Okay, I don't get why the census 2006 requires you to have the Java JRE with specific browsers and OS's. I don't get why they can't do this kind of thing with just the browser. What's not good enough with the encryption that the banks and just about every online presence uses? Why do I have to run an applet to fill out a form with radio buttons and text fields? PITA.
Maybe there's a great technical reason for it, but from my point of view it's just inconvenient, annoying and makes me think that it was a "lazy" decision. Stupid heads...
Well you can be happy that it isn't active X. :). Anyway, I think they were just trying to be ultra secure. Really, I think it's a bit of overkill, and they probably bought into the system when everyone was still using 40-bit encryption, and they weren't sure if that would be enough. Besides, if someone wanted to steal census data, it would probably be easier to check mail boxes for giant yellow envelopes.
ReplyDelete"they probably bought into the system when everyone was still using 40-bit encryption"
ReplyDeleteFrom what I understand, this is the first year where you can fill it in online...
Yes, but it took them 8 years to develop the system. :) Anyway, if you don't like the online system, you can just fill it out, pen and paper, and send it by regular snail mail.
ReplyDeleteWhy are you saying it took 8 years?
ReplyDeleteI'm not saying it for sure took 8 years, but they only have a census once every 5 years. The last one was in 2001. What i'm saying is that whenever they started, SSL waasn't up to the task, and they couldn't garauntee that it would be up to the task. Besides. SSL only encrypts between your computer and the web server. Maybe they need extra encryption such that not even the web server decrypt the data, and only a special server which hosts the Census information is allowed to decrypt the data.
ReplyDeleteBeing a StatCan code monkey, maybe i'd be a good source for your answers....
ReplyDeleteTo be honest, it drives me insane that we have to encrypt all of our survey transmissions using Entrust and then SSL. I've asked a billion times why this is necessary, citing banks and every other country's governmental security policy. In fact, we did an audit last year of around 10 other countries around the world, and we were the only federal agency who uses more than SSL. Furthermore, dealing with the Entrust PKI and consequential problems makes me want to kill myself, and requires about half of our survey-development time. Trust me, it sucks.
But, the StatCan policy is that SSL is not strong enough. So our genius solution is to use nested encryption, which forces users to download JRE and developers to waste a lot of time writing horrid code to get the nested encryption to work at all! Yay!
Please shoot me.
hahaha...
ReplyDeletethanks for the answers man... sorry about the pain. :-/