AndrewJ,
It's worse. Heres what a security consultant wrote
http://www.smh.com.au/comment/why-i-...08-gqnapp.html
Now, as for a little digging, it turns out
- the URL resolves to two IP addresses in Canada, so that data isn't kept on-shore;
- the TLS tunnel ends offshore at IBM in the US, so the PATRIOT act applies and whatever ABS says about security is balderdash as the US agencies already have it, and... worse...
- the data is stored PLAIN TEXT - its not encrypted, so the US didn't even have to work for it;
- the software is javascript, by IBM, who didn't even make any attempt to secure it - the source code is accessible as plain text implying the whole thing has probably been hacked anyway by bots submitting bogus data;
- if you watch the video clips from ABS they do not offer any assurance at all concerning privacy. The privacy act 2014 didn't get a mention, and there's no clearly stated intent to respect privacy. There's lots of soft mumbo jumbo waffle, but they do not come out cleanly and say your identity will be protected.
Which means ABS HAS NO INTENTION of keeping it private.
Now... why would they want enough data to uniquely identify you ? They intend to offer the data to any prepared to buy the data to match you to whatever databases those organisations have. Including potential identity thieves.
By the way, your birth date and postcode will identify 90% of the population uniquely so please give you age in years, not birthdate.
I'm going to be Mr Householder Householder.
Unit number blank and I'm swapping the last two digits of the postcode, oops a typo your honour.
What I do at work ? Answer phone calls and write emails, perfectly correct and utterly useless..
I'm waiting to see if they attempt to send a fine to "Householder".
