Australian Bureau of Statistics and privacy issues
Lies, damned lies, and statistics
What is really behind the census?
Destroying trust and privacy one step at a time
Risking hacker attacks and data misuse
Disregarding public concerns
Using dubious pretexts
ABS household surveys
What you can do to defend your privacy
The key difference between a surveillance dossier and statistics is that statistics don't need to know your name and address.
Australians would know too well what this page is about, but for the international readers who might be lucky to have no idea, this page is about the doings of the Australian Bureau of Statistics (ABS), the organisation that has the power to force any resident of Australia to answer their questions. This bureau has nothing to do with law enforcement, and the person has done nothing wrong, but the person is obliged to answer all the same.
Every five years, the ABS compel everyone in Australia to participate in their census. In addition to mandatory census, they can select any person at any time for a compulsory survey and force to answer the questions that can be of a very private nature, including questions about health, finances, family matters and personal relationships. If the person refuses to participate in this interrogation, they are risking serious fines, court, and even imprisonment. The answers to the questions can be linked to the person's data from other souses, kept for any length of time, and used for various purposes, the scope of which can be expanded and altered at any time.
For the residents of some free democratic countries this might seem unthinkable. However, for the residents of Australia this is reality with a steadily intensifying invasiveness that privacy advocates have been unable to halt or restrain.
The Australian Privacy Foundation invested vast amounts of time in the lead-up to each of the '06, '11 and '16 census events. The impact we had was considerable in '06, but has declined each time since.
The simple fact is that the ABS has long since abandoned its once exemplary stand on privacy. It has now positioned itself as the operator of a centralised database on the whole population, expropriating data from many government agencies, retaining all Census and Survey data in identified form, and consolidating it all into a single, dense record.
The Australian Privacy Foundation on the 2021 Census
Initially, census was a 19th century solution for figuring out how many people were out there, when the government had no databases that could provide such information. Today it is no longer the case: the governments have multiple systems with all the necessary data for planning and decision-making. What they do not have, yet, is a comprehensive profile on each person that combines the data from all departments, organisations and institutions throughout the person's lifetime.
A century ago, census was the only relatively accurate way to count the population and estimate what services are needed in each region, and the Australian Bureau of Statistics (ABS) was given the task. Today, all that data is available from Medicare, electoral roll, transport, immigration and education departments, and so on. This data may be fragmented and spesialised, but it should be sufficient for general statistics and planning in the relevant areas. One can only guess the true ABS motives, but the recent line of events indicaties that for some reason they saw the need to cross the line and move from collecting anonymised statistics towards compiling a detailed life-long dossier on each Australian.
The usual spiel is that the authorities need this data to provide us with hospitals, schools and roads. But they already know exactly how many children are in each and every school, patients in every hospital, passengers in every unit of public transport; and the traffic counters are a much cheaper and more precise way to get the road usage figures. No census is needed for any of that. So,...
What is really behind the census?
Australian Census is run every 5 years and is presented as mandatory for every person who was in Australia on census night. The Australian Bureau of Statistics brandishes the Census and Statistics Act 1905 that allegedly gives it power, including power of compulsion, to wring the data out of anyone who is unwilling to “cooperate”. To ensure “willing” and therefore cheaper and faster cooperation, the ABS promises that once census processing is completed, all data is de-identified, and only then disclosed to other government agencies or sold to third parties via online tools like TableBuilder. However, over the recent decades, the ABS has been relentlessly expanding the array of the data it collects, the length of time it keeps the data, and the purposes it uses this data for. What happens to census data now has very little in common to what was happening in 1905 when the ABS was given its powers.
The ABS has admitted that now it is
bringing together census data with the ABS and non-ABS datasets using name and address during census processing to undertake quality studies, ... statistical outputs and research purposes. And even with the names eventually “anonymised”, it is known that the ABS linked census data to Personal Income Tax database from Australian Tax Office (ATO), Migrant database from Department of Home Affairs, and Medicare database from Department of Human Services using the “anonymised” name, sex, residential address and date of birth of every person.
Unfortunately, many are not aware of the difference between anonymisation and de-identification of data:
- Anonymisation is an irreversible removal of all identity data of the data contributor, which guarantees that any future re-identification is impossible under any condition.
