2018 Census Q&A

Forums › Off topic › 2018 Census Q&A

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41068

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#225935 12-Dec-2017 09:02

Hey folks.

The folks at StatsNZ are working hard on next year's census. This will be the first time an online option will be prioritised. Understanding people may feel the need to know more about security and privacy aspects, the team wants to run a Q&A with the Geekzone community.

@StatsNZ will be available for a couple of days - 12th and 13th December - to answer your questions. Post in this topic for this to keep rolling.

As a background, Stats NZ provided me with this intro.

Ask away!

Government Statistician, Liz MacPherson, explains more about what we’ve done to prepare and our commitment to looking after your census information once you submit it.

The next census will be different.

While this isn’t the first time that we have offered an online option for people to complete the census, it is the first time that we will be prioritising online participation – and we’ve changed the entire model of the census in support.

Next year, instead of people delivering paper forms to every household and then coming back after census day to collect them, Stats NZ will be sending or delivering access codes for every household to go online – and only following up with the households that haven’t taken part after census day.

Requiring everyone to take part in the census comes with the responsibility of doing everything we can to look after the data you submit to us, so the move to digital first meant that we needed to build a system that is reliable, and as easy as possible for everyone to use next year.

We’ve had a few challenges along the way – particularly designing a solution that strikes a balance between making the system as secure as we possibly can, while still making it easy and accessible for everyone in New Zealand to use at census time, but we’re confident that we’ve designed and tested a system that will work.

We’ve built from scratch, working with external partners, and we’ll be actively monitoring the system throughout the time that people are completing their census forms so that we can react quickly if anything doesn’t go to plan. We’ve also learnt a lot from our colleagues in Australia, who ran their census last year.

A huge focus has been building a system that can handle the scale and resiliency we need – we’re aiming for more than double the number of people to complete online than in 2013, and this means designing a system that can cope with a lot of people online at once, and a lot of attention.

We also know that your information is likely to go offshore when it is on its way to us. This is because the internet looks for the fastest route for the data to travel to our systems and in most cases, this happens to be via Australia.

But, while it is on its way, all the information you submit will be encrypted from your browser to our system, and can only be unlocked once it is received by Stats NZ systems. Once we have received it, both the data and the ‘pipe’ it travels through to our servers (where it is stored) are also encrypted. We’ve also put a global web security system in place to do everything we can to protect our systems from malicious attacks.

We’ve completed testing at every stage of the system build – this includes penetration testing conducted by external security partners. We’ve also run three public tests, involving thousands of households since 2016, to test how our new processes works – from sending out the letters and seeing how people complete the online forms, through to assessing how the data flows through the system to our servers.

We’ve done all of this work because we know how valuable the information we ask everyone to submit is.

The census is about everyone in New Zealand – it involves asking you to tell us information about yourself so that we can build a picture of how many people and dwellings there are in New Zealand, and how our society is changing over time.

Making sure that we make it as easy as possible for you to take part, and making sure we are ready to look after the information you share with us, is our top priority for the 2018 Census.

Keen to find out more about the census? https://www.census.govt.nz/your-information/

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1917618 12-Dec-2017 17:27

gbwelly:

@StatsNZ

Here are a couple of questions:

You mention encryption of data traversing international links, you don't mention where your servers are located. Where are your servers located?

Are you using a public cloud solution to host your servers? If so are you going to make publicly available your Cloud Risk Assessment that you provided to the DIA?

@gbwelly:

Our servers are housed in data centres that are physically located in different locations in New Zealand. These data centres form part of the Government private cloud, which is a service provided by vendors that have gone through a rigorous selection process run by DIA. They have all been tested for their ability to store and protect data.

No, we’re not using a public cloud solution to store responses for the census. While we do use public cloud for some aspects of our field operations management, we do not make risk assessments or other design information, available as these might possibly contain detailed information that an attacker may find useful.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1917619 12-Dec-2017 17:33

alasta:

This is not a technology question, but something I'm curious about so hopefully I can still ask it here.

