The UK's Office for National Statistics (ONS) has strongly denied it hands census data over to police and law enforcement agencies – and claims it has "never" handed personal information to the security services.
In a Freedom of Information Act response published on its website, the ONS came out fighting when a member of the public asked if the stats agency handed personal data from the UK census to law enforcement bodies.
Concern has swirled for years about the security of census data, both from ne'er-do-wells and state snoopers looking to expand their little empires. With the British government's finely honed instinct for casually repurposing data collected for good reasons into something completely different, it's right that people want to know that data innocently handed to the government isn't going to be turned against them later on.
Somebody asked whether this 2011 commentary on the census by Amberhawk Training was still accurate 10 years later. It highlighted how census data could be lawfully purloined by government agencies for their own purposes.
Uncompromisingly, the ONS replied:
The UKSA [Statistic Authority], the ONS and the National Statistician will never volunteer to disclose personal information for any non-statistical purpose. If disclosure is sought, such as through a court order, the UKSA and the National Statistician will always refuse to allow it, and will contest the case to the maximum extent possible under the law, using each stage of appeal in the Courts if necessary, in order to ensure statistical confidentiality; and will do so in an open, public and transparent manner, to the extent permitted under the law.
Not only that, the agency said it had "never passed information onto the security services." Such an unambiguous response is exceedingly rare from any organ of the British state – and is all the more welcome for it.
The law is section 39 of the Statistics and Registration Service Act 2007. Subsection 4 lists all the occasions on which the state can help itself to census data for any reason other than counting how many people are at home on a given day, including for "criminal investigation" or to "approved researchers."
An ONS spokesman echoed that FoI response when we asked about it, telling The Register: "Aggregated census data helps to inform decisions nationally and locally on vital services and issues like diversity. However, personal census information can't be used to change any service an individual gets, and it can't be seen by anyone who makes decisions about them. For example it cannot be used by government to influence benefit claims, a residency application, immigration status or taxes, or by landlords or any other private organisation."
UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs toldREAD MORE
Chris Pounder, director of Amberhawk Training (and whose column ran on El Reg a decade ago in the runup to the 2011 census) told us: "The ONS should not have been given powers that it has no intention of using; the result is that census data is now dependent on ONS discretion whether or not to allow further use or disclosure. Although the current National Statistician says he is willing to fight the issue through the courts to the death, the next National Statistician (appointed by ministers) might be more 'co-operative' with respect to Government's National Data Strategy and agree to wider use and disclosure."
Pounder has a good point: the safeguards against misuse of census data do essentially depend on how the ONS feels about a particular request on a given day. If its policy is always to refuse, however, that is encouraging.
Security also applies in the other direction
The Ministry of Defence evidently doesn't trust any of this: its personnel and contractors alike were ordered not to fill in certain questions, with the ONS's grudging blessing. Laws only work against those who agree to obey them, after all.
Ministry of Defence tells contractors not to answer certain UK census questions over security fearsREAD MORE
During the census earlier this year, a Reg reader pointed out an apparent vulnerability. British residents were sent paper forms in the post that included a unique code. You then entered that code into the government website at census.gov.uk and filled it in from there.
What happened, however, if you lost the paper form before filling in the census and didn't know your code? The system allowed you to go online and request a new code for your address.
Crucially, as Reg reader Abi spotted, there was no authentication on that reset. Anyone could request a new code for any address in the UK and then input whatever data they liked.
At the time, the ONS said to El Reg: "It is an offence to fraudulently request and use an online access code for a household that is not your own. We have a series of robust systems in place to avoid multiple responses from the same household and will investigate any instance where there are two or more census returns for one household."
As a design choice it seemed logical that not validating the code reset in any way seemed quite unwise to us. Hopefully by 2031 bright minds will have come up with a better way of doing things – and your correspondent looks forward to reading this article again in a decade if the answer is "no." ®