- De-identification removes and/or encodes the identity data to make it not readily-identifiable, but it preserves the identifying information in some form, which can be re-linked in the future.
What the ABS calls “anonymisation” is in fact de-identification.
The Census and Statistics (Information Release and Access) Determination 2018 made under the Census and Statistics Act enables the Australian Statistician to provide access to unidentified individual statistical records (microdata). This enables wider access to ABS data for social and economic research and analysis. In doing so, the Australian Statistician must ensure that all identifying information is removed prior to release and that the information is released in a manner that is not likely to enable the identification of an individual.
www.abs.gov.au, How The ABS Keeps Your Information Confidential
2020 update: the ABS no longer uses the “anonymisation” term and, as the population is gradually trained to accept that true privacy and control over one's personal data are no longer the real world concepts, moved towards using the “separation principle” term, which describes the practice of storing personal identifiers such as the name, address and date of birth separately from other information about that individual, with the ability to link them again when they see fit.
Destroying trust and privacy one step at a time
Until census 2006, the ABS was removing people's names and addresses once census collection was completed. In those circumstances, very few people had issues with being an anonymous piece of aggregated information, i.e. statistics it its true sense. Once the personal information was irreversible destroyed, people knew they had a guarantee that their data could not be misused in the future. The census was actually what census was supposed to be: a one-night snapshot of anonymous population.
In census 2011, the ABS decided to turn the “snapshot” into a long movie and encoded addresses into so-called mesh blocks, allowing for every person to be easily traced back with high probability even without the explicit presence of their name and address, as all other information was still kept on file: gender, date of birth, country of birth, ethnicity, marital status, number and age of children, who they live with, their profession, workplace address, school or university addresses, income, and so on. Australian census was no longer just a
snapshot of a nation on a census night, it became a tool capable of continuous, life-long surveillance of every person in Australia. During the 2011 census, the ABS randomly chose 5% (over a million) of Australian population and managed to link a staggering 82% of “de-identified” files between the 2006 and 2011 censuses within that sample. Those people were to be linked again in the census 2016 and possibly followed for life, without their knowledge or consent. The ABS said
the sample will also be augmented in the future. And sure enough, augmented it was!
For census 2016, the ABS surreptitiously announced on its website that
the ABS collects name and address information in order to... enable the linkage of census data with other datasets to increase the value of the census. This meant that personal information was not only retained, but also that the ABS got access to other personal data repositories that had nothing to do with census.
The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.
U. S. Privacy Study Commission
On 18 December 2015, just before Christmas, when everyone was busy with other things and least likely to keep an eye on the bureaucratic news, the ABS published the following announcement on its website:
The Australian Bureau of Statistics has decided to retain names and addresses collected in the 2016 Census of Population and Housing in order to enable a richer and dynamic statistical picture of Australia through the combination of Census data with other survey and administrative data.
Whilst the Census has always been valuable in its own right, when used in combination with other data the Census can provide even greater insight.
... The combination of Census data and health data can help improve Australia's understanding and support of people who require mental health services and assist with the design of better programs of support and prevention.
This decision has been informed by public submissions, public testing and the conduct of a Privacy Impact Assessment.
Informed by public submissions?
Public testing? You are the public. Have you been duly notified of this significant change? Did you get to test it and agree with it? Have you been given a fair chance to lodge a submission? You can make your own conclusions about the worth of the ABS's word, and how much your opinion really matters to the ABS.
informed by public submissions ABS-style was done as follows: on 11 November 2015 the ABS published a media release on their site saying that it
is considering the retention of names and addresses as a key enabler for improved household surveys and high quality statistics, and gave the public until 2 December to respond. Those who managed to discover this release and respond in time were most likely the people who work in the industry, make a living out of the ABS data, and naturally knew where and when to look. It is not hard to guess that such people or organisations have high interest in approving data harvesting and privacy violation as far as it can possibly go.
