Hopefully you have heard the phrase coined by Bruce Schneier ‘security theatre’ to refer to a lot of the recent changes in travel security etc. The basic inference is that it looks like security but isn’t really.
I know this because I have had all sorts of things confiscated while trying to board a plane, but have never been arrested. Too much of a threat to take my plastic clamp on the plane but not enough for a life sentence at gitmo. At least I can take comfort knowing that none of the other passengers has a small plastic clamp with which to take over the plane (or the world).
I am now living through a vetting pantomime. I have been offered a (short term) contract at a UK bank, and now ‘just need to go through the security vetting process’.
I need a disclosure Scotland, can’t get one on line as I don’t have a uk address. One suggestion was that I use someone I knows’ address in the uk as my current residence. Hmm – false information?
They want a 5 year work history, which I have provided, but now they want the gaps explaining. Well derrr I’m a contractor, sometimes there are gaps…
No, they want me to send them bank statements for all the gaps! What the fuck for??? They haven’t specified which account so I guess I shouldn’t use the one with all those NSA/KGB payments for leaking vital information? Or at least I should ensure those payments do not fall in a month when I am not in a contract.
Someone suggested it is to see if I have ‘been away’, ie looking for lack of transactions whilst held at her Royal Britannic Majesty’s pleasure. Its a joint account – there are transaction all the time (me putting money in, wife taking it out :-))
What are they going to do with my bank information? How can it help their vetting? it can’t. its stupid. If they came to me with a list of all my accounts then maybe, but thats SC level stuff not mickey mouse 10 week contract stuff.
Why are banks wanting to recruit people that think its ok to spaff personal confidential information all over the interwebs??
That’s right they want me to email them my bank statements, no mention of a sFTP secure upload facility, no details on the usage of the information, the storage, or the expiry/deletion. they just want people who don’t give a shit about information security, incredible.
Leaving aside of course the irony that between me and this bank, only one of us has ever been found guilty of any fraud or criminality. and I don’t (mis) sell PPI or fix Libor rates.
I’m know I am too old and battle scarred for this shit but really…
You’re the bad guy, oh no I’m not you’re the bad guy, oh no I’m not etc etc. He’s behind you…
Aaaanyway if you need a grumpy old fart with just enough knowledge about security to be cantankerous then let me know. It looks like I may be having a gap opened up in my agenda for me…