The Australian Bureau of Statistics aimed big in its push to digitise during the 2016 census, and in 2021 is at pains to ensure that the latest households survey will not be labelled another "censusfail" on August 10.
Subscribe now for unlimited access.
or signup to continue reading
More than 1 million forms have already been submitted online by Australian households in the week before Tuesday's census night. Many millions more will submit theirs in a few days' time.
Compared to 2016 survey, which introduced two major changes - online-by-default and retention of names and addresses - the non-question changes this year are more back-end and less noticeable to the public.
Julian Doak, the ABS's chief information security officer, said that is intentional. The bureau focused on field tests involving more than 100,000 households, while simultaneously limiting in-person interactions as much as possible.
"This big difference this time is due to Covid, which is not unexpected. We got to exercise these [protocols] in three states with different levels of Covid restrictions," he said.
But it won't be lockdowns or anything to do with the pandemic that the bureau's executives will be most closely monitoring on census night. They'll have a finger ready to shut down the survey, like what occurred for three days in 2016 between August 9 and 11.
IBM told an inquiry it pulled the plug out of "an abundance of caution" that the security of the data could have been compromised through the website after one of the systems used to monitor the eCensus site failed.
Four distributed denial of service (DDoS) attacks occurred on the reference date of the 2016 survey, the inquiry found. One of the attacks knocked systems offline briefly, but a faulty configuration on a router meant they couldn't be automatically restored. At that point 1.8 million household responses had already been successfully processed with no data compromised, several inquiries found, including to the satisfaction of the Australian Privacy Commissioner.
Mr Doak and his security team know the public will be expecting some kind of attack on the census, and have spent significant time on their communications strategy if that does happen to inform people quickly in a useful way - before Twitter users decide their own narrative.
"I think people will be expecting the same stuff. This is in the news all the time with ransomware attacks against large and small companies. Private sector or public sector, it doesn't really matter," he said.
The entire eCensus site has been rewritten for the latest survey, Mr Doak said. The bureau partnered with CyberCX and shared the source code with trusted ethical hackers to identify weaknesses as they attempted to crack the eCensus.
Every answer received through the site is encrypted from the user's browser until it reaches the bureau's data warehouse. The first thing that happens when that data is received is the names and addresses are split off, so the analysis of the content of the responses can be done with as much privacy as possible.
"After last time, we said sorry to the nation, we had the inquiries, we accepted all of the recommendations from those, and we started off the 'privacy first' approach," Mr Doak said.
The new eCensus privacy impact assessments are public for anyone to read.
READ MORE:
Mr Doak joined the bureau after the highly public fallout from the 2016 census, initially to consult on security. He says he's most proud of the maturity shown by the agency in not reverting to defensiveness.
"The willingness to just take lessons from 2016 - to apologise, to accept recommendations, and not hold out on them but build a plan and execute it - seems unremarkable."
Having households and individuals able to fill out their response online as soon as they receive their letter in the mail would help spread out the load, Mr Doak said.
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content:
- Bookmark canberratimes.com.au
- Download our app
- Make sure you are signed up for our breaking and regular headlines newsletters
- Follow us on Twitter
- Follow us on Instagram