Whenever there are concerns about, or opposition to a new method of intrusion of individual privacy, we hear the same response: the decision to do so
followed an extensive public consultation process. How many people find it easy to obtain information about a public consultation taking place? Or, more importantly, how many get to see the contents of all the submissions to a certain public consultation? It cannot be called an “extensive public consultation” if very few know about it, and the opinions of those who disagree can be quietly disregarded. Unless these consultations are widely advertised and the contents of all submissions are made public, the statements about extensive public consultation process are a fallacy.
Moving towards census 2021, the ABS became bold about transforming the census from an anonymous snapshot into an ongoing and far-reaching data-matching operation. They now openly state that they will keep all personal data and will
locate and link records pertaining to the same individual from multiple data sources: Australian Taxation Office, Department of Education, Department of Health, Department of Human Services, Department of Social Services, etc. This means your health record, pharmaceutical prescription data, tax file, Centrelink file, children's school record and other information can be accessed, combined, analysed, stored, added to from other sources, shared and used without giving you any say in the matter. It has been revealed that ABS plans to use utility bill data, government administration records and “observations” by their staff for identifying the buildings in which occupants may be avoiding census data collection. If the ABS allege that the public is so overwhelmingly welcoming of the changes the ABS made to census, why do they need these new military grade reconnaissance tactics?
The ABS calls this being
completely transparent around the collection, protection and use of data, but what is the value of this so-called transparency if nobody has any legal means of opting out?
Changing things one step at a time has been found to be a very effective tactic in practice.What is the problem? This is hardly anything different from what it was before... you are just paranoid... this is not Big Brother, or the Stasi...It is a very hard tactic to counter.
David Vaile, vice-chairman of the Australian Privacy Foundation (APF) and executive director of the Cyberspace Law and Policy Community
For census 2021, the ABS began sourcing and using the so-called administrative data, which includes personal income tax information from the ATO, Medicare enrolments, Centrelink data, electricity connections and rentals data.
The ABS could fill the gaps using combined administrative data... The first step to filling any gaps would be to find any records from the combined registrations of Tax, Medicare and Centrelink administration systems that appear to be missing from the Census... The administrative data would supply at least the age, sex and area of residence information, which are key outputs from the Census. The next step would be to fill in further Census information for these records using both administrative data and 2016 Census data where possible. For example, we may be able to identify family relationships from Centrelink and Medicare records, and/or fill in information from the 2016 Census that wouldn't have changed over time, such as Country of Birth.
www.abs.gov.au, Using administrative data to fill potential data gaps in the Census
It however remains a mystery how the ABS intends to combine the 2016 census data with all the personal data it harvested from other sources if they swore to delete all names and addresses from 2016 census 36 months after that census at the latest.
In 2012, the Australian Bureau of Statistics has become an Integrating Authority under the Commonwealth data integration arrangements. As such, they have an ongoing access to the data in the Medicare Consumer Directory, Centrelink Administrative Data and Personal Income Tax. The identifying details of every person who had been entered into at least one of these databases since 2006 have been harvested and added to the so-called Person Linkage Spine, which is continuously updated and augmented, keeping track of the changes of names and addresses of each person. The Spine is then used for Multi-Agency Data Integration Project (MADIP), which links the information form the census, household surveys and a multitude of other sources: Australian Taxation Office; Department of Education, Skills and Employment; Department of Health; Department of Social Services; Services Australia. This
provides whole-of-life insights about various population groups in Australia.
Over several decades, Australians have rejected all proposals of a national identity card (aka Australia Card), not least because they didn't want to live in an authoritarian panopticon state. They didn't want all their personal data held by different sectors of government to be linked into one comprehensive dossier. Despite this democratic opposition, such linking is now happening, only via a different route and under a different name.
Shall we be worried? After all the ABS says it
protects your privacy and is committed to keeping your information safe and secure. For how long though? Perhaps only until the next change removes these protections. Can anyone trust such promises anymore?
Rights advocates have consistently argued that not only will such initiatives turn nations into more authoritarian societies, but they will fundamentally change for all time the relationship between citizen and state, the nature of government, and the character of the nation.
A national identity card involves the concept of converged or “joined-up” data resources. This poses grave threats to the security of data. It also introduces the inevitability that data will be lost, misinterpreted, mutated or abused. Multiple-agency access to sensitive data greatly increases the potential for misuse of information, either through corrupt disclosure or lapses in security.
An overview of campaigns of opposition to National Identity Card proposals, Australian Privacy Foundation
Some would say that if the government wants to link all the data about each person, even against the will of the public, it might be better done by the ABS, as they are obliged to provide at least some privacy protections. However, the problem with giving such task to the ABS is in their unprecedented powers and capabilities: they now have access to the most comprehensive databases containing personal data; they have extremely powerful technical means for infinite data linking, analysis and storage; and they have the unique powers to force private individuals into answering almost any personal questions. No other government agency can or is allowed to do this, and for a good reason.
Risking hacker attacks and data misuse
To mitigate the public outrage, the ABS keeps insisting that it has been enjoying a good history of personal data protection. But that is irrelevant. Prior 2006, the ABS did not keep any personal data, so of course it could not be misused or stolen. Now it is no longer the case. A 100% security of identity can only be guaranteed if no identifying information is kept in any form — separated, encoded, or whatever.
The ABS also tried to calm the public by promising that they
will remove names and addresses from other personal and household information, store them securely and separately from other census information, that they will never be recombined, and that the ABS never has and never will release identifiable census data. If these promises were true, if names and addresses will really never be recombined, released or used for any other purpose, why keep them? Make your guess.
Hackers do exist, and so does the possibility that the government can change the legislation or amend any policy at any point in the future. The new law may allow the data to be treated less securely or released without de-identification. There is no law against changing the law! There is no law that could permanently protect the privacy of individuals who were forced to hand their personal information over to the ABS. No one can guarantee that at some point in the future the ABS will not be told to release all the confidential data it holds, or to track people down under some vague pretext like “national security”. And with the new trend of keeping data forever, it will not only affect the data collected at the time, but will also jeopardise the security of decades of linked data from the past.
The way things are supposed to work is that we're supposed to know virtually everything about what the government do: that's why they're called public servants. They're supposed to know virtually nothing about what we do: that's why we're called private individuals.
If the ABS was truly anonymising our information instead of keeping it behind some semi–de-identification in a separate file, there would be no such danger: one cannot release the data they don't have, no matter what the new law or the government say. Unfortunately, the ABS is doing the opposite: instead of future-proofing the security of our private and sensitive information, they routinely propose to retain more identifiable data and to merge census data with information from birth and death registers, immigration data, disease registers, health records, tax files, and their own surveys.
As the Australian Privacy Foundation said in its Submission to Australian Bureau of Statistics in February 2016,
an anonymous, specific-purpose, temporary and relatively safe one-off snapshot appears to have been changed into a less-safe, personally identified, lifetime longitudinal dossier, with potentially fewer protections.
Your name, date of birth and address have no statistical importance, and therefore the ABS should not be even collecting these details in the first place, if statistics is what they are really doing. This is vital identity data, and can only be used for identifying each particular person, acquiring more information about that person from other sources, and essentially placing the person under surveillance, often without the person's knowledge, consent, or any option to stop this intrusion into their private life. If the ABS was truly interested in statistics only, they would allow people to remain anonymous. An age bracket and a suburb or postcode should be perfectly sufficient for any census or survey. Once they demand names and addresses, it's not statistics anymore. It is the Australian Bureau of Surveillance.
10 August 2016 update: the census was affected by a cyber-attack, despite ABS's assurances that they were well-prepared.
1 March 2019 update: researchers reported a major flaw in census security that existed at least since 2017 and can let attackers to re-construct and reveal large parts of the census dataset.
1 August 2021 update: the ABS appears to be attempting to deal with the public outrage, complaints and disapproval by labelling it as rumours and suspicious information, rather than by ceasing their own activities that caused the negative reaction in the first place. On the census.abs.gov.au site, under the title of “Identifying false information”, the ABS published an appeal to
report any inaccurate or suspicious information you read or hear, including such instances as social media posts by
people misunderstanding the nature and role of the census. Which can potentially include any comments criticising the census, the extent to which it collects identifying information and links it to personal data held by other agencies, and the alarming increase of this data linking with every subsequent census.
