Today is census day in Australia, usually a chance for Australians to help “count the nation” and create a snapshot dataset to be used for effective government policy making.
But the Australian Bureau of Statistics (ABS) has gradually introduced more invasive techniques to the census over the last few decades. This year, they topped it off by taking it online, extending their retention of identifying data and avoiding any external critique by privacy organisations.
The former Australian Statistician, Bill McLennan, brilliantly explained how the census is becoming an instrument of mass surveillance in Australia. Rosie Williams compared it to a stealth national identity system, like the Australia Card, which Australia thoroughly rejected in 1987.
Despite Malcolm Turnbull’s reassurance, there is no such thing as perfect security. The ABS has created a honeypot, a very attractive dataset of all our personal data from each census, linked with all our data at other agencies.
The census data is no longer a snapshot in time but a living database of our private lives.
It is only a matter of time before the census data is breached.
Here’s the evidence:
- There have been 14 data breaches at the ABS since 2013.
- Contrary to the ABS claims, your census data appears to be accessible in plain text by IBM (a US company subject to the PATRIOT Act).
- There have been some indicators of shonky security protocols on the online census.
- The ABS sends passwords by email in plain text.
We are concerned that these are indicative of the census project’s overall approach to security.
Again, there is no such thing as perfect security. Even with the best encryption in the world, everyone is susceptible to social engineering. Even the most advanced security agencies in the world get breached. There is no reason to believe that the ABS has a better approach to security. In fact, their response leaves us in rather a lot of doubt.
The ABS has repeatedly threatened people with fines. They have ignored public concerns around security and privacy, responding only with platitudes and spin. And they’ve ignored the extremely reasonable requests of the EFA, DRW, ThoughtWorks, Scott Ludlam, Nick Xenophon and others to take measures to protect our privacy.
The ABS should read up on the practice of Datensparsamkeit (data austerity); that is, collecting only the data you need, since the only way to totally prevent data being breached is to not have it in the first place.
In the meantime, the ABS should delete their linkage keys so that census information cannot be reassociated to individuals, and commission a full external review of the privacy impacts of the ABS’ changes to the census over the last few decades.
If you would like some more depth about why the ABS has made the wrong decision with this edition of the census, there are great articles by former Deputy Privacy Commissioner for NSW Anna Johnston and IT consultant Justin Warren.