Wednesday, June 19, 2019

StatsNZ to not engage in mass-surveillance

Correction: More information on this has emerged, and it appears the information will be aggregated before StatsNZ sees it. See the update section at the bottom of the post for further information.

Statistics New Zealand is planning to track everyone through their cellphones "for statistical purposes":

Stats NZ is partnering with cellphone companies to launch a new way of tracking people's movements every hour.

The population density programme will launch next month and Statistics Minister James Shaw said he was aware there would be perception issues around every step being recorded.

Mr Shaw said cellphone companies and credit companies already held that level of detail, but for the first time Stats NZ was able to act as a data broker to identify trends and patterns with the anonymised information.

James Shaw stupidly compares this to census night, where in theory everyone fills out a form saying where they are. But tracking people on an hourly basis is orders of magnitude more intrusive. He also assures us that the data will be kept secure. That would be the same as the IDI data, which had 24 identifiable breaches between 2015 and 2018?

Meanwhile, there's the obvious problem: cellphone users never consented to this. While cellphone companies collect the data as part of how the network works, their users have never consented to it being shared, and there's no suggestion that they are being legally compelled to provide it. As with the IDI, its a gross abuse of people's privacy. I'm also wondering why cellphone companies are retaining this data in the first place. Its personally identifying information, Privacy Principle 9 applies, so they have a strict obligation to retain it no longer than necessary.

If you are upset about this, I suggest you contact your cellphone provider. If the government won't listen, maybe a bit of consumer backlash is in order.

Update: When I posted this, I was assuming that StatsNZ would be receiving "anonymised" raw location data. I've since been sent the privacy impact assessment for the project, which makes it clear that this is not the case:
The information Data Ventures acquires is anonymised by the data providers providing it and consists of a count in an area within an hourly range. It does not contain any information which will allow for the identification of an individual by Data Ventures. Therefore, the information received by Data Ventures is not personal information within the meaning of the Privacy Act and it does not apply in relation to the Population Density product.

Counts by statistical area seems fairly harmless, and non-intrusive, though it still raises questions about the consent of users. StatsNZ / Data Ventures' position is that this is all according to their clickwrap, take-it-or-leave-it user agreements, so everything is OK. I think there's real questions about consent here, and the companies involved should be identified so users with a preference for high privacy can vote with their feet (as people like me already are by not using cellphones). But then there's this:
Data Ventures has indicated on its website there may be the possibility for the creation of related products concerning demographics and travel patterns. Such products may require additional data attributes to those collected for the Population Density product and, if they go ahead, would need further PIAs to assess potential privacy risks.

This seems to require far more intrusion - demographics requires either cellphone providers to collect this data on StatsNZ's behalf, or to provide disaggregated data for later matching. Travel patterns requires someone - which may be telcos - to start looking at where individual phones are going, rather than just how many are in a large area at a particular time. And that's a whole new level of creepy. Especially when you consider that the data is collected for network purposes and therefore shouldn't be used for anything else.

As with the IDI, there is a real issue of public consent and social licence here. Our public service seems to be getting into spying for convenience, without asking us first. If we want to stop it, then we need to send a clear message to politicians that our data belongs to us, and they don't get to use it for whatever they want just because they can. Alternatively, vote with your feet, and make it useless.