On 21 September 2016 the Australian Chief Statistician, David Kalisch, made a submission on behalf of the Australian Bureau of Statistics to the Senate Economics References Committee Inquiry into the 2016 Census.
This document was listed as submission number 38 and briefly published on the relevant parliamentary webpage.
It has since disappeared, but one enterprising soul with an IT background had already downloaded a copy and posted all 123 pages online here.
Here is my personal interpretation of some of the submission's contents.....
#CensusFail is IBM’s
fault
"The online Census system
was hosted by IBM under contract to the ABS and the DDoS attack should not have
been able to disrupt the system. Despite extensive planning and preparation by
the ABS for the 2016 Census this risk was not adequately addressed by IBM and
the ABS will be more comprehensive in its management of risk in the future.
However, once the system had been affected, the ABS took the precaution of
closing the online Census form to safeguard and to protect data already
submitted, protect the system from further incidents, and minimise disruption
on the Australian public by ensuring reliable service." [p.4]
Even though ABS didn’t
inform widely inform Australia of personal information & data retention plans ‘we’ knew in our hearts that the general public wasn’t going to mind
"In December 2015, the
ABS announced a change in the length of time Census names (and addresses) would
be retained, building on the increased capability of the ABS to integrate
Census data with other sources safely and effectively, as demonstrated by the
2006 and 2011 Census Data Enhancement programs. The time frame for which names
and addresses would be retained was extended from the end of the Census
processing period until there was no longer any community benefit to their
retention. The ABS made this decision following a public consultation process
and on the basis that independently run focus group research indicated that
support for the change and significant public concern would be unlikely." [p.5]
Even though deliberate failure to
complete a Census 2016 form would lead to conviction and hefty fine and ABS
repeatedly stated so in the mainstream media, the fact that most Australians
completed a form was not because they were compelled but because they cared so little about their personal privacy
"...sentiment testing, both
before and after 9 August, showed that only a very small minority of
Australians considered privacy concerns to be a barrier to them completing the
Census. The small level of general community concern about privacy in relation
to the 2016 Census was similar to that observed in the 2011 Census, as also
shown by the high levels of participation in the 2016 Census." [p.6]
#CensusFail is also the federal
government’s fault
"Over the last 15 years,
ABS resources have generally been reducing. Its staff numbers have fallen by
14% and the budget appropriation (in real terms) has also fallen by 14%. In
contrast, the demands on the ABS to properly measure the economy, society and
the environment, and respond to the requirements of governments, has increased
and become more complex….In line with ABS forward funding (Figure 2.2),
non-Census staffing affordability decreases significantly over the next four
years with required reductions of approximately 400 staff in 2016-17, 300 in
2017-18, and then a further 40 in 2018-19." [p.14]
The chief statistician
before me sucked
"In 2013 the Australian
Public Service Commission (APSC) undertook a capability review3 of the ABS, as
part of a broader program of reviews of Government agencies. The review team,
led by Tony Cole AO, found that the ABS is “widely regarded as one of the best
statistical agencies in the world. It has a strong reputation as a highly
respected and trusted institution”. While the reviewers noted that the
independence of the Statistician was a prerequisite to this respect and trust,
they also noted that the manner in which this independence had been exercised
had contributed to a degree of organisational isolation and insularity that
needed to be addressed." [p.16]
Honestly, I wasn't laughing as I typed *cough*
"In regard to statistical
risk management (an element of the ‘governance’ dimension of transformation and
overseen by the Statistical Strategy Committee)4 , the ABS has adopted a more
proactive and fit for purpose management of risk with a view to:
·
more accurately foreseeing and managing the cumulative impacts of change on key
economic and population statistics;
·
enhancing the quality assurance for significant statistics;
·
ensuring clear lines of accountability and clear governance; and
·
ensuring risk management is streamlined, pragmatic and actually makes a
difference, without unnecessarily stifling innovation." [p.18]
Despite the fact that a
recent Freedom
of Information application revealed
a January 2016 privacy breach by the ABS which released the contact details of
5,245 individuals, your personal details are always safe with us
"Privacy is a foundation
of all statistical agencies, and the ABS is no exception – protecting privacy
remains the number one priority of ABS and its staff, and it is a requirement
in the ABS’s governing legislation. The ABS is committed to upholding the
privacy and secrecy of all of the information it collects. Maintaining the
trust and support of the Australian community is critical for the ABS to
effectively carry out its functions, and is a key measure of organisational
success set out in the ABS Corporate Plan1." [p.24]
See, it’s not our fault!
"The online Census DDoS
attack of 9 August 2016 was against an IBM system not an ABS one." [p.27]
It all went like
clockwork according to plan ‘we’ got there in the end. What
was the question again?
