This week marks the end-of-financial-year here in Australia, which means it’s time for a stock-take: see where we are at, count the positives and negatives, and determine our net position. Are we in the red or the black?
So today, I thought I would do a stock-take of the year in privacy, reviewing both positives and negatives.
Herewith I present to you the Privacy Ledger for the Australian Government, FY 2016-17.
First, the privacy-positive side of the ledger
- A data breach notification law was finally passed.
- The government backed down on a Bill that would have allowed more sharing of veterans’ personal information without their consent.
- The government also backed down on the proposal to allow access to telco metadata for use in civil litigation (although, as the Attorney-General’s Department notes, “Civil litigants will still be able to access data that is not retained solely for purposes of the data retention scheme”).
- The Department of the Prime Minister and Cabinet agreed to develop a code with the Office of the Australian Information Commissioner (OAIC) to address concerns about data-handling in the Australian Public Service.
But then there’s also the privacy-negative side of the ledger
- The fiasco that was #Censusfail, when the census was taken offline for several days in response to a minor and utterly predictable DDoS incident, with the result likely impacting on the quality of census data … the response to which was for the government to accept every one of the recommendations made by the PM’s Cybersecurity Special Advisor Alistair MacGibbon, including a Cyber Bootcamp for ministers and senior public servants (but has that actually happened yet?), and an angry promise from the PM that “heads will roll”. (Though I had assumed he meant heads at the ABS or IBM, rather than an academic who criticised the census in tweets using some salty language.)
- Even before the Census website debacle, privacy concerns were being raised about the ABS’s proposal for Census data-matching, including by yours truly, former Chief Statisticians, several boycotting Senators, and lawyers questioning even its legality, the government response to which was … oh, to entirely reject the proposed additional privacy safeguards, but promise to communicate better in the future. (Sigh. Let me just beat my head against a brick wall.)
- Then the publicly-available ‘anonymised’ MBS/PBS dataset was re-identified by cryptographic academics.
- The government tried to deal with the MBS/PBS re-identification problem not with prevention or education but with a massive stick: a Bill that if passed would retrospectively criminalise the re-identification of government-released data.
- The Australian Public Service Commission’s dataset on 96,000 public servants was then swiftly also pulled offline after yet more re-identification risks were found.
- The human services disaster-zone known as ‘robodebt’ hit the news, with stories of its victims raising significant concerns about the very real human cost of automated data-matching programs, designed and conducted by Centrelink without due regard to data quality.
- The public persecution of clients who complained about Centrelink, by releasing their personal information to the media, including the despicable treatment of blogger Andie Fox which made me even more furious than I was about the Census. Instead of a quick and remorseful apology we got heel-digging and a rubbish argument from the minister that the disclosure was lawful.
- The Australian Human Rights Commission collected incredibly sensitive information from rape survivors for a research project without full ethical approval, one newspaper claimed. This was disputed by the commission, which said it had approval from the Human Research Ethics Committee at the University of NSW.
- Parliamentary Services were the cause of an embarrassing data breach, due to the use of poor redaction techniques on records about politicians’ expenses.
- The commencement of the mandatory data retention scheme requiring telcos to store certain data about their customers for two years, and allow warrantless law enforcement access to that data (except if the customer is a journalist, in which case a warrant is needed).
- Followed quickly by the first admitted data breach by the AFP for accessing a journalist’s metadata without a warrant.
- There was no budget increase for OAIC despite the in-coming data breach notification laws.
- A budget measure introduced drug-testing of welfare recipients. When it was pointed out to the Social Services Minister that the Privacy Act requires that the government must first gain informed consent from an individual to collect their health information, the minister responded with a frankly bullshit argument that by ‘choosing’ to accept welfare payments, his clients are ‘consenting’ to the new drug-testing regime, because “It’s open to anyone to not accept the payments … and remain outside the (welfare) system”. Right, because people choose to be poor and unemployed or under-employed.
- The explicit privacy promise made when the national shared electronic health record was first introduced – that it would be opt-in – was overturned with the budget confirming the shift to opt-out, meaning the default position will soon be the creation of a shared health record for every Australian unless you opt-out (but note that if you opt out after a certain period, your record won’t actually be deleted).
