University of Sydney vice-chancellor Mark Scott is “dismayed” at the acting education minister’s decision to block two of the institution’s research projects from receiving funding, despite the proposals being recommended by the independent research funding agency. The University of Sydney received more than $30 million from the Australian Research Council (ARC) to fund 67 research…
More than 60 eminent Australian professors have signed an open letter decrying acting education minister Stuart Robert’s veto of university research funding on “national interest” grounds. Published Tuesday, the open letter is signed by 63 Australian Research Council (ARC) Laureate Fellows – the most prestigious research fellowship in Australia – including a Nobel laureate. It…
In countries like Denmark and Germany, gifts are given on Christmas Eve, rather than Christmas morning. Likewise, on Christmas Eve 2021, 587 groups of researchers at universities around Australia received a festive gift from the Australian Research Council (ARC), in the form of news that their 2022 Discovery Projects were to be funded. More brutally,…
Australian universities are demanding an explanation from acting Education minister Stuart Robert about his decision to veto funding for six research projects late last year, as backlash to the politicisation of research funding grows. On Christmas Eve Mr Robert revealed he had blocked six humanities research projects from receiving funding from the independent Australian Research…
The acting education minister has vetoed six humanities research grants which had been recommended by the independent Australian Research Council for funding. The veto was revealed on Christmas eve in what was the longest delay to an announcement of grant recipients in 30 years. Of the six grants rejected by acting Education minister Stuart Robert,…
The Auditor General has been asked to investigate an unprecedented delay in the announcement of research grant recipients by the federal government, as thousands of researchers prepare for a nervous wait over the holiday period. Three major research grant programs set to fund work beginning as early as January are yet to be announced by…
The federal government still can’t appoint a full National Data Commissioner as a statutory role or get its data strategy off the ground due to a failure to get landmark data-sharing reforms through the Parliament this year. The Coalition did not bring its Data Availability and Transparency Act (DATA) for debate in Parliament this year…
Deloitte has landed a further $1 million for its work on the revamped myGov, with the new version of the government services platform entering its final stage of beta testing this month. A contract posted publicly this week reveals that Services Australia will pay Deloitte more than $750,000 over two months to 23 December for…
The Coalition is overhauling university research funding and governance to align it with its manufacturing priorities and commercialisation agenda, in a “new direction” the government says will drive Australia’s pandemic recovery from next year. The changes include a “stronger governance structure” for the Australian Research Council (ARC) through more input from businesses and research end…
The federal government has failed to introduce legislation to underpin its digital identity program this year as it had committed, and has called on private companies to express interest in participating in the scheme in the meantime. The Digital Transformation Agency (DTA) has been leading the development of the Digital Identity Legislation for more than…
Here we go again. On December 3, Minister Stuart Robert unveiled the latest Government Digital Strategy (GDS) at a gathering of the Australian Information Industry Association (AIIA) in Canberra. This strategy has as its vision that by 2025, Australia will be one of the top three digital governments in the world. That’s right. A vision…
The minister responsible for government technology has declined to provide almost any detail on lucrative contracts awarded by his Digital Transformation Agency to global consultancies McKinsey and Boston Consulting Group, despite contract value jumping and increasing concerns about the opacity and quality of outsourced advice. The work, now costing more than $2 million but with…
Cryptography and security experts have welcomed the federal government’s new international digital Covid-19 vaccine certificate, saying it should be used across the country instead of other, less privacy protecting offerings. A swathe of government ministers announced on Monday morning the introduction of the international COVID-19 proof of vaccination digital certificate, which will allow Australians to…
The world’s biggest cloud company Amazon Web Services has been certified under the federal government’s data sovereignty scheme despite its links to a controversial Chinese-owned data centre and the US giant declining to disclose its current level of compliance, or what undertakings its certification is based on. US company Amazon Web Services (AWS) joined local…
The federal government has finally unveiled exposure legislation expanding its digital identity program to state governments and the private sector, with a whirlwind consultation period commencing before it is soon introduced to Parliament. The legislation will introduce two voluntary schemes to accredit companies and governments as service providers or relying partners in the digital identity…
The federal government will soon release the final legislation expanding its digital identity program to the private sector as it looks to bring a number of large companies on board. Exposure draft legislation for the digital identity program will be released soon, with the bill to be introduced to Parliament during the Spring sittings. The…
Irish multinational Accenture has been selected to digitise Australia’s incoming passenger declaration forms, which will collect COVID-19 vaccination status. The Department of Home Affairs went to market late last year for a private provider to deliver it a so-called “permissions capability”, which was intended to initially handle visa processing and passenger declaration cards and eventually…
State and territory COVID-19 check-in apps will be granted access to federal government data showing whether citizens have been vaccinated against the coronavirus, with the functionality expected to go live this month.
