Australia's Census Fail Goes Into Overdrive -- A Complete And Utter Debacle

from the at-least-maybe-people-will-realize-that-e-voting-is-bad dept

Earlier this week, we wrote about how the Australian census was looking like a complete mess, with the government deciding that it was going to retain all the personal info that it was collecting, including linkages to other data, rather than destroying it after it got the aggregate census numbers. There were lots of concerns about privacy and security -- and we highlighted some ridiculous statements from people in the Australia Bureau of Statistics (ABS) who are running the census, insisting their security was "the best security" while at the same time they were storing passwords as plaintext.

Little did we know that the disaster that many expected was underestimating the actual disaster. You see, once the census website launched on Tuesday, the site immediately got hit by a series of denial of service attacks which took the entire system offline. In fact, it ended up remaining entirely offline for nearly 48 hours, and while the ABS says it's back, many people are still reporting problems. Perhaps that's because the ABS seems to be taking extreme and ridiculous measures to try to block more denial of service attacks, including blocking anyone who's using a VPN or a third-party DNS provider such as Google's DNS offering. For a system that talks up how secure and private it is -- to then push people to drop their use of VPNs and/or more secure DNS providers raises all sorts of questions -- none of them very good.

Meanwhile, as people are realizing that this is making Australia look like a global joke, the government seems unwilling to shoulder any of the blame -- with most of the finger-pointing directed at IBM, the company who built the web-based census system.

Meanwhile, the ABS folks in charge of the census held an apparently pointless "press conference" where they refused to take any questions, and after a few apologies insisted that everything was fine and everyone should go ahead and fill out their census entries. Of course, now people are turning up old clips of the ABS joyfully explaining just how much money they were saving with this system. Perhaps they shouldn't have skimped on basic cybersecurity protections.

About the only good thing that seems likely to come out of all of this is that it may slow down a push for internet voting. People are realizing that if this is how poorly things work when it's "only" the census, then perhaps Australia shouldn't be rushing to implement online voting. If the census can be taken down for two days due to a denial of service attack, just imagine what would happen to an election voting website...

Filed Under: asb, australia, census, denial of service attack, privacy, security