Last week, a serious security flaw in the official website for Passport Canada was exposed. This wasn’t just a minor incident. Data that was easily accessible, comprised of personal information, including social insurance numbers, dates of birth and driver's license numbers, all belonging to those applying for new passports, were accessible.

The breach was discovered by an Ontario man filling in information for his own passport application. He realized that he could easily view the applications of others by simply altering one character in the Internet address displayed by his Web browser. The individual who discovered the glaring flaw, Jamie Laning, informed Passport Canada of the problem and they quickly closed off the site last Friday. The site resumed operation on Monday afternoon and strangely, with only a few keystrokes, the same data was still exposed.

This is not at all promising. A flaw like this is just an example of lazy programming and really doesn’t have anything to do with how ‘secure’ the site is. This programming oversight by Passport Canada is a colossal nightmare for Canadians applying online. What I’m saying is: if you’re thinking of applying for a passport online – don’t. For a long time. If Passport Canada is unable to secure our data and allow a massive breach like this, I would be weary of things changing anytime soon.

Am I saying that the whole passport process is completely inept? Not at all. In fact, Passport Canada should be commended for being able to somehow process the overwhelming number of applications that have come their way. Personally, when my wife and I applied for our passports back in October, our experience couldn’t have been any less painless. Plus our passports were in our hands in less time than anticipated!

I wonder though, if our personal information is as insecure as it appears to be, is there really much point to even have passports as a means of security? Security experts have always maintained that passports are not exactly the answer to national security. I tend to agree. Combine this with the absolutely ineffective measures of liquid banning on airplanes and I’d say our country has some serious security re-thinking to do. More on this at,

Interview with Kip Hawley

This great interview with Kip Hawley, the head of the Transportation Security Administration (TSA) is a highly recommended reading.

This massive breach just raises many more questions about the overall state of security online. Not just with Passport Canada, but with how much of our data is out there. The problems lie with the fact that security is so often overlooked in its implementation. Security must be a serious consideration in every aspect of an application, especially where personal information is concerned. Until that day, the onus is unfortunately on us to be extremely selective in to whom we provide our private data. So, right now is certainly not a good time to use Passport Canada's website for your passport application.

Link: Passport applicant finds massive privacy breach