The United States Postal Service is getting all fancy schmancy on us. Unfortunately, their security measures aren’t quite keeping up with their technological moves. This means all y’all will be wanting to batten the hatches, so to speak, on your online information. Essentially, Informed Delivery is a service that allows you to view mail and control packages online, which can be helpful for things I’ll not detail now. Instead, let’s talk security.
Informed Delivery is cool; unfortunately, cool and secure aren’t the same thing. The first snag I found in the course of signing up was hiding in the Terms and Conditions. They include, “When using the Service, the information You provide is accessible to the Postal Service, but may also be collected by third parties such as the companies that control the operating systems of the particular application You are using.” So, if you don’t particularly like third parties getting ahold of your information, this is a no-go. Additionally, USPS utilizes Knowledge-Based Authentication (KBA), which is not a particularly secure system.
Because the service requires minimal information to verify your identity, it’s not particularly difficult for someone else to guess or deduce the information needed. For example, phone numbers, maiden names, and other basic information is generally simple to find online. The World Privacy Forum created a list of concerns addressed to the postal service regarding the poor security measures. The list included Informed Delivery’s potential for use as a governmental tracking system. On the whole, USPS’s new feature sounds like a good idea on its face, but security is suboptimal. According to KrebsOnSecurity, the best course of action is to have all adult members of your household create an account to prevent anyone else from assuming your identity, as each person can only have the mail scans sent to one email address.