Et tu, Passport Canada?
Even though I have no connection with Passport Canada, for some reason I’m feeling terribly let down by them.
My disappointment may stem from an agency making an elementary security mistake and, rather than fixing the problem, repeating it and looking foolish.
Or, it might be that it is incidents like these that collectively undermine trust people have in dealing with government agencies online.
Sigh…government agencies dealing with sensitive personal information simply have to do better.
What happened? According to Globe and Mail, a security flaw in their website allowed passport applicants to view the personal details (including social insurance number, date of birth, address, driver’s licence number, and gun ownership) of other applicants by simply changing one character in the URL displayed in the address bar. A very, very basic mistake and, worse, evidence of appalling testing.
The site was taken down but when it was put up again, a few key strokes were still all it took to reveal personal information. All the while, Passport Canada was in a public denial mode.
Their website says about Web Security that “Passport Canada is taking the measures necessary to protect the confidentiality of the personal information you provide and to ensure that your electronic transactions with us are secure.”
The problem is, when fine words don’t match reality, public cynicism results. And that hurts.