As of yesterday, I am a proud member of the Royal Numismatic Society of New Zealand.
It seems I will need to do other people’s jobs for them again… The mass media in Australia is, I am afraid, totally useless.
So, what is the problem with next week’s Census and why is it so difficult for everyone to explain it properly? It is so simple…
All sorts of articles state that “this is the first time the Census will keep people’s names and addresses for longer” and this is somehow bad and it is the only reason privacy advocates are up in arms. Then the Census people come along and tell us that – hey, no worries, we are going to separate these from the other data and keep them in some other location so if a hacker somehow hacks us she’ll be right.
Now, for one thing, how do they figure that the hackers will be able to hack only one system and not the other? Secondly, what makes them think they will hack it after the data is separated and not before? The Census will be filled in online by most people. The server accepting these Census forms is, by default, web-visible (it would not be able to get data otherwise). This is the most lucrative target for hackers, ever. A sitting duck and obvious target where the hypothetical hackers can get everything before it is processed, de-identified and what not. And much easier to hack than the secondary systems which will (hopefully) not be web-connected. However, given that the ABS has admitted 14 hacks already (that they know of) of backend systems, and recent news that the Chinese government hacked the network of the Bureau of Meteorology, I wouldn’t be too hopeful…
Not to mention that you do not even need to hack the thing. A bit of DNS poisoning like the hack which mysteriously re-routed web traffic to Iceland, a bit of meddling with the SSL certificates to get authentication on both ends, like what the Iranians did to read dissidents’ gmail accounts, and the data will come straight to you. You can then forward it to the ABS at your convenience, intact or edited.
For another thing, the promise that “names and addresses will be deleted after four years” is a blatant lie. Why four years and not three, for example? Well, because that’s when the next Census is planned for… After four years, the names will just be transferred to the new forms, these will be linked to the old forms and the old forms will still be connectable. In other words, speaking in database terms, the data will just be “normalised” (less redundancy) but not lost. In other words, they aim not for a “snapshot of Australia on Census night” as the brochure claims, but for a long-term surveillance tool.
This is entirely beside the point though, and where the media and everyone commenting fails. The above, dear everyone, is NOT the main problem with the Census. I will sum up the problem in two words: function creep.
Now, in some more detail…
Last time, we were told that names are optional and will be deleted after time. The ABS has already admitted that they lied and kept one million names, then connected them to other data sources for “longitudinal studies”. In conjunction with external “researchers”… This, in itself, should be enough to take the head of the ABS behind the shed and put him to the sword, or whatever it is they do in civilised countries in such cases. In Japan, he would have committed sepukku already.
So, as a PhD researcher, I need to get ethical clearance before I am allowed to interview a dozen people and ask them if they prefer red or green colour, but the ABS can just get the (extremely extensive and intrusive) information supplied to it in supposed confidence by a million people and give it out to “researchers” without so much as a by-your-leave? And the media registers not a squeak after the fact is revealed?
But wait, it gets even better…
They have actually said why they want to keep names and addresses. “The retained names and addresses will be used to generate anonymous linkage keys that will support the integration of census data with other datasets to provide new insights.” In other words, connect Census data to other datasets for “longitudinal studies”. Datasets like health records (mental health, specifically mentioned by the ABS…). Social security. Taxes. Education. Jobs. Childcare. Disability services. Homelessness services. Child protection. That’s what they have officially said already. Heaps of stuff they have not. What about car registrations? Company ownership? Immigration records (all dates when you have entered or left the country). Phone metadata. Internet metadata (and yes, you will be helpfully linking your data to your IP address by filling in the form online). And there is already a LONG list of organisations asking for free access to that.
So, let’s review some scenarios (things that already happened).
Person one is a builder. Travels from point A to point B regularly. Roadside cameras pick up his licence plate. Get datamined. Some algorithm marks him as dodgy (travels too often) – potential drug dealer. Gets stopped and “randomly searched”. Were the cameras put there for that purpose? No. Are they used for it now? Yes. Function creep.
Person two decides to be a whistleblower. Sends some documents about the NBN to a journalist. Article gets published. Somebody goes through the journalist’s metadata (phone and web), finds the whistleblower, his home gets raided. Was metadata supposed to be used this way? No. Is it used this way now? Yes. Function creep.
