Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) — which is why the Australian government's decision to collect and retain — for 10 years — personally identifying information on census participants is such a big deal.

The Australian Bureau of Statistics has suffered 14 data breaches since 2013. Now they're proposing to gather the most intimate and potentially compromising information possible on literally every Australian, centralise it, and retain it. IBM has the contract to maintain the security of this data, and one of their security architects, Philip Nye tweeted (then deleted) a question about this, directed to Troy Hunt of the Have I Been Pwned? clearinghouse: "Will your pwned database handle the entire Australian population when Census data is inevitably leaked?"

The ABS hasn't articulated any specific reason to retain this information, only that it "will increase the value of census data."

Meanwhile, Australians are planning mass acts of civil disobedience, ranging from falsifying their census data to refusing to take the census at all, risking large, daily fines for noncompliance.

This is a disaster. Without accurate census figures, there's evidentiary footing on which to plan policy, nor any reliable way of assessing the outcomes of policy. Australia is an advanced, technologically intense country facing significant environmental challenges, embroiled in a disgusting humanitarian disaster relating to refugees, with intrinsic logistical problems stemming from its massive and often inhospitable geography. It needs a thoroughly involved government to function (see also).

Anything you collect will probably leak. Anything you retain will definitely leak. Playing games with the census is the kind of recklessness that should disqualify the culprit from any position of responsibility.

Meanwhile, data scientists are concerned data integrity will be harmed as many people may refuse to complete the census or deliberately provide false information as an act of civil disobedience, even though it is illegal to do so. "Even on a relatively small scale, acts of civil disobedience with regard to the census could seriously skew the data," warned privacy advocacy group Electronic Frontiers Australia.

The ABS will certainly try to force compliance—fines range from AUS$1800 (~£1,000 or ~$1,370) for providing false information to AUS$180 per day for failing to submit the form. But the agency will have no real way to verify the answers provided by those who do complete the form as accurate. Failure to vote in the Federal Election last month resulted in only a AUS$20 fine.

Someone set up a website,, to give advice to Australians concerned that their personally identifying information will be linked to other sensitive information such as religion, income, etc., in the census form.

The ABS says it will store names and addresses separately from other census responses, with names replaced by "anonymous linkage keys." However it is not clear how these will be generated. According to Electronic Frontiers Australia, the keys are likely to be a "14 character alphanumeric string made from components of your first and last names, birthdate, and sex."

Censusfail [Electronic Frontiers Australian]

Australians threaten to take leave of their census
[Jennifer Baker/Ars Technica]