The online version of the 2022 census was launched this Wednesday morning. TO the crash of the site by the amount of income requested added a clarification that the National Institute of Statistics and Censuses (Indec) had to make regarding the request for personal data such as ID, name and surname and email to be able to do it, while national censuses are anonymous.
In order to register on the page, the site asks for National Identity Document, email, name and gender. This, according to the Indec, has an explanation.
“The questionnaire does not request ID. The document number, together with the day and month of birth, are on a temporary screen that is used to verify that the person who is going to answer the digital questionnaire is a real person and not a robot, old enough (from age 14 is what the census requires) to answer on behalf of all household members: this validation is required only for entry to the census questionnaire and the protection of their information”, they explained to Clarín from the agency.
The legend to which they refer says: “I understand that my national identity document will not be linked to the information that I will register in the Digital Census nor will it be stored.” And from the Indec they clarified to Clarín: “The digital census is a complementary tool that seeks to provide comfort to people, it is not an imposition”, an idea that was reinforced by the head of the organization, Marco Lavagna, at a press conference.
However, experts in computer security and personal data protection notice some problems with this requirement. And they do so based on the large number of cases of data theft from government entities in Argentina that occurred during the last two years: to the National Directorate of Migration in 2020, to Renaper in 2021 and to the Senate of the Nation in January this year.
“Technically there is no need to relate a personal data to make a census and especially with the background of bad security practices that led to cases like those of the Renaper database last year”, he explained to Clarion Cristian Borghello, computer security expert.
The problem with loading this data is that, in addition, they entail a potential computer security problem in the future.
“For citizens it implies a serious problem because it means that anyone could access the data and, with it, a criminal can direct and perfect any type of theft, fraud, fraud or identity theft. Supposedly this data will be protected but the State has already shown that it is not capable of doing so and, assuming they do, Why should providers and those who access (with permission) data be trusted?”, asks the specialist.
This is what other analysts found to be problematic. “There is another problem: once the census is completed (and after about 3 hours), I received an email that includes tracking techniques for our web browsing (trackers) of the company ‘midirector.com’, a private company dedicated to marketing by mail. This is completely inadmissible”, adds Javier Smaldone, a programmer and computer expert who closely follows the use of personal data by companies and states.
They also explained what they do with that data that validates the user to enter the system: “After copying the servers that run internally on the Indec network (datalake), the data is deleted from the application with certain frequency. In addition, these servers have strict security, anonymization and data governance standards, ”they clarified.
Regarding the security of the system, INDEC explained to Clarion that “runs under ARSAT infrastructure with specific security services”. In addition, they plan at least one audit which is in the last stage of the process in charge of the firm Ernst & Young, represented by Pestrelli, Henry and Martin Asociados.
The alternative to not giving the DNI
The controversy surrounding these data was even greater during the past year, when an official Indec model was circulating that included the “DNI” field within the census. The Vía Libre Foundation, which reviews personal data collection practices, filed an injunction with the agency and the Head of the Cabinet of Ministers in September, which led to the elimination of the field within the form.
This Wednesday, Beatriz Busaniche, president of the foundation, criticized: “There is no way to corroborate that these data are not actually linked in that database. Judging by the security conditions of the page, it is not entirely clear that the site has the appropriate security so as not to be violated by an applicant.
And he added: “It is fundamental to carry out the census, we are not anti-census. But we recommend doing it on paper, the old-fashioned way”.
Indeed, as explained by the body itself, there is an alternative to not enter this data in the identity validation: wait until May 18 for the face-to-face visit.
Until the time of publication of this note, more than 90,000 households carried out the online census.