As part of my commitment to keeping our members informed about key issues affecting the ICT profession, I’ll be sharing my opinions more regularly in Information Age.
One issue currently gathering momentum relates to the upcoming Census. On August 9th, Australians are legally required to take part in the Census and this year most will complete it online. However, there are growing concerns amongst cybersecurity professionals about how the data is being collected and stored.
The Census creates one of the largest single repositories of personal information about the Australian community and is an essential aid to Government planning decisions. But in a context where Australia loses at least $1 billion per annum (and some analysts suggest up to $17 billion) to cybercrime and identity theft, Census data represents an irresistible honey-pot for hackers.
Associate Professor of Cyber Security at UNSW and ACS Board Director, Richard Buckland, is concerned about privacy issues arising from changes to the way the Australian Bureau of Statistics (ABS) plans to collect and store this year’s Census data.
“This is the ultimate Big Data about Australians, but even the data the ABS considers to be de-identified contains enough other information to uniquely fingerprint most people,” he said. “There needs to be greater public scrutiny and public discussion about how our private data will be safely anonymised.”
While the ABS traditionally destroyed the names and addresses associated with Census data 18 months after collection, it now plans to retain them for up to four years, claiming that earlier destruction in the past, “reduced the value of the Census data and the ability for it to be used to inform future planning and decisions.”
This suggests that identification data could be used in conjunction with other aggregated data to provide a richer picture of the lifestyles and relationships of all Australians.
The ACS appreciates the critical role this data plays in helping government decision-makers plan for the future. However, we also recognise the enormous value such data offers on the black market and the massive temptation it represents for hackers and identity thieves.
One only has to watch white hat hacker Kevin Mitnick, (formerly the FBI’s most wanted), in action to recognise that a skilled and determined hacker can penetrate the most rigorous defences.
Given that security is not a core expertise of the ABS, it’s not surprising that security experts are asking how the bureau will ensure that “all reasonable steps” (as defined by the Act) are taken to protect Census data from misuse and loss, unauthorised access or disclosure.
One potential risk is that, out of concern for their privacy, people might no longer be completely honest in their responses, compromising the integrity of the Census.
This issue highlights an enormous opportunity for Australia to develop our cyber security capability to create products and services for export.
The global cyber security market is predicted to be worth $639 billion by 2023. Australia could take a leadership role if we effectively address our own areas of risk and commercialise those solutions for other countries.
Notwithstanding the concerns I recently raised about possible privacy breaches of personal information, we should continue to strongly advocate the benefits of data sharing and Open Government Data (OGA) as a major driver of innovation and economic growth.
The ACS is keen to work with Government and other stakeholders to define the issues and identify strategies that could encourage substantial development in this key niche, with flow on benefits for the community and economy.