How do you determine whether a particular question is 'too personal' to include in the census? Obviously different people will be dramatically different attitudes around what type of questions they are comfortable responding to, so what guidance do you apply to determine where to draw the line?

@alasta

To determine the final census content we undertook an extensive review process. This included public engagement and consultation. We carried out survey development work, which included further research, development of the questionaries’ and testing. Our testing included cognitive testing of questions, mass completion tests, along with three public tests in 2016 and 2017, where we asked people to fill in draft census forms.

We also considered questionnaire constraints, real-world change, respondent burden, classification reviews and international trends. You can find out more at: http://archive.stats.govt.nz/Census/2018-census/2018-census-content-report.aspx

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1917620 12-Dec-2017 17:35

thesifter:

Hi,

I'm interested in your approach to performance testing and simulating DDOS / botnet attacks. There was some pretty low hanging fruit in the Australian census / IBM debacle in 2016.

How do you know it will stand up?

@thesifter:

Performance testing and testing our ability to deal with DDOS attacks has been an important focus of our security testing. We have also worked closely with our Australian counterparts to understand the issues they encountered. With the 2018 Census systems having been designed and built from scratch over the last few years, we have been able to incorporate their learnings into our final design.

We have completed testing at every stage of the system build. This includes design, code and penetration testing. And we have used trusted specialists contracted through our government approved panel to do this testing.

Operationally we will be monitoring the flow of data and our systems throughout the census, and this includes being able to detect and deflect DDOS attacks. If we believe that personal information or integrity of the system is compromised in any way, we will shut down access to the online system until we’re confident that we have the situation under control.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1917621 12-Dec-2017 17:38

Fred99:

My questions would be less along the lines of security of the system, but if the census is supposed to be a "snapshot", but a (surely unknown) number of people don't or won't use the online system and need to be "followed up" at a later date, then you haven't got a snapshot, but to continue to use a photographic analogy - you've got a time exposure and the possibility of blur.

To put it another way - if you ask me a week from today what I had for breakfast this morning, I'd be guessing.

I suggest that rather than follow-up of non-participants after the date of the census, then send access codes out well before census date with request to please register before the census survey goes live - with enough time to ensure that paper census forms can be delivered to all who haven't responded before the census date - not after. At least then, you only have to deal with those who have registered - but not completed the survey.

@Fred99:

From our work to date, we have an estimate of the number of people and dwellings in NZ. This is what we use to validate our response to the 2018 Census. We allow people to fill in the census forms a few weeks before census and a few weeks after for practical reasons, because of the sheer size of the operation. We encourage people to fill in their census forms ‘as if it was census day’. We also carry out an independent survey after census to determine how many people did not participate.

Your suggestion is pretty similar to our operational plan, actually. Letters with access codes and instructions will be sent out in February, which will give people time to request paper forms if they’d prefer them. We’ll also be sending out reminders just after census day, and then our field teams will be able to concentrate on following up with the households that haven’t taken part.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1919232 13-Dec-2017 18:35

andrewNZ: I truly hope it's all been done as well as is claimed. There are so many examples of government department IT incompetence it's gone beyond a joke.

Was the security testing done by:
1) An experienced and respected external company or group of companies.
2) An external company setup and owned by the government for the purpose.
3) Bill from the design team "cause he read about it once".

@andrewNZ:

We have completed testing at every stage of the system build. This includes design, code and penetration testing. We have used trusted specialists contracted through our government approved panel to do this testing.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1919238 13-Dec-2017 18:50

solutionz:

@StatsNZ have you fixed the address format inconsistencies from last time?: https://www.geekzone.co.nz/forums.asp?topicid=114783

@solutionz

Yes, we have done a lot of work to make sure each address being used for the 2018 Census is in the correct format and has the necessary fields to ensure census materials can be mailed to respondents or so field officers can find the addresses and deliver materials themselves.

