Turnbull's Transformers delete GitHub repo for federated ID project
The Digital Transformation Office typifies Australian Government agencies' troubling attitude to privacy
What is going on at the Digital Transformation Office (DTO)?
When The Register reported our concerns with the DTO's federated identity project, we asked the DTO's media office for responses and received none.
The DTO isn't responding to the Australian Privacy Foundation's concerns with the project, the APF claims.
It has, however, deleted the project's GitHub repository.
The deletion reflects the emerging and troubling theme of the current government: building large identity projects while avoiding or deflecting scrutiny.
The Australian Bureau of Statistics' controversial name-retention program came back into the spotlight last week with the release of the bureau's Senate submission (release, withdrawal, and re-issue, as it happened, because someone forgot to redact commercial information in the first version).
In the Senate submission, the Bureau (ABS) didn't just report what went wrong with its conduct of the census (not our fault, it was IBM, activists, the Australian Privacy Foundation, the media, the government), it also complained about the media, in ways that go to the heart of the transparency debate.
In brief, the Bureau complains that:
- Journalists reported former chief statistician Bill McLennan without his claims being “seriously tested or substantiated”; and
- Journalists didn't approach the ABS for its perspective.
The Register's experience with the ABS is the same as our experience with the Digital Transformation Office and, so far, the Reserve Bank: the ABS did not answer specific questions beyond a statement of the party line, and did not offer anybody for interview.
Last week, the Reserve Bank of Australia (RBA) said it wants a new inter-bank payment system – using customers' telephone numbers as the universal key, rather than today's bank account details. It made the announcement by briefing Fairfax Media's Peter Martin.
For some reason, it's impossible to speed up payments between banks using the credentials that already exist; and the RBA's only other rationale for the project is that the structure of the payments system is too old.
The Register has asked the Reserve Bank about how it intends to protect what is certain to become one of the biggest honeypots in the country. The RBA hasn't responded.
Which takes us back to the APF's complaint that the DTO is avoiding scrutiny about its federated identity project.
The Australian Privacy Foundation (APF) is having the same experience trying to scrutinise the DTO's federated identity project.
In particular, the APF says the DTO is building the database without conducting a Privacy Impact Assessment, and without explaining why. Its concerns are in this letter (PDF).
After 15 months of the project – and The Register notes, with precious little to show for it – the APF says the DTO's offer of a “round table” discussion with an assistant minister “does not achieve compliance with your organisation's obligations under government policy to implement a full PIA process.”
The Register has asked the DTO to respond to the APF's concerns.
The Australian government's push to build citizen-wide databases is surely a legitimate source of concern, given its refusal to engage with serious concerns about privacy and security. ®