Person three takes his baby daughter to the doctor. Doctor suggests a prophylactic that Person three decides is not worth the risk (namely, a vaccine for a sexually transmitted disease). Centrelink then accesses baby’s health records. Marks baby as not fully vaccinated. Person three loses Family Tax Benefit A supplement. ATO then punishes him with further taxes, as a person not receiving FTB. Now, the (misnamed) Childhood Immunisation Register (it should be called Vaccination Register – vaccination is not the same as immunisation) is expanded to become all-of-life, and you can bet that anyone and their dog will have access to it. Was there supposed to be medical privacy when the register was created? Yes. Was it to be used for anything not medical? No. Is it used to financially punish parents now for exercising their right of informed medical consent? Yes. Function creep.
To make it even more scary, there are politicians already who want to use the new Adult register to deprive people of their JOBS if they have refused a vaccine.
The above examples are things that already happened. The latter one with not only the approval but with the active participation of Australian media, which actually initiated the legislation. Yes, in Australia a private company can push for legislation which breaks basic human rights, and get it.
Now, let’s run some future scenarios.
A bright ASIO lad (and no, don’t tell me that the ABS can refuse data if asked nicely by the ASIO) decides to connect Census data to car registrations to roadside cameras. To find out where young males of a certain persuasion drive their cars on a Saturday, for example. How long till another “random” police check blows this? And BTW, how do you persuade law-abiding Mr Mohammed Citizen when you do stop him randomly that this really is random, and not the result of such profiling? Apart from making it impossible to do such profiling in the first place?
How long till the above politicians call for some other “bad” people to lose their jobs? For any future definition of “bad”?
How long before our lovely friends across the Pond remind us of our Five Eyes intelligence alliance and demand some data? They already ask for your social media accounts before you are allowed on a flight to the US. Why not connect the dots to some other pieces of the puzzle, which we so helpfully collected and collated for them?
The head of the ABS “guarantees” that data will not be shared… Well no, sir. You cannot guarantee anything. Future legislation is out of your hands.
As for the researchers that the ABS wants to co-opt… Here’s what one of them says:
“If you were to ask people what medication they are taking, most probably wouldn’t be able to tell you or would find the topic too sensitive,” she says. “But linking the census data to pharmaceutical benefits records can get that data and get it linked to all sorts of other information without the need to go back to people over and over again.”
This explains it all… People find it sensitive and do not want to tell us what drugs they are on, but we’ll get the information anyway. For their own good.
And, let’s think for a minute. Just who is a “researcher” these days, especially in the field of health? Mostly corporate-funded researchers. These same large corporations that have (each and every one of them) been found guilty of fraud and outright criminal conduct? These same corporations that are building a global surveillance system to pick up dissenters from the “accepted truth” of their corporate-funded science? These same corporations that build “hit lists” of people who speak bad of their products, in order to destroy their reputations and careers?
You will now give them the data to enable them to do so?
And no, do not tell me it is all de-identified. If some American researchers can re-identify more than 90% of a sample without breaking a sweat, why wouldn’t a corporation with multi-billion dollar research and marketing budgets (which cover the creation of hit lists) be able to do it? You don’t even need to do it the hard way, like those researchers had to. You just start with your target (the person you are looking for, from your hit list), apply some filters to the sample data and there you have it.
- 47 years old, date of birth such-and-such
- PhD education
- works as a web programmer
- lives in suburb A
- works in suburb B
- entered Australia first in 2000
- speaks Bulgarian as primary language
- has a wife and two kids, dates of birth such-and-such
- etc. etc.
Well, how many people in the country match that profile?
No, ABS, I do not trust you with this.
Attached is a .pdf file of my submission to the Senate Inquiry regarding the idiotic “No Jab, No Pay” policy of the Australian government.
We (my wife and myself) are now proud members of the North Albert Field Archers club and the 3D Archery Association of Australia. Starting regular practice with my (ultra) traditional Grózer Nomad G 5 – Old Hungarian bow…
A significant problem of the dominant web search model is the lack of a realistic way to acquire user search context. Search engines use implicit feedback, which is extremely sparse and does not allow users to properly define what they want to know, or what they think of search results. In our proposed “web exploration engine”, which we implemented as a prototype, documents have been automatically pre-classified into a large number of categories representing a hierarchy of search contexts.
Users can browse this structure or search within a particular category (context) by explicitly selecting it. Keyword relevance is not global but specific to a category. The main innovation we propose is the “floating” query resulting from this feature: the original search query is re-evaluated and the importance of its features re-calculated for every context the user explores. This allows users to search or browse in a truly local (context-dependent) way with a minimum of effort on their part.
