Sarah Rieger, CBC News:
Private proof-of-vaccination app Portpass exposed personal information, including the driver’s licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured.
On Monday evening, CBC News received a tip that the user profiles on the app’s website could be accessed by members of the public.
CBC is not sharing how to access those profiles, in order to protect users’ personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licences and passports can easily be viewed by reviewing dozens of users’ profiles.
The Portpass app, created by a Calgary-based team, came recommended by the parent company of our sports franchises because our official vaccination proving mechanism is built terribly. If the provincial government did not have its head stuck so firmly in the ground and were actually prepared for proving vaccination status instead of making international headlines for its incompetence, Portpass would not need to exist.
Earlier in the day, the Calgary-based company’s CEO Zakir Hussein had denied the app had verification or security issues and accused those who raised concerns about it of breaking the law.
“Someone that’s out there is trying to destroy us here, and we’re trying to build something good for people,” he said.
Imagine being so self-absorbed or insecure that you cannot admit to your company’s failure to implement rudimentary security and privacy safeguards.
There is a trickle-down effect to the decisions that have defined this fourth wave. This is the same sort of stance that our government has held while other provinces continue mitigation efforts, even as our health system is in dire straits. The last two months of pandemic response in this province has been a tiramisu of incompetence, and it feels like it is about to collapse.