Paramountreader comments 40
Share this story
Next Tuesday is the day Australians must fill in—correctly—their census forms, or face a fine. However, many may be willing to take that risk as the Australian Bureau of Statistics (ABS) will rather extraordinarily be storing names and addresses in addition to the usual census results.
Previous census forms have collected this information, but respondents were allowed to opt-in to having personally identifiable information retained.
This time, the ABS wants to keep the information on record until 2020.
This has provoked both privacy and security concerns.
The bureau’s former chief statistician Bill McLennan called it “the most significant invasion of privacy ever perpetrated on Australians by the ABS,” and even Apple co-founder Steve Wozniak weighed in to say the data retention plans were “unethical.”
Others claim the ABS cannot adequately protect sensitive data.
According to reports the ABS has had 14 data breaches since 2013.
The bureau says none of the breaches were related to census information, but the Australian Privacy Foundation said it still highlights how difficult it is to secure vast amounts of personal information once collected. Others pointed out that in the past names and addresses were not retained, making the census data a less attractive target for hackers.
Australian Minister for Small Business Michael McCormack told reporters on Wednesday that there has “never been a breach of the actual census data, [and] the ABS assures us that this won’t happen into the future.
They have assured me as the minister responsible, they’ve assured the government, that they have every protocol in place, every process in place to ensure that there isn’t a breach this time.”
Enlarge / An Australian census, with a ship in the background.
WILLIAM WEST/AFP/Getty Images
Not everyone is convinced.
Software consultancy ThoughtWorks published an opinion saying that although the census is good for evidence-driven policy, the 2016 census threatens confidence.
“It is our belief that claims that the risk of data leaks are low may not be correct.
In light of the security threats observed in recent years, we are afraid that no matter how strong the security capability of the ABS, the risk is real and should this data leak, the impact would be immense.
As one example, consider the impact on an individual should their information end up with a fraudster or violent ex-partner,” said the company while advocating data minimisation.
“Not only is securing data difficult, when it is leaked it is impossible to retrieve.
Consider that the NSA, one of the world’s most well-funded and capable security organisations, was unable to prevent the leaking of thousands of documents about its operations.
It is only by reducing the amount of data that we hold that we can reduce the impact when it leaks,” said the ThoughtWorks statement.
IBM security architect Philip Nye tweeted that the census was almost certain to be hacked. He later deleted his comment—IBM has Australia’s census security contract—but not before media grabbed a screenshot.
Meanwhile, data scientists are concerned data integrity will be harmed as many people may refuse to complete the census or deliberately provide false information as an act of civil disobedience, even though it is illegal to do so. “Even on a relatively small scale, acts of civil disobedience with regard to the census could seriously skew the data,” warned privacy advocacy group Electronic Frontiers Australia.
The ABS will certainly try to force compliance—fines range from AUS$1800 (~£1,000 or ~$1,370) for providing false information to AUS$180 per day for failing to submit the form.
But the agency will have no real way to verify the answers provided by those who do complete the form as accurate.
Failure to vote in the Federal Election last month resulted in only a AUS$20 fine.
Electronic Frontiers Australia has set up a website, CensusFail.com, to give advice to Australians concerned that their personally identifying information will be linked to other sensitive information such as religion, income, etc., in the census form.
The ABS says it will store names and addresses separately from other census responses, with names replaced by “anonymous linkage keys.” However it is not clear how these will be generated. According to Electronic Frontiers Australia, the keys are likely to be a “14 character alphanumeric string made from components of your first and last names, birthdate, and sex.”
“Please note the authors of this site do not advocate that any person provide false or misleading information on their census form,” continues the organisation before proposing “hypothetical” scenarios: “Without falsifying data, if you were to accidentally enter your first name where it asks for a surname (and vice versa) you can see this would have a significant effect on the identifier created.
Similarly, Wliliam Smiht, who suffers from some mild dyslexia, or Jaane Thhompson, who has an annoying, sticky keyboard may also find their data is matched to a smaller number of external datasets.”
Around 66 percent of Australians will answer the census online—provided they have Windows XP (Service Pack 3), Vista, 7, 8, 8.1 and 10, Mac OS X 10.7 Lion or later, Android 4.2 or later, or iOS 7.0 or later. However this will allow the bureau to store even more information as it retains IP addresses, and requires all questions apart from religion to be answered: blank fields are not an option.
The ABS says that filing in the form online “helps improve your security.” According to the law, the bureau is obligated to comply with both the Census and Statistics Act 1905 and the Privacy Act 1988, which mention the words “Web,” “Internet,” and “online” exactly zero times.
Nonetheless, Australia’s chief statistician and head of the ABS, David W. Kalisch, believes that Australians will “willingly and even eagerly” complete their census forms.
“The Census guides Government funding for essential services and infrastructure and is crucial in setting electoral boundaries, allocating Australian government funding to states and territories, planning educational and health services, and other infrastructure for local communities,” he wrote on July 22.
“I urge everyone in Australia to join me and share in the excitement of this once-in-a-five-year opportunity.
Australians have no cause for concern about any aspect of this Census, and can have ongoing trust and confidence in the ABS,” he continued before addressing the elephant in the room.
“In 2016, I’ve decided to keep names and addresses for longer.
This is for statistical purposes only, and will increase the value of census data.
This will enable the ABS to produce statistics on important economic and social areas such as educational outcomes, and measuring outcomes for migrants. My decision followed community consultation, direct engagement with the Australian Information Commissioner and each State and Territory Privacy Commissioner, and a Privacy Impact Assessment (PIA),” said Kalisch.
“Key measures to safeguard information include strong encryption of data, restricted access on a need-to-know basis and monitoring of all staff, including regular audits,” explains the ABS website.
“No one working with census data will be able to view your personal information (name or address) at the same time as your other census responses (such as age, sex, occupation, level of education or income).
Stored separately and securely, individuals’ names will also be substituted with a linkage key, a computer generated code, completely anonymising the personal information.
The security measures in place have been independently tested and reviewed to ensure that your personal information is secure.
The connection from the user’s computer to the online form is protected using, at a minimum, 128-bit TLS encryption,” says the ABS.
Ars has asked IBM for more information about security measures, but had not received a response at time of publishing.
This post originated on Ars Technica UK
Paramountreader comments 40