BY ISABELLA BORSHOFF
Most statisticians will only ever light up the Twittersphere in their wildest dreams. But for census staff at the Australian Bureau of Statistics (ABS), those dreams became a nightmarish reality as the country’s first digital census bombed spectacularly, earning its own hashtag, #censusfail.
Every five years, Australians sit down on a designated ‘census night’ and fill out their household survey. On August 9, 2016, the stakes were higher than usual. The ABS – up until then a clear frontrunner for the title of Australia’s least exciting bureaucracy – was about to have its moment in the sun as it rolled out the first digital edition of the country’s largest peacetime logistical operation.
That morning, as the ABS was preparing its final public push for census participation, the census website fell victim to a distributed denial of service (DDoS) attack. DDoS attacks are not technically data breaches. Rather, they flood servers with traffic, obstructing normal operations. However, they can be used to divert attention while data is compromised or stolen. The first DDoS attack brought down the census website for five minutes, between 10:16 and 10:21 am.
Census directors from the ABS and IBM – who the government contracted for census delivery – convened to discuss how to handle any further DDoS attacks. The first had been small, and the ABS didn’t even brief the government minister charged with overseeing the census. Internally, the census team prepared to implement an ‘Island Australia’ policy, whereby any offshore IP addresses would be barred from accessing the site should another attack occur (a practice known as ‘geoblocking’). After a second DDoS attack at 11:45am, the ABS and IBM contacted the relevant internet service providers (ISPs) and requested implementation of Island Australia – successfully mitigating a third attack later that afternoon, at 4:52 pm.
A fourth attack at 7:28 pm – just as many Australians were sitting down after dinner to fill out their survey – overwhelmed the system. The attack itself was slightly different from the prior three, but more significantly, the geoblocking hardware failed. At this point, the ABS was unable to ascertain whether data had been compromised, and at 8:09 pm, it closed the census to the Australian public.
The census was back online by the following day, and the ABS made clear that no data had been stolen or compromised. In the ensuing months, it continued to point out that, in the end, about 96 percent of Australians completed the survey, and 58 percent did so online. Officials argued that the initiative was an overall success, despite a few hiccups. The public, however, felt differently, and the hashtag #censusfail took off on social media. Surveys showed that 42 percent of Australians believed, to some extent, the census had been a failure. 33 percent viewed the data as unreliable.
That citizens viewed the whole undertaking as a debacle overrides its statistical success: if the public doesn’t have faith in the government’s ability to deliver secure online services, its appetite for such projects in the future (not to mention trust in government altogether) could decline.
What can the US learn for its first digital census in 2020? Here are two broad lessons from Australia’s experience:
1. Prepare for the worst.
#censusfail wasn’t the result of a sophisticated, unavoidable cyberattack. It was a relatively small, predictable assault on an unprepared target. The first lesson for governments rolling out large-scale digital operations is to prepare for the worst – in terms of technical readiness and crisis communications.
A formal red-teaming exercise, for example, would have allowed the ABS and IBM to test their hardware against the most common kinds of attacks. A set of decision-making protocols would have prepared the ABS to pre-empt problem points and respond with agility.
Such scenario planning should have included consistent crisis talking points, shared with government leaders in advance. The ABS head didn’t brief the responsible minister until 8.26 pm on census day, and the Prime Minister wasn’t informed until 8.32 pm. Government messaging was vague and inconsistent, which only exacerbated public confusion. While not a silver bullet, whole-of-government talking points might have mitigated a rapidly growing trust deficit.
2. Take citizen concerns seriously.
In the lead up to census day in Australia, confusing changes to data retention laws were already undermining public confidence in the online census and drawing attention to potential vulnerabilities in the system.
From these widespread data privacy concerns sprung a movement to boycott the census, which rapidly won over some prominent figures, including elected officials. The government unsuccessfully tried to reframe the debate by emphasizing the security of technology systems, which not only turned out to be erroneous, but failed to address underlying public concerns.
Early communication with the public about how the government will use their data is imperative for any large-scale digital project. Snowballing mistrust and bad publicity in the Australian case may have played a role in attracting malicious actors to take down the system on census day, although the origin of the DDoS attacks remains unknown to this day.
The 2020 census in the United States will test whether large government bureaucracies can embrace technological change in line with citizen expectations. Ambition and optimism are necessary ingredients for such an overhaul. But as the old adage goes, fail to prepare, prepare to fail, because in government, there’s definitely such thing as bad publicity.
This article is a part of the Census 2020 series, which offers perspectives on the opportunities and challenges of the next U.S. decennial census.
Isabella Borshoff is a Master in Public Policy candidate at the Harvard Kennedy School, having previously worked in the Australian Prime Minister’s Department and a global medical technology firm. She’s particularly interested in technological change, evidence-based social policy and political discourse.
Edited by Hilary Gelfond