2016 Census Change: Another Attack on Privacy

The 2016 Census is hardly a forum you’d expect to become a battleground for civil liberties, but this is precisely what is occurring due to the Australian Bureau of Statistics’ (ABS) unprecedented plan to retain personal data.

On December 18 last year, the ABS announced that this year’s census would, for the first time, retain the names and addresses of everyone that fills it out, ostensibly “to enable a richer and dynamic statistical picture of Australia”.

At the time, the announcement seemed to slipped through the cracks, but as the August deadline creeps closer, civil rights and privacy advocates are speaking up. In a recent op-ed for ABC’s The Drum, Chris Berg, a Board Member of Digital Rights Watch Australia, warned readers about the dangers of letting Government collect too much personal data:

“As the ABS change shows, the debate over warrantless mandatory data retention was just the tip of the iceberg…. But to the extent we have an interest in protecting ourselves against government excesses, we have an interest in denying governments carte blanche to collect information. We are not just data points in a planner’s spreadsheet.”

Since 1971, it’s been standard practice for the ABS to destroy information that could be used to identify individuals once the other information on the form is transcribed. It wasn’t until 2001 that the Government introduced an opt-in system, that gave Australians the choice to allow their name-identified information to be kept. That will change this year – from now on, the ABS will keep those personal details, whether you like it or not.

Why does the ABS want this information?

The ABS says the move will improve data analysis by allowing the organisation to combine census data with other sources.

“The retention of names and addresses would support the integration of census data with other survey and administrative data to provide a richer and dynamic statistical picture of Australia,” an ABS representative said.

“Keeping the names and addresses would benefit the ABS and wider community by allowing for higher quality surveys in areas such as small or highly mobile population sub groups of policy interest; providing organisational efficiencies such as through a new address register; and enabling more flexible geospatial outputs.”

Examples given included combining ABS data with education records to “provide insight into employment outcomes from the various educational pathways available to Australians”, and cross referencing it with health data to “help improve Australia’s understanding and support of people who require mental health services”.

A recent privacy assessment conducted by the ABS claimed that retaining names and addresses has “very low” risks to privacy, confidentiality and security.

It states: “Under this proposal, names and addresses would be stored separately from other household and person data collected in the Census. Names and addresses would also be stored separately from each other. Addresses and anonymised versions of names would only be used for projects approved by a senior-level committee, and would be subject to strict information security provisions. ”

According to the ABS, the assessment process includes consultation with the Australian Privacy Commissioner, as well as state and territory privacy commissioners. Should it decide to keep the data, the ABS promised the information would be made anonymous before it is released.

“Addresses and anonymous versions of names will only be used for approved projects,” the statistics agency said.

Why do people think this is a bad idea?

Despite the ABS’s best efforts, no data stored digitally is 100% safe – and a database leak that contained the names and addresses of all Australians could put the recent Ashely Madison and Sony hacks to shame.

And privacy risks don’t just come from hackers. Government departments have a poor record of protecting information from their own staff. The Department of Human Services admitted there were 63 known episodes of unauthorised access to private files by its staff between July 2012 and March 2013. The South Australian Police Force accuses up to 100 of its own members of unauthorised access to police files every single year.

And of course, what are considered legitimate and illegitimate uses of data can change over time. Rules written in 2016 could be changed in 2026. The data collected now might be used for a very different purpose down the track.

Privacy consultant Nigel Waters, who has previously advised the ABS on these issues, warned that the pool of data could be misused by governments and hackers alike, calling it “the biggest honey pot of information that was ever created in terms of its attractiveness to commercial organisations or to hackers”.

“In privacy terms, it’s clearly a major intrusion and one that is going to be unwelcomed to a lot of people,” Mr Waters said.

“Secondly, it’s not worth the risk in terms of the integrity of the census data, which is very important for the nation — because if people really can’t trust the information they give is going to be kept confidential … then they’re either going to sabotage it by giving the wrong information, or refuse to give the information in the first place.”

As more of our lives are uploaded online, the importance of discussing limits on data collection by companies and Governments will only grow in relevance. Last year, there was outrage when it was revealed that Opal card data was being used for surveillance purposes, but as the ABS shows, this was only the tip of the iceberg.