Et tu, Passport Canada?

December 5, 2007 at 9:08 pm 3 comments

Even though I have no connection with Passport Canada, for some reason I’m feeling terribly let down by them.

My disappointment may stem from an agency making an elementary security mistake and, rather than fixing the problem, repeating it and looking foolish.

Or, it might be that it is incidents like these that collectively undermine trust people have in dealing with government agencies online.

Sigh…government agencies dealing with sensitive personal information simply have to do better.

What happened? According to Globe and Mail, a security flaw in their website allowed passport applicants to view the personal details (including social insurance number, date of birth, address, driver’s licence number, and gun ownership) of other applicants by simply changing one character in the URL displayed in the address bar. A very, very basic mistake and, worse, evidence of appalling testing.

The site was taken down but when it was put up again, a few key strokes were still all it took to reveal personal information. All the while, Passport Canada was in a public denial mode.

Their website says about Web Security that “Passport Canada is taking the measures necessary to protect the confidentiality of the personal information you provide and to ensure that your electronic transactions with us are secure.”

The problem is, when fine words don’t match reality, public cynicism results. And that hurts.

Advertisements

Entry filed under: Canada, data_breach, fraud, government, network, personal_info, privacy, security, strategy, trust.

The feds & your Amazon records Demise of the Access Card

3 Comments Add your own

  • 1. Countries News » Blog Archive » Et tu, Passport Canada?  |  December 5, 2007 at 11:40 pm

    […] Et tu, Passport Canada?By VikramTheir website says about Web Security that “Passport Canada is taking the measures necessary to protect the confidentiality of the personal information you provide and to ensure that your electronic transactions with us are secure.” …Identity and Privacy Blog – https://yes2privacy.wordpress.com […]

    Reply
  • 2. codetechnology  |  December 6, 2007 at 6:00 am

    The Canadian government has a short but disturbing history of security breaches (that we know of, it is likely a much longer list…) and your comment about words not matching reality is bang-on. Low quality service delivery from the large IT providers in Canada is embarrassing — EMBARRASSING — and this is just one example.

    Based on the official response/brush-off, I don’t really think they realize how important it is that Canada’s passport processes be seen as secured to the rest of the world. A data breach is one thing, but perhaps more importantly: does my passport, issued using the same online system last year, have the same respect as it did before this news broke?

    Reply
  • 3. Identity Blogs « code technology  |  January 4, 2008 at 5:46 am

    […] Identity & Privacy Blog — Vikram Kumar’s almost daily take on things related to identity management is particularly relevant to my consulting work because he operates in a government setting (New Zealand).  Issues related to the political impacts of large-scale identity and access management are unique and often don’t get much attention from either the IT press or the blogosphere.  As a sample, here is Mr. Kumar’s take on a recent Canadian story. […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Feeds


%d bloggers like this: