It seems I will need to do other people’s jobs for them again… The mass media in Australia is, I am afraid, totally useless.
So, what is the problem with next week’s Census and why is it so difficult for everyone to explain it properly? It is so simple…
All sorts of articles state that “this is the first time the Census will keep people’s names and addresses for longer” and this is somehow bad and it is the only reason privacy advocates are up in arms. Then the Census people come along and tell us that – hey, no worries, we are going to separate these from the other data and keep them in some other location so if a hacker somehow hacks us she’ll be right.
Now, for one thing, how do they figure that the hackers will be able to hack only one system and not the other? Secondly, what makes them think they will hack it after the data is separated and not before? The Census will be filled in online by most people. The server accepting these Census forms is, by default, web-visible (it would not be able to get data otherwise). This is the most lucrative target for hackers, ever. A sitting duck and obvious target where the hypothetical hackers can get everything before it is processed, de-identified and what not. And much easier to hack than the secondary systems which will (hopefully) not be web-connected. However, given that the ABS has admitted 14 hacks already (that they know of) of backend systems, and recent news that the Chinese government hacked the network of the Bureau of Meteorology, I wouldn’t be too hopeful…
Not to mention that you do not even need to hack the thing. A bit of DNS poisoning like the hack which mysteriously re-routed web traffic to Iceland, a bit of meddling with the SSL certificates to get authentication on both ends, like what the Iranians did to read dissidents’ gmail accounts, and the data will come straight to you. You can then forward it to the ABS at your convenience, intact or edited.
For another thing, the promise that “names and addresses will be deleted after four years” is a blatant lie. Why four years and not three, for example? Well, because that’s when the next Census is planned for… After four years, the names will just be transferred to the new forms, these will be linked to the old forms and the old forms will still be connectable. In other words, speaking in database terms, the data will just be “normalised” (less redundancy) but not lost. In other words, they aim not for a “snapshot of Australia on Census night” as the brochure claims, but for a long-term surveillance tool.
This is entirely beside the point though, and where the media and everyone commenting fails. The above, dear everyone, is NOT the main problem with the Census. I will sum up the problem in two words: function creep.
Now, in some more detail…
Last time, we were told that names are optional and will be deleted after time. The ABS has already admitted that they lied and kept one million names, then connected them to other data sources for “longitudinal studies”. In conjunction with external “researchers”… This, in itself, should be enough to take the head of the ABS behind the shed and put him to the sword, or whatever it is they do in civilised countries in such cases. In Japan, he would have committed sepukku already.
So, as a PhD researcher, I need to get ethical clearance before I am allowed to interview a dozen people and ask them if they prefer red or green colour, but the ABS can just get the (extremely extensive and intrusive) information supplied to it in supposed confidence by a million people and give it out to “researchers” without so much as a by-your-leave? And the media registers not a squeak after the fact is revealed?
But wait, it gets even better…
They have actually said why they want to keep names and addresses. “The retained names and addresses will be used to generate anonymous linkage keys that will support the integration of census data with other datasets to provide new insights.” In other words, connect Census data to other datasets for “longitudinal studies”. Datasets like health records (mental health, specifically mentioned by the ABS…). Social security. Taxes. Education. Jobs. Childcare. Disability services. Homelessness services. Child protection. That’s what they have officially said already. Heaps of stuff they have not. What about car registrations? Company ownership? Immigration records (all dates when you have entered or left the country). Phone metadata. Internet metadata (and yes, you will be helpfully linking your data to your IP address by filling in the form online). And there is already a LONG list of organisations asking for free access to that.
So, let’s review some scenarios (things that already happened).
Person one is a builder. Travels from point A to point B regularly. Roadside cameras pick up his licence plate. Get datamined. Some algorithm marks him as dodgy (travels too often) – potential drug dealer. Gets stopped and “randomly searched”. Were the cameras put there for that purpose? No. Are they used for it now? Yes. Function creep.
