KRudd becomes Big Brother
Posted by Dave Bath on 2008-05-18
Why is the KRudd government wanting to resurrect an even more intrusive very of AccessCard and database shared by all agencies on citizens, when the easier option of keeping similar information on businesses is less hypocritical, has fewer technical and governance risks, and could provide much greater benefit for improving the economy?
The new card, with rollout starting 2008-07-01, will also function as a debit card, track retail transactions (prohibiting some), and will probably be merged with plans for health databases and new "citizen centric portals".
This is ridiculous, given that the culture and infrastructure for information management cannot have improved in mere months after the negligence and incompetence of the Howard years (and present state Labor governments) that have been slammed by government auditors, commissions of inquiry, and the then Labor opposition. It is even more ridiculous as Centrelink, one of the most damned agencies for information management incompetence, will be a central player in this scheme.
This has been conveniently announced when everyone has been preoccupied by the budget. If AccessCard caused the ALP and citizens to demand an inquiry, this new proposal demands one too. We thought Howard’s government was arrogant by having unreasonably short inquiries and ignoring all the submissions: KRudd is showing himself to be worse.
A less ambitious initiative, if rolled out with glowing reports from auditors, involving businesses (who are not covered by privacy legislation) rather than real persons, might demonstrate competence of governments and agencies before attempting a giant shared database of details on citizens.
If the government thinks it should track retail spending and prohibit some purchases of people, then it can surely have a "debit card" for businesses spending money from government for rebates, industry assistance, etc, etc. The information on business spending, whether on capital works, wages, purchasing components, sales, etc, would provide government agencies with a superb way of keeping their fingers on the pulse of the economy, allowing policy makers to be informed with up-to-date information on where economic problems or opportunities arise so that timely action can be taken.
A shared database about businesses would also make it easier for businesses to deal with government, not only for receiving funds, but also to tender for government contracts, and thus receive income.
The hypocrisy of the KRudd government, rushing into an even more invasive and rashly implemented version of the AccessCard they criticized so recently because of the probably privacy abuses, is astounding.
Until there is a complete turnaround in the culture of agencies, requiring an almost complete change of senior staff in those agencies, there is almost no reason to think they can handle personal information any better than a few short months ago.
See Also/Notes:
- "Government plans central citizen database" (2008-05-13) Australian IT
The Federal Government has moved to establish a centralised database to host and manage all Australian citizens’ personal details, so this information can be easily shared and accessed by any department.
- "Welfare card won’t morph into Access Card: Labor" (2008-05-12) ZDNet, which has the attitude "Yeah… right… what’s changed Joe Ludwig and Tanya Plibersek?"
The government announced last week that an EFTPOS-based welfare debit card is being introduced in tomorrow’s Federal budget as a measure to curtail the inappropriate spending of government assistance benefits by recipients.
- "Privacy Commissioner Consultation into IT security and privacy" (2008-04-16) explores a code for organizations to notify those whose privacy has been compromized because of sloppy IT practices… I wonder if the government wants to comply?
- Two Club Troppo posts by Jacques Chester are worth reading: "Lies, damned lies, and national security" (2008-04-15) and "And then a stupidity occurs" (2008-04-14)
- "Brumby treating us like mushrooms again" (2008-04-03) covers similar initiatives in Victoria, going straight to tender without review, almost immediately after I highlighted the incapacity to do it right in "Victorian government recordkeeping slammed by auditor" (2008-03-21).
- "DIAC damned" (2007-07-22) which describes poor records management as a contributor to the Immigration department’s stuffups that ruined so many lives.
- Access Card Briefing (2007-08-09) from Australian Privacy Foundation, and has obvious relevance to the new initiative:
Despite the Government’s claims to the contrary, the Access Card is a national identity card. Its design goes beyond what is strictly necessary for accessing health and welfare benefits, and the legislation is so weak as to allow a wide range of uses unrelated to health or welfare.
- "Oversight of AccessCard and eHealth: One step forward, one back" (2007-07-11)
- "Access Card Inquiry again" (2007-06-22)
- "Centrelink gets bad audit report" (2007-03-07)
- My submission to the AccessCard Inquiry, as well as other submissions
- "Human Services are too dumb to manage a smart card" (2007-02-22)
Big Brother News » Blog Archive » KRudd becomes Big Brother said
[...] Mark Landsbaum [...]
Cultural sabotage? « Balneus said
[...] A political post gets picked up by a bogan site [...]
danny said
You might like to put a question to him about it on the qanda website,
http://www.abc.net.au/tv/qanda/
… it doesn’t look like many have been submitted yet.
What the access card might look like is the icon at https://www.govdex.gov.au/confluence/display/~helloworld.
Which brings me to the point about not sharing your unbondedly high opinion of the duty of care by the agimo folks, who will prolly sysadmin the accesscard db’s:
I don’t think I really should have been able to establish that identity there, and setup a file area to upload to. I guess putting the access card image up, and a copy of the report on the deplorable exercise cumpston, (in which our response to the hypothetical h5n1 breach at Brisbane airport is shown to be woefully and frighteningly inadequate) guaranteed I would be locked out. But not before bits, as in name and picture, had got out to google’s cache.
Which brings us to the real worry, like for instance, did the AGIMO folks, (or the outfit they outsourced to), really mean to publish, as in make public, the email addies of all those public servants ( and a few private sector types) who have been engaged in the various govdex=agimo projects? the fact that that is the only place those addies can be found makes me think these folks are normally protective of them, and their publication on the .gov.au site is an unintended feature. Which makes me very nervous if these are the types that will handle the swecurity o
danny said
oops… that one slipped away…
security or otherwise of the access card database.
Know what I mean?
I can’t remember how or where I got the access card image from, otherwise I’d put a link up. The bigger picture shows it to have what looks like a chip sort of thing on it, just to the left of the southern cross.
Dave Bath said
Danny, I totally agree with your concerns. Google’s cache is a very useful resource for discovering flaws in data security by agencies – for example, a friend discovered contents of Centrelink electronic whiteboards (which are supposed to be pure for intradepartmental use, and can have details of their “clients”) in that cache.
Security advice is given by the dsd.gov.au, for document management (including classification that implies the need for security and privacy) is the naa.gov.au, while improving the quality, utility, and availability of information is agimo.gov.au. Sometimes these different domains are directly synergistic, while in other respects, they antagonize each other. This is a good thing – the best outcome for citizens is when these forces are potent, and balance each other.
Govdex, on the other hand, doesn’t seem as well organized, and can (somewhat uncharitably) be considered a mutual admiration society, despite its good intentions. Of course, without a proper Australian Government Architecture that has a fully-fleshed out BRM, and proper use of it, proper information management simply cannot happen.
I’m open to authoritative databases for use by government and citizens, I just don’t think most agencies are ready to implement it properly (and I guess it will take 3 to 5 years of cultural change before the bulk of them are anywhere near ready). This is where ANAO comes in – it should give a clean bill for all aspects of “information management preparedness” to each agency that wants to maintain such sensitive data, or access it.
NONE of the the 3 agencies I praise have the resources required, or are empowered, to make other agencies act appropriately. Many agencies are ignorant of the services and products of AGIMO, DSD and NAA, their own obligations, and do not mention these obligations in tenders and contracts.
For the pitiful amount of funding and power they have, I think the staff at these 3 agencies are doing an amazing job. (AGIMO in particular is a vast improvement over it’s predecessor NOIE).