logo
logo

IT analyst: Oz census data processed as plain text

avatar
Dana Millard
img

An Australian IT consultant has cast doubt about whether the country's Census is as secure as the Australian Bureau of Statistics thinks it is.

The technical infrastructure for the Census is being delivered by IBM using its SoftLayer cloud in Australia.

While the online Census completion process uses transport layer security TLS – and is therefore kept from preying eyes – the tunnel terminates not at the ABS, but at IBM's end, claims Justin Warren, chief analyst and managing director of consultancy PivotNine.

Exploring the behaviour of the JavaScript code that implements the form, Warren demonstrated that if a user is interrupted, the saved data that pre-populates the form when the user resumes isn't decrypted at the user's browser.

In other words, he says, it's been saved as clear text in the SoftLayer infrastructure – and would therefore be accessible at the server end.

The resume function sends back your answers so far to populate the form.

collect
0
avatar
Dana Millard
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.