So as you may know, I just finished a contract working on data coding for the Australian Census. I have a few thoughts about my experience that I'd like to share with you. All of what I am about to share is in the public domain, so I'm not risking breaching any of the privacy and confidentiality agreements I made with the Australian Bureau of Statistics by doing this.
You may be aware that the Census had some problems this year. There were objections to the way it was being run. And the site went down at a critical time. I'd like to address both of those issues, because they are directly related.
First there is the issue of privacy. Many members of the public expressed distrust that the ABS was either going to, or was capable of, keeping the census data private. This is a valid objection, but I don't think it's a particularly relevant one. Do you trust Centerlink to keep your data private? Do you trust the ATO to keep your data private? It's the same thing.
In fact, I encountered some forms where the respondent said, essentially, "get this info from the ATO". The thing is, we can't. Government departments can't just pass information amongst themselves at will. There are rules and regulations covering how and under what circumstances they may do so. And do you know why? Privacy. There are laws in place that are there to protect the privacy of citizens, and the ABS is subject to those laws just as much as other government departments and private companies are.
Of course, it is possible that the ABS is staffed wholesale by potential criminals who don't care about following legal requirements, but I don't think so.
From a personal perspective, in my experience working for the ABS, there was nothing that they took more seriously than the issue of data security. Workplace health and safety was a close second, but the first thing and the last thing that they took pains to impress on us during our induction, and repeatedly throughout the project, was the need for data security. We weren't allowed mobile phones, or any other device with a camera, on the coding floor. We had to get our team leader's permission to look at parts of the Census form that we weren't actually working with.
Actually, that's not quite true. I worked on two sections of the Census: Occupation, then Family, then back to Occupation. When I worked on Family it was necessary to be able to view the entire form. But in Occupation, we had to get permission, and the team leader had to directly stand over us as we did so.
When I began my work, I signed a lifetime confidentiality clause. That means that if at any time in the future I disclose private information that I learned while working on the Census, I can be prosecuted for a crime. For the rest of my life.
Now for the other issue. The ABS Census website was taken offline at peak time on Census day. The reason given was that the site was experiencing DDOS attacks. Analysts looking at it from outside showed that no DDOS attacks were showing up on the monitoring sites.
Now - I'd like to pause for a moment and explain that I got the following information from the Senate Estimates hearing about the Census - hence, it is in the public domain and I am not breaching any agreement I made. If any of what I'm about to say is false, then not only the project manager from IBM but also the Prime Minister's Senior Advisor on Cybersecurity outright and baldfacedly lied to the Senate. Contempt of parliament is a crime. I don't think they lied.
There were four separate DDOS attacks originating from overseas on the Census website on August 6th. The reason that they didn't show up on the monitoring sites was that they were tiny. They were barely blips - too small to even register. But they weren't the reason that the site went down.
The first three DDOS attacks came and went. They occurred, they didn't affect anything, and they went away. There were some problems with the "Island Australia" protocol that was supposed to be protecting the Census from overseas access, but that's not as important to know about. The fourth DDOS was the important one. It was different. For a moment, at about 7pm on Census night, it looked like the fourth attack might have been trying to steal data.
Fifteen minutes later, the entire Census was shut down. Completely. The biggest information-gathering exercise in Australian history was canned, cancelled, killed, because it looked like someone might have been trying to steal data.
As it turned out, this fourth DDOS attack actually wasn't trying to steal data at all. But something it did make it look like it might have been. And the merest hint of a possible breach of data security was sufficient to shut the whole thing down. And it wasn't brought back up again until the following morning, after the records had been carefully analysed to determine what actually happened.
Now, to me, that looks like a good response. That is the response of an organisation that is concerned about data security.
I'm not trying to say that the Census was flawless. It most certainly wasn't. Personally, I have a problem with the policy decision to keep identifying data for four years, instead of eighteen months as had been the policy for previous Censuses. I also have and had a major problem with the software tool that we were using to code the data, which was essentially the same system that had been used for the last three Censuses. Using a fifteen-year old product in a market where obsolescence is measured in months is a bit ridiculous, in my opinion, and I said so.
But the common objections about the DDOS attacks and the website going down are invalid. Complaints about privacy are indeed valid, but not the specific ones I have seen some people making. And the valid complaints are valid for other government departments and private organisations, and are not specific to the Census in particular.
There are other aspects of the Census (including other problems) that I don't have a lot of knowledge about. You are free to ask me questions if you wish, but I can't guarantee to have answers. I was literally on the bottom rung of the ladder here, and what I have outlined above is, as I said, information that is available to anyone who wants to go looking for it.
