Parts of civil society are actively rebelling against what they say is a sham public consultation process by Home Affairs Minister Peter Dutton that looks set to lead to a new Australia Card proposal…or something very similar by another name.
Mr Dutton’s only public consultation meeting before pitching a new public ID and privacy system to COAG will be a 150-minute discussion on 22 October in Melbourne. The agenda is pre-determined for attendees to be spoken at, rather than being listened to, civil society advocates say.
Minister Dutton’s personal anti-privacy position and open-slather attitude to government swapping private data is already very well known: he expounded on it in his first speech to parliament in 2002:
We must set ourselves on a course of information sharing between law enforcement agencies and other government departments, with this end in mind: when does the right of privacy for the individual start to impinge on the common good of society, the newly-minted MP told parliament 16 years ago.
“Since then, Mr Dutton’s approach to government has only become more repressive,” said Civil Liberties Australia president Dr Kristine Klugman.
“That’s proven by his treatment of asylum seekers, his creation of a black-shirted, armed border force and his current push to gain the right to call out the troops on to the streets of Australia.
“When called out by Minister Dutton, troops will have the right to demand people produce their IDs, to interrogate and arrest them, and even to shoot to kill with the ability for the troops to claim they were simply ‘following orders’ to absolve themselves from being charged with a crime.
“Mr Dutton and his department should be completely removed from anything to do with exploring Australia’s privacy and ID options. His public stance on liberties and freedoms is clearly in favour of big databases shared around police and surveillance agencies, as well as across all other departments and agencies,” she said.
“Open slather best described the Dutton approach to privacy, and he has nothing but contempt for civil liberties groups as he also makes clear in his first speech,” Dr Klugman said.
No discussion paper
Home Affairs refuses to offer a discussion paper in advance of the hastily-called “consultation” meeting. The agenda lists an extended opportunity for Home Affairs-appointed people to have their say, rather than listen to those attending, and a rushed report is due by the end of November, in just four weeks time.
“This meeting is clearly a purely nominal exercise with a predetermined outcome. The most useful thing that civil society can do is to agree that participation is pointless, and stay away in droves,” says IT and personal data expert and former longtime chair of the Australian Privacy Foundation, Prof Roger Clarke.
“Attendance and submissions will be limited to those with seriously excessive optimism, an overgrown sense of duty, or an ulterior motive. After between 50 and 100 appearances at such events, and with the proportion that are real having reduced to less than 10 per cent, I’m now very choosy about where I invest effort,” he said.
Mr Dutton’s hand-picked consultation team is a former Secretary of the Commonwealth Attorney-General’s Department, Roger Wilkins, and the managing director of a not-for-profit support service for victims of identity crime, Professor David Lacey.
“Neither of them appears to have any detailed knowledge of government IT systems,” according to Chris Drake, an Australian cyber-security product vendor and cyber patent owner, who has been studiously ignored by government agencies and departments for years.
“I doubt that this ‘review’ has any genuine reason for taking place, other than to support an already planned government agenda,” he said.
“I was told by the Digital Transmission Agency that they are not legally allowed to use citizen data for a purpose other than what it was collected for – so if I had to guess, this review is also a fake, and exists simply to facilitate a move by departments to lift that restriction, regardless of what might be delivered in any final review.
‘Never taken any notice’
“I’ve made countless submissions. The government has never taken any notice of what anyone in the actual business has said about security, privacy and ID considerations,” he said.
Instead of attending the proposed review consultation, Drake has produced a five-page submission which is a scathing indictment of the Australian government and its long-term approach to IT, privacy and personal data security. His executive overview says:
“Australian government rhetoric surrounding cyber-security practices and the handling of citizen identity information bears almost no relation whatsoever to actual department practices.
“Rules are almost never followed, security issues are practically never addressed, failures are covered up, inquiries are misled, and there exists no working mechanisms to correct mistakes or fix security problems.
“Citizens are fed blatantly false assurances regarding the cyber security posture of government departments, usually from anonymous and unskilled sources, who refuse to be identified when challenged.
“There are no penalties for ignoring the rules, departments routinely refuse to correct cyber issues, and cyber testing is rare and usually fails.
“In the comfort of anonymous or private forums, many government cyber professionals express these same opinions, along with their frustration and not being able to compel departments to change.
Failures at all levels of government
“I write with first-hand experience regarding wide-sweeping cyber-security failures at all levels of government with regard to the handling of citizen identity and other data,” Mr Drake says.
He provides examples which show that the Australian Bureau of Statistics, Medicare and even the Department of Defence currently run websites that are not secure by normally accepted basic standards.
“My summary is this: nobody whatsoever in government genuinely cares about the security of citizen identity data, or should ever be entrusted with its handling,” Mr Drake says.
He then gives chapter and verse examples of how the Australian government is incompetent in the privacy and security space.They include:
- Every department, no exceptions, point-blank refuses to fix any of the large number of cyber security and privacy issues he has brought to their attention.
- “Consumer protection” laws do not apply to government: when government breaks them, all action he hastaken to right the wrongs has resulted in department lawyers telling him the sections of legislation that make them exempt.
- All inquiry and report-writing that takes place is not genuine. This includes the prime ministerial advisory panels he was on. “They have an agenda ‘to get some law or other passed’, and industry involvement in the process is a sham, simply so government can pretend they consulted before they did what they already planned,” Drake says.
- Australian government systems are utterly insecure. This is a well-reported fact, he says. According to the Australian Signals Directorate, 62% of Australian cyber break-ins are to government servers. There are four new ones every day.
- Senate inquiries pertaining to government failures are 100% whitewash – public servants totally control them, and they do not rat on their own.
DOWNLOAD Chris Drake’s full submission to the “review” plus copies of his earlier submissions which have been ignored:
Issued by Civil Liberties Australia 181019 at 1300 hours.
Issued by CLA CEO Bill Rowlings