NVC ceac.state.gov Security

[Pason 0]

My wife is petitioning for her elderly father.  She received an email to start the process at ceac.state.gov.  The process will require a ton of financial and identity documents.  I thought, "cool, we'll create an account and this will be easy".   Then I found out there are no passwords.  You sign into the account using the case number and invoice number that they provided in the email.  This email is sitting on the email servers of my wife's email, my email, and our attorney's email.  This seems like an easy opportunity for a random IT admin, or anyone with access to one of the systems that the helped deliver the emails, to gain access to a nice trove of documents to sell on the dark web to people who want to commit identity theft.  Just sign in with the information sent via plain text email, and download copies of the documents. 

 

Are my fears off base?  I haven't gotten too far into the process.  If someone does have the "credentials", what kind of damage can they do?  It sounds like if I upload documents and don't submit them, they are easily viewed.  If I upload and submit the documents right away, would that make them inaccessible?  The FAQ states "...users will be unable to view documents that contain Social Security numbers and sensitive financial information once they are submitted to CEAC".  Does that mean a tax return might not be viewable, but a birth certificate or driver's license would be?

[P0907 127]

Who don't you trust in this scenario?

 

47 minutes ago, Pason said:

This email is sitting on the email servers of my wife's email, my email, and our attorney's email. 

Is this your personal email, or a work email? If it's a work email, don't do personal business on a work email, your companies IT department will always have access to that, one way or another (I'm an IT admin for a large company, if I really wanted to, I could access anyone's work inbox).

 

If it's your personal email, is your account with a reputable company? If so they probably have a pretty strong data protection / GDPR policy.

 

As for your attorney, you probably signed some sort of non-disclosure agreement (NDA) with them. There is such a thing as client/professional confidentiality.

 

USCIS and NVC are not responsible for your choice of attorney, email provider, strength of password or who you share your information with.

 

 

Edited July 26, 2021 by P0907

[Pason 0]

5 hours ago, P0907 said:

Who don't you trust in this scenario?

All of the email servers involved,plus all of the network devices that handle transmission of the email data. 

 

https://blog.encyro.com/why-is-email-not-secure/

"Joint research by  University of Michigan, Google, and University of Illinois Urbana Champagne, measured over 700,000 mail servers, and found that only 35% were configured for encryption, and most had glaring loopholes that allow attackers to reroute emails to their servers. Their investigation of Gmail in particular showed that up to 20% of all messages were attacked."

 

ISPs may or may not have strong data protection policies, but hoping an ISP has a strong data protection policy and that they didn't accidentally hire someone dishonest (https://www.imperva.com/learn/application-security/insider-threats/) is not a license to design a system that ignores basic security principles.  There is a reason why PCI standards forbid transmitting credit card information over email.  And that can only lead to credit card fraud.  There's the potential for full identity theft here.  And it's not like USCIS/NVC warned me that my choice of email provider was going to be monumentally more critical than it normally is.

 

It's true that USCIS and NVC are not responsible for my choice of password, except they don't allow me to choose one.  They chose the password and then shared it with many systems outside of my control, and then won't allow me to change it, and won't allow me to upload encrypted documents.  That they found the need to include in their FAQ that encrypted documents are not permitted means I'm not the first to recognize this problem.

 

I'm very sad that you chose to attack me for having legitimate concerns and didn't even bother to answer my questions.  When I saw there was a reply, I was hopeful that maybe someone was going to confirm the situation isn't as bad it initially appears.  But then I found this.

 

 

 

[Chancy 6,241]

7 hours ago, Pason said:

Does that mean a tax return might not be viewable, but a birth certificate or driver's license would be?

 

Yes, tax documents will not be viewable/downloadable after upload into CEAC, but not so for some other documents.  I only uploaded a few types so I don't know exactly which ones you can view from CEAC.

 

[carmel34 3,639]

11 hours ago, Pason said:

Are my fears off base?  I haven't gotten too far into the process.  If someone does have the "credentials", what kind of damage can they do?  It sounds like if I upload documents and don't submit them, they are easily viewed.  If I upload and submit the documents right away, would that make them inaccessible?  The FAQ states "...users will be unable to view documents that contain Social Security numbers and sensitive financial information once they are submitted to CEAC".  Does that mean a tax return might not be viewable, but a birth certificate or driver's license would be?

You have legitimate fears, especially with all the global hacking going on these days.  The problem is that you have no other choice if you want the visa process to continue, you will have to upload the documents via CEAC so that the NVC can review them.  There is no option to submit paper documents to the NVC.  Think of it this way--if you were able to send paper documents, they would simply scan them into their computer systems, servers, etc. just as they do with petitions, forms, and documents that are sent by paper every day.  Then those digital documents would be subject to discovery by hackers.  I learned many years ago through personal experience what it is like to have my identity stolen, when I tried to file my annual tax return with the IRS and they rejected it because "it has already been filed."  Someone in the "dark web" got my SSN, name, and date of birth and filed a false tax return for me before I did and nearly stole my refund.  Thankfully I contacted them before the refund had been sent but it was a big hassle to say the least and now I have to file with a special PIN every year.  They wouldn't give me a new SSN, it is for life, and I didn't feel like changing my name.  Since then I am as careful as possible, but hackers will find a way into computer systems sometimes, that's the way the world is now.  My advice is to not worry too much even though there is a degree of risk every day that sensitive information could be stolen by someone who hacks into your bank, health insurance company, state or federal government, or other places where digital information is stored and is supposedly secure.  Good luck!

Edited July 26, 2021 by carmel34