Person two decides to be a whistleblower. Sends some documents about the NBN to a journalist. Article gets published. Somebody goes through the journalist’s metadata (phone and web), finds the whistleblower, his home gets raided. Was metadata supposed to be used this way? No. Is it used this way now? Yes. Function creep.
Person three takes his baby daughter to the doctor. Doctor suggests a prophylactic that Person three decides is not worth the risk (namely, a vaccine for a sexually transmitted disease). Centrelink then accesses baby’s health records. Marks baby as not fully vaccinated. Person three loses Family Tax Benefit A supplement. ATO then punishes him with further taxes, as a person not receiving FTB. Now, the (misnamed) Childhood Immunisation Register (it should be called Vaccination Register – vaccination is not the same as immunisation) is expanded to become all-of-life, and you can bet that anyone and their dog will have access to it. Was there supposed to be medical privacy when the register was created? Yes. Was it to be used for anything not medical? No. Is it used to financially punish parents now for exercising their right of informed medical consent? Yes. Function creep.
To make it even more scary, there are politicians already who want to use the new Adult register to deprive people of their JOBS if they have refused a vaccine.
The above examples are things that already happened. The latter one with not only the approval but with the active participation of Australian media, which actually initiated the legislation. Yes, in Australia a private company can push for legislation which breaks basic human rights, and get it.
Now, let’s run some future scenarios.
A bright ASIO lad (and no, don’t tell me that the ABS can refuse data if asked nicely by the ASIO) decides to connect Census data to car registrations to roadside cameras. To find out where young males of a certain persuasion drive their cars on a Saturday, for example. How long till another “random” police check blows this? And BTW, how do you persuade law-abiding Mr Mohammed Citizen when you do stop him randomly that this really is random, and not the result of such profiling? Apart from making it impossible to do such profiling in the first place?
How long till the above politicians call for some other “bad” people to lose their jobs? For any future definition of “bad”?
How long before our lovely friends across the Pond remind us of our Five Eyes intelligence alliance and demand some data? They already ask for your social media accounts before you are allowed on a flight to the US. Why not connect the dots to some other pieces of the puzzle, which we so helpfully collected and collated for them?
The head of the ABS “guarantees” that data will not be shared… Well no, sir. You cannot guarantee anything. Future legislation is out of your hands.
As for the researchers that the ABS wants to co-opt… Here’s what one of them says:
“If you were to ask people what medication they are taking, most probably wouldn’t be able to tell you or would find the topic too sensitive,” she says. “But linking the census data to pharmaceutical benefits records can get that data and get it linked to all sorts of other information without the need to go back to people over and over again.”
This explains it all… People find it sensitive and do not want to tell us what drugs they are on, but we’ll get the information anyway. For their own good.
And, let’s think for a minute. Just who is a “researcher” these days, especially in the field of health? Mostly corporate-funded researchers. These same large corporations that have (each and every one of them) been found guilty of fraud and outright criminal conduct? These same corporations that are building a global surveillance system to pick up dissenters from the “accepted truth” of their corporate-funded science? These same corporations that build “hit lists” of people who speak bad of their products, in order to destroy their reputations and careers?
You will now give them the data to enable them to do so?
And no, do not tell me it is all de-identified. If some American researchers can re-identify more than 90% of a sample without breaking a sweat, why wouldn’t a corporation with multi-billion dollar research and marketing budgets (which cover the creation of hit lists) be able to do it? You don’t even need to do it the hard way, like those researchers had to. You just start with your target (the person you are looking for, from your hit list), apply some filters to the sample data and there you have it.
- 47 years old, date of birth such-and-such
- PhD education
- works as a web programmer
- lives in suburb A
- works in suburb B
- entered Australia first in 2000
- speaks Bulgarian as primary language
- has a wife and two kids, dates of birth such-and-such
- etc. etc.
Well, how many people in the country match that profile?
No, ABS, I do not trust you with this.