Disregarding public concerns
Technically, all the changes — or, as the ABS like to refer to them, “enhancements” — have to pass a thorough the process of public consultation. However, despite a large number of opposing submissions from the organisations such as Australian Privacy Foundation, Victoria Privacy Commissioner (+ Supplemental Comments), the NSW Council for Civil Liberties, and the response from the NSWCCL urging ABS to abandon the privacy-violating intentions, each subsequent ABS census implements increasingly intrusive features.
As far back as 2005, Australian Privacy Foundation voiced their concerns about ABS's grossly intrusive initiative to link census data and pointed out the following:
The data collected in each Census would now be retained, rather than being destroyed once analysis has been completed. This breaches the public expectation that the detailed data only has a short life and that all that is retained is statistics.
The data collected in successive Censuses would now be linked. This breaches the public expectation that the Census is a statistical snapshot.
The data would be very rich, and the individuals it refers to would be readily identifiable, and hence will continue to be greatly attractive to many agencies and corporations. This breaches the vital public expectation that Census data is anonymous.
It will be used in conjunction with further data from government sources such as birth, death and disease registers, and immigration data. This further breaches public expectations about privacy protections for their data.
It may be used in conjunction with data from yet more sources. This would further breach public expectations about privacy protections for their data.
Although some kinds of change to the scheme would require legislation, a great many potential “enhancements” to the scheme could be implemented as and when the Australian Statistician of the day sees fit.
The ABS is trying to maintain the fiction thatbecause names and addresses will not be used, it will be impossible to identify who is included in the [collection]. With such a rich data-set, this is, quite simply, untrue; and the fact that the ABS can utter such a statement gives rise to concerns about the agency's trustworthiness.
In bringing this Proposal forward, the ABS is seriously undermining its hitherto strong reputation. The ABS is also doing great harm to the Census, because the Proposal will significantly reduce people's readiness to complete Census forms, and to do so accurately.
Australian Privacy Foundation, Census 2006 campaign
The APF were right in 2006, and their concerns are even more relevant right now. Even the person who used to be the head the ABS, now retired, is highly critical of their current trajectory:
This, without doubt, is the most significant invasion of privacy ever perpetrated on Australians by the ABS. What is motivating me is that as an Australian citizen I am appalled that the ABS can think it can use the threat of prosecution to make me provide data that allows the ABS to set up, what is in effect, a ‘Statistical Australian Card’.
A letter by Bill McLennan, head of the Australian Bureau of Statistics 1995–2000
The ABS undermine the vital trust of the public in the government. Without this trust, no free democratic society can function. This trust is very fragile, and, once damaged, can take a lifetime to restore, submerging the country in chaos and corruption.
The ABS seem to be disregarding the fact that whenever a rich source of data exists, there will always be agencies seeking access to it. And some of those agencies are very powerful. The ABS also seem to be ignoring the fact that until now they have been able to collect the information and develop a reliable set of statistics only because the public had confidence in it. The introduced changes that impact privacy will inevitably erode public confidence and decrease reliability of the collected data. The ABS already had to resort to compulsion and coercion to force the participation of some individuals who were avoiding census and surveys because of fears for their privacy and security. What is next?
Using dubious pretexts
The ABS says the compulsion is necessary for creating a population sample that provides a balanced and unbiased representation of all population of Australia. Yet the very same ABS was using census and survey forms with carefully arranged and worded questions to get certain answers.
For example, the question about religion,
What is the person's religion?, actually presumes that the person has a religion, and induces to select from the list a religion the person was taught at school or grew up with, even if they no longer actively practise it. The “no religion” answer option was buried under a long list of common religious affiliations and several empty lines dedicated to the “other” answer option. Millions of people could easily miss this option.
The result of such bias-inducing design wasn't only in that it made Australian taxpayers over-subsidise religious institutions, but it also exaggerated the religiousness of Australian population and allowed religions to influence political decisions in such secular areas as public health, which, for example, made Australia to remain one of the last developed countries where abortion was still the subject of criminal law until 2021! If the ABS had been truly seeking an unbiased representation of Australian population, the question would have been worded
Do you practice any religion? and the “no religion” option would have been put first, above the list of various faiths. The truly devoted, religious people would have had no trouble skipping the atheistic answer, while the people who are not seriously religious would not have been confused. Thus the ABS's claim, that the elimination of bias is important to the point of justifying coercion, doesn't hold up.
