Sunday, 25 September 2016

Cliff Notes for Submission 38 to the Senate Inquiry into the 2016 Census

On 21 September 2016 the Australian Chief Statistician, David Kalisch, made a submission on behalf of the Australian Bureau of Statistics to the Senate Economics References Committee Inquiry into the 2016 Census.

This document was listed as submission number 38 and briefly published on the relevant parliamentary webpage.

It has since disappeared, but one enterprising soul with an IT background had already downloaded a copy and posted all 123 pages online here.

Here is my personal interpretation of some of the submission's contents.....

#CensusFail is IBM’s fault

"The online Census system was hosted by IBM under contract to the ABS and the DDoS attack should not have been able to disrupt the system. Despite extensive planning and preparation by the ABS for the 2016 Census this risk was not adequately addressed by IBM and the ABS will be more comprehensive in its management of risk in the future. However, once the system had been affected, the ABS took the precaution of closing the online Census form to safeguard and to protect data already submitted, protect the system from further incidents, and minimise disruption on the Australian public by ensuring reliable service." [p.4]

Even though ABS didn’t inform widely inform Australia of personal information & data retention plans ‘we’ knew in our hearts that the general public wasn’t going to mind

"In December 2015, the ABS announced a change in the length of time Census names (and addresses) would be retained, building on the increased capability of the ABS to integrate Census data with other sources safely and effectively, as demonstrated by the 2006 and 2011 Census Data Enhancement programs. The time frame for which names and addresses would be retained was extended from the end of the Census processing period until there was no longer any community benefit to their retention. The ABS made this decision following a public consultation process and on the basis that independently run focus group research indicated that support for the change and significant public concern would be unlikely." [p.5]

Even though deliberate failure to complete a Census 2016 form would lead to conviction and hefty fine and ABS repeatedly stated so in the mainstream media, the fact that most Australians completed a form was not because they were compelled but because they cared so little about their personal privacy

"...sentiment testing, both before and after 9 August, showed that only a very small minority of Australians considered privacy concerns to be a barrier to them completing the Census. The small level of general community concern about privacy in relation to the 2016 Census was similar to that observed in the 2011 Census, as also shown by the high levels of participation in the 2016 Census." [p.6]

#CensusFail is also the federal government’s fault

"Over the last 15 years, ABS resources have generally been reducing. Its staff numbers have fallen by 14% and the budget appropriation (in real terms) has also fallen by 14%. In contrast, the demands on the ABS to properly measure the economy, society and the environment, and respond to the requirements of governments, has increased and become more complex….In line with ABS forward funding (Figure 2.2), non-Census staffing affordability decreases significantly over the next four years with required reductions of approximately 400 staff in 2016-17, 300 in 2017-18, and then a further 40 in 2018-19." [p.14]

The chief statistician before me sucked

"In 2013 the Australian Public Service Commission (APSC) undertook a capability review3 of the ABS, as part of a broader program of reviews of Government agencies. The review team, led by Tony Cole AO, found that the ABS is “widely regarded as one of the best statistical agencies in the world. It has a strong reputation as a highly respected and trusted institution”. While the reviewers noted that the independence of the Statistician was a prerequisite to this respect and trust, they also noted that the manner in which this independence had been exercised had contributed to a degree of organisational isolation and insularity that needed to be addressed." [p.16]

Honestly, I wasn't laughing as I typed *cough*

"In regard to statistical risk management (an element of the ‘governance’ dimension of transformation and overseen by the Statistical Strategy Committee)4 , the ABS has adopted a more proactive and fit for purpose management of risk with a view to:

· more accurately foreseeing and managing the cumulative impacts of change on key economic and population statistics;
· enhancing the quality assurance for significant statistics;
· ensuring clear lines of accountability and clear governance; and
· ensuring risk management is streamlined, pragmatic and actually makes a difference, without unnecessarily stifling innovation." [p.18]

Despite the fact that a recent Freedom of Information application revealed a January 2016 privacy breach by the ABS which released the contact details of 5,245 individuals, your personal details are always safe with us

"Privacy is a foundation of all statistical agencies, and the ABS is no exception – protecting privacy remains the number one priority of ABS and its staff, and it is a requirement in the ABS’s governing legislation. The ABS is committed to upholding the privacy and secrecy of all of the information it collects. Maintaining the trust and support of the Australian community is critical for the ABS to effectively carry out its functions, and is a key measure of organisational success set out in the ABS Corporate Plan1." [p.24]

See, it’s not our fault!

"The online Census DDoS attack of 9 August 2016 was against an IBM system not an ABS one." [p.27]

It all went like clockwork according to plan ‘we’ got there in the end. What was the question again?