Stats NZ

Dyson

Shop now for Dyson appliances (affiliate link).

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1919245 13-Dec-2017 19:01

chevrolux:

Christ... good to see a positive initiative get smashed by the cynics as usual...

Attempting to get on track... a real simple one for @StatsNZ..

How will we log in to the census?

Before the general election, I went through the two week process to get my RealMe identity verified. I hope a piece of tree won't get wasted on me posting out authentication codes etc.

@chevrolux: Your household will be sent or delivered an access code that will allow you to set up forms for everyone in the household. We're not using RealMe for the census because we're interested in counting the number of people in each household and the dwellings themselves.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1920227 15-Dec-2017 14:31

nunz:

Writing as a community worker in a low sociao economic area.

Hi @StatsNZ

One of the big issues around online census is access to technology. I work in an area of town where people cant afford internet connections little less the devices required to access the internet. With the increasing use of technology for compliance with govt requirements it is putting a lot of pressure on people.

The MSD supplies computers at their offices to allow people to enter data. Census, seeing it is for a single day, cant do that. This puts a lot of pressure on people to get access to technology. Places like public libraries who provide computer access as wondering how this will impact them.

There are programs now who train community volunteers to know all the different MSD entitlements people are allowed, then support them through the MSD process. This type of community based support is supported by MSD as it helps them and their clients.

There are several issues that arise from this and in community support circles we have several questions.

What plans are in place to help people who have no internet access or devices?
Will there be free / no data cost set up with ISP's similar to MSD access not counting against data caps so people with no data on their 3g could use it to access census
With pressure on public internet spaces, is there any support or plans in place to make access or training available (similar to the MSD / community initiatives) to assist those with no technology access to make use of public spaces /schools / libraries etc? also those who need assistance like the elderly or ESOL - will need trained people to support them.
How are people meant to authenticate. The Govt has been pushing Real Me which is a nightmare for those who are technology savvy but for the elderly or non techs is a nightmare. How will Census handle this?
What testing and process are in place to ensure data safety on shared access technology? Do you use cookies? Sessions? Auto log out? What is the authentication method used? Cookies? Sessions? Put / Get identifiers in the URL? How quickly does the session log out automatically?
Can people restart a census data entry session if it times out? The elderly and disabled often take a lot longer to enter data and experiences with the IRD and similar have shown many people hurt by having to re-enter data as the session times out. But conversely it needs to time out on shared access devices to stop person B piggy backing on person A's session.
Will the census be mobile / responsive? or need a bigger screen?
Has the census been tested against WWW consortium disability access, e,g, screen readers etc compatible?

Thanks for taking time to engage with NZ'ers on this process. Great initiative.

nunz

---

Thanks for all your questions, @nunz. We've tried to summarise a reply to most of them in this response:

In 2018, we’re aiming for most people in New Zealand to take part in the census online.

But we know that the change to online response as the primary response mode will impact on some groups of people, so paper forms will still be available for anyone who prefers them.

We have engagement and operations staff who are focusing their efforts on the areas and communities that require the most support for census participation or who need assistance to complete their census forms online. They are working with community groups to develop relevant solutions including running assisted completion events in some parts of the country.

In February, we’ll send or deliver an access code to every household in New Zealand. There is no need to authenticate when you log into the system (the access code you receive is for your whole household), and you won’t need to use RealMe to take part. Once you've received your access code, you can take part in the census, on or before 6 March.

The systems have been designed with privacy and security in mind. We commissioned an independent Privacy Impact Assessment earlier this year, where we asked an independent agency to review how we have thought about privacy with our new approach.

To ensure privacy and security the system will time out after 20 mins, if there hasn’t been any activity, but if a user is still typing, it will not log them out. Once someone has completed their census forms they cannot be reopened once they have been submitted. The forms are mobile responsive, and we're estimating it'll take about 700kb of data to complete the census online.

We want to be sure that everyone has equal access to the census, and we’re planning to provide some support resources on the census website, and via stakeholders for individuals or groups.

