Governance & Risk Management , Privacy

Australia in Privacy Furor Over Census

Critics Oppose Mandatory Submission of Names and Addresses
Australia in Privacy Furor Over Census

A change in how long the Australian Bureau of Statistics retains elements of census data has roiled privacy advocates, who contend it unnecessarily exposes the country's population to data privacy risks.

See Also: A Look at Processing Principles Under the GDPR, CCPA, and the EU-US DPF

On Aug. 9, upwards of nine million households in Australia will participate in a national census, which is held every five years. But some are threatening to boycott the census, risking AU$180 (US$137) per day in fines.

The outrage over the census has been substantial for what in most countries is a large but relatively mundane exercise in obtaining an up-to-date snapshot of a nation's peoples. The fear is the government may mishandle the information or improperly secure it, exposing it to hackers. The ensuing kerfuffle has the potential to skew what is a key source of data to guide a country's policymaking.

The controversy is centered on a misconception that the ABS is only now requiring names and addresses of respondents. The ABS has always required people to give their names and addresses. But the use of paper census forms allowed people simply to not give the information, which has left people with the continuing impression that giving names and addresses was optional.

For this year's census, the ABS has strongly encouraged Australians to complete the census form online, a move that will save the agency tens of millions of dollars. The online form will not allow people to progress to other census questions unless their names and addresses are filled out.

The public relations disaster has put the ABS on the back foot, especially on social media, with some in the public claiming the census is part of a larger tracking program and a greater government conspiracy.

Liz Allen, a demographer with Centre for Aboriginal Economic Policy Research at Australian National University, has been defending the census over the past few weeks and its benefits for public policy. Since the controversy erupted, she has been harassed and received an anonymous death threat by email.

"There's a hell of a lot of misinformation that has sensible people frightened," Allen says.

Data Retention

One change has particularly riled critics. In previous censuses, the ABS destroyed names and addresses 18 months after it had completed its analyses.

The agency changed the length of time that it retains those names and addresses to up to four years before that data is destroyed. The extended period allows the agency to perform deeper data analysis, it says.

Critics contend a public consultation held last year was rushed and didn't fully explore the privacy impacts. Since the maximum four-year period is just a year shy of when the next census will be taken in 2021, some have argued that it means the agency will nearly continuously possess such data.

Australia is an outlier in even destroying names and addresses. Countries that retain that information include the U.K., Canada, New Zealand and the U.S.

Australians, however, have had one option. They could opt-in to give the ABS permission to retain their name and addresses - which are of great use to genealogists - for posterity. The information is released after a 99-year waiting period. By comparison, the waiting period in the U.S. for public release of census data is 72 years. In last census held in 2011, more than 60 percent of Australians opted in, according to the ABS.

The ABS has defended its extended retention of names and addresses, saying it allows the combination of census statistics with other national datasets collected by the government. The results are then used for formulating government policy in areas such as health, education and the economy.

But one of the more hyperbolic comments circulated in the Australian press came from Bill McLennan, who was Australia's chief statistician from 1995 through 2000. "This, without doubt, is the most significant invasion of privacy ever perpetrated on Australians by the ABS."

Anonymous Linkage

To ensure that it can accurately link data to other data sets, the ABS is converting names into a statistical linkage key, which is an anonymous identifier.

Kat Lane, vice president of the Australian Privacy Foundation, says it would be "dead easy" to reverse such an identifier given that it will be used to link to other sensitive government databases. "The unique ID is not safe in any sense," she says.

Electronic Frontiers Australia, a privacy watchdog, says the ABS has not described how it will generate the anonymous keys. But it speculated the key could be a SLK-581 identifier, which is a 14-character alphanumeric string that's composed of first and last names, birthdate and gender.

"Nominally it will be de-identified, but in practice it will be so rich that it will be readily re-identifiable," the EFA says in a blog post.

Allen contests those assertions and says that Australia is already well behind other nations that do census data analyses safely and securely.

The de-identification process used for the statistical linkage key can't be reversed, she says. Names and addresses are immediately separated from each other and from the remaining census data during initial processing.

"No single person within the bureau has access to all three points of data," Allen says. "It's on a need-to-know basis."

Breach Concern

The ABS has strongly encouraged Australians to complete the census form online containing a unique 12-digit code, which should be entered in the online form mailed to households.

The use of online forms, first offered for the 2006 census, is estimated to save the agency tens of millions of dollars over distributing forms by hand or mail. But there are still the usual concerns about submitting such sensitive information online.

Another worry is the ABS itself. While the agency has never experienced a breach of census data, the agency has reported 14 data breaches to the Office of the Australian Information Commissioner over the past three years, according to the Guardian newspaper.

Australia does not yet have a mandatory data breach reporting law, although the government has been mulling legislation for several years. The ABS opted to voluntarily report the breaches, which is usually customary for government agencies although there is no requirement.

The ABS has a strong incentive to have its house in order, though. Unauthorized disclosure of census information by an ABS official is punishable by a $21,600 fine and two years in prison.

Civil Disobedience

Social media have propelled the anti-census movement. On Twitter, a steady stream of messages have appeared with the hashtag #censusfail.

The opposition has also gained support from prominent Australians. On Aug. 9, the publication Crikey reported that South Australian Senator Nick Xenophon was planning on not supplying his name for the census.

On Aug. 4, Prime Minster Malcolm Turnbull tried to allay privacy concerns, saying that "the security of their personal details is absolute, and that is protected by law and by practice. That is a given," he said, according to the Australian Broadcasting Association.

Under the pretense of "informational purposes," Electronic Frontiers Australia published a list of techniques that Australians have used in the past to avoid participating in the census.

The group warned it wasn't advocating people to disobey the law and that census dodgers have been prosecuted before. Australians who don't fill out the census by mid-September could face a fine of $180 per day. Writing in misleading or false information is a $1,800 penalty.

Still, that hasn't stopped some for calling for drastic measures, including ripping up their census forms or in another vulgar example, drawing a phallus on the paper form. Lane of Australia's Privacy Foundation says the campaign against the census will continue even after the official day because there will be "plenty of people who objected."

Allen of Australian National University says the social media blowout has led to an exaggeration of the census' privacy risks. Without accurate data, it's harder for the government to make big policy decisions.

"Without complete and accurate data, we compromise the future of Australia," she says.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.