A couple of years after it happened, Australian citizens are finally being (indirectly) informed their government harvested cell site location info to track their daily activities. This isn't the work of an intelligence agency or a secretive law enforcement effort. Instead, it's an (unannounced) partnership between the Australian Bureau of Statistics (which handles the Australian Census) and a cellphone service provider. The provider apparently willingly turned over cell site info without a court demand, government mandate, or consultation with its customers. Asher Wolf has the details at Medium:
The ABS claims population estimates have a “major data gap” and so they’ve been a busy bee figuring out a way to track crowd movement. Their solution? Mobile device user data.
“…with its near-complete coverage of the population, mobile device data is now seen as a feasible way to estimate temporary populations,” states a 2017 conference extract for a talk by ABS Demographer Andrew Howe.
While the “Estimated Resident Population” (ERP) is Australia’s official population measure, the ABS felt the pre-existing data wasn’t ‘granular’ enough. What the ABS really wanted to know was where you’re moving, hour by hour, through the CBD, educational hubs, tourist areas.
Third-party records are almost always easily-accessible. They are subject to very limited protections. But generally when the government wants access to records, it's because they're targeting someone in a criminal or national security investigation. What few people expect is for the government to obtain this data en masse, then proudly proclaim its usefulness a couple of years after it's already made use of it.
Cellphone users weren't informed of the government's plans. And the telco made no effort to inform affected customers or give them an opportunity to opt out. While it may look like an innocuous effort to gauge temporary population increases linked to special events and holiday weekends, the information obtained could easily be mined to gain insight on traffic to places of worship, government buildings, airports, workplaces, and protests.
Supposedly, the information has been anonymized. It obviously hasn't been completely stripped of personal information. The slide deck [PDF] detailing the effort notes the data can be broken down by age and sex. The anonymization claim is made without any support from the ABS, which still has yet to provide any further info -- much less a privacy impact assessment -- via its website.
As Wolf points out, the ABS doesn't exactly have a great track record on either data anonymization or protecting the massive amount of data it collects.
Considering the last attempt by a government department to roll-their-own-crypto resulted in the MBS/PBS data breach of 2.5 million Australians, it’d be nice to know exactly how the ABS or telco anonymised and aggregated the data — especially since the ABS on-sells micro-data, from time to time.
As other rights agencies and activists note, the collection of personal info in bulk by the government is always alarming. At best, the techniques deployed here are "deeply unethical." At worst, they conjure images of the worst government behavior: the use of personal info to target specific groups for additional surveillance or internment (as was done with the Japanese during World War II using US Census data). The entire project was undertaken with zero public notice by an agency already known for being cavalier in its treatment of the wealth of personal information obtained through the Census.
ABS has promised more answers but has ignored Wolf's direct questions about study -- including the telco involved and the method used to anonymize the data. When it finally delivers its "detailed information paper" -- two years after the fact -- it's unlikely the details will include the answers Wolf is seeking.
Source