Our website is also undergoing its final accessibility audit at the moment, and the forms will be able to be completed with a screen reader (JAWS/IE11, NVDA/Firefox, VoiceOver/Safari).

If you’d like to contact us to see if we can connect you, and the people you're representing, with support in your area, please email us directly via this forum and we'll get back in touch with you. We're keen to do what we can to make sure everyone can participate.

Stats NZ

StatsNZ

10 posts

Wannabe Geek
+1 received by user: 2

Trusted

Stats NZ

#1920268 15-Dec-2017 15:51

@IcI: We've put together responses to most of your questions below. Thanks for your interest!

I'm guessing this QR code / unique URL will be sent in an envelope and not a post card?

If it is on a post card, what'll stop others taking a photo and using my 'ID' to submit data?
If in an envelope, what's stopping other stealing my 'ID' and submitting alternate data?
Can an entry be re-submitted?
Will you specify how securely I must treat the initial registration code? Guard with my life? Secure as a PIN code? Left lying, face up, on my desk (at work)?

[Stats NZ:

Yes, your code will be sent in an envelope, not a postcard. The code is for the whole household to use. An entry can't be resubmitted, and we'd like you to keep the access code safe until you've used it, and then destroy it as you would a bank statement.

The access code is not visible through the envelope window. If a letter is stolen, say from a letterbox, the person who steals it and logs in will only see a blank form waiting to be filled in. So, in theory, they could complete a response for that household. If a household haven't received their code, they can ring our contact centre and we'll resolve the enquiry based on their situation. At no point would a person who stole an access code be able to see another person's data.]

With a two week window, how will you track my registration and my final submission?
1. Will you track IP address / geo location of the registration / submission events?
2. What if I register in the country and complete the submission from outside the country (because I'm doing it for the family still at home)
3. What if I use a different browser

[Stats NZ:

You can complete your census from any location. We’ll send or deliver an access code to every household in New Zealand.

Completing the census form online will be secure, quick and easy. There is no registration process.

If you haven’t received an access code next year, you can contact our help centre and arrange to have one sent to you.

We record IP addresses as part of our security logging and monitoring of the system. However, we do not associate IP addresses with personal content submitted in response to census questions.]

You mention botnet & hacking attempts. This sounds like the 'in the moment', huge data flood attacks. How will you prevent low grade / below the radar threshold activity?
The original blurb mentions that data in flight is encrypted, presumably via TLS and your browser?
1. Do you include ciphers with forward secrecy?
What about data at rest?
1. Are the servers using full disk encryption
2. Is the data in the db also encrypted
3. Do you adhere to local equivalents of HIPPA / SOX
Is access to the data logged
1. What will record persons running a data queries?
2. What will stop somebody doing a data extract to Excel and 'accidentally' sending that data via email?
3. Have you go data loss preventions (DLP) processes / systems in place?
Will you keep a snapshot of the data in read-only form for historical records?
1. If it's on a hot / live disk, it can be altered, even when encrypted.
I hope you are sanatising your user input?

[Stats NZ:

Our testing includes both “flood” and below-threshold activity scenarios.

Our servers support forward secrecy for browsers that also support it.

Response data is encrypted at rest across all our collection systems. However we do not give out technical information around this because technical details may assist malicious attackers.

Stats NZ adheres to New Zealand Government security standards as specified in the New Zealand Information Security Manual (NZISM). This standard is freely available here. This standard is aligned to a number of international security standards.

Access to individual records is tightly restricted and monitored. We also use DLP mechanisms to restrict data being accidentally emailed.

It is a requirement of the Public Records Act that we maintain a copy of census records for historical purposes. Access to these historical records is made available after 100 years.

We have designed our systems to be resilient to data tampering, however we do not give out technical information around this because technical details may assist malicious attackers.

Yes, our testing includes checking that user input is safe and won’t compromise our systems.]

Stats NZ