IBM global security exec says census hack “inevitable”

IBM’s Worldwide Security Solution Architect has waded into the census privacy debacle, declaring Australia’s sensitive census data will be “inevitably” hacked.

Philip Nye, a global security executive based on the Gold Coast, addressed Prime Minister Malcolm Turnbull and Trade Minister Steve Ciobo on Twitter, calling for mandatory breach laws to be implemented.

The government has proposed a bill to force organisations to disclose when they’ve had a ‘serious data breach’, but is yet to be passed.

“Since Australia doesn’t have mandatory disclosure laws, will we ever find out when Census data is inevitably breached?,” Mr Nye asked Mr Turnbull and Mr Ciobo.

He then asked Microsoft regional director Troy Hunt, “Out of interest, will your pwned database handle the entire Australian population when Census data is inevitably leaked?”

Mr Nye is not the first to question the veracity of the census’ security, with former statistician Bill McLennan calling the 2016 census, “without doubt […] the most significant invasion of privacy ever perpetrated on Australians by the ABS”.

MORE: Census: privacy is ‘absolute’
Names and addresses collected as part of the 2016 Census, will be retained to enable the census to be linked to other national data.

Previously, names and addresses had previously been retained for 18 months but it’s understood this information will now be kept for up to four years.

Online privacy advocates Electronic Frontiers Australia said name and address information, as well as information about religion and income, was sensitive information and there was a real risk of this information being re-identified in the future.

“Data leaks continue to occur despite the best efforts of governments and organisations,” the organisation said in a statement.

“The safest way to avoid risk is to destroy the names and addresses immediately.

“In previous censuses, respondents were allowed to opt-in to having personally identifiable information retained, and it is the position of EFA that respondents to the 2016 Census should have the same privacy protections afforded to respondents of previous censuses, in line with community expectations.

AsThe Australian reported earlier, Malcolm Turnbull today moved to reassure Australians about their privacy.

“The Australian Bureau of Statistics in undertaking the census, always protects the people’s privacy and the security of their personal details is absolute. And that is protected by law and by practice, so that is a given,” the Prime Minister told reporters in Canberra.

Senator Nick Xenophon had said he received an “overwhelming number of calls, complaints and online feedback of problems” about the national survey – the first census to go largely online.

He said some constituents had not received their online login while others have received paper forms they had not requested. Callers to the ABS’s hotline, who fear being fined for non-completion of the census, have reportedly suffered delays and disconnections.

Senator Xenophon also questioned whether the ABS had outsourced its interface to a private firm which might not be subject to the government’s Information Security Manual.

“The census is meant to provide accurate information on which good policies are based. Right now it seems to be headed for a debacle,” the senator said, urging the government to delay the survey.

“The unintended main statistic from this census might be the huge number of Australians who can’t complete it through no fault of their own.”

Treasurer Scott Morrison said in response today the ABS has an “unblemished record on this issue.”

ABS head David Kalisch attempted to calm fears at a snap news conference in Canberra today, saying the bureau had “the best security features” and its census data had never been breached.

“We can keep names separate from address and separate from other census content in three different computer systems and never brought together, so Australians can be assured that we treat their information securely,” Mr Kalisch said.

“From what I understand a number of the privacy groups have raised this on every census for the last number of times, so this is a regular feature of some of the commentary from some of the privacy advocates.”

Households will be able to complete their questionnaire after census night and had been provided an additional two weeks to do so, he said.

They will also be able to fill it out online until September 23.


. . . . . . . .

Leave a Reply