Article presented at The 14th Asia-Pacific Web Conference (APWeb) in Kunming, China (11-13 April 2012).
Download PDF version: Towards Real Intelligent Web Exploration (12 pages).
The Federal Government has announced it will withdraw tax benefits from families whose children are not immunised (news: http://www.abc.net.au/news/2011-11-25/immunise-or-lose-benefits-parents-told/3694236).
Immunisation is a (very invasive) medical procedure and as such requires informed consent by the patient. My son being less than 3 years old, it is my responsibility to care for his health and provide such consent. However, I have not been informed and the little I have learned about immunisation makes me believe it is more harmful than good.
What is often quoted by proponents of immunisation (the government included) are incidental studies confirming some benefits (X children were immunised, Y percent of them got a disease while we expected more of them to – hence it’s working). This is NOT convincing. People against immunisation cite opposite cases. Both of these approaches are based on anecdotal data. The FULL data is already available to the Australian government but is ignored . A simple correlation between various Medicare datasets could reveal how healthy immunised children are against how healthy not immunised children are (based on average yearly visits to the doctor resulting in prescribed treatment). This is a) not anecdotal evidence but based on the whole population, and b) revealing the whole picture (i.e. immunisation might save children from some diseases but weaken their organisms and open them up for others which are not studied in the cases supporting immunisation).
I requested the above information from Medicare but was denied it, on the basis that such a correlation would be too expensive to perform. If it has not been performed already (and made public), that means the government has neglected the facts and this new legislation is not based on fact but belief.
Furthermore, whatever the facts are, immunisation is a situation of balancing risks – definite risks from adverse side effects (which are admitted even by vaccine manufacturers) against hypothetical future risks of diseases. Decisions about such balance are personal and cannot be mandated by government. Putting financial pressure on me in order to accept one view point is an attempt to force me into a decision, whereas the law says I should be free to decide for myself.
Starting to get pissed off with how everyone just assumes it’s entirely OK to follow me around the web to see what I’m doing, what I’m searching for, who I talk to etc.
Last year my university email account was switched to GMail. I had some misgivings, but had no choice. Today, however, when I was searching for something on Google, I saw in the top right corner I am logged in as pavel.kalinov@my uni. Er… no, I am not – or rather, I should not be. I logged into my email account which is on a completely different domain. I specifically did not log into Google search, Google plus or whatever. What makes you think it’s OK to log me in and track me?
Furthermore, even if I log out at this point – I will still be tracked in a personally identifiable manner since logging out does not delete the cookie. So, emailed the letter below to IT support, will wait to see what they do and then send it to the Privacy Commissioner and/or the Telecommunications Industry Ombudsman (you need to resolve the issue with the offending company first before you go to them).
I am concerned about some features of my university email that have appeared recently (without my, and I believe the university’s consent).
Since the introduction of Google+ or whatever, I seem to be logged into Google all the time after I check my university email. I have a personal Google account, and now it seems another one was automatically created for me without my consent and it keeps “following” me whether I want it or not – I search for something on Google and it shows my uni account on top as being logged in. Well, I specifically logged into Griffith Mail, not Google Search. If I don’t want to be tracked there is nothing I can do. I can log out, but then I am logged out not only from search but from my mail as well, and I am still being tracked in a personally identifiable way even after that because the cookie in my browser still says who I am – it now just has a “logged out” status.
In short, I find this a violation of privacy which I think you should resolve between the university and Google as an email provider. The fact that they provide email (and through the university – I have had to accept that service as well) does not entitle them to follow me through their other online properties.
04/10/2011 update: got a phone call from a very helpful lady who suggested to try and de-link (or nuke altogether) my personal Gmail/Google+ account as some sort of mitigation. Tried it, turned out this was not the issue: (copy/paste)
after your phone call of a few minutes ago, I tried to go to Google and delete the linked account and any possible interference between my Griffith email and my private Gmail account. As it turned out:
- my private email does not interfere with this one (i.e. – they have not linked them)
- they have NOT created a Google+ account for me as I initially thought (though the issue coincided with Google+ becoming public)
- but, they have created an “ordinary” Google account for me, which still raises the original issue. Namely: it happened without my consent (and, more importantly – without your consent as a corporate customer – I don’t think you allowed Google to poach your clients and make them its own clients), and my web search/web browsing habits are now being tracked in a personally identifiable way through this created link between my Griffith email, Google search and Google Analytics (the tracking scripts of which are installed all over the place).