2016 update: after years of criticism and public campaigns, the ABS has finally moved the “no religion” option to the top of the list in the 2016 census, and immediately, for the first time in the history of census, the “no religion” answer outnumbered the believers in every religion. This proves the point: the ABS appears to be very concerned about bias when people are defending their privacy, but has no problems with the bias of its own creation.
ABS Household Surveys
In addition to the 5-yearly census of every person in the country, the Australian Bureau of Statistics conducts a number of surveys that require more information from individuals, and that the bureau claims are, again, compulsory: Monthly Population Surveys (MPS), Australian Health Survey, Income and Housing Survey, and many others. The ABS select the “victim” households, dispatches a letter addressed “to the householder”, and from that point the tenants of the dwelling have little choice but to let their private life become government property or be prosecuted.
These surveys can be lengthy, spanning several months, inconvenient and extremely privacy-invading. People have no right to say ‘no’ to protect their own personal data and their family from potential risks of misuse, identity theft, leaks or hacker attacks. There is no choice and no exit — all because the ABS enjoy the power given to it by the antiquated Census and Statistics Act 1905 to issue Notices of Direction, to force people to supply the information and threaten them with exorbitant fines, courts and jail sentences.
The ABS claim that the surveys must be compulsory for each “chosen” household in order
to provide a balanced representation of all households in Australia so that the estimates made from the data reflect, as closely as possible, all households. If some households do not participate, this may result in one type of household being represented more often than another type, which may result in biases in the data. But, as described above, the ABS not only don't mind bias, they can deliberately introduce it when the agenda requires.
The ABS also like to stress that they
rely on willing cooperation of the selected householders. Though it is unknown how willing any consent can be if people have no choice, and threats are used. It is also unknown how many people are willing to give honest answers when they are being coerced. Voluntary participation can bias the results of surveys, but wouldn't coercion and intimidation make it even worse? Most people can give honest answers only when they can be sure that their identity is absolutely and irreversibly safe, which is longer the case when the ABS is involved.
What You Can Do to Defend Your Privacy
In a democratic country —if Australia is indeed such a country— people have two avenues for expressing their will and having their concerns addressed:
- Contact your local member of parliament and let them know about your grievances with the ABS. If your MP is from one of the two major parties, you will most likely get a formulaic fob-off response or no response at all, because neither the Australian Labor Party nor the Liberal Party of Australia have privacy protection in their policies and agendas. But if enough people make similar complaints, the issue will eventually gain recognition.
- Vote for smaller parties and independent political candidates who have genuine and serious interests in safeguarding our privacy and in ensuring our rights and legal means to defend it.
Until privacy advocates win enough seats in the Australian parliament, the only sure and legal way to avoid the ABS intrusions, according to the readers, is to be overseas during the census, or move house after receiving the survey letter. Obviously, for many these are not easily available options. The Public Information Statement re ABS Compulsory Surveys page from APF has some helpful information.
So far, there has been only one widely known case when a person won a court case against ABS's intrusion: Shirley Stott Despoja in 1988, mother of former Senator Natasha Stott Despoja. Although while there is no much chance to fight the insatiable statisticians in court, you can still try to protect your privacy and identity as much as possible. Here are reader suggestions:
Insist on not giving your name and date of birth to the ABS
Your name and date of birth have no statistical importance, so the ABS should not be collecting it. The only purpose of collecting this data is to identify and trace people beyond the scope of census or survey. But that's not statistics, that is surveillance. If the ABS know your address, simply giving them your date of birth (even without your name), means they can easily identify you.
This is why it is worth asking the ABS for clear, better written, explanations why they are trying to get this data from you and how exactly they are going to use it. Ask for guarantees that the ABS won't use your address, date of birth, age, place of birth or any other personal data for snooping in government files, or linking your survey responses to other databases. Demand clear answers what exactly the information like your date of birth will be used for and why simply an age range can't satisfy the “statistics”. Most likely, your date of birth will be used by the ABS to pull more information about you from other data sources like Taxation Office, Medicare and health records. If you are not happy with that, voice your objection and lodge a complaint with the ABS and contact privacy advocate groups for advice. The more people do it, the more chance Australians have of winning their privacy back.
