@IcI: We've put together responses to most of your questions below. Thanks for your interest!
I'm guessing this QR code / unique URL will be sent in an envelope and not a post card?
If it is on a post card, what'll stop others taking a photo and using my 'ID' to submit data?
If in an envelope, what's stopping other stealing my 'ID' and submitting alternate data?
Can an entry be re-submitted?
Will you specify how securely I must treat the initial registration code? Guard with my life? Secure as a PIN code? Left lying, face up, on my desk (at work)?
Yes, your code will be sent in an envelope, not a postcard. The code is for the whole household to use. An entry can't be resubmitted, and we'd like you to keep the access code safe until you've used it, and then destroy it as you would a bank statement.
The access code is not visible through the envelope window. If a letter is stolen, say from a letterbox, the person who steals it and logs in will only see a blank form waiting to be filled in. So, in theory, they could complete a response for that household. If a household haven't received their code, they can ring our contact centre and we'll resolve the enquiry based on their situation. At no point would a person who stole an access code be able to see another person's data.]
With a two week window, how will you track my registration and my final submission?
Will you track IP address / geo location of the registration / submission events?
What if I register in the country and complete the submission from outside the country (because I'm doing it for the family still at home)
What if I use a different browser
You can complete your census from any location. We’ll send or deliver an access code to every household in New Zealand.
Completing the census form online will be secure, quick and easy. There is no registration process.
If you haven’t received an access code next year, you can contact our help centre and arrange to have one sent to you.
We record IP addresses as part of our security logging and monitoring of the system. However, we do not associate IP addresses with personal content submitted in response to census questions.]
You mention botnet & hacking attempts. This sounds like the 'in the moment', huge data flood attacks. How will you prevent low grade / below the radar threshold activity?
The original blurb mentions that data in flight is encrypted, presumably via TLS and your browser?
Our testing includes both “flood” and below-threshold activity scenarios.
Our servers support forward secrecy for browsers that also support it.
Response data is encrypted at rest across all our collection systems. However we do not give out technical information around this because technical details may assist malicious attackers.
Stats NZ adheres to New Zealand Government security standards as specified in the New Zealand Information Security Manual (NZISM). This standard is freely available here. This standard is aligned to a number of international security standards.
Access to individual records is tightly restricted and monitored. We also use DLP mechanisms to restrict data being accidentally emailed.
It is a requirement of the Public Records Act that we maintain a copy of census records for historical purposes. Access to these historical records is made available after 100 years.
We have designed our systems to be resilient to data tampering, however we do not give out technical information around this because technical details may assist malicious attackers.
Yes, our testing includes checking that user input is safe and won’t compromise our systems.]