Once states begin to open up after lockdowns, it’s expected some types of venues will require patrons to provide proof of vaccination in addition to checking in via a QR code, on top of requiring ID if they’re an establishment like a nightclub.
With this in mind, federal and state governments have been discussing whether there is a way to integrate data from the Australian Immunisation Register into state-based check-in apps to make it easier for citizens to check in without having to open separate apps.
Minister Robert’s office referred InnovationAus to comments he made at a doorstop interview on Tuesday last week in Canberra, in which he said he had been working with state and territory colleagues “for many, many weeks” on sharing the data.
“The intent of working with them is to allow an ease for Australians, so when they use that state-based app, not only can they use the state-based QR code in terms of the state processes, but can also demonstrate at the same time, that they’ve been vaccinated,” Minister Robert said.
“That process will be ongoing, and I suspect at this stage, that this will be live across states and territories into September.”
Minister Robert said how states and territories use the data “will be up to them”.
“Whether that vaccination certification data is used will depend of course, upon state and territory public health orders, and that’s a matter for those states and territories.”
On Friday, NSW Customer Service Minister Victor Dominello said on LinkedIn that he planned to show a prototype of the integration on Monday.
“I am working with Minister Stuart Robert … so that we can provide people with an option of integrating the vaccine certificate on their Service NSW app,” he said.
Minister Dominello has previously lobbied for access to the data, telling InnovationAus that it would be “a very clunky experience to essentially open three different apps just to get through the front door” of some venues.
He said previously that such a record in the Service NSW app could detail whether someone was fully or partially vaccinated against COVID-19.
Meanwhile, NSW announced this week that it would begin to scale down the use of contact tracing as vaccination rates rise, and would rely more on its Service NSW app for alerting people if they have been to a venue of concern. New features, as flagged by Mr Dominello, will be introduced into the app to allow for this to occur in late September.
The federal government has tightened sovereignty requirements for data hosting vendors and service providers due to security and supply chain concerns.
But nearly six months on, only three vendors have been certified while the department responsible for some of Australia’s most sensitive data declined to say how it will approach the new scheme.
Stuart Robert is leading reforms to tighten government oversight and access to data systems holding sensitive government information.
Since March, the federal government has required hosting providers to be certified against a range of security, risk mitigation and ownership requirements to achieve one of two new levels of certification: “Assured” and the higher “Strategic”.
The new certifications are part of a Hosting Certification Framework (HCF), which was developed by the Digital Transformation Agency and operationalises the principles set out in the whole-of-government Hosting Strategy.
In June, the government minister responsible for whole-of-government data and digital policy, Stuart Robert, announced “all relevant government data” under the HCF must be stored in either Certified Assured or Certified Strategic data centres. This requirement came into effect on June 4 and includes all future and “in-flight” projects.
“The Morrison Government is committed to having effective controls in place for the critical systems and data holdings that underpin the operation of government,” Mr Robert said at the time.
“This includes knowing how, where and when data is stored and transmitted whilst achieving greater assurance over the operation and supply chains of providers.”
A spokesperson for the DTA confirmed it will be up to agencies to determine their hosting requirements, including whether their data and systems require certified hosting.
“[Agencies are required to] use Certified Strategic or Certified Assured Data Centres for high value or sensitive data sets, PROTECTED data, or whole of government systems; and assess data and systems for the likelihood of data sensitivity changing over time,” a DTA spokesperson told InnovationAus.
“The DTA supports agencies to specify and source hosting arrangements consistent [with] requirements of the agency’s systems and data holdings.”
An Assured certification requires hosting providers to pass a detailed initial assessment and include clauses in contracts that safeguard government agencies and lessen their exit costs in the event of a significant change of ownership, control or operation of the provider.
The higher Strategic certification includes all Assured requirements and adds a more stringent initial assessment and requires a guarantee the provider will not change strategic direction operation or ownership in a way which would “adversely affect”:
the level of confidence the Australian public has in the Commonwealth;
the Commonwealth’s interests; and
the certainty of services delivered to tenants for the life of the current government contract/s
Strategic