Household Survey Participant FAQs on ABS website clearly say:
Do I have to give my name?
No. The interviewer will ask for your name to assist with the interview, but if you wish, the interview can be conducted anonymously.
Household Survey Participant Information FAQs, abs.gov.au
And so it should be: statistics don't need names! If the ABS was truly collecting the information for statistical purposes only, as they claim, they shouldn't need any personally identifiable information at all, ever. However, remember that the surveyors know your address, and they often ask for your date of birth or age. Given that ABS has now got access to other government databases, tracing a person by the address and date of birth is a matter of seconds. It could be that this anonymity is false and deceptive if the people are traced and identified afterwards.
For Post Census Review (previously known as the Post Enumeration Survey or PES) that is run after each census, the ABS demands the person's name, sex, date of birth, age, relationship in household, marital status, country of birth and indigenous status, allegedly to match the PES records to the census records during processing. Ask what is going to happen to your personal information and insist on a written guarantee that after this matching all your identifying information will not be retained by the ABS in any form.
Don't give ABS your phone number
The ABS often asks for a phone number. If they want you to complete a survey online, they will tell you to create an account, which demands a mobile phone number as compulsory. In Australia, phone numbers are tied to your ID and can be used to identify and trace you. Refuse to do the survey online if they keep demanding your phone number.
It may also be wise not to use your usual personal email adders for dealing with the ABS. Instead, create a disposable email just for that. Use a free, privacy-driven email service that does not recycle email aliases, i.e. does not give the same email address to another person after you deleted yours (e.g. Protonmail or Tutanota). As it doesn't appear possible to delete the ABS survey account, the only way to extricate yourself from it could be closing your email address account once you are done with the survey.
Ask for a proof that your household was chosen absolutely randomly, and was not targeted with any intention
The ABS claims that they choose their survey participants totally randomly, however there have been numerous complaints from people saying that after they agreed to participate in one survey, they have been told to fill another one, and another one... Apparently, many people prefer to discard the “To the Householder” letter from the ABS, don't make any contact, and don't open their door to any door-knockers; so to keep the plan fulfilled, boxes ticked and salaries coming, some suspect that the ABS take advantage of the softer targets. Therefore, it may be wise to demand written guarantees that the selection is indeed random, and if you are soon “randomly” chosen for another survey, take the matter further and lodge a complaint.
Demand written guarantees the ABS will never attach any identifying information to your answers, attempt to identify you, link your answers to any other data about you, or attempt to trace you later in life
If the ABS truly collects data for statistics only, giving you such guarantees should not be a problem for them. However, if they refuse, make your conclusions and take actions.
Be aware of the real meaning behind ABS's promises to keep your information “confidential”, or to “delete” or “remove” your name and address once statistical processing is completed
Most people think that their identifying information is going to be destroyed soon after collection, which was true before 2011, but now it is kept: the ABS simply moves names and addresses to a different file, which allows them to say that they “removed” the identifiable data. From abs.gov.au website, it is clear that identifiable information is not destroyed, it is stored in a separate file that can be easily linked back to the rest of the person's information:
Data records are de-identified as soon as possible. Once quality has been assured, names and addresses are removed, because this information is not needed for the production of statistics. Removal provides added protection against any breach of security of confidential information.
Internally generated identifiers are usually attached to each record, but cannot be used to identify a respondent. Nevertheless, the combination of these identifiers and the name and address to which they refer can be used to make records identifiable. Hence any linked files are carefully protected and only available on a strict need to use for work basis.
So, if we are told that
personal privacy is paramount at the ABS, that personal information
is not needed for the production of statistics, that the ABS collects information
only for statistical purposes, and that
the ABS has never and will never release identifiable personal information to any outside organisation, agency or project, then why is the personal information kept at all? Why not destroy it once and forever, and by doing so actually guarantee its safety? Why retain it? Why wait for a breach, a hacker attack or a new law that will permit a new usage of this information?
