Security News > 2011 > January > White House Tour Cybersecurity: Send In Your SSN - Via Unencrypted, Unprotected Email!
http://lauren.vortex.com/archive/000799.html By Lauren Weinstein January 13, 2011 Greetings. Before the U.S. government proceeds at all with their controversial and risky Trusted Identities in Cyberspace Internet ID scheme, perhaps they should demonstrate their ability to follow for themselves the most basic of Internet security procedures. Very large numbers of persons tour the White House every year. All prospective tour guests 14 years of age and older are required to pre-submit their Social Security Numbers (SSNs) for security checks (apparently it is common for children under the age 14 to have their SSNs submitted as well). One might assume that information as sensitive as SSNs would be handled by the associated authorities with the same care and diligence as, say, a typical bank Web site -- using SSL/TLS encryption for the protection of this data that is so often abused for identity fraud. But that assumption would apparently be false. An array of Congressional Web sites instruct would-be White House tour guests to submit their personal information (names, dates of birth, social security numbers, etc.) via standard unencrypted email to (for example) various addresses @mail.house.gov! [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/