Census – vital, but confidence has been eroded

It’s Census night.

Normally it’s relatively uncontroversial, but this time it’s different — a number of concerns have been raised by people, especially those interested in privacy and data security.

Some of the issues raised include:

Names and addresses to be kept for four years. This obviously creates a risk of privacy breaches if the data is compromised. It can happen, many organisations have suffered breaches, but you can only hope the ABS is taking every possible step so that it doesn’t.

Some argue that’s a red herring anyway – the linking to other data is what can really compromise your privacy, because the “Statistical Linkage Key” is likely to be able to be tracked back to individuals.

The definition of ‘census’ is “an official count”. I actually want to stand up and be counted. But only counted; not named or profiled or data-matched or data-linked, or anything else. The privacy risks of doing anything else are just too great.

Anna Johnston, a former deputy privacy commissioner of NSW.

It’s online by default. I think this was a logical move; like the ATO, they’re looking for ways to speed up processing, improve accuracy and cut costs. (From memory I did it online last time.)

The logon came through the snail mail. Obviously not as secure as it being handed to you by a Census worker.

If you stop halfway through, apparently it sends you a password so you can later resume, as plain text via email. That’s a pretty silly security slip-up. (It seems the workaround is to make sure you do it in one go.)

The web site is enabled for old insecure protocols such as SHA-1. This can make possible “man in the middle” attacks that could intercept your data, but presumably only old browsers that don’t support SHA-2 would be vulnerable.

They probably should have just used SHA-2 exclusively, given we’re talking about very old (15+ year) browsers and operating systems (older than Windows XP), which probably have lots of other vulnerabilities as well, because they’re no longer supported.

(As far as I can see, using a recent web browser gets you onto a site that uses SHA-2, so it should be okay? Besides, Stilgherrian says it’s only the Census help web site that is vulnerable.)

Not so much a privacy concern, but apparently you can’t enter accented names. That’s just silly stuff. Perhaps that’s linked to them wanting to generate the Statistical Linkage Key partly from your name, but it seems odd given we’re a multicultural society.

How serious are the privacy issues? As a friend, who is an expert in cyber security, noted:

…Realistically, the ABS are the least of our worries. MyGov is way way way worse, and there’s no pitchforks in the streets about MyGov.

Hmmmm!

Confidence

Even if you dismiss the issues as minor or not worth worrying about, what’s more annoying and disappointing is they seem to have shaken the confidence of enough people that the results may be in doubt.

Several senators are refusing to fill in their names. Former privacy commissioners and a former Australian Statistician (eg ABS head) are objecting. Apparently some people have booked overseas flights to be out of the country tonight so they can legally avoid filling it in.

You’ll always have some paranoid people who won’t fill it in, or who mess it up. But this time it seems different.

Accurate census information is important.

The Howard government made most (all?) Census information free (previously much of it attracted a fee to access), and lots of organisations rely on it, for planning and for lobbying.

For instance PTUA and similar groups have often used census data to show the reality of transport in our cities, data to counter the road lobby’s rhetoric that we need more tarmac.

Census data showed that at most, 6% of journeys to work in Melbourne are along the alignment of the proposed East West Link tollway, compared to 45% of people working close to home, and 20% working in the CBD, showing EWL was never going to be a cure for traffic congestion in the area.

And it’s the same in all sorts of fields.

So anyway, I’ll fill in tonight’s census, but I’m not very happy about how it’s being run this time.

I just hope the data coming out of it isn’t fatally flawed, that the ABS’s promises on privacy are fulfilled, and that they think very carefully about how they run the next one.

PS:

Update Friday 12/8/2016: Problems with the web site distracted from privacy concerns. Many people had issues filling it in online. First capacity (and allegedly a Denial Of Service attack) stopped people using it on Tuesday, Census night. It wasn’t until Thursday that the site was running again, and stupidly they blocked non-Australian DNS servers from seeing it, so people like me who use Google’s DNS couldn’t get to it.

By Friday when I got back to try and do it, my iPad (not using Google’s DNS, and meeting the minimum requirements of Safari on iOS 7) couldn’t make it work either. Eventually I completed it using a laptop. It really shouldn’t have to be this hard.

I still don’t know whether a temporary train replacement bus counts as a train or a bus. Physically it’s a bus, but statistically, isn’t it part of the train service?

If you enjoyed this post, please consider leaving a comment. You can subscribe via feed reader RSS, or subscribe by email. You can also Follow me on Twitter, or Like the blog on Facebook.

8 Replies to “Census – vital, but confidence has been eroded”

  1. Yes, I’ll fill out my Census form but have reservations.
    ABS state that one reason it asks for your name is to increase data quality “by combining it with other national datasets to better inform government decisions”. I’m not sure I want my Census data cross-matched in this way.

  2. If we were to summarise the situation as if we were a film maker mangling a biblical passage, we might say the path of the community-minded citizen is beset on all sides by the proponents of anarchy and the ignorance of those who aren’t interested in statistics.

  3. I recall that the paper census forms used to have a perforation on the front page where you wrote your name and address – the idea being that once your household had been ticked off the roll and coded to what used to be called a Collection District (now a Mesh Block), the uniquely identifying portion was torn off and destroyed.

    That has always been the role of the ABS – as an agency for collection of aggregate statistics, not for compiling personal dossiers on Australians. The census record itself is fairly innocuous, but not if it’s capable of being linked to health, education and tax records: that kind of information in the wrong hands can do a lot of damage.

  4. Is it possible to “lodge” (distinct from “complete”) the census prior to the census date? I’ve learnt of someone who claims to have lodged it the night before. That doesn’t seem appropriate.

  5. All of the above are valid points but moot as well, cos the bloody thing doesn’t even work.
    I’ve been trying for three hours and no luck at all.

  6. The census femsplainers on Facebook said that if you were in a hotel, caravan park, or campsite on 9th August, you’d be given a form. Did not happen.

    So now, on 11th August, I’m at a different campsite. Can I get a form here ? Sorry, they gave them all away on Tuesday.

    Bwilliant!

  7. Kevin, I worked on several past censuses. It was always possible to fill in the census, either on paper on online ( last time ), a few days before or after the official date. As long as you are not planning to move, die, or have another baby in between.

    This notion that it should be done “on the day” has been taken up by trolls of one kind or another, big-time.

  8. Enno #7, nothing wrong with “completing” the form prior to the census date, as long as it is not “lodged” (or “submitted”) prior to then so it can be altered if an error is inadvertently made. Are you saying the census form could be submitted before the census date? Not if it was collected by a census collector! Nowadays, ok, maybe they are willing to accept an error tolerance introduced by people submitting it earlier?

Comments are closed.