifax forever. I didn’t particularly want to, I had no choice. I’m having a child in a month, and want to do whats best in the long run. I got lucky, and found a very good job at the last second here in Halifax.

There are hundreds of people with million dollar ideas, but don’t have the opportunity to flesh them out. A million dollar idea without the ability to follow through is worth less than the paper it’s printed on.

Mayor Savage, every time you speak at a tech or startup related event, you make sure to mention how important the tech industry is, how you support it, and how you want people to succeed. Ever since the very first Apps4Halifax hackathon at Volta.
Volta is basically at capacity right now. There are far more applicants than can be housed. The companies are also limited to a small office, with little to no infrastructure other than a couple of boardrooms and a common area. This is great for those software companies that can get in. Hardware unfortunately, not so much. There are many people in Halifax who are at the forefront of hardware development.  We have a huge ICT student population, we have dozens of IT companies. We have military contractors, biomedical companies.. Did you know one of the designers of the Commodore 64 works in Burnside?

Yet we have a city that claims to be on board with “open data” yet stonewalls any attempt to use it to the citizens benefit.  we have a community workshop, Halifax Makerspace, that can barely sustain itself and is at the whim of discretionary spending by quasi-governmental organizations. Mayor Savage, I’ve sat in an audience at least three times in the last year and you made it clear you want the tech industry to succeed.

I want you to live up to that.

I recently traveled to Waterloo, Ontario. What I saw there was a tech mecca. Not only is the ICT industry encouraged, it’s actively supported by the local and provincial governments. Things that programmers do for fun in Halifax, are well funded startups in Waterloo.  Google chose to make it’s home there. Facebook is moving in. Twitter is moving in. There are billions of dollars of investments going into the city. In two days there, I was approached about employment no less than three times. I’m still getting calls, asking me if I’d move there. In those same two days, I saw the bleeding edge of tech in North America. Canadian Tire, TD, Manulife, all of these companies are pouring money into R&D.

Why not here?

Waterloo is only the size of Dartmouth, but with four hundred tech companies. They have not one, but three startup incubators, (Communitech, Communitech Hub, and Velocity Garage, which specalizes in hardware). They are easily 15 years ahead of us right now, and I truly believe we can do better.

The old library is a huge stepping stone. It would provide Volta the opportunity to expand into hardware, to bring in more companies, and to better support the local ICT industry. Plus, from my understanding, the plan is to have the hardware lab and common areas open to the public. This is a $200,000 hardware lab that would make the Makerspace look like a playschool. The only thing they need is a place to set up shop.

Why tear the building down to build a park? This could be game changing! We have parks. In fact, we have a lot of parks. But I can’t think of a single multi-million dollar company started in a park. I can’t think of any high paying jobs created in a park. Volta was founded by self made men. They started with nothing, and turned their knowledge into millions.

People aren’t going to come back for a stroll in yet another park downtown. They’re going to come back because they can support their family. Waterloo doesn’t have any innate advantage over Halifax. They just have support. People want to move here, but they don’t have opportunities. People don’t have a future here.

Mayor Savage, I ask that you give them that future.

Sincerely,
Evan d’Entremont