CQ de KA9WGN

Thursday, October 26, 2006

ARRL warns hams about background check

ARRL president Joel Harrison, W5ZN, has issued a statement warning hams, especially members of ARES, to be cautious about what information and authorization they give when processing a Red Cross criminal background check online through MyBackgroundCheck.com. After checking this out, I think I will be a bit more than cautious; I won't even go through that site at all (if I were to ever be volunteering for anything associated with the Red Cross). The problem the ARRL is pointing out is that MyBackgroundCheck.com wants more information than is necessary for a background check. They also want authorization to obtain your credit report and to investigate other aspects of your private life. The concern is that the more places that end up handling your private information, the more chance there is of identity theft. I have to agree with that concern.

I am also concerned about other issues. The web site for MyBackgroundCheck.com runs on Microsoft Windows. While not every web site running on Windows is insecure, the chance of there being insecurity is substantially greater when it is Windows for various reasons ranging from known exploits in Windows itself to lack of awareness of all the details of Windows internals that prevails among Windows administrators.

What makes me particularly concerned about this site is the fact that they require Microsoft Internet Explorer be used to complete the process. This raises two issues for me. One is that web programming that requires a specific browser indicates less knowledgeable developers involved in the process. If the web developers are this limited, maybe the other developers behind the scenes may also be similarly limited. I simply have no way of knowing for sure, but it doesn't look good. The other issue is that this requires the user to expose their private and confidential data directly on their own, by having to run Explorer as well as Windows since Explorer won't run on a system like Linux.

Until these issues get properly addressed, my recommendation is to consider not performing this process at all. That may mean you cannot volunteer in areas directly involving the Red Cross. But ultimately it is your choice.