[LINK] The Real Reason ABS Took the Census Offline?

Roger Clarke Roger.Clarke at xamax.com.au
Fri Aug 12 14:22:00 AEST 2016


At 13:35 +1000 12/8/16, Michael wrote:
>The real questions are why were no readily available counter measures in
>place, why did the site get taken off-line and why did it take two
>days(!!!) to restore it.

One very plausible reason for the delay has been suggested to me.  

The ABS's behaviour on Tuesday evening is consistent with them being concerned that the security of the 12-digit number has been broken.  

Kalisch made a statement this morning consistent with that interpretation.

And there's been a change in call-centre processes that's also consistent with that assumption.  (You can call 1300 214 531 / 3 to advise that a dwelling was vacant on Tuesday night.  On Monday, callers were asked for the 12-digit number.  On Friday, they are *not* being asked for it).

Yesterday afternoon, I put two posts on the privacy list suggesting that an audit is needed of that security.  The government mania for secrecy means that any public statement is untrustworthy.  So the audit needs to be undertaken by the public.

The second posting below suggests how a public audit might be done.

Feedback much appreciated.

Please pass this on to appropriate lists.

For the idea to work, it has to be done quickly.

_________________________________________

Thu, 11 Aug 2016 16:49:46 +1000

Someone's suggested to me that:
>The 12 digit hash has poor encryption. DDOS would only need to be able to guess a tiny proportion of valid check digits to tie up resources.
>
>Imagine if the idiots that did that also based what should have been a fully random underlying 7 digits on some sort of hash of the residential addresses they were sent to.
>
>There may be NO way to recover!!!
>
>The joys of "securely " linking data with hash keys...


Further thoughts around the same line:

With 12 digits you get 1 million million (old-style billion) combinations.

There are something like 10 million (2**7) dwellings.
(If they assign a number to forms used, multiply that by maybe 1.3?).

In brute-force-search terms, that's not exactly sparse.


Is the hashing mechanism published or inferrable, I wonder.

What do they do with apparent attempts to use a number a second time?

Does the number or the hash become associated with the data that's keyed into a web-form, or that's captured from a hand-completed paper form?

Wouldn't it be nice if this had been thrashed through by participants in the consultative group(s) of security pros and privacy advocates that would have been involved in a properly-run PIA process?

_________________________

Fri, 12 Aug 2016 12:17:40 +1000

The following has been suggested to me:

1.  The association between the 12-digit number and the dwelling-adress 
    may have been systematically assigned rather than purely random

2.  If so, then it may well be possible to infer the basis on which
    the 12-digit numbers were assigned, and hence generate the table 
    of codes matched with dwelling-addresses

3.  In order to be able to do that, two things are needed:

    a.  an address database - desirably the one used by ABS, but any
        comprehensive database might do, e.g. the AEC's Electoral Roll,
        which is widely leaked, in particular to politicians, or 
        consumer marketing databases, or raw G-NAF - the Geo-coded 
        National Address File

    b.  a sufficient set of valid pairs of:
        -   12-digit numbers
        -   dwelling-addresses
        By 'valid' is meant exactly as printed on the ABS letter

4.  Many people may be willing to contribute their own pairs, in order
    for a publicly credible audit to be performed of the security of 
    the scheme used by ABS to collect the data and to associate the data
    with addresses.

    (People would be well-advised to do so only after either completing
    the form, or deciding that they're not going to do so - because the
    pair is sufficient to enable any third party to masquerade as a person
    at that address, should they wish to do so).

5.  The audit might be facilitated by someone producing a web-page that:
    a.  enables people to key in their pairs
    b.  explains the process clearly enough that the consent is informed
    c.  builds a database of pairs
    d.  makes that database available to appropriately skilled people
        who can conduct the audit

__________________________

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			             
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/ 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list