"The new approach:

*Changed the way Census materials were delivered and information is returned by the public. Australia Post’s mail service was used to deliver and return required materials from the majority of households. The majority of households responded online. Households are able to request a paper form through an automated phone service if they preferred or needed to respond by paper. These changes were designed taking into account international best practices in Census taking and build on the Australian public's increasing access to and use of the internet, while also providing a paper response options for others
*Removed the need for Census Field Officers to visit every dwelling. The use of approach and reminder letters were planned to allow half of all Australians to respond to the Census before household visits were required. Household visits were planned to provide support to any households that required it, deliver additional materials and remind households to complete the Census.

*Allowed for approaches to be tailored to the needs of different areas. In some areas of Australia, where the postal service was likely to be unsuitable or insufficient address information was known, Census Field Officers delivered materials to each dwelling, enabling residents to either complete their form online or mail back a paper form. In other areas where a high proportion of residents were expected to need to complete the Census form on paper, all households were delivered paper forms in addition to login numbers (e.g. in areas where there is a higher proportion of older residents).

*Provided the ability to monitor progress on a near real-time basis through the integration of management information from Census Field Officers using handheld devices, call centre agents receiving public enquiries, completed online Census forms and completed paper Census forms when received by the secure Data Capture Centre. This information was be used to highlight areas of lower response, or any other issue, so that alternative strategies were enacted quickly to respond to these problems as they arose. In previous Censuses, such timely management information to inform operations was not available. This new approach planned to deliver savings of $100 million in the running of the 2016 Census compared to the 2011 Census. The digital-first Census will also establish a sustainable model for the Census 2021 and beyond." [p.53]

Just to make sure everyone knows ABS is publicly breaching a business contract I'm helpfully spelling it out for you across 13 paragraphs – and by the way, it’s all IBM’s fault

"The ABS is obliged to notify the Committee that the following subsection "Online Census" contains Confidential Information under the terms of the contract with IBM (ABS2014.105 Services for eCensus and Data Capture Solution)…..
The subsection containing Confidential Information under the terms of the contract with IBM (ABS2014.105 Services for eCensus and Data Capture Solution) concludes" [pp.61-63]

On 9 August 2016 I began to furiously tap dance so that my excessive annual salary was protected

“8:26pm -- the Australian Statistician provided an initial telephone briefing to the Hon Michael McCormack MP, the Minister for Small Business who has Ministerial oversight for the ABS. The Australian Statistician provided updates to the Minister during the evening.” [p.67]

You are getting sleepy, very sleepy….and when you wake up you won’t recall that a mini industry is developing in re-identification research and, formulas used to breach privacy as well as re-identification attack results have been reported/
published exposing the total anonymity myth

“Consistent with the quality studies undertaken as part of the 2006 Census Data Enhancement program mentioned previously, a non-identifying grouped numeric code was assigned to all records in the ACLD following the 2011 Census using a combination of letters from first and last names using a secure one-way process. For example, "Joe Blake" might become “100321”. Each code represents approximately 2000 people and therefore is not unique to an individual. Since a large number of different names receive the same hash value, it cannot be reversed to identify individuals. However,a particular name and surname will always code to the same hash value so that it is a useful linking variable.” [p.78]

I deliberately waited until mid-morning on a Friday at the start of December 2015 school holidays before announcing the ABS was retaining Census names and addresses indefinitely, hoping you all wouldn’t notice

“This decision11 was announced on 18 December 2015, accompanied by a media release12 and publication of the Privacy Impact Assessment 13 on the ABS website”. [p.84]

We’re right and the rest of you are plain wrong

"* Privacy of information is important to the ABS and the community. However, this also needs to be seen alongside the proposed community benefits from use of personal data to produce reliable statistics, as well as the mechanisms available at the ABS to produce statistics while preserving privacy. The 2016 Census public commentary has predominantly focussed on the first aspect while largely ignoring the second and third aspects.

*Community attitudes to privacy and trust in the ABS to secure and effectively use personal data to produce statistics of value to the community appear to be quite different from the views of some public commentators who may have presumed that their opinions are widely shared across the Australian community." [p.85]

We’re allowed to be highly subjective or just make things up if 'we' want to – so there!

"There is no requirement to engage an external consultant to conduct a PIA [Privacy Impact Assessment] in the best practice guidelines of the Office of the Australian Information Commission. The ABS sought advice from the Office of the Australian Information Commission on the 2016 PIA, and followed their best practice guidelines issued by that Office." [p.118]

No comments: