In August 2016, the Australian Bureau of Statistics attempted to run the 2016 Census. The Census was plagued by privacy issues and technical mishaps, in what is potentially Australia’s biggest privacy blunder of the year. For the first time since the Census began, the ABS had decided to not only take down your name and address, but also store these details and link them together with other data sets. The Pirate Party would love to explain which data sets now are intrinsically linked to your information, but it turns out that not even the ABS has the answer to this question.
On Thursday 24 November 2016, the Senate Economics References Committee delivered its report on the 2016 Census. The report shows that the ABS ignored the results of a privacy assessment conducted by an external reviewer in 2005, an assessment which showed that retaining names and addresses had serious privacy implications. Instead, they decided to run their own internal privacy assessment in 2015, which surprisingly came to the complete opposite decision. The ABS then concluded on the basis of this self-run privacy assessment, along with a whole three submissions from the public (all of which expressed negative doubts about the retention of names), that retaining names was definitely a good idea.
The Pirate Party urges caution following the announcement by the Attorney-General, Senator George Brandis, that retrospective legislation will be introduced to criminalise the re-identification of de-identified government data. The threat of retrospective legislation may be a ploy to silence critics of the government for discussing flaws in government-published datasets without due process. Consequently, this may prevent anyone bringing security flaws in government practices to attention — including the attention of the Government.
In a media release issued on Wednesday afternoon the Attorney-General announced his intention to introduce new laws aimed at protecting data published by the Government. These changes appear to completely miss their mark, and may in fact criminalise the inspection of datasets for flaws and faults. The broad terms of the proposal could easily implicate any researchers in the field of data anonymity — anyone whose research involves examining datasets for potential privacy flaws.
As millions of people simultaneously attempted to log in to complete their census forms last night, the Australian Bureau of Statistics (ABS) servers failed under the enormous traffic load. The ABS has blamed this on a hardware router failure, a false positive in a monitoring system, and external attackers who were allegedly attempting to overload the servers through a distributed denial of service (DDoS) attack occurring at the same time. David Kalisch, head of the ABS, claimed that the servers were taken offline between 7:30 pm AEST, after which time the main social media accounts continued to advise people that there was no problem and to complete the Census forms until 10 pm.
“The public was advised prior to the Census that it would not be a target for attack. The claims made after the event call into question the competence of those who planned the Census, as well as the Minister responsible,” commented Simon Frew, Pirate Party President. “The ABS has already breached the public’s trust by admitting to retaining personal information and enabling the linking of external datasets. They have now made that worse by incompetently allowing the online data collection to fail.”
Despite the serious privacy concerns first raised by the Pirate Party in March, and now shared by thousands of Australians as well as the Greens, Nick Xenophon and Andrew Wilkie, the Australian Bureau of Statistics (ABS) has continued to forge ahead with the invasive 2016 Census. For the first time the ABS is planning to keep names for four years, linking very personal information asked by the Census questionnaire. Like many, the Pirate Party has raised objections to the collection of identifying information, and now calls on the ABS to declare the giving of “Name” and “Address” optional.
“The ABS has not properly consulted with the Australian public on this new, more invasive version of the Census,” said Simon Frew, President of the Pirate Party. “Names are not required by law according to former Australian Statistician Bill McLennan [PDF], and it is difficult to see how names could help with statistical analysis. Collecting names does, however, increase the danger of privacy breaches for Australian citizens which, given the ABS has been subject to 14 data breaches in the last three years, is particularly concerning. A simple way for the ABS put many Australians at ease is to make it optional for people to give their names and address.”
“Pirate Party Australia is proud to announce that digital rights are central to our campaign in the 2016 Federal election. Campaigning under the slogan ‘Transparency Liberty Digital Rights,’ or TLDR (Too Long Didn’t Read), we aim to reverse the trend of governments operating under an increasingly dense veil of secrecy, whilst subjecting citizens to increasingly intrusive surveillance.” said Lachlan Simpson, Pirate Party candidate for the Victorian Senate.
“The Internet has been under attack from successive governments. The Abbott/Turnbull government has passed a mass surveillance regime and legislation to enable Internet censorship, with the support of the ALP,” continued Lachlan. “We pledge to fight tirelessly for Internet freedom. Pirate Party Australia has an extensive platform on digital liberties and was formed precisely to oppose such attacks on our rights.”
Since 9/11 Australia has passed more than 40 different terrorism related pieces of legislation. These have generally been passed with bi-partisan support and include many attacks on basic human rights. We are now under warrantless mass surveillance, journalists can be jailed for reporting on investigations, citizens can be detained without charge and ASIO can theoretically hack the entire Internet under a single warrant. Continue reading