I always took my military job very seriously. A significant part of my job in the army was information security. Once a soldier in my company misplaced a roster of phone numbers we were required to carry at all times. The entire company was punished, or “correctively trained,” for four hours until we sweated blood. We knew we deserved it: it was our JOB to examine every single piece of information from the perspective of someone who wanted to kill us. Every morsel of information has to be treated like a weapon in the hands of the enemy. Apparently not all companies respect information security as much as a soldier does.
While at my desk in Iraq, I tried to order $1,500 worth of merchandise from a certain company for the first time. This company is to the military what Apple is to college students. You either have the right brand, or you don’t. This company has well-established loyalty in the community.
Ordering something over the Internet while in a war zone is not analogous to ordering it while in your home country. Ordering over the internet in Iraq feels VERY high risk. How many groups would love to know everything the U.S military does over the Internet? All of them.
We were advised to moderate our behavior on the Internet as though foreign generals from an unfriendly country were looking over our shoulder. Yet this company with a reputation for military-friendliness expected me to email a copy of my military ID.
I had to black out my social security number and bar code with image editing software. That is something that not everybody is willing to do. Still, just a picture of me in uniform with my name felt like a betrayal of my security training. Sending that to this company felt more high risk than actually sitting in a war zone. That didn’t seem fair.
The policies of this company placed me at a substantial amount of risk. Would Al-Qaeda have liked to have a huge database of the pictures and names of active-duty military who had recently shipped something to Iraq? That’s how I viewed the transaction. That is how I was trained to view the transaction.
I actually canceled my order because I just couldn’t make myself send my ID over a that high-risk of a connection. I figured that I had a security clearance for a reason; I was trusted to not do stupid things with sensitive information.
Even if that company has tremendous loyalty and name recognition, I will not make an order that compromises the security of my information. Is that too much to expect? It shouldn’t be.
The beauty of SheerID’s active duty verification solution is that it’s instant and automatic. We don’t require active duty military to upload copies of their military IDs or email us credentials, and we take security very seriously.