According to this article <http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12038826>, when we were filling out our census data online last month, it was actually going through the servers of a company called Incapsula, which was scanning the unencrypted data for malware. Since the company is based in the US, this naturally raises concerns about US Government access to the data of NZ residents and citizens. On the one hand, the article says “this is not a data breach”, but on the other hand Adding to the researchers' concerns, Stats NZ's digital key that is required to decrypt the data sent over TLS secured connections is now distributed across Incapsula's global network, Teague and Culnane said. "Our non-exhaustive search found that servers in Australia, the US, as well as New Zealand, all had the Stats NZ key," they added. Digital TLS keys are supposed to be protected and should only be kept on the servers that they relate to, the researchers said. If keys are leaked, attackers could use them to impersonate Stats NZ servers. and further down they use the phrase “clear security flaw”. Stats NZ insists the company is trusted and “Goverment-approved”. Given it’s also protecting the GCSB, I guess that is already very literally true.