In short, they have misused your customers’ data in a very alarming way.
04/10/2001 next update, after an email basically advising me that Google changed stuff unilaterally and that’s all… (copy/paste)
as I said, the issue is not that I cannot access my other account – the issue is that I have a new Google search account at all (NOT apps, I mean I end up logged in to google.com while I am using the standard Google search feature; and, as you know, logging out does not delete the cookie but only changes the status to “logged out”). I haven’t investigated, but I guess I remain trackable all over the web through this cookie and Google Analytics scripts on millions of sites.
“In the past, Google Apps (@griffithuni.edu.au) accounts were cookied separately from Google Accounts (e.g. gmail.com)” – this was a correct behaviour.
“Your Google Apps account has undergone a transition, and now functions more like a full Google Account.” – this is overstepping the boundaries on the part of Google. Think of it as a “forced sale of a service” (the fact that it is “free” does not mean there is no price to pay – the price in this case is the user’s privacy, and Google make good money out of it through selling personalised ads on third-party sites).
Since I have no relationship with them but with you, I take the issue with you so you can then take it up with them as a corporate customer. As I said in my previous letter, you have outsourced a service with them and they are now poaching your clients and forcing additional services (at a cost to them – see above) with no opt out (not that it would make the practice acceptable, as services should be opt-in).
I recently sent a letter to Medicare Australia asking a simple question about the effectiveness of child immunisation, which I assumed would get an informative answer thanks to the Freedom of Information Act. However, I got a formal reply which basically told me I don’t need to know what asked, as other information was available online (with kind pointers to said other information). However, this other information is not relevant to what I wanted to know, namely:
- how many children in Australia are immunised and how many are not
- how many of both groups do get sick
So, this is my reply which I just emailed:
I am writing in response to your letter which I received today, refusing to supply the data I had requested re immunisation and other statistics for Australia.
I appreciate the effort you have made in pointing me to available resources, but they do not help me in finding what I want to know, namely: how effective immunisation is in actually preventing sickness.
- Immunisation statistics as such say nothing: knowing how many people in Australia are immunised means nothing if I don’t know how many of them later got sick, and I cannot compare it to the same figure for people who are not immunised.
- Immunisation studies are wonderful, anti-immunisation publications are also fascinating, but both of these are useless as they are not comprehensive; they are all “anecdotal” if they do not cover the whole population and for all cases. Being a researcher myself (although in a different field), I know what “selective reporting bias” means: if a method is successful in 40% of cases, I can conduct a set of 10 experiments and publish 4 (truthful!) studies saying how it is ALWAYS successful, and a further 6 truthful studies saying how it is NEVER successful. I believe this to be the case of immunisation and anti-immunisation publications (the latter of which do not get much official publicity).
The only useful information to settle the issue of immunisation effectiveness is the information you hold and which is NOT published: i.e., the correlation between children immunised in Australia and children with health problems in Australia: how many of one group have problems, and how many of the other group have problems.
In conclusion, I believe your letter was not informative in the sense I was seeking information and I need to repeat my request:
Can I please have the statistics of:
- children immunised / not immunised in Australia;
- members of both groups having health problems, defined as “average visits to the doctor per year which ended with a prescribed treatment that Medicare had to pay”. Additionally, it may be interesting to see the average dollar cost to Medicare of both groups per year.
A significant problem of the dominant web search model is the lack of a realistic way to acquire user search context. Search engines use implicit feedback, which is extremely sparse and does not allow users to properly define what they want to know, or what they think of search results. In our proposed “web exploration engine” documents have been automatically pre-classified into a large number of categories representing a hierarchy of search contexts. Users can browse this structure or search within a particular category (context). Search is truly “local” as keyword relevance is not global but specific to the category. The main innovation we propose is the “floating” query resulting from this feature: the original search query is re-evaluated and the importance of its features re-calculated for every search context the user explores. Additionally, users can provide explicit feedback, which automatically modifies the search query.
This article was submitted to the 12th International Conference on Web Information System Engineering (WISE 2011) in Sydney, Australia (13-14 October 2011).
Download PDF version: Towards Real Intelligent Web Exploration (14 pages).