A few months ago the Australian government undertook the 2016 census. For me as a citizen, this year saw two important changes from previous years:
- The census was mostly done online.
- Additional personally identifiable information, like names, are now retained for years instead of being discarded.
The decision to conduct the census online was a disaster. #censusfail became an amusing take on what was a poorly executed implementation of an online survey. Millions of Australians who were told to get online August 9 and complete the census found that the website was unavailable after being taken down due to what the Australian Bureau of Statistics (ABS) claimed was a hacking attempt:
The Australian Bureau of Statistics (ABS) says it believes a series of hacking attacks which led to the census website being shut down last night were part of a deliberate attempt to sabotage the national survey.
"Distributed denial of service attacks are eminently predictable and should been expected," MacGibbon said. "These were eminently small attacks, and they should not have degraded the ABS system."
Computer giant IBM has conceded the issues surrounding the census website outage could have been avoided if it had turned one of its routers off and on again beforehand.
As an IT professional myself, I can appreciate the difficulties in running a website that is expected to go from zero to millions of visitors in just a few days. IBM should have known (and was paid close to $10 million to know) better, but I can still sympathize.
What worries me more than a website outage is the fact that the minister responsible for the census said concerns about the ABS’s ability to track people is "much ado about nothing":
"I think we're making far too much of this, names and addresses and privacy breaches," he said. "Anybody with a supermarket loyalty card, anybody who does tap-and-go, anybody who buys things online, they provide more information indeed probably to what is available to ABS staff."
Providing information as part of census is nothing like providing information to your local supermarket as part of your loyalty card, for the simple reason that the government has coercive powers. The Census and Statistics Act 1905 allows penalties of up to $180 a day for failure to complete and return a form.
To put this into context, the average Australian annual wage in 2016 is roughly $80,000. After tax, that leaves people with a daily income of around $175 a day.
When was the last time your supermarket fined you your entire after tax salary for not supplying your name for their database? Has Facebook sent the police to your door because you used a fake name on your profile? No, because these groups don’t have coercive powers.
While it is true that most people willingly submit far more information to companies like Facebook, Google or supermarkets than they do via the census, it is ludicrous to say that government departments with coercive powers are the same as private corporations that have no ability to garnish your entire wages through fines. As a consumer, I can, and frequently do, supply incorrect information instead of personally identifiable details to these private corporations without fear of litigation.
The hyperbole surrounding the hacking claims and the proven technical incompetence demonstrated by the government with this year’s #censusfail make questions around privacy all the more important. And comparing government departments to supermarkets only demonstrates how blasé those in power are when it comes to the distinction between groups with coercive powers and those without.