Thursday, June 09, 2016

We built big brother

You are being watched. The government has a secret system which contains records of everything you have ever done. Where you went to school. Where you worked. How much you earned. Who you lived with. Your sexual orientation. Whether you have ever been a victim - or a suspect - of crime. Whether you have ever had a mental illness or addiction problem. Where you went on holiday. Whether you have been on a benefit. What drugs you have been prescribed, and for what conditions. Your census records. Whether you have had a sexually transmitted disease. Everything you have ever told a government agency, or anything they have learned or inferred or suspected about you, all in one big database for them to look through.
It sounds like the introduction to a dystopian SF TV show. But it has happened here, in New Zealand, completely without notice.

The system is the Department of Statistics' Integrated Data Infrastructure. It integrates a multitude of government data sources, everything from benefit and employer data to IRD records and census returns. A host of intrusive, highly personal data, all in one place.

The data is supposed to be anonymised, and I have no doubt that Statistics New Zealand has done a though job of removing names, dates of birth, IRD numbers and addresses. But you only need three or four data points to identify someone from anonymised data, and this database has hundreds. If you know that someone lived in Central Auckland in 2013, was burgled in July 2015, and broke their leg in 2010, that's enough to individually identify them and expose their entire life-history for perusal.

The data is only supposed to be used for statistical purposes under Statistics New Zealand's (extremely rigorous) research protocols. At the same time, the mere fact of its concentration creates threats to privacy. There's the obvious security risk - hackers could download it all, and basically pwn everyone's privacy. There's the insider risk - Stats New Zealand staff taking the opportunity to perve through people's data for LOVEINT (or whatever) on them. Again, I have no doubt that Statistics New Zealand has robust protections in place to counter both of these risks.

But the under-the-radar risk is access by other government agencies. To point out the obvious: the data is a "document", so the police can demand your entire life history with a simple production order and no judicial oversight (they get it easy: they can demand the key as well). And of course the SIS or GCSB could demand it (or just covertly access it) and share it with all their foreign friends (assuming those foreign "friends" haven't hacked it already, because its exactly the sort of data they keep track of).

More importantly, there's the abuse of trust inherent in this. We give our information to the government for specific purposes, and under the assurance that it will only be used for those purposes. While we accept a certain level of cross-matching to serve those purposes - travel records and court warrants, for example - We don't expect our health records to be cross-correlated with our income taxes, or our travel history to be cross-correlated with childcare. This secret concentration and integration of data by the government is an abuse of the trust we have placed in it, and an abuse of our privacy.

And we are defenceless against it. With companies, you can just lie (and you should: you should lie about everything that it is not strictly necessary for a company to know to complete a particular transaction. Its a basic C21st defence mechanism). Or you can refuse to deal with them. But the government can compel both interaction and truth, and jail us if we refuse either. Which means we go into their database, whether we want to or not.

In the UK, GCHQ and MI5 are currently in shit because they've been collecting "bulk personal datasets" of travel and financial data (which naturally they fuse with communications metadata and spied-on emails). What we're doing here goes well beyond that. And while the intention isn't to spy - its all about using "Big Data" to mine for policy proposals - it creates a hell of a capability. And a capability that is simply too dangerous to exist in a free and democratic society.

This system must be destroyed, and its data deleted. And I will vote for any politician who promises that.