Census officials must explain online security

I was pleased that the Ottawa Citizen printed my letter to the editor today. Below is the original draft for your reading pleasure.

Census officials must explain online security
Re: Privacy Paramount, June 06

In response to the Director General of the Census’ letter, I would like to set the record straight on some critical points concerning data confidentiality. Security through obscurity is no security at all. Likewise trust built on secrecy is no trust at all.

Last month, Statistics Canada conducted the census for the first time with the ability to respond online – an option which they vigorously promoted. However, did you ever stop to ask yourself, “How exactly do they secure my data?” The answer is: no one in the public knows, you’ll just have to trust them.

When you buy stuff online, you might notice a little yellow padlock in the corner of your web browser when your transaction is encrypted. In this case, you don’t just have to take someone’s word that the cryptography is well designed, you can go see for yourself! The standards are public, the research is public, and trust is formed through years of open debate.

In the case of the technology that secures the online census, all of the development has gone on behind closed doors. No documents describing the technology have been made available despite efforts by the public to get access.

This might be fine if it was intended to be become some military technology. However the census, like an election, is the ultimate expression of public involvement. It is we – the public – who are using this technology. If we are being asked to trust our personal information to it, we have an inherent right to know exactly how that information is protected. But alas, it would appear the government does not agree.

Regardless, it is wholly their obligation to convince the public to trust the security of the online census. I’m sorry folks, but the “it’s secure because we say so” argument is not sufficient.

Aleks Essex
School of Information Technology and Engineering
University of Ottawa