
Melbourne professor quits after government pressure about reporting data breach - nbgl
https://www.theguardian.com/australia-news/2020/mar/08/melbourne-professor-quits-after-health-department-pressures-her-over-data-breach
======
DarthGhandi
This is horrible but not surprising, the government was told beforehand it was
a bad idea and within a few months ended up with egg on their faces. Instead
of remedying the situation they shoot the messenger.

Dr Teague was also part of the team that found flaws in the Swiss e-voting
system used in Australia state elections, nothing was done about and she was
written off, the attack was deemed impractical as it required a corrupt
official.

She's a national treasure and a regular source of embarrassment for the
technologically illiterate bureaucrats responsible for such poor decisions.

~~~
Aeolun
> she was written off, the attack was deemed impractical as it required a
> corrupt official

I think that hit a bit too close to home for most of the government.

------
oska
Vanessa Teague:

> I can't believe @healthgovau is still saying "The dataset does not contain
> the personal information of patients." We have shown many of the patients'
> records can be easily and confidently identified from a few points of
> medical or childbirth info.

[https://twitter.com/VTeagueAus/status/1236402085974798336](https://twitter.com/VTeagueAus/status/1236402085974798336)

~~~
ShroudedNight
> "The dataset does not contain the personal information of patients."

As far as I can tell, 'personal information' is potentially the _only_ thing
this data set contains. Further, the information is _so_ personal that the
Australian government hoped that it would be infeasible to cross-reference it
with other data and use it to _identify_ the persons involved.

------
Thorrez
> The breach so shocked the government, the then attorney general, George
> Brandis, quickly announced plans to criminalise the act of re-identifying
> previously de-identified data, although ultimately the legislation never
> passed before the 2019 election.

If Australia makes it illegal to re-identify information, what about
information that has been re-identified outside Australia then distributed
into Australia?

~~~
rs23296008n1
If you're going to start using logic and reason with this issue then that
government will simply outlaw those as well. This government has already set a
precedent of having overridden the basic limits of mathematics before. See
also: anything to do with encryption.

~~~
Tecuane
Relevant article, for the curious:
[https://www.independent.co.uk/news/malcolm-turnbull-prime-
mi...](https://www.independent.co.uk/news/malcolm-turnbull-prime-minister-
laws-of-mathematics-do-not-apply-australia-encryption-l-a7842946.html)

~~~
incompatible
Former prime minister. His mathematics quote was a worded a bit strangely, but
I think he was basically saying
[https://www.xkcd.com/538/](https://www.xkcd.com/538/)

~~~
brokenmachine
No, he was literally saying that he didn't care about reality.

He was a lawyer, so would be quite aware of the meaning of the words he was
uttering.

~~~
incompatible
I doubt that he imagined that he could write a law that would force the
encryption algorithms to yield to the ASIO. It was all about using a big stick
to force people to help break encryption, by inserting back doors etc.

Sure he was a lawyer and banker and probably never should have been involved
with things like encryption and the NBN, but that's politics for you.

------
DoofusOfDeath
When organizations claim to have "anonymized" a data set, what exactly does
that mean?

I.e., do they mean that nobody _they_ talked to could think of a way to
recover the identity of even one individual in the set with 100% certainty? Or
is there some information-theoretical or legal standard of anonymization
they're claiming to have met?

~~~
DEADBEEFC0FFEE
In hwalthcare there usually an ethics panel, that will look at the data, and
look for way to reduce re-identification.

The common example is the one-legged child with cancer from a remote town. You
can remove a the PII columns and it's pretty easy to find that person.

~~~
rzzzt
One way around that is to drop all cases below a certain occurrence threshold,
ie. if there aren't at least 1000 people in the same town with the same
condition, they aren't getting into the dataset.

(The downside is that rare diseases might fall through the cracks.)

------
alfiedotwtf
How long before she gets raided and her copy of the dataset and research gets
taken away

... all the while as the government forgets that it’s all available on the
internet ️

------
raxxorrax
This is the worst kind of personal data leak. Government cannot keep any data
safe. The only way is to not collect the information. The reaction of the
government is predictable and poor.

Now it has hit Australia, but it could be have been any other country since
data collection seems to be en vogue. Probably gives the impression of
control, the usual.

------
basicplus2
There needs to be Australian Standards developed that everyone must comply
with to annonymise personal data

~~~
emmelaich
There was a guideline: "Process for Publishing Sensitive Unit Record Level
Public Data as Open Data"

and now a standard: "Privacy (Australian Government Agencies – Governance) APP
Code 2017"

See [https://www.oaic.gov.au/privacy/privacy-
decisions/investigat...](https://www.oaic.gov.au/privacy/privacy-
decisions/investigation-reports/mbspbs-data-publication/#lessons-for-the-
department-and-other-personal-information-custodians)

------
eloop
If the university followed through on that last paragraph why did she resign?

------
kop316
To anyone coming to the comments, the title is misleading. The health
department is pressuring her "to stop her speaking out about the Medicare and
PBS history of over 2.5 million Australians being re-identifiable online due
to a government bungle."

~~~
rstuart4133
I'm not sure what is misleading about it. She has actually resigned from the
University or Melbourne:
[https://twitter.com/VTeagueAus/status/1233241830994481152](https://twitter.com/VTeagueAus/status/1233241830994481152)

~~~
kop316
The title changed since I posted this. The original title implied the
professor leaked the offending data.

------
aschatten
The title is just horrible.

~~~
dang
The best way to complain about a title is to suggest a better one. Better
means: more accurate and neutral, preferably using representative language
from the article. When someone suggests a better title, we're happy to change
it.

Edit: I've taken a crack at fixing it now.

------
forkexec
Pardon my ignorance, but it seems like there should be standard ways of
irrevocably anonymizing data and reversible means given a private key.

Off the top of my head, only the latter is necessary if throwing away a random
key for the previous to be equivalent (or run the plaintext through SHA-3 20
times in feedback instead.). Say 100 rounds of AES-256 in feedback. Fixed
integer-only fields could be XORed with a private key of the length of the
field (OTP).

Any other ideas, please add a comment.

~~~
akiselev
Yes, turning data into a bunch of (ideally) random bits using encryption is an
effective way of annonimizing.