- The government announced $131M over three years for a new data-sharing and data analytics unit within PM&C, to “connect all the separate datasets from across the public service … to build longitudinal data about populations, businesses, the environment and government. The data will be de-identified and opened up to third parties” – an announcement made while the Government was still preparing its response to the Productivity Commission’s report into how to improve data-sharing.
- The secretariat for the Senate standing committee for foreign affairs, defence and trade, mistakenly emailed a transcript of an SAS officer’s secret ‘in camera’ evidence to every witness that appeared before the committee’s inquiry, which was examining the military’s use of resistance to interrogation training.
It’s not exactly a well-balanced ledger, is it?
This litany of privacy disasters, solely from the Australian Government and just in the past 12 months, simply doesn’t square with the rhetoric about government having or obtaining the social licence necessary for more data-sharing and data analytics.
We already see considerable scepticism from the Australian public about the re-use of their personal information by government for research or policy-making purposes, with the latest survey from the OAIC suggesting that 40% of Australians are uncomfortable with the idea.
I believe that the privacy ledger is so out of balance that we are now witnessing a profound loss of trust in government. This doesn’t just affect the Andie Foxes or the welfare recipients or the people whose metadata is collected by the police; it affects all of us. Because if the public loses faith in the government’s ability to handle personal information properly, then big-ticket, transformational policies and programs will stall, and public benefits will not be realised. When people don’t trust electronic health records, some will avoid medical treatment, thus impacting on public health outcomes. When people don’t trust what the ABS is going to do with their data, some won’t respond to the Census anymore, thus impacting on the quality and public value of the data.
Privacy Commissioner Timothy Pilgrim hinted at this, when he wrote to the Secretary of PM&C recently that, given the “several high profile privacy incidents in recent times”, there is an “urgent need” for action by the Australian Public Service to ensure compliance with privacy law, and “broader cultural change” to improve privacy protections, so as to “facilitate the success of the Australian Government’s broader data, cyber and innovation agendas”.
Pilgrim said that more work is needed by government to “build a social licence for its uses of data”, particularly in relation to proposed new uses and increasingly ‘open’ data. He suggested that social licence can only be built through transparency about intended uses of personal information, and effective privacy governance – the current deficiencies in which were the trigger for his letter. However he also noted that social licence can only be gained when “the broader community must believe that the uses of data which are permitted are valuable and reasonable”.
That letter was written in March, before the latest privacy-invading budget proposals were known. I can only imagine this situation will worsen, as people contemplate proposals like the created of shared e-health records for everyone by default, or the targeted-yet-random drug-testing ministerial thought bubble.
(Did the giant minds at Data61 ever imagine that they and their computing power would be tasked with such a crappy job as sifting through sewage analysis to pin-point drug-taking areas so that welfare recipients in those areas can then be chosen at ‘random’ for drug-testing? There I was complaining about the NSW Government seeking to use our water and electricity consumption data to identify slum landlords, but really, this latest proposal to use Big Data on effluent just boggles the mind. As Denham Sadler said in InnovationAus, “The plan has the potential to damage the “public good” reputation of the CSIRO and its data unit Data61 as its research smarts are press-ganged into a politically charged program.”)
Way to go, AusGov! How to ruin public faith in government data analytics: use it not to find a cure for cancer or to tackle wicked policy problems like child abuse or climate change, but to hunt down and punish vulnerable welfare recipients.
As Fairfax economics editor Peter Martin warns, when analysing the impact of the Centrelink ‘robodebt’ program, the failed promises and the targeting of dissenters: “Eventually we will become so sceptical that we will become impossible to win over, no matter how good the budget.”
Post-budget polling indicated precisely that: people simply no longer believe anything they hear from politicians, or they have stopped listening entirely. Only 26% of respondents thought the government could be trusted, “the lowest level since the poll began this measure in 1969.”
This loss of trust is not just about privacy, but has profound implications for the future of our democratic system of government. It’s time the government did its own stock-take, and realised the need to balance up the privacy ledger, before it is too late.
Anna Johnston is the Director of Salinger Privacy, and a former Deputy Privacy Commissioner for NSW. She will be speaking about how to mitigate privacy risks in projects at the Data+Privacy Asia Pacific Conference in Sydney on July 12.
Editor’s note: These incidents collectively serve to dismantle the public trust, regardless of whether the initial media reporting was wrong, or mistakes were subsequently rectified. Responses from agencies will be added when identified.