[LINK] The Real Reason ABS Took the Census Offline?
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Aug 12 14:22:00 AEST 2016
At 13:35 +1000 12/8/16, Michael wrote:
>The real questions are why were no readily available counter measures in
>place, why did the site get taken off-line and why did it take two
>days(!!!) to restore it.
One very plausible reason for the delay has been suggested to me.
The ABS's behaviour on Tuesday evening is consistent with them being concerned that the security of the 12-digit number has been broken.
Kalisch made a statement this morning consistent with that interpretation.
And there's been a change in call-centre processes that's also consistent with that assumption. (You can call 1300 214 531 / 3 to advise that a dwelling was vacant on Tuesday night. On Monday, callers were asked for the 12-digit number. On Friday, they are *not* being asked for it).
Yesterday afternoon, I put two posts on the privacy list suggesting that an audit is needed of that security. The government mania for secrecy means that any public statement is untrustworthy. So the audit needs to be undertaken by the public.
The second posting below suggests how a public audit might be done.
Feedback much appreciated.
Please pass this on to appropriate lists.
For the idea to work, it has to be done quickly.
_________________________________________
Thu, 11 Aug 2016 16:49:46 +1000
Someone's suggested to me that:
>The 12 digit hash has poor encryption. DDOS would only need to be able to guess a tiny proportion of valid check digits to tie up resources.
>
>Imagine if the idiots that did that also based what should have been a fully random underlying 7 digits on some sort of hash of the residential addresses they were sent to.
>
>There may be NO way to recover!!!
>
>The joys of "securely " linking data with hash keys...
Further thoughts around the same line:
With 12 digits you get 1 million million (old-style billion) combinations.
There are something like 10 million (2**7) dwellings.
(If they assign a number to forms used, multiply that by maybe 1.3?).
In brute-force-search terms, that's not exactly sparse.
Is the hashing mechanism published or inferrable, I wonder.
What do they do with apparent attempts to use a number a second time?
Does the number or the hash become associated with the data that's keyed into a web-form, or that's captured from a hand-completed paper form?
Wouldn't it be nice if this had been thrashed through by participants in the consultative group(s) of security pros and privacy advocates that would have been involved in a properly-run PIA process?
_________________________
Fri, 12 Aug 2016 12:17:40 +1000
The following has been suggested to me:
1. The association between the 12-digit number and the dwelling-adress
may have been systematically assigned rather than purely random
2. If so, then it may well be possible to infer the basis on which
the 12-digit numbers were assigned, and hence generate the table
of codes matched with dwelling-addresses
3. In order to be able to do that, two things are needed:
a. an address database - desirably the one used by ABS, but any
comprehensive database might do, e.g. the AEC's Electoral Roll,
which is widely leaked, in particular to politicians, or
consumer marketing databases, or raw G-NAF - the Geo-coded
National Address File
b. a sufficient set of valid pairs of:
- 12-digit numbers
- dwelling-addresses
By 'valid' is meant exactly as printed on the ABS letter
4. Many people may be willing to contribute their own pairs, in order
for a publicly credible audit to be performed of the security of
the scheme used by ABS to collect the data and to associate the data
with addresses.
(People would be well-advised to do so only after either completing
the form, or deciding that they're not going to do so - because the
pair is sufficient to enable any third party to masquerade as a person
at that address, should they wish to do so).
5. The audit might be facilitated by someone producing a web-page that:
a. enables people to key in their pairs
b. explains the process clearly enough that the consent is informed
c. builds a database of pairs
d. makes that database available to appropriately skilled people
who can conduct the audit
__________________________
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916 http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list