Adventures in Engineering

I’m leaving Australia

There I said it, I’m leaving Australia! And here’s why.

On August 9th (in exactly two weeks) I’ll be flying out of Australia. Why you ask? Good question.

The Australian Census (more formally known as the Census of Population and Housing) is a compulsory survey of everyone in Australia, and of their dwellings and its happening on August 9th. In short, its everything about you, your family and fellow household occupants bundled up into once convenient survey submission to the Australian Bureau of Statistics (ABS). It even has the catchy ‘Get online on August 9’ marketing to convince us to fill it in online.

(I want it on record how much I resisted the temptation to make references to NBN and surveying Australia’s internet speeds – thats not the point of this post)

Whats wrong with a survey?

Nothing, to begin with that is. The census is by itself, quite harmless – actually its hugely beneficial for all sorts of reasons! It’s the census data (among other data sets) that help guide government spending and policy. It gives us transparency into our nations growth as we change over time. In fact the ABS sum their role up quite nicely:

We also have an important leadership role, coordinating statistical activities and collaborating with official bodies in the collection, compilation, analysis and distribution of statistics. This assists in maximising the value of government investment on these activities, and ensures outputs are fit-for-purpose. Australian Bureau of Statistics Updated March 30 2016

In essence its anonymous information about our heritage, religion, income, health, education etc

BUT

This year, the ABS want to record and store our names and addresses along with that data – and this alarms me greatly!

Whats wrong with my name and address?

In previous years your address and name have been removed from the data set. By keeping your name and address the ABS can correlate your data with all sorts of other sources. A freedom of information request by James Smith reported by The Whistleblower network exposed the fact that the ABS may (and not limited to) link this apparently anonymous data set to:

FaHCSIA welfare payments data, Centrelink unemployment benefits data, Medicare and Pharmaceutical Benefits Scheme data, Australian Immunisation Register, the AEC electoral role, and other nationally important datasets.

I’m not OK with this

Do you trust the government?

I sure don’t. And its nothing political or personal (though I do have opinions on that topic too). It’s much more fundamental than this. This type of data should NOT be stored together – after all no systems is unbreachable (well ok, mostly).

As it stands, each government agency knows ‘a bit’ about me and thats cool. I’ve opted in to (most) of that. My worry is that with a central repository of the most personally identifying information in Australia’s databases, the ABS would become a honeypot for intrusion attempts. That database would be worth more than a few bitcoin on the dark web.

Government agencies aren’t foreign to digital intrusions (quote: “Massive breach may have exposed network connections to Defence, other agencies”). Nor are they particularly skilled in responsible disclosure(that moment when 500 tax file numbers lodged fraudulent returns).

But its ok folks because the ABS is difference. In December they announced the completion of a “Privacy Impact Assessment Report” whereby they reviewed themselves… guess what – gold stars all around! Of course its not the first time they’ve tried this, only the original and independent one in 2005 was somewhat less complimentary on the topic – I’d describe it as sufficiently scathing.

The ABS have admitted to telling porkies last time around

Despite some complimentary self reporting, the ABS Chief Mr David Kalisch admitted earlier this month that they had retained names and addresses last census for 18 months… This is despite a very clear commitment on the ABS website that “If a person does not explicitly agree to their name-identified Census information being retained their name and address information will be destroyed once statistical processing has been completed.”

So here’s my point. I don’t trust the ABS given their previous record on the matter. I don’t trust a government agency with this volume of PII data. And thats ignoring the pure technical requirements (appropriate encryption, access and security procedures) to handle this dataset.

Embracing my inner alarmist.

OK – I admit it’s entirely possible this whole thing will go harmlessly.

Or, Australia’s biggest data base of names, addresses, religion, wealth etc. could just just be the worst idea in the ABS’s history!

This delightful visualisation shows you the scale of the data breaches worldwide. Checkout the filter by government, data sensitivity and method of leak.

My friends, many companies don’t get data security right. What could possibly happen if the ABS doesn’t get it right too?

A conspiracy theorist and friend asked me if I was comfortable with One Nation being a 15 minute drive away from the ABS’s database of names, addresses and religion. What if ‘statistical’ yet identifying data about LGBTQI+ Australians was leaked to those less open minded?

This scares the proverbial out of me!

Alarmist yes, but still food for thought.

Doesn’t anyone complain?

They sure do! Friend and fellow alarmist Ben Dechrai has approached the ABS with little success. They’re now ignoring him on social media.

#censusfail has been trending somewhat around Australia as we slowly wake up to the intrusion.

Even the national broadcaster has reported that the census was a privacy threat.

So don’t fill it out!?

Nope – doesn’t work like that. This excellent write up from The Guardian highlights the $180 fine (and more):

Although the maximum penalty is one penalty unit – a $180 fine – a person could receive a series of directions relating to the completion of a single census form, potentially significantly increasing the fine

What can I do?

There is a wonderful site https://paperistheway.org/ dedicated to highlighting what you can do, the legalities (unofficial of course) and implications.

Ultimately, the only reliable and legal method of avoiding the collection of this data is to not be in Australia on Census night.

So I’m leaving.

Goodbye Australia. On August 9th I shall farewell you all as I depart on my international flight out of here in protest of this sneaky and alarming intrusion on our privacy. I’ll be working from Wellington, New Zealand on a working holiday, safe from inclusion in the census.

And I’ll see you again bright and early Thursday 11th when I return from my skip across the pond.

developerjack