ABS flaw uncovered
A flaw has been discovered in the algorithm the ABS uses to protect census data.
Experts say it is serious enough that an attacker could be able to reveal large parts of the census dataset.
The algorithm is designed to prevent the possibility of identifying individual people in census data.
But Dali Kaafar, chief scientist at the Optus Macquarie University Cyber Security Hub, says his team was able to calculate and remove the deliberate inaccuracies introduced by the algorithm.
“You can automate that to actually run this whole vulnerability for the whole Australian population and then we can reconstruct completely the whole database,” he told ABC reporters.
The flaw is accessible through TableBuilder, a web-based tool for accessing census data.
Researchers first told the ABS about problems in 2017, and again in mid-2018.
Professor Kaafar says the information appears to have prompted changes to the TableBuilder tool, but the ABS has not confirmed that claim.
The ABS has issued a statement acknowledging the vulnerability, but would only concede that attacks are “theoretically possible”.
Research published last week shows with mathematical certainty that the technique makes the census data vulnerable.
“ABS has since put in place measures to mitigate this potential vulnerability suggested by the researchers,” it said.
Professor Kaafar said mitigations would be useless against more sophisticated, state-level actors.