A number of people have asked about the security of the data we hold and whether it is accessible by other companies or governments. In particular the recent news that the USA regularly intercepts large volumes of traffic that passes through Google, Microsoft, Apple and many other providers is quite worrying.

Firstly, we take security very seriously. It is important at many levels: the security of your business information, the privacy of your students and old fashioned security around credit card processing. While it is impossible to ever guarantee anything, we put a lot of effort into security at multiple levels. Hardened operating systems (and no OSX or Windows ever goes into our data centre), firewalls and application security are all important.

We do not host any onCourse data or onCourse services in the USA. Nothing.

Physical security at our data centre is maintained by a company whose parent company is owned in Singapore. And emails to students (confirmations, tax invoices, etc) will very likely travel through the USA since many students will have accounts with hotmail, gmail, etc. But the core databases and systems are held within Australia, only 10 km from our office.

Now this doesn’t mean that the combined efforts of foreign intelligence services would not have any way to get at it. I’m not sure why they would care about adult education in Australia, and I think they would have more interesting data to go and analyse.

At any rate, I think the far more scary proposition is that from next year the Australian government will hold in one system all the learning history from kindergarten onward, for every person in Australia. And there is specific provision in the Act which allows police and other government agencies to access that data without a warrant, if it is connected with some investigation. Which really could mean anything. I don’t understand why the government feels that what we learn should ever be considered interesting or incriminating, but perhaps it is more about mapping who we associate with than what we are learning.

Even if you trust the government implicitly, the USI people will control a database which is far more attractive a hacking target than our little collection of students and enrolment history. The ATO has not been impervious and I am sure the new USI agency will see its measure of hacks once they accumulate enough information worth stealing.

Anyhow, we’ll keep our paranoia aimed squarely at what we can do something about: continually reviewing and improving our own security processes.