Linux support on-site, on-line and in the cloud.

Security and government bureaucracy.

Security and government bureaucracy.

I have complained on other occasions about governmental, quasi-governmental, or commercial organisation on the governmental gravy train and their ignorant, or negligent approach to security, while claiming to protect the user or citizen from the dangers endemic on the internet.

Depressingly many of them don’t even get the basics right.

Last time I think it was Jeremy Hunt’s training enterprise sending passwords in the clear. While placing in danger users data and potentially, their livelihoods, Hotcourses did at least have the bottle to apologise and the savvy user does have the option of not using them, even if the site does dominate that particular market place.

This is not the case with organisations conducting DBS checks (formerly CRB checks). With DBS checks many citizens are obliged to engage in the ridiculous farce and pay for through nose for the privilege if they wish to continue in employment.

One such organisation on this particular gravy train is Voluntary Norfolk, a registered charity that is an approved supplier to the National Council for Voluntary Organisation but which also provides back office services to commercial enterprises.

Voluntary Norfolk operate a web site called "charitybackroom.org.uk" which together with payroll and HR services carries out DBS checks. To do this the poor bloody applicant has to submit personal data, supply documentation proving their identity and places of residence and complete a questionnaire. The data is presumably collated with that gathered from the local police, the police national computer, the Department of Education, the Independent Safeguarding Authority and whatever other agencies are deemed relevant.

In order to protect this data, the applicant is issued with a user login name and a password, both sent together and yes, in the clear. So anyone with access to the computer systems either at Voluntary Norfolk or at the applicants home or office, or at the ISP where the mail is stored and anyone who can be bothered to sniff on the wires in between, can have access to the account. And blow me down, there is a confirmatory question and response for additional security. Both the question and answer are also sent, by email, in the clear.

Don’t you just love it. Everyone can sleep easier in their beds knowing that big brother is in control and taking care of us.