The ABS keeps saying that they haven't had a privacy breach before. That's great, but it doesn't mean it can't happen in the future. Hacking technologies are getting more sophisticated. And the public should keep in mind that before 2006 there was no linking between census data and other ABS surveys and government databases, and people weren't traced and followed through their lives. A breach before 2006 would only leak data from one census or survey. A breach now will compromise the privacy of the whole life or individuals and their whole families.
Do a thorough legitimacy check
If you open your door to someone claiming to be an ABS data collector, make sure the person is really working for the ABS. A plastic card dangling on someone's neck is not a magic pass into everyone's personal life. How can we know their ID card is legit? Would that card be accepted as an ID by Driver Licensing Authorities, Centrelink, Police, Border Security or any bank? No? Then why should the public accept it? Take a photo of the collector's ID and tell them to come later. In the meantime, call the ABS office using their official phone number (not the number the surveyor may give you) and confirm the identity of the door-knocker. We all know that these days anyone can print out any sort of cards and start knocking people's doors, and the ABS created a perfect opportunity for criminals gaining access to people's homes and personal information by masquerading as ABS collectors, as numerous ABS-related scam incidents show.
Check the list of the current ABS surveys on abs.gov.au website, do a research about the survey you were “chosen” for and learn what you can say and do to maximise the protection of your sensitive information. The ABS subcontracts all sorts of companies and individuals to do surveys for them, so you never know whose hands your private or sensitive information is passed through. Keep that photo of the ID card you have taken, and if any identity theft, fraud or house break-in happens in your family, pass the facts about the recent ABS survey and the ID of the surveyor to the police.
And, by law, you are not obliged to let ABS employees into your house.
Record everything for yourself while objecting the ABS's recording
Tell the ABS data collector that you will be filming/recording the interview, and keep the copy of all questions and answers. At the same time refuse for the ABS to make any audio or video recordings of you. It is your home and your private life — you set the rules. These days, the ABS surveyors use laptops to record your answers, so you can insist on watching what they are entering and take a photo of each screen, for your protection and for making sure the answers are entered correctly. Remember, the ABS may have the power to force you to give the answers, but you still have the rights to access the information collected and held about you and make sure it is correct. As these people are merely doing their job and were most likely led to believe that they are working for something good, always stay polite, but also firm and vigilant.
In addition, question the security of the devices the ABS staff use. From the census employee application, it appears that the staff are required to use their own mobile devices with an internet connection for entering information. A personal device that has ever been used for any other purpose can potentially be infected with malware and compromise the security of the data.
Complain and protest
Voice your concerns, disapproval or objections regarding privacy issues. Write to the ABS, to your local member of parliament, to the relevant minister of the day, and to the Privacy Commissioner. Publish your opinions and comments on social media and other online platforms. The more people become aware and discuss the issue, the higher is the chance of positive changes. Ignore the silly remarks from the people mentioning paranoia, tin foil hats, or the hackneyed
if you've got nothing to hide — those people are either ignorant or have vested interests in the current privacy erosion trend. You have valid concerns and every right to be worried about the privacy and security of your personal data. If someone else wants to forfeit their right to privacy — it is their choice. You should have yours.
Australian Privacy Foundation published the “What Concerned People Are Doing” lists about census and about surveys. While the Census and Statistics Act 1905 provides for the compulsory provision of census and survey forms and of accurate data, those provisions are unlikely to be sufficient to ensure an effective census or survey in the face of widespread public opposition. The ex-head of the ABS, Bill McLennan, also wrote a detailed article concluding that the ABS can't collect names in the census on a compulsory basis.
The most sacred thing is to be able to shut your own door.
G. K. Chesterton
Public advisory statement re ABS compulsory surveys, Australian Privacy Foundation
Commencing with the 2006 Census, the ABS is now keeping personal data, which can be associated with the person's identity without their consent, Australian Privacy Foundation
Why you might want to become a Jedi Knight for this year's Census, Salinger Privacy
If you're worried about privacy, you should worry about the 2016 census, ABC News
Census Nightmares: The more we know, the less we trust it?, Meg Carter, Institute for Social Research
The census cannot force you to give your name, Crikey
The Problems with the 2016 Census, Australian Privacy Foundation
Census 2016, Electronic Frontiers Australia