Nick Xenophon risks fine over Census privacy concerns
Nick Xenophon has confirmed a tilt at a Senate return. Photo: Getty Photo: Getty
On the eve of Australia’s landmark first digital Census, Senator Nick Xenophon has announced he will not write his name on the questionnaire and plans to challenge the government in court.
Mr Xenophon said he would fight the changes allowing the Australian Bureau of Statistics (ABS) to retain name and address data from Tuesday night’s Census and was willing to face prosecution in order to create a legal ‘test case’.
The Senator lambasted the government’s “woefully inadequate” handling of the changes and criticised its failure to consult the public over the serious privacy implications.
Xenophon can be fined $180 per day he fails to complete the Census. Photo: Getty
Mr Xenophon described privacy as an “inherent human right” and said the government “should be requesting our consent, rather than requiring our names through coercion”.
It comes as a push for a boycott gathers momentum under the hashtag #CensusFail and security experts express concern over the possibility of data leaks.
The main concerns
A representative from the ABS told The New Daily that Australians who choose to withhold their names and/or addresses on Tuesday night will be fined $180 a day.
“Names and addresses have always been a critical part of an accurate Census data, so without this information, people would be letting down their community and the planning for services they use,” they said, noting that less than 100 people had been prosecuted following the 2011 Census.
Respondents who request a paper form will have to pay. Photo: Twitter
Digital freedom non-profit organisation Electronic Frontiers Australia (EFA) released a statement highlighting the privacy concerns shared by many in the #CensusFail camp.
These included that the ABS will link each of a respondent’s answers together to build individual data profiles for the first time.
They argue the depth of linked Census information handed to researchers could make individual profiles easily identifiable.
But the most controversial change is the ABS’ new ability to potentially keep Census data forever – or at least for four years.
Going to the pub probably won’t prevent the ABS chasing you. Photo: Getty
In the previous two Censuses, this has only been applied to five per cent (or one million) of the population.
Avoidance techniques
The group said there were a number of ways Australians could boycott the questionnaire.
These included writing the wrong information, being “absent” or “too busy” and “sending a blank form”.
It’s likely most of these techniques would result in a fine or prosecution.
Grassroots cryptography collective CryptoParty Sydney will host a meet up at a Sydney pub on Tuesday night in an effort to discourage Australians from participating in the Census.
They also posted a link on Twitter to a document containing leaked ABS usernames and passwords, demonstrating the lack of security Census participants could face with their personal data.
Wondering if leaked https://t.co/ZpTLCJ8I8e passwords from 2011 are still valid? https://t.co/RyhEwPdhOL #CensusFail pic.twitter.com/i8XW7OSwmT
— CryptoParty Sydney (@CryptoPartySyd) July 29, 2016
The leaked passwords were extracted in a 2011 hack of a United Nations email database.
On Twitter, IT consultant and tech analyst Justin Warren observed that an autosave feature on the Census form doesn’t require the data to be decrypted in-browser when they’re recovered from IBM.
He says that this means during the transfer from Census entrant to IBM to ABS, there are points where census data is readable without requiring decryption.
https://twitter.com/jpwarren/status/762079682116268032
However, some other sceptics online assert this isn’t an issue.
“Of course the data is available on the server as plaintext – that’s the point! The ABS needs to be able to read the data you are sending!” said Reddit user smix in a thread on the issue.
“The TLS connection from your browser terminates at the web server – in this case operated by IBM – so of course the data hits the server unencrypted. Again, that’s the point.”
Same-sex family shun
Same-sex couples have not been included on the form, with only an option to include one male and one female parent available.
https://twitter.com/rodneycruise/status/762505725209829380
The absence was highlighted under the highly-populated #CensusFail hashtag, as was the inability to identify as anything other than ‘male’ or ‘female’.
Meanwhile, other disgruntled Australians are facing a hefty fine for incomplete forms as they struggle with missing letters and phone hold times with the ABS.
The online access offered requires the letter for your personal login information.
https://twitter.com/madconnaughton/status/761161220925698048
-with Finn Houlihan and James Ried