Autocomplete is one of those modern conveniences of the Internet age that can sometimes have disastrous consequences.
We’ve previously told you about a government contractor who says his life was ruined after Google autocomplete caused him to accidently search for how to make a remote controlled bomb, but now it seems even government leaders like Barack Obama, Angela Merkel, and Vladimir Putin aren’t safe from autocomplete’s unintended consequences.
This week, Australia’s immigration department announced new email policies banning the use of autocomplete, after a major screw-up last year in which the personal information of Obama, Merkel, Putin, and other heads of state were sent to unintended recipients.
According to the Guardian, the mistake occurred during last year’s G20 summit in Brisbane. In organizing the event, an immigration official accidentally sent a confidential email containing the “passport numbers, visa details and other personal identifiers” of the leaders attending the summit to an official from the Asian Cup soccer tournament. Earlier this week, it was revealed that this blunder was the result of the autocomplete function on the immigration department’s email system.
The White House is reportedly pursuing its own investigation of the matter to make sure the commander in chief’s personal information hasn’t been further compromised. In the meantime, the head of Australia’s immigration department has already announced the end of autocomplete to prevent a similar mistake from happening again in the future.
“If you have emailed a person before, you have to retype in their address completely,” said Matthew Yannopoulos, the department’s chief information officer, according to the Australian. “I have made the addressing torturous, so that you actually—really need to think about it. They are pretty unhappy about it.”
But despite this reform, some cyber security experts wonder if there are other problems with the way the agency handles sensitive data that should also be addressed.
Speaking to ZDNet, privacy consultant Steve Wilson, of Constellation Research, wondered why there was not some sort of content filter that would have required a secondary authorization before sending an email with such sensitive information.
“We have to ask how these sorts of processes and systems are allowed to be established. Were threat-and-risk assessments and privacy impact assessments done? And if they were, why did they manifestly fail?” Wilson said. “I trust nobody has played this down as a human error. We know that humans are the weakest link in the security chain. So when anyone says of a breach ‘it was human error,’ they’re admitting management culpability.”
Despite the error, it doesn’t seem as if the leak of Obama’s data has had any negative impact. Still, White House Deputy Press Secretary Eric Shultz said officials are “looking into [the matter] and we’ll take all appropriate steps necessary to ensure the privacy and security of the president’s personal information.”
Photo via Johan Larsson/Flickr (CC BY 2.0) | Remix by Rob Price