If you blinked, you missed it. On December 18 last year, the Australia Bureau of Statistics announced that at the 2016 census in August it would, for the first time, retain all the names and addresses it has collected “to enable a richer and dynamic statistical picture of Australia“.
Keeping names and addresses, we were quietly told, would enable government planners to do more rigorous studies of social trends.
It is only now that the significance of the ABS’s change is spilling out into the press.
For the past 45 years, it has been the ABS’s practice to destroy that identifying information as soon as all other information on the census forms is transcribed – first onto magnetic tape, and now into vast digital data banks that allow statisticians to slice and dice at their whim.
In the 2001 census, the government first offered Australians a choice as to whether they would like their name-identified information kept. This year that opt-in system will be a compulsory system. Your name will be kept whether you like it or not.
The risks to privacy are blindingly obvious. The safest way to protect data is to not collect it at all. The second safest way is destroy that data after collection. There is no such thing as 100 per cent safely secured information. We know this from bitter experience. The last decade has seen a constant stream of unauthorised releases of apparently secure private information: the 2015 Ashley Madison hack being just the most embarrassing of these.
After all, privacy risks don’t only come from hackers and other rogues. Government departments have a poor record of protecting information from their own staff. The Department of Human Services admitted there were 63 episodes of unauthorised access to private files by its staff between July 2012 and March 2013. The South Australian Police Force accuses up to 100 of its own members of unauthorised access to police files every single year. ABS staff are no more or less virtuous than any other public employee.
The ABS argues that identification information will be stored safely and separately from the rest of the census data, creating a firewall that protects against individual identification. A spokesperson told Radio National last week that the ABS “never has and never will release information that is personally identifiable”.
There are a lot of unanswered questions here. But no matter what firewalls the ABS places around access and matching, it is a truism that any data that can be used usefully can also be used illegitimately.
And of course, what are considered legitimate and illegitimate uses of data can change over time. Rules written in 2016 could be changed in 2026. The data collected now might be used in a very different way down the track.
Identification retention could have practical consequences as well. A population that is rightly worried about the security of their information is less likely to answer the census either accurately or at all. Indeed, this has historically been the ABS’s big concern with keeping identification. They told a parliamentary committee in 1998 that the reduction in data quality from a reluctance to answer questions truthfully was not worth the trade-off.
A lower quality census would lead to lower quality government statistics across the board. A lot of things hang off the census. Census data guides electoral redistributions, Commonwealth grants, education funding and so on. Risking the integrity of all that in the hope that future data might be marginally more interesting to genealogical researchers and government planners seems like a terrible deal.
Although they profess to have changed their mind on the risk of lower quality data, we can speculate these concerns might be why the ABS announced the new policy in the dead holiday season. The less publicity given to the change, the less likely Australians are going to hear enough about the new census rules to be worried about their privacy.
While the Coalition’s support for traditional rights and freedoms has taken a battering over the past few years, overriding the ABS decision would go some way to reclaiming its liberal heritage.
After all, it was a Liberal Treasurer, Billy Snedden, who first mandated the destruction of names and addresses in census forms in 1971 in response to privacy concerns. And Cabinet records show the Fraser government – at the behest of treasurer John Howard – unhesitatingly and immediately rejecting a 1979 proposal by the law reform commission to retain census names and addresses.
The digitisation of absolutely everything has made privacy one of the central problems of the 21st century. If anything, Australians are more aware of the dangers of identity theft and information insecurity than they have been at any time in history.
As the ABS change shows, the debate over warrantless mandatory data retention was just the tip of the iceberg.
It is true that modern governments are data hungry. Planners and regulators want more and more information about the populations they govern.
But to the extent we have an interest in protecting ourselves against government excesses, we have an interest in denying governments carte blanche to collect information. We are not just data points in a planner’s spreadsheet. They work for us.
Chris Berg is a senior fellow with the Institute of Public Affairs. He is on the board of Digital Rights Watch Australia, an organisation launched this week to stand up for liberty and privacy online. Follow him on Twitter @chrisberg.