You may have heard that tomorrow is the official day for the Australian census to take place... and many people are planning to ignore it
, because of massive security concerns and some incredibly stupid plans by the Aussie government to retain and make use of the data collected. Having an accurate population census is an extremely important tool for a wide range of government services, but especially in an age of increasing (and very legitimate) concerns about government overreach and surveillance, some are reasonably worried about what's done with the data. In the US, it's been made quite clear that census data absolutely must be
kept secret and not connected to individuals or used for other purposes.
Over in Australia, they've apparently got some other ideas in mind. Late last year, the Australia Bureau of Statistics announced that for this year's census it would, for the first time, retain all the names and addresses it collected
. This has raised some pretty serious concerns, and some fairly weak claims from the government. Prime Minister Malcolm Turnbull has announced that no one should worry because the government always protects people's privacy
. No, really.
Mr Turnbull said on Wednesday the organisation "always protects people's privacy".
"The security of their personal details is absolute and that is protected by law and by practice," he said.
"That is a given."
Anyone claiming that the security of any system "is absolute" has no fucking clue about security. There is no such thing as absolute security, and saying as such probably just acts more to entice hackers to try to break in than anything else. The comments from the ABS's chief statistician are not any more comforting. When asked about security, he went with a Trumpian response of "we have the best security features."
"The ABS has the best security features," he said.
"We've never had a privacy breach with Census information and we do secure the information somewhat differently … These days we can keep names separate from address and separate from other Census content, in three separate computer systems and never brought together."
When asked if he believed this year's Census had been handled poorly, Mr Kalisch responded that "we're well ahead of where we thought we would be".
Making matters even worse, over the weekend, it was revealed that the ABS actually had plans to crossmatch people's data
to other government services, and do other things with it -- which is exactly what a large part of the concerns were about.
“Retention of personal identifiers could improve the value of census data through data integration and linking, which would enable new products,’’ the document, released under freedom of information laws, stated.
The same document notes that there may be some "public backlash" to all of this "which would need to be carefully managed."
So far, they're not doing a very good job managing anything. The privacy and security concerns are growing rapidly, and people are speaking out on why they're willing to face fines and punishment by refusing to fill out the census
-- even those who strongly support the idea of the census. This post from the former Deputy Privacy Commissioner, Anna Johnson, is well worth a read:
The definition of ‘census’ is “an official count”. I actually want to stand up and be counted. But only counted; not named or profiled or data-matched or data-linked, or anything else. The privacy risks of doing anything else are just too great.
I have thought about just refusing to provide my name. But even if I don’t give my name, if the ABS is determined to link my Census data with other datasets, there would be enough other information in my Census answers (sex, age, home address, previous home address, work address) to let them proceed regardless. It won’t be enough to protect my privacy.
There's a lot more in Johnson's post that is worth reading, including just how ridiculous the privacy promises are, and even an analogy of how the ABS is acting "like a very, very bad boyfriend" who "keeps on breaking promises, pushing boundaries and disappointing you."
As for the security assurances, beyond just being ludicrous in claiming "absolute" security, there are already some pretty serious concerns. First of all, can you really claim that your security is "absolute" when you're storing passwords in plaintext? I don't think so -- but that's apparently what the ABS is doing with census passwords
Storing passwords in plaintext is the clear mark of an amateurish security operation.
On top of that, some are already finding that their older computers are apparently unable to handle the census
. If the goal is to collect information on everyone, perhaps you should design a simple system that doesn't require a modern computer.
Finally, shouldn't people be at least somewhat concerned when the security for the census is being handled by IBM, and an IBM "worldwide security architect" based in Australia tweets (and then deletes) that he expects
the census data to be "inevitably leaked"?
Having a census is important. But it should be clearly and directly limited to just that purpose. There should be no storage of names and addresses. There should only be storage of the final aggregate data. The fact that Australia is going in a different direction -- and considered "doing more" with the information, including crosslinking it to create "new products" should be extremely concerning. The fact that the government is claiming its security is "absolute" when it can't even properly handle passwords makes the whole thing a joke.
And, now, because of this mess, plenty of people say they're simply not going to obey and respond to the census. And while the Australian government may try to crack down on such behavior, in the end, it's absolutely going to call the accuracy of the census into question. So in their quest to expand the power of the census, the ABS may have done the exact opposite.
* Special thanks to Australian journalist/privacy activist Asher Wolf for helping me go through some of the details on this story