Security, Privacy, and Hypocrisy, eh?

Sep 22

I‘m an information management professional. I’m also an avid follower of public policy debate. Open access to government data and content is essential to being an informed participant in a modern democracy.

As I blogged in February, I love attending public committee meetings to learn more about the decision-making process, and to hear first-hand how our politicians and senior officials think about important issues. My favourite committee is the Standing Committee for Access to Information, Privacy and Ethics.

This morning I chose to sign up for their email notification service. In this new session of Parliament, they changed the location and meeting times of their regular meetings and I didn’t want to miss out. ¬†According their the House of Commons committee website, the subsribers [sic] will receive alerts on all committee activities.

I created a user ID by providing my email address, and submitted a password.

Creating a subscriber account

Within moments my subscription confirmation was received. And lo and behold was I not shocked to see what had arrived in my inbox. Yes, a confirmation of my subscription…complete with my password in its full blazing glory of clear text.

Don't think the irony of the disclaimer small print didn't make me chuckle

So let’s recap this one, shall we?

1. This Parliamentary Committee is specifically tasked with issues related to information access policy, privacy, ethics, disclosure, etc etc.

2. The W3C stated years ago that there it is simply not possible for passwords to be securely transmitted in clear text in any way. In their words “Clear text passwords are a serious security risk“.

3. Public sector is notoriously fast to cut access to internet services, social networking sites, collaboration and cloud-based tools because of ¬†the inevitable excuse of “security” risks.

I’m laying this out there because it is yet another example of how Canadian public sector has fallen desperately behind in the adoption of online technology and effectively using digital communication and collaboration tools.

The knee-jerk excuse of “security” has been revealed to be lip service. And it embarrasses me as a citizen who wants to safely and securely engage with my government in order to learn more about decisions and policy.

Now excuse me for a couple of hours while I run around the internet and change anywhere else that particular password has been used.