Australian Government's Stupid Census Plans Puts Privacy At Risk, May Destroy Their Own Census

from the short-sighted-in-the-extreme dept

You may have heard that tomorrow is the official day for the Australian census to take place… and many people are planning to ignore it, because of massive security concerns and some incredibly stupid plans by the Aussie government to retain and make use of the data collected. Having an accurate population census is an extremely important tool for a wide range of government services, but especially in an age of increasing (and very legitimate) concerns about government overreach and surveillance, some are reasonably worried about what’s done with the data. In the US, it’s been made quite clear that census data absolutely must be kept secret and not connected to individuals or used for other purposes.

Over in Australia, they’ve apparently got some other ideas in mind. Late last year, the Australia Bureau of Statistics announced that for this year’s census it would, for the first time, retain all the names and addresses it collected. This has raised some pretty serious concerns, and some fairly weak claims from the government. Prime Minister Malcolm Turnbull has announced that no one should worry because the government always protects people’s privacy. No, really.

Mr Turnbull said on Wednesday the organisation “always protects people’s privacy”.

“The security of their personal details is absolute and that is protected by law and by practice,” he said.

“That is a given.”

Anyone claiming that the security of any system “is absolute” has no fucking clue about security. There is no such thing as absolute security, and saying as such probably just acts more to entice hackers to try to break in than anything else. The comments from the ABS’s chief statistician are not any more comforting. When asked about security, he went with a Trumpian response of “we have the best security features.”

“The ABS has the best security features,” he said.

“We’ve never had a privacy breach with Census information and we do secure the information somewhat differently ? These days we can keep names separate from address and separate from other Census content, in three separate computer systems and never brought together.”

When asked if he believed this year’s Census had been handled poorly, Mr Kalisch responded that “we’re well ahead of where we thought we would be”.

Making matters even worse, over the weekend, it was revealed that the ABS actually had plans to crossmatch people’s data to other government services, and do other things with it — which is exactly what a large part of the concerns were about.

?Retention of personal identifiers could improve the value of census data through data integration and linking, which would enable new products,?? the document, released under freedom of information laws, stated.

The same document notes that there may be some “public backlash” to all of this “which would need to be carefully managed.”

So far, they’re not doing a very good job managing anything. The privacy and security concerns are growing rapidly, and people are speaking out on why they’re willing to face fines and punishment by refusing to fill out the census — even those who strongly support the idea of the census. This post from the former Deputy Privacy Commissioner, Anna Johnson, is well worth a read:

The definition of ?census? is ?an official count?.  I actually want to stand up and be counted.  But only counted; not named or profiled or data-matched or data-linked, or anything else.  The privacy risks of doing anything else are just too great.

I have thought about just refusing to provide my name.  But even if I don?t give my name, if the ABS is determined to link my Census data with other datasets, there would be enough other information in my Census answers (sex, age, home address, previous home address, work address) to let them proceed regardless.  It won?t be enough to protect my privacy.

There’s a lot more in Johnson’s post that is worth reading, including just how ridiculous the privacy promises are, and even an analogy of how the ABS is acting “like a very, very bad boyfriend” who “keeps on breaking promises, pushing boundaries and disappointing you.”

As for the security assurances, beyond just being ludicrous in claiming “absolute” security, there are already some pretty serious concerns. First of all, can you really claim that your security is “absolute” when you’re storing passwords in plaintext? I don’t think so — but that’s apparently what the ABS is doing with census passwords.

Storing passwords in plaintext is the clear mark of an amateurish security operation.

On top of that, some are already finding that their older computers are apparently unable to handle the census. If the goal is to collect information on everyone, perhaps you should design a simple system that doesn’t require a modern computer.

Finally, shouldn’t people be at least somewhat concerned when the security for the census is being handled by IBM, and an IBM “worldwide security architect” based in Australia tweets (and then deletes) that he expects the census data to be “inevitably leaked”?

Having a census is important. But it should be clearly and directly limited to just that purpose. There should be no storage of names and addresses. There should only be storage of the final aggregate data. The fact that Australia is going in a different direction — and considered “doing more” with the information, including crosslinking it to create “new products” should be extremely concerning. The fact that the government is claiming its security is “absolute” when it can’t even properly handle passwords makes the whole thing a joke.

