It’s Census night.
Normally it’s relatively uncontroversial, but this time it’s different — a number of concerns have been raised by people, especially those interested in privacy and data security.
Some of the issues raised include:
Names and addresses to be kept for four years. This obviously creates a risk of privacy breaches if the data is compromised. It can happen, many organisations have suffered breaches, but you can only hope the ABS is taking every possible step so that it doesn’t.
Some argue that’s a red herring anyway – the linking to other data is what can really compromise your privacy, because the “Statistical Linkage Key” is likely to be able to be tracked back to individuals.
The definition of ‘census’ is “an official count”. I actually want to stand up and be counted. But only counted; not named or profiled or data-matched or data-linked, or anything else. The privacy risks of doing anything else are just too great.
— Anna Johnston, a former deputy privacy commissioner of NSW.
It’s online by default. I think this was a logical move; like the ATO, they’re looking for ways to speed up processing, improve accuracy and cut costs. (From memory I did it online last time.)
The logon came through the snail mail. Obviously not as secure as it being handed to you by a Census worker.
If you stop halfway through, apparently it sends you a password so you can later resume, as plain text via email. That’s a pretty silly security slip-up. (It seems the workaround is to make sure you do it in one go.)
The web site is enabled for old insecure protocols such as SHA-1. This can make possible “man in the middle” attacks that could intercept your data, but presumably only old browsers that don’t support SHA-2 would be vulnerable.
They probably should have just used SHA-2 exclusively, given we’re talking about very old (15+ year) browsers and operating systems (older than Windows XP), which probably have lots of other vulnerabilities as well, because they’re no longer supported.
Not so much a privacy concern, but apparently you can’t enter accented names. That’s just silly stuff. Perhaps that’s linked to them wanting to generate the Statistical Linkage Key partly from your name, but it seems odd given we’re a multicultural society.
How serious are the privacy issues? As a friend, who is an expert in cyber security, noted:
…Realistically, the ABS are the least of our worries. MyGov is way way way worse, and there’s no pitchforks in the streets about MyGov.
Even if you dismiss the issues as minor or not worth worrying about, what’s more annoying and disappointing is they seem to have shaken the confidence of enough people that the results may be in doubt.
Several senators are refusing to fill in their names. Former privacy commissioners and a former Australian Statistician (eg ABS head) are objecting. Apparently some people have booked overseas flights to be out of the country tonight so they can legally avoid filling it in.
You’ll always have some paranoid people who won’t fill it in, or who mess it up. But this time it seems different.
Accurate census information is important.
The Howard government made most (all?) Census information free (previously much of it attracted a fee to access), and lots of organisations rely on it, for planning and for lobbying.
For instance PTUA and similar groups have often used census data to show the reality of transport in our cities, data to counter the road lobby’s rhetoric that we need more tarmac.
Census data showed that at most, 6% of journeys to work in Melbourne are along the alignment of the proposed East West Link tollway, compared to 45% of people working close to home, and 20% working in the CBD, showing EWL was never going to be a cure for traffic congestion in the area.
And it’s the same in all sorts of fields.
So anyway, I’ll fill in tonight’s census, but I’m not very happy about how it’s being run this time.
I just hope the data coming out of it isn’t fatally flawed, that the ABS’s promises on privacy are fulfilled, and that they think very carefully about how they run the next one.
- Scott Ludlam: the census should be delayed to restore trust and confidence
- Anna Johnston: Why I won’t be filling in the census
- Stilgherrian: Most of the privacy concerns are overblown. But by failing to address them, the Australian Bureau of Statistics is highlighting government arrogance, and poisoning its own well.
- ABS: Privacy, confidentiality & security
- Leslie Cannold: Protesting Oz Census 2016: What Legal Experts Say
— Daniel Bowen (@danielbowen) August 8, 2016
Update Friday 12/8/2016: Problems with the web site distracted from privacy concerns. Many people had issues filling it in online. First capacity (and allegedly a Denial Of Service attack) stopped people using it on Tuesday, Census night. It wasn’t until Thursday that the site was running again, and stupidly they blocked non-Australian DNS servers from seeing it, so people like me who use Google’s DNS couldn’t get to it.
By Friday when I got back to try and do it, my iPad (not using Google’s DNS, and meeting the minimum requirements of Safari on iOS 7) couldn’t make it work either. Eventually I completed it using a laptop. It really shouldn’t have to be this hard.
I still don’t know whether a temporary train replacement bus counts as a train or a bus. Physically it’s a bus, but statistically, isn’t it part of the train service?