MI5 new e-mail alert service sends web subscription forms to the US
without encryption, according to an investigation by Spyblog.
The service, launched by MI5 on Tuesday, is designed to allow
subscribers to receive email notification of changing national security
threat levels by email. This information is already available on MI5's
website for anyone who cares to look.
Worse than being of limited value, Spyblog discovered data submitted to
the form is sent to US email marketing and tracking firms without the
informed consent of subscribers, evidence of either incompetence or
“indifference to the privacy and security of the general public”. The
privacy campaign website described the heavily promoted service as a
“rush job” and a “shambles”.
“Astonishingly, MI5, the Security Service, part of whose remit is
supposed to be giving protection advice against electronic attacks over
the internet, is sending all our personal details (forename, surname
and email address) unencrypted to commercial third party e-mail
marketing and tracking companies which physically and legally in the
jurisdiction of the United States of America, and is even not bothering
to make use of the SSL / TLS encrypted web forms and processing scripts
which are already available to them,” Spyblog rants.
Ha. From The Register.