UPDATE. Day 2 and the Census is showing no signs of coming back up.
This morning the ABS declared that they’d been hit by four Denial of Service attacks, and after the most serious one decided to take the Census offline. This is not remarkable, but a day later they still have not come back online, or identified the attackers, apart from saying that it’s a foreign body. That’s…uh…pretty bad…guys…
More #censusfail is the announcement midway through the day, from the Minister for Small Business, Michael McCormack, who said that it wasn’t an attack, because it didn’t manage to breach the system. It was, instead, an attempt to ‘frustrate’ the system.
Besides being a ridiculous attempt to contextualise the DDOS attack (because it was an attack, successful or not) into ‘norm-speak’, this was such a lost opportunity to take control of a situation that they should have been prepared for. Hacking is a topic that appears in the media most days, when we hear about accounts being stolen, social media security fears and Hilary Clinton’s email servers.
This Census has been an extremely visible and loud attempt to gather data from citizens, and enforce the data-gathering through pseudo-legal methods. Governments are a visible target, and this Census was just putting up a big flag that said “HIT ME”.
This was an opportunity for the government to highlight that not only were they attacked, but they weren’t breached. It was an opportunity to show Australia that the government is ready to protect data in an era of hackers, DDOS attacks and discussions around the security of personal data. Choosing to take the Census site offline as a way to protect their citizens from a foreign attack is a much more powerful concept than taking it offline because the systems got ‘frustrated’.
Bit late though. Instead the government looks both dysfunctional and outdated. Oh dear…
Original post follows.
August 9, 2016 is a date that will go down in Australian history as a bit of a landmark.It’s the marker date for Census 2016, which has become infamous for the Australian Bureau of Statistics moving to an online-first approach for filling out the census, and more importantly a very public discussion about why the ABS is requiring names and personal details to be filled out.
The big question is – why is it worth discussing this now?
Well, actually, the big question for most of today (being August 9 itself), is why the ABS system has been overloaded and having problems since lunch.
#censusfail is trending right now, people. The Pokemon Go servers are more reliable right now than the ABS (yes, I went there).
Back to the main question, though. Why is this worth discussing?
The truth is that the Census has been collecting our names and addresses for a long time. We trusted strangers with badges who knocked door to door with our names, personal details and religious preferences.
Suddenly it’s online, and people are clamouring about the danger of privacy, and the ability for the government to link our names with our behaviour/ideas/religion etc (take your pick). The ABS has noted on its FAQs page about their policy of separating personalised data from the census itself, which concentrates on statistical data, and that personal data will be destroyed in 2020.
I was going to say that the threat of hacking is no more/no less than any other corporation, but you know, after tonight’s #censusfail, I’m not so sure anymore.
Hmmm…let’s move on and pretend it’s all cool.
The other truth is that data required by the Census is no different (or even less) than what Facebook, Google, banks, insurance or your local eCommerce website require to set up an account.
The third truth though, is that we are still very uncomfortable with the idea that our data might be actually, and easily, linked from the hard numbers we give around tax time, to our religious preferences in Census, to our housing, shopping, and other behaviour.
There was a good summary on Radio National tonight on August 9, discussing the legal implications and what is actually in (and enforceable) the Census and Statistics Act of 1905, the main act covering the legal obligations, potential fines of participating (or not) in the census.
Examples such as:
- The Act notes that the collection is purely for statistical needs, and as such, names and addresses are arguably not necessary at all from pure statistical requirements. This is a key factor, but has never been tested in court
- Putting in a fake name to spoil the data is illegal, as the Act requires any data provided to be true
- The Act in itself does not require one to fill out the Census, and cannot fine a person for NOT filling out the Census. But, if a household receives in writing a directive from the ABS to fill out the Census, then it becomes an enforceable offence. Calling the ABS’ bluff in this case has never (to knownledge) been tested, and the good old FAQs page notes that if you are overseas then you don’t need to fill out the Census
So while this is all quite legally and financially fascinating, the real question is why is this so important, if the legal facts are based on an Act over 100 years old and that has not been recently amended to take more of our data and breach our privacy and personal security?
Oddly enough, it’s all zeitgeist. We are in an era where personal security and our expectations and belief in understanding the importance of PID is at its highest, thanks to the increasing discussions around data privacy, online safety, and individual freedoms. Conversely, our trust in government is falling (in Australia, trust in government has fallen from 56% to 49% from 2014 to 2015) thanks to events like Brexit, Edward Snowden, Wikileaks, data retention and the basic problems of government conduct these days.
The fear is there, justified or not – with fears about being religious and racial profiling, identity theft and the rise of the Ultra-Conservative Right.
So, obviously, Australia is going through a very interesting time right now, as it continues to debate and try to understand why and how the world has changed for individual freedoms, and what this really means for the ability to retain control over PID, while contributing to useful, statistically significant data.
Let’s segue from that right into this – as we see major tech companies like Apple continue to transition from pure product into more service driven companies, this becomes a big opportunity to get into this conversation around how people can retain PID and Personally Unidentifiable Freedoms (PUF, let’s name that sucker right now) while contributing to the greater good. We’re going to see an increasing interest in security technology (here in Australia), and an acceleration of the global investment in encryption, PID infrastructure and security.
This is government and privacy disruption as it happens. Someone set up a livestream. Maybe not…let’s just keep this text.
It’s a very interesting and exciting time to be in this conversation. The increasing thirst to protect and control the access and use of personal data is moving away from being entrusted to governments to willingly given to corporations in return for being able to understand where and how their data is and can be used, or simply to have data handed over, hidden well away from anyone’s view.