The Mystery of the Woman at the Window
Article

The Mystery of the Woman at the Window

At least 22 civil servants across four departments were mobilized to respond to a media question about an "unauthorized" tweet

Late in the evening of Friday, June 11, a tweet was posted on the account for the federal ministry of women and gender equality. It featured a woman in only a long white t-shirt looking out a window. She appears to be in a hotel room. At her feet is a champagne glass and folded white linen napkins.

At 6:13 a.m. EDT the next morning, Alex Howell, the director of communications for Minister Maryam Monsef, sent out an email to eight people where she directed that the woman-at-the-window tweet needed “to come down right away.” A few hours later, she got a response telling her that one of the ministry’s communications staffers had taken the photo down.

That same Saturday morning, Canadaland reached out to the ministry. The question posed was one line, with a screencap attached: “I am inquiring about this photo posted to your Twitter account late last night. What were the circumstances here?”

On June 16, we received a statement in response:

On June 12, 2021, an unauthorized photo was posted on Women and Gender Equality Canada’s (WAGE) English Twitter account. WAGE removed the post as soon as possible.

Behind this short exchange was a multi-day discussion in which at least 22 civil servants across four federal departments and agencies were mobilized. Canadaland obtained 212 pages of correspondence through an Access to Information Act request for any communications around how the tweet was posted and later removed. The overwhelming majority concerned our own media request.

In addition to the director of IT and other senior staff at WAGE, staff in the Privy Council Office, Treasury Board of Canada Secretariat (TBS), and Communications Security Establishment (CSE) worked to provide input on the response and “media lines required by the related ATIP.”

“Head’s up that we got a media call on the photo posted on twitter on Saturday,” wrote one communications officer. “I propose a high level approach. See my suggested response below.”

She offered:

Proposed Response:

The Government of Canada is committed to maintaining the highest standards of security. On June 12, 2021 an unauthorized photo was posted on Women and Gender Equality Canada’s (WAGE) English Twitter account. WAGE immediately removed the post and updated all of its security controls to ensure such an incident does not happen in the future.

If pressed on what security measures were taken

WAGE cannot discuss the details of the security measures taken.

Pressures mounted throughout the day, and two employees exchanged instant messages about who else to loop in.

“For the media call, it might not be TBS. Can you have a peak at teh [sic] comms policy please?”

“Yup.”

“TBS might have advice though”

“Thank you thank you thank you”

“I wish everyone were this thankful when I did my job wink”

The following day, media relations staff from the Treasury Board sought advice from the Office of the Chief Information Officer, who in turn suggested pulling in the CSE, the government’s signals-intelligence and tech-security agency, to see if they might have “some tips/lines that they could share as well.”

“Here are the lines on cyber threats. We use these when there is a cyber incident,” wrote the Treasury Board’s Martin Potvin, who noted that the tweet “could be somewhat considered a level one incident.”

Excerpt from the Government of Canada Cyber Security Event Management Plan

The lines included:

• The Government of Canada, like every other Government and private sector organization in the world, is subject to ongoing and persistent cyber threats.

• Cyber threats can result from system or application vulnerabilities (e.g. Heartbleed) or from deliberate, persistent, and targeted attacks by outside actors to gain access to information (cyber-attack on the National Research Council).

• We continue to be vigilant in monitoring the situation, but we cannot comment further for operational security reasons.

Hope this helps!

Later on June 16, a senior communications advisor with WAGE shared the line that was soon sent to Canadaland, which apparently came from the minister’s office and did not include any details on cybersecurity.

Canadaland then did ask a follow-up question, but it was unrelated to the security measures for WAGE. We inquired if the tweet was a personal photo posted to the account by mistake.

That set off another round of internal deliberations.

“I’m just going to check in with Runa [Angus, chief of staff to the deputy minister,] and co., but I propose we answer that we cannot go into detail about the incident,” one comms staffer offered.

A discussion ensued over whether to go with “cannot” or “will not,” and this word choice seems to have necessitated at least one phone call. They settled on the latter.

While the ministry did not elaborate on whether it was a personal photo, in the FOI records provided to Canadaland, all instances of the tweet were redacted under a section of the Access to Information Act exempting the disclosure of “personal information.”

Any allusion to what actually happened was also blacked out in the records, on security grounds.

“Whoo hoo! That’s one less thing for now. Now just to finish that media call,” one communications officer wrote to a manager in a chat message, shortly before they heard back from the Treasury Board. “Thanks for taking over for me heart”

“I love our job smile”

“I love working with you”

Top image includes a screencap of the tweet in question, alongside an excerpt from a subsequent exchange between two comms staff in the ministry.

Latest Stories