"The new approach:
*Changed the way Census
materials were delivered and information is returned by the public. Australia
Post’s mail service was used to deliver and return required materials from the
majority of households. The majority of households responded online. Households
are able to request a paper form through an automated phone service if they
preferred or needed to respond by paper. These changes were designed taking
into account international best practices in Census taking and build on the
Australian public's increasing access to and use of the internet, while also
providing a paper response options for others
*Removed the need for
Census Field Officers to visit every dwelling. The use of approach and reminder
letters were planned to allow half of all Australians to respond to the Census
before household visits were required. Household visits were planned to provide
support to any households that required it, deliver additional materials and
remind households to complete the Census.
*Allowed for approaches
to be tailored to the needs of different areas. In some areas of Australia,
where the postal service was likely to be unsuitable or insufficient address
information was known, Census Field Officers delivered materials to each
dwelling, enabling residents to either complete their form online or mail back
a paper form. In other areas where a high proportion of residents were expected
to need to complete the Census form on paper, all households were delivered
paper forms in addition to login numbers (e.g. in areas where there is a higher
proportion of older residents).
*Provided the ability to
monitor progress on a near real-time basis through the integration of
management information from Census Field Officers using handheld devices, call
centre agents receiving public enquiries, completed online Census forms and
completed paper Census forms when received by the secure Data Capture Centre.
This information was be used to highlight areas of lower response, or any other
issue, so that alternative strategies were enacted quickly to respond to these
problems as they arose. In previous Censuses, such timely management
information to inform operations was not available. This new approach planned
to deliver savings of $100 million in the running of the 2016 Census compared
to the 2011 Census. The digital-first Census will also establish a sustainable
model for the Census 2021 and beyond." [p.53]
Just to make sure
everyone knows ABS is publicly breaching a business contract I'm helpfully
spelling it out for you across 13 paragraphs – and by the way, it’s all IBM’s
fault
"The ABS is obliged to
notify the Committee that the following subsection "Online Census"
contains Confidential Information under the terms of the contract with IBM
(ABS2014.105 Services for eCensus and Data Capture Solution)…..
The subsection
containing Confidential Information under the terms of the contract with IBM
(ABS2014.105 Services for eCensus and Data Capture Solution) concludes" [pp.61-63]
On 9 August 2016 I began to furiously tap dance so
that my excessive annual salary was protected
“8:26pm -- the
Australian Statistician provided an initial telephone briefing to the Hon
Michael McCormack MP, the Minister for Small Business who has Ministerial
oversight for the ABS. The Australian Statistician provided updates to the
Minister during the evening.” [p.67]
You are getting sleepy,
very sleepy….and when you wake up you won’t recall that a mini industry is developing in re-identification research and, formulas used to breach privacy as well as re-identification attack results have been reported/
published exposing the total anonymity myth
“Consistent with the
quality studies undertaken as part of the 2006 Census Data Enhancement program
mentioned previously, a non-identifying grouped numeric code was assigned to
all records in the ACLD following the 2011 Census using a combination of
letters from first and last names using a secure one-way process. For example,
"Joe Blake" might become “100321”. Each code represents approximately
2000 people and therefore is not unique to an individual. Since a large number
of different names receive the same hash value, it cannot be reversed to
identify individuals. However,a particular name and surname will always code to
the same hash value so that it is a useful linking variable.” [p.78]
I deliberately waited
until mid-morning on a Friday at the start of December 2015 school holidays
before announcing the ABS was retaining Census names and addresses indefinitely,
hoping you all wouldn’t notice
“This decision11
was announced on 18 December 2015, accompanied by a media release12
and publication of the Privacy Impact Assessment 13 on the ABS website”. [p.84]
We’re
right and the rest of you are plain wrong
"* Privacy of information
is important to the ABS and the community. However, this also needs to be seen
alongside the proposed community benefits from use of personal data to produce
reliable statistics, as well as the mechanisms available at the ABS to produce
statistics while preserving privacy. The 2016 Census public commentary has
predominantly focussed on the first aspect while largely ignoring the second
and third aspects.
*Community attitudes to
privacy and trust in the ABS to secure and effectively use personal data to
produce statistics of value to the community appear to be quite different from
the views of some public commentators who may have presumed that their opinions
are widely shared across the Australian community." [p.85]
We’re allowed to be highly subjective or just make
things up if 'we' want to – so there!
"There is no requirement
to engage an external consultant to conduct a PIA [Privacy Impact Assessment] in
the best practice guidelines of the Office of the Australian Information Commission.
The ABS sought advice from the Office of the Australian Information Commission
on the 2016 PIA, and followed their best practice guidelines issued by that
Office." [p.118]
No comments:
Post a Comment