The Australian Bureau of Statistics’ reaction to justified concerns about its collection and storage of name and addresses in the 2016 census has varied between the hysterical and the risible. But we’ve slowly developed an understanding of just how serious this threat is to Australians’ privacy. And it’s clear that the only sensible response to the threat is to refuse to participate in the census.
Rather than meaningfully engage with widespread privacy concerns about its personal information retention in the census, or the legal case that it simply doesn’t have the power to compel citizens to hand over names, the ABS has attacked its critics.
Crikey’s editor was scolded after one article: “… it should also be of concern to you that the writer is encouraging readers to act illegally by not participating in the 2016 Census of Population and Housing”. In addition to that ringing endorsement of free speech, the ABS has dismissed concerns: current ABS head David Kalisch has refused to provide legal advice he claims contradicts the views of one of his predecessors, Bill McLennan, about his legal powers.
Instead, the ABS likes to issue threats, insisting that it will prosecute anyone who acts on their privacy concerns. “It is in no way legitimate to not participate in the Census,” Chris Libreri of the ABS lectured Crikey. “The ABS prefers to seek the willing co-operation of respondents. However, it is sometimes necessary to use the legislative provisions,” the Guardian was told.
There was also the downright bizarre, Pollyannish article by Kalisch in which he claimed to be “excited to sit down with my family on August 9 to record our characteristics. I urge everyone in Australia to join me and share in the excitement.” One wonders how many penalty units it will cost people prosecuted for lacking the statutory level of enthusiasm for their loss of privacy.
The fact that unelected bureaucrats like Kalisch are given the power to issue edicts declaring that it is “in no way legitimate” for citizens not to provide copious, highly personal detail of themselves for indefinite retention and use by governments (and whichever parties governments allow access to it) is bad enough, but that at least is longstanding tradition in Australia. But as more attention has focused on the privacy implications of the census, we’ve become aware of the sinister uses to which previous censuses are now being put, which has fundamentally changed the nature of the census.
We now know that the ABS has been tracking more than 1 million Australians since the 2006 census, matching up information gathered subsequently by the ABS in order to profile them on an individual basis for the rest of their lives. Not a single one of these million-plus citizens agreed to this; the ABS did not seek their permission to assemble this life-long profile, but simply chose them at random; the targets were not given either a choice or even informed they were being surveilled in this way, nor were they alerted to the fact that their information would be sold by the ABS to anyone willing to pay.
The ABS insists that because these targets have been stripped of name and addresses and that there are therefore no privacy implications to this mass tracking of individuals. This is nonsensical; one of the key discoveries of the growth of big data has been how simple it is to identify individuals from completely anonymous publicly generated datasets with even relatively limited information. We didn’t even need Google for this: the ease with which individuals can be traced through bulk anonymous data has been known for decades.
As for data that has merely been “de-identified” — the ABS plans to turn names and addresses into codes to enable tracking of individuals’ data in the census — re-identification is fairly straightforward since an individual, even without their name and address, can easily be traced if you have access to a coherent series of data about them. The Privacy Commissioner Tim Pilgrim has already warned businesses about the need to treat anonymised information with the same care as personally identifiable information. But as Bill McLennan noted, the ABS is deliberately breaching the Australian Privacy Principles with its determination to collect names.
It’s important to understand that this means the ABS has fundamentally changed the nature of the census. It is retaining your name and address not merely for “organisational efficiencies” at the cash-starved bureaucracy, but to undertake something very different to a traditional census. It has gone from being a periodic snapshot of Australia, intended to inform policy development, to being an iterative, permanent, lifelong surveillance project in which every Australian will be tracked down to the most personal details of their lives, compulsorily. This is no longer a census in the sense most citizens understand it, but ongoing surveillance.
Moreover, the tracking won’t just be via future censuses, but through other means of forced data collection like the ABS’ random surveys, in which households are picked and made to furnish extensive detail of their lives to intruders from the ABS under threat of fines and jail (read about what the ABS did to Shirley Stott-Despoja).
Despite the ABS’ protestations, it cannot offer any guarantees about how this data will be used: it would be straightforward for a future government to take the data from successive censuses and forced surveys, re-identify participants and use the richly detailed picture of every citizen that it provided for political purposes. Or a future government could decide that such incredibly rich data should be monetised, offering blithe assurances that it has been “anonymised” as it is sold to the private sector. And all of us will be in the database.
Moreover, the ABS’ own approach to data security raises questions: journalist Asher Wolf discovered on the weekend that ABS census collectors are using their own personal phones to scan barcodes via a special ABS app, meaning that phones already infected by malware, or which become infected in the future, may provide a conduit for information to be stolen. The significant shift of census data collection to online is also dependent on the ABS website being absolutely secure as Australians are forced to upload extensive personal information: a Twitter user has pointed out the ABS site is using a lower level of certificate-based encryption that makes it vulnerable to interception attacks, especially foreign governments that would view such a rich account of every citizen in the country as a valuable target. Companies that trade in huge amounts of personal data, like Google and Facebook, use higher standards; indeed, Google has been pushing for abandonment of the SHA-1 algorithm that the ABS is relying on and will stop accepting it in five months’ time.
As Crikey noted earlier this year, there’s only one way of guaranteeing the security of data: don’t store it in the first place. But the ABS is determined to do so, in violation of Privacy Principles, the warnings of the Privacy Commissioner about the pseudo-anonymity of data, and a growing army of Australians who object to their privacy being systematically violated by bureaucrats. And it is doing so in a way that raises real questions about the security of your data. The only alternative for anyone interested in protecting their privacy is to refuse to cooperate with what is called a census, but which is now lifelong surveillance.
Next: What to do protect yourself against the ABS