Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

Archive for August, 2016

Census privacy woes

Updated 8-8-1026

Well. I have been swearing a lot in the last two days at my television. Mostly that’s because the ABS’s chief statistician David W. Kalisch seems to have no fucking clue when it comes to the privacy problems with the 2016 Census.

Now I want to say something very clearly. I fully support the census, I believe in it, it provides wonderful and valuable data, and I believe all Australians should fill out all census data honestly and fully. Census data is used to track trends that include the aging population and the distribution in non-communicable diseases, among other things.

By saying that I should also note that there are three things the ABS does not need to know for comprehensive census data: they don’t need to know your name, they don’t need your exact address (but they do need your location), and they don’t need your DOB (your age alone should suffice).

I will be filling out a paper census form which will include all the information the ABS needs, and none of the information they don’t need. That is: it won’t have my name address and DOB. I would fully encourage everyone else to do so, but please be aware that legally you may face a fine if you do not provide all information, or if you provide misleading information. I am willing to risk that, and I believe Section 12 of the Human Rights Act 2004 (ACT) protects me and other Canberrans from being forced to hand over personally identifiable information in the census.

Why is there a problem?

I have identified three very serious problems with the 2016 census. There could be more issues that privacy experts are aware of, but these are the issues that I have identified as a layperson who has a track record for strongly supporting privacy. The ABS says the name and address information is stored separately from the census forms, but there are two big problems with this. Number one: they are still connectible. To give an example, Lance Armstrong’s doping was revealed because the ‘anonymity process’ was not comprehensive, and the ‘de-identified’ samples were still connectible to their owners – thus they weren’t fully de-identified. Now in his case he deserved to get exposed, but we’re talking about 23 million Australians, most of which are innocent of any serious crimes.

So for security reasons alone, names and addresses should not be stored at all. They are a target for hackers, or unscrupulous ABS workers who want to steal the information and sell it – which is something that has already happened with two ABS workers persecuted for it just last year! Furthermore, we don’t have electronic voting in Australia because it was shown that doing so could compromise the integrity of the electoral system. And I would further note that with the Australian-invented “secret ballot”, ballot papers must not be in any way identifiable to their owners.

Second is that it’s not ethical. What I mean by this is that in research it is not ethical to ask questions to which you don’t need to know the answer to. A person’s name has no benefit whatsoever to the census data. Yes it can be used in a database of its own to find out how many people have what name and what the most common newborn names are, however it absolutely does not need to be identifiable with the census, and I am shocked to know that it doesn’t go straight into a completely separated database from the rest of the census data. It can of course also be checked against the electoral roll to check that everyone filled in a census, however, that should be a completely separate database just as it is in elections (there is no way for your ballot paper to be identified to you, unless you write your name on it in which case it’s an informal ballot and not counted).

Third of course is privacy. And for this I’ll just give an example. Let’s say you are a victim of domestic violence. When you enrol to vote you are allowed to enrol without an address so that your safety is upheld (no one in the AEC can leak your address to your violent ex-partner). Same principle with census – if the data is there it can conceivably be accessed from someone in the ABS who is a perpetrator of domestic violence, and by statistics alone (the stats that are published by the ABS themselves) you would in fact have to assume there are people in the ABS in high positions of power who are perpetrators of domestic violence. For this reason alone, names and addresses should not be even on the same form as the census, let alone be identifiable to the forms they belong to.

I am very dissatisfied with the process for obtaining my census form. As of today (8th of August) I still have not received my census form, despite ordering it at the earliest opportunity! What kind of monkeys are running a census that doesn’t even get the forms to people in time for the census itself? I have never in my life filled in the form early or late, and I don’t want to – I want to fill it in tomorrow on the 9th of August! And I would further note the ABS has completely stuffed this shit up, even if you call the number provided to order the paper form they never ask you how many forms you need, even though on their own website it says people can request additional forms for privacy, in case you don’t want your house-mates or family reading your answers. And that’s not trivial either, some people become an atheist, but are afraid to tell their spouse or parents; and others join religions they would feel stigmatised if their family or house mates knew about. So here’s a tip: if you want two forms say you have 8 people in the house when using the automated ordering process, and that will force them to send two without you needing to call again (and if it doesn’t have a privacy envelope then just use your own if necessary).

So in conclusion, I will be filling out the census completely, and I encourage everyone to do so. Please think carefully about your privacy, these issues are not trivial. Do not think that I’m advocating for civil disobedience, or that you should not fill in the census – the census data is very valuable, please please fill it in.  I would very strongly recommend leaving your name and full address off the census form. By “full address” I do mean you should include your State and Postcode on the census form, probably your suburb as well, but not your full street address. I do not recommend using the online form. I believe (but I’m not a lawyer) that if you are in the ACT or Victoria that the Human Rights Act 2004 (ACT) s12 or Charter of Human Rights and Responsibilities Act (Vic) 2006 s13 protects you from being forced to hand over your full name and full address on your census form. It would be a good idea to cite the relevant Act if applicable to you.