The sting of failure is “still pretty raw” for Australian Statistician David Kalisch, who went through lessons he learned the hard way from the 2016 Census once again this morning, this time for the specific benefit of other public servants.
A contrite Kalisch made sure to repeat his mea culpas, admitting the Australian Bureau of Statistics “stuffed up some things” in running the national headcount.
One key reason it “should have done better” was that the debacle had ultimately reflected badly on “the reputation of government and the public sector” in general, not just the ABS, he said.
“We may have made your job more difficult, but I hope also that you can learn and benefit from our mistakes,” Kalisch told members of the Institute for Public Administration Australia (ACT Branch) this morning.
He said these mistakes yielded lessons on “implementing a major change program, providing a public service, responding to a disruptive environment, managing risk, privacy and managing staff through such an event” — aptitudes every APS leader is expected to possess.
But if his fellow bureaucrats were to take away only one lesson from the 2016 Census, “you cannot outsource risk” would be it.“We expected the public, media and politicians to respond like they had in the previous censuses, and they didn’t.”
In this case, IBM has admitted it did not fulfil its contract and agreed to pay a financial settlement, but the significant damage to the reputation of the agency, the wider public sector and to already faltering public trust in the institution of government itself, is plain for all to see.
Kalisch said the “overall strategy” including the “bold” decision to shift to a “digital first” census for the first time was not the problem, and is adamant the approach needs to continue.
The first problem he acknowledged was that “the ABS underestimated the nature, complexity and risk of the change process” and so its efforts to inform the public, test processes and estimate how many phone calls and other communications it would need to deal with, while extensive, were inaccurate and ineffective.
Despite testing that contacted over 100,000 households, the tests “proved to be unrepresentative of public behaviour through the census period” because they were based on benchmarks from 2011 and 2014.
The next problem on the long road to #CensusFail, Kalisch said, relates to organisational pride: the ABS didn’t ask for enough help from other parts of government, and tried too hard to deliver the Census as independently as possible.
“While the conduct of the Census is clearly the ABS’ responsibility, we failed to recognise that our successes and failures reflect on all of government,” he said. “With the size, scale and complexity of this project, and the environment in which we operate, the ABS needs to be working in partnership with other agencies — central, service delivery and security — in the design and delivery of the service.”
He said planning needs to include specific ways of responding to various potential failures, crises and disasters — especially for an agency that is part of the “public face of government” running its biggest public project.
The ignominious experience has also taught Kalisch just how high consumer expectations for digital service delivery have been raised in recent years — and the need for the right amount of funding to meet those expectations.“We may have made your job more difficult, but I hope also that you can learn and benefit from our mistakes.”
In this regard, he said agencies like the ABS should strive for an “open dialogue” about funding with central agencies like the Prime Minister’s department, referring to the now well-known issues with call centres being unable to cope and the frustrations caused by limited availability of the eCensus web page on the night.
He accepted the ABS did not provide enough information to ministers to explain what was happening adequately to the public when it took the eCensus offline, as it was focused on fixing the problem as fast as possible, and that it needed “crisis communications plans” prepared ahead of time.
Kalisch said the ABS needed to improve its communications game so it is both prepared and adaptive, adding this could be done while maintaining its prized independence and without compromising the quality of official statistics. This is a key focus of the agency’s ongoing internal reform program that has now become more urgent, he said.
“We expected the public, media and politicians to respond like they had in the previous censuses, and they didn’t,” Kalisch said.
“We obviously cannot jump at every shadow and respond to every alternative perspective. Not everything warrants a strong response and our budgets do not stretch that far.
“But we do need to be sensitised to the potential slow-burn of dimensions that might look innocuous at first, but then accelerate into a full-blown issue.”“Our very risk aversion is what is going to increase our risk environment down the track.”
On the strong backlash against the decision to retain names and addresses for several years longer than in the past, he acknowledged the privacy impact assessment process was inadequate. He now sees PIAs as a good way to set out strong arguments both for and against a new proposal well in advance of any possible public campaigns — like the calls to boycott the Census — later on.
Once again, he accepted the ABS “clearly didn’t persuade people about the security of their information” well enough or early enough.
And, he said, the problem of relying on past behaviour as a predictor of future behaviour applies to procurement as well. The ABS saw IBM as a safe pair of hands — despite its highly publicised role in a major IT failure in Queensland — but Kalisch says he now realises that “past suppliers… may in fact turn out to be a high-risk choice”.
The Prime Minister’s cybersecurity adviser Alastair MacGibbon appeared after Kalisch, and immediately put paid to any notion that theirs has been an adversarial relationship.
“There but for the grace of god go many of us in many of the projects we have run,” MacGibbon said, starting from the point that there is no such thing as a risk-free environment.
MacGibbon went through points he has made in greater detail in his report on the cybersecurity issues that caused the eCensus to be taken offline on the night — but emphasised that government needs to change the way it builds IT systems.
The public service, he said, is building computer systems for yesterday’s problems, and needs to move faster into cloud computing to inprove its security.
“We are creating legacy systems every day,” said MacGibbon, adding that “our very risk aversion is what is going to increase our risk environment down the track”.
The knowledge of senior executives, especially agency heads, is “not good enough” when it comes to cybersecurity, he said, arguing the public sector had saddled its leaders with “an awful lot of risk” and most were unlikely to understand the full implications.
While the private sector’s giants like banks used to see cybersecurity as an overhead, they now see it as a business “enabler” — and MacGibbon thinks public servants should too.