[LINK] Census: OAIC's Vacuous Pseudo-Investigation Report

Roger Clarke Roger.Clarke at xamax.com.au
Thu Aug 11 16:16:54 AEST 2016


[The OAIC has issued a statement, copy below.

[The irrelevance of the PC'er - particularly as the position is exercised by Pilgrim - is reinforced by his completely superficial 'I have been given assurances' pseudo-investigation.

[The one item of interest is that ASD, according to Pilgrim, said:
"the incident was a denial of service (DoS) attack".

[There is widespread doubt as to whether any material level of DoS-like activity occurred.  This is based partly on evidence, and partly on the absence of evidence that should exist in the event that a significant DoS attack occurred.

[It is therefore open to interpretation that ASD actually mumbled something along the lines of 'one or more DoS attacks played a role in the incident'.

[More importantly, it's become obvious to everyone that Pilgrim abjectly failed to examine the design of the 2016 Census.  

[Yet Pilgrim's statement also makes clear that he is doing nothing whatsoever about the massive privacy issues involved, and is merely going along for the ride with Alastair MacGibbon on the review of the security aspects of the disaster.]


Census 2016 website incident, August 9 
11 August 2016
https://www.oaic.gov.au/media-and-speeches/statements/census-2016-website-incident-august-9

Yesterday I initiated an investigation into an incident involving the Census 2016 website. My priority in doing so was to ensure that no personal information had been compromised.

My staff and I have been in regular contact with the Australian Bureau of Statistics (ABS), and I have received a briefing directly from the Australian Signals Directorate (ASD) - the Commonwealth's pre-eminent cyber-security analysts.

ASD advised me that the incident was a denial of service (DoS) attack and did not result in any unauthorised access to, or extraction of, any personal information and, on the information provided to me by ASD, I am satisfied that personal information was not inappropriately accessed, lost or mishandled.  

The ABS' decision to shut down the website - to avoid any prospect that the DoS attack could include or otherwise facilitate a data breach - was, in the circumstances, a pro-privacy precaution.

This incident will now be the subject of a broader review led by the Prime Minister's Cyber-Security Adviser, Alastair MacGibbon. I have discussed with Mr MacGibbon how our Offices will work together as part that review.

My Office will also continue to work with the ABS to ensure they are continuing to take appropriate steps to protect the personal information collected through the Census.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			             
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/ 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list