Australian census debacle generates both troubling and encouraging signs for privacy

The census website's failure has flared up a major debate over individual privacy Down Under.

au-census.jpg

The embarrassing recent failure of Australia's census website has sparked massive controversy Down Under, with politicians, bureaucrats and systems integrator IBM caught up in a wave of recrimination from the public.

A denial-of-service attack from parties unknown, exacerbated by peak demand and firewall failures, is said to have caused the performance failure. But IBM is also coming under fire from government officials, who say it designed the site shoddily and also failed to provide enough backup infrastructure.

Census 2016: A case study in the confluence of failure

Many observers believe the debacle will hurt IBM's fortunes in winning future Australian government contracts, and that may well prove to be true. But more broadly, what the census failure has brought into relief is the meaning and value of personal privacy for Australia's citizens, and a judgment on its government's ability to respect it.

The census was already controversial due to the government's decision to retain name and address data for four years, rather than the 18-month span used in previous censuses. This caused public concerns over data security and privacy, which have only been exacerbated by the DoS attack and site failure.

Yet just prior to the census failure, no less than Michael McCormack, the government minister in charge of the census, said it was "no worse than Facebook" as far as privacy goes, and called worries about people being tracked through its data collection "much ado about nothing."

McCormack's statements were "shocking" in their ignorance, says Constellation Research VP and principal analyst Steve Wilson, who leads Constellation's privacy and security research and is an Australian citizen. For one, "people lie on Facebook," he adds. "It's incredibly naive to think that what you told Facebook is anything like what you tell the census. Second, Facebook is a money-making exercise. Do these politicians really think that government and Facebook are the same thing?"

In Australia, the public's trust in government has historically been strong thanks to many factors, notably its national health care system and prescription drug benefits, Wilson said. Participation rates in the census have been near 100 percent, which is a highly positive sign despite the fact it is compulsory, he notes.

But yet another point of controversy in this year's census concerned "statistical linkage keys," which would allow outside researchers to link census data with other types of information in the name of research, while ostensibly preserving citizens' privacy.

This has been going on for a while and has been "all about the well-intended sharing of data with researchers for public policy outcomes," Wilson says. It wasn't until the announcement that citizens' names would be retained for four years that the SLKs came under much scrutiny.

Special Feature

Why business leaders must be security leaders

Why do many boards leave IT security primarily to security technicians, and why can’t techies convince their boards to spend scarce cash on protecting stakeholder information? We offer guidance on how to close the IT security governance gap.

Read More

The real problem is that the SLKs haven't been tested against modern hacking techniques, and moreover, government officials made all too blithe public assurances that they were adequately secure, Wilson adds.

In any event, SLKs are shallow privacy measures, Wilson says. "They make it hard for a casual human observer to tell who a record relates to. But that is not the privacy threat we need to worry about. The larger privacy threat these days is re-identification of masses of data achieved by linking it to other masses of data. The government promises de-identified census data will remain anonymous but that's a promise that cannot be kept."

Wilson cites a 2013 project that took DNA samples from anonymous donors and published it for scientific purposes. Then a group of MIT researchers mashed up the DNA with publicly available family tree databases, managing to re-identify 12 percent of the individual male samples. "The moral of the story is data scientists are constantly inventing new ways to re-identity big data," Wilson says. "There is no way that the ABS can keep its anonymity promise. The further that census data travels beyond the safety of the ABS, the less secure it becomes and the more identifiable."

So what's the positive news out of the census failure? "It's a good sign there's been so much public revolt over this," Wilson says. "It proves the appreciation of personal privacy is alive and well."

But Australia's government has much more work to do than simply cleaning up the census mess. Other major government digital initiatives with close ties to public privacy, such as the national health records system MyHR, must now be placed under the microscope, Wilson says.

Moreover, calls for creating an e-voting system in the country need to be viewed with added skepticism. "Maybe the public's going to stop just accepting these assurances of privacy and security [from officials]," he says. "We need to really, really lift our game and not accept this."

24/7 Access to Constellation Insights If you'd like unrestricted access to Constellation Insights, consider joining the Constellation Executive Network for analyst advice and analyses that you can use.