And, now, because of this mess, plenty of people say they’re simply not going to obey and respond to the census. And while the Australian government may try to crack down on such behavior, in the end, it’s absolutely going to call the accuracy of the census into question. So in their quest to expand the power of the census, the ABS may have done the exact opposite. * Special thanks to Australian journalist/privacy activist Asher Wolf for helping me go through some of the details on this story.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Australian Government's Stupid Census Plans Puts Privacy At Risk, May Destroy Their Own Census”

Subscribe: RSS Leave a comment
68 Comments
PaulT (profile) says:

“These days we can keep names separate from address and separate from other Census content, in three separate computer systems and never brought together.”

“Retention of personal identifiers could improve the value of census data through data integration and linking, which would enable new products”

So… they’re never brought together. Until the data’s integrated with additional systems.

Did this actually make sense to someone when they stated it, or is it only with the benefit of edited we can see how dumb it is?

“We’ve never had a privacy breach with Census information”

Don’t worry, you’ve made yourselves look incompetent *and* issued a challenge to any interested hacker out there. It won’t be long. Unless your ability to detect a breach is on par with your ability to secure user passwords, in which case it’s way too late.

Anonymous Coward says:

“plans to crossmatch people’s data to other government services”

This is a problem, that is true. Should not happen.

As for keeping names and addresses, that is what a census is. Historical census returns are invaluable for the study of migration patterns, economic and indsutrial development, disease patterns and health research amongst other reasons. This is how we detail our history, and in particular the lives and history of ordinary people (not many of us would have been wealthy or important enough to appear in written records of the 1840s, for example). One day soon each of us will be history too and I WANT my descendants to trace me and my ancestors. Hence the 100yrs+ rules in so many countries. Until the ‘secret’ retention period has expired then the data should only be available in summary form. Census records are national treasures and should be treated as such if we value our cultures and histories.

MarcAnthony (profile) says:

Re: Re:

As for keeping names and addresses, that is what a census is. Historical census returns are invaluable for the study of…

Perhaps it’s different in other countries, but the intended purpose of the census in the US is for the apportionment of representation. You can pass information to your descendants without census mission creep or governmental assistance. Kids would probably value a family tree that was created and passed down by an ancestor more so than census data that was collected without their forebears’ informed consent, and it would probably be more accurate than the BS responses that will be returned for the Australian census.

John Fenderson (profile) says:

Re: Re: Re:

“the intended purpose of the census in the US is for the apportionment of representation”

That is the constitutionally required purpose, but is not the only purpose. Everything else the AC said about the purpose of the census applies to the US census as well, except that in the US, individualized information is not made available for 72 years rather than 100+.

Anonymous Coward says:

Re: Re: Re: Re:

“That is the constitutionally required purpose, but is not the only purpose.”

So what part of the Constitution authorizes the federal government to require people to tell them whether they have a refrigerator, or their ethnicity, or whether they have trouble concentrating?

John Fenderson (profile) says:

Re: Re: Re:2 Re:

The same part that authorizes the census:

[An] Enumeration shall be made within three Years after the first Meeting of the Congress of the United States, and within every subsequent Term of ten Years, in such Manner as they shall by Law direct.

“in such Manner as they shall by Law direct” has been interpreted as being expansive, meaning that any question may be asked. The Census bureau has this to say on the subject:

Even though Congress has granted this broad discretionary authority, the questions asked in the Census and ACS are determined by what data are needed to implement a vast array of federal programs. Courts routinely have upheld the constitutionality of collecting census data, characterizing as unquestionable the power of Congress to require both an enumeration and the collection of statistics in the census.

The Courts have held that the Constitution, including the Fifth and Fourth Amendments, does not prohibit the gathering of other statistics in addition to the enumeration.

Avior says:

Re: Re: Re:4 Re:

And any answer may be given.

Lying on the census is a federal crime.

For security purposes, I salted (i.e. added plus-or-minus a random amount in the range of “large fraction of the actual answer”) my responses to the nosy (US) “long form” (before it got replaced with the ACS form).

You just admitted to committing a federal crime. And since you’re a registered user, the feds could, if they so desired, subpoena your information from Techdirt and prosecute you.

Kleeia says:

Re: Re: Re:2 Re:

So what part of the Constitution authorizes the federal government to require people to tell them whether they have a refrigerator, or their ethnicity, or whether they have trouble concentrating?

Since you seem to be too lazy to read it yourself, Article I, Section 2 empowers the Congress to carry out the census in “such manner as they shall by Law direct”.

Anonymous Coward says:

Re: Re: Re:3 Re:

You read this as a blank check, apparently. I don’t. Sure, they have the power to do the enumeration in the manner they shall direct. But this only gives them the power to conduct the enumeration in this manner. They can mail the form, or send census workers, or put it online, or whatever. But asking questions about your mental state is not a manner of conducting an enumeration – it’s doing something else entirely while also conducting an enumeration.

The courts may support them, but the courts are routinely too permissive when it comes to the powers it allows the federal government to have.

John Fenderson (profile) says:

Re: Re: Re:4 Re:

“The courts may support them, but the courts are routinely too permissive when it comes to the powers it allows the federal government to have.”

With regards to the census specifically, the courts have ruled this way from the very beginning. The objections you’re raising have been raised pretty much since the census began.

You may disagree with the interpretation (I disagree with plenty Constitutional interpretations myself), but that’s what it currently is until someone can make a strong enough effort to change it.

This one has had longstanding and unwavering acceptance, though, so the required effort will be substantial.

Anonymous Coward says:

Re: Re: Re:5 Re:

From the beginning? Given how little information the first few censuses asked for, it doesn’t seem like this could have come up in the beginning. If it DID come up very early, then the courts were basing those rulings on forms that asked hardly anything and pretty much WERE just an enumeration, and not the current forms that ask for so much more.

And yeah, I know my personal feelings count for nothing. I may think jury duty is a clear violation of the 13th amendment, but I’d still show up, because I’d rather not be thrown in jail for violating the unconstitutional law. The punishment for merely not answering census questions is only a maximum of $100.

Anonymous Coward says:

Huh. Yeah, as an (obviously anonymous) Australian commenter, I have really serious concerns with all this. I have actually had a number of contracts with the ABS in years gone by and they always emphasised the privacy aspect of the work I did for them. How ironic that they now plan to invade and abuse everyone’s privacy with this stupid census. The security assertions might satisfy a 9 year old, but that’s about it. Most of the media here just repeat the government’s soothing statements with zero analysis, so most people just blithely accept them without question. I may just refuse and see what happens. Fuck ’em.

Anonymous Coward says:

Re: Re:

As another, equally anonymous Australian commentator, I suggest that, in the interests of your privacy, you should also:1) Surrender your drivers licence – heaven forbid that the government should be able to match not only your name and address but also the vehicles you own, 2) surrender your Medicare card, because that can be used to match your name and address and also your medical records, 3) get yourself off the electoral roll, so that the government can’t match your name and address, 4) close all your bank accounts, since that not only matches your name and address but also your financial situation and credit card details, 5) Ensure that you always earn less than $18000 per year so that you don’t have to have any dealings with the Tax Office who match your annual salary with your name and address but also try to ensure 6) that you don’t have to deal with Centrelink. Good luck with all that.

That One Guy (profile) says:

Re: Re:

Yeah, beyond other problems I have with it the background of the one who made it makes it a little hard to buy.

‘Joseph-Marie, comte de Maistre (French: [də mɛstʁ]; 1 April 1753 – 26 February 1821) was a Savoyard philosopher, writer, lawyer, and diplomat. He defended hierarchical societies and a monarchical State in the period immediately following the French Revolution.

Maistre, considered by Masseau and Didier to have been a key figure of what they termed as the Counter-Enlightenment, saw monarchy both as a divinely sanctioned institution and as the only stable form of government. He called for the restoration of the House of Bourbon to the throne of France and argued that the Pope should have ultimate authority in temporal matters.’

Given the source that line strikes me as less ‘the government is a reflection of the will of the people’ and more ‘if your government is acting badly you deserve it as punishment from on high’.

Mason Wheeler (profile) says:

Having a census is important. But it should be clearly and directly limited to just that purpose. There should be no storage of names and addresses. There should only be storage of the final aggregate data.

…just like they’ve always done in… oh yeah, in no census ever.

However much of a problem it may be over the short term, personally identifiable data in census records makes for incredibly valuable historical documents. Just ask any historian or genealogist.

Anonymous Coward says:

Re: Re:

However much of a problem it may be over the short term, personally identifiable data in census records makes for incredibly valuable historical documents. Just ask any historian or genealogist.

I have no obligation to future historians or genealogists to make their job easier.

At least in the US, the census is supposed to be to determine population, so we can correctly apportion congressional representation. They have no business demanding that people answer all of those long form questions. Even on the short form I would say they have no business demanding my race. They need to know the number of people. That’s it. They don’t need to know if I have a refrigerator or whether I took a ferryboat to work.

…just like they’ve always done in… oh yeah, in no census ever.

In 1790, they listed the name of each head of household, and they asked questions about the number of free White males aged under 16 years, the number of free White males 16 years and upward, number of free White females, number of other free persons, and number of slaves. That’s it. (Differentiating the slaves was required at that time due to the 3/5 rule.) They didn’t even ask for the names of anyone except the head of household until 1850.

DogBreath says:

Re: Re:

If I were an Australian, I would tell the government that they can have my personal identifying information (PID) tied to my census data when it becomes “Historical”, i.e. when I am dead, so the historians or genealogists can have the info they need.

An easy way would be to set up a deadman switch with a lawyer to release that PID when I have been confirmed dead.

As for “Historical Documents” saved in a totally safe computer database, it always starts out really noble and all like this, but then turns into this, and ends up with this.

That One Guy (profile) says:

Re: Interesting definition of "secret" or "private"

It’s ‘secret’ and ‘private’ in the sense that the public doesn’t have access to it(well, at least not until the database is hacked and the info leaked), government agencies will of course have access for whatever reason they can think of. To ‘better serve the public’ of course.

Anonymous Coward says:

Gee, this couldn’t possibly be the consequence of large budget cuts leading to a loss of staff and services:

http://www.macrobusiness.com.au/2014/06/abs-budget-cuts-blind-economic-policy/
http://www.smh.com.au/comment/budget-cuts-how-asic-the-abs-and-the-ato-are-turning-off-the-lights-20140608-zs16p.html

It’s not like this already lead to embarrassing problems like getting basic employment figures wrong:

http://www.afr.com/news/policy/industrial-relations/jobs-figures-are-dodgy-abs-admits-20141008-11cc5q
https://theconversation.com/joe-hockeys-user-pays-plan-for-the-abs-doesnt-add-up-32790

And it’s not like the increases in budget since then went straight into the shift to computerized data collection that’s blowing up in their faces:

http://www.computerworld.com.au/article/574411/250m-it-upgrades-abs/

No, I’m sure that all of that was completely coincidental.

Rekrul says:

I don’t believe for a second that US Census data isn’t fed into a database to be used for other purposes, complete with identifying information.

I suppose I’d object to providing all that information if I ever got one. Somehow though, my mailman always seems to lose mine (along with other mail), and I’m always out when they come by. They probably call, but I don’t have a cell phone and my answering machine doesn’t always record messages properly. I really should get a new one…

Anonymous Coward says:

Pay $180 and have at least an ounce of self-respect

Yes, most of us cannot afford $180/day on a long-term basis, but in the least we should delay the census, perhaps even by just one day or one week – at least we will know inside that we haven’t surrendered without battle.

There will come a day when having a receipt for this fine will be highly celebrated.

Anonymous Coward says:

Re: That didn't take long!

Yes, and as one bright boy pointed out, website primed to 1 million visitors per hour probably got 10 million visitors in 1/2 hour as the visitors got down to using site after teatime.

To save face, they are now claiming that this event was caused by foreign hackers/DDoS.

Still waiting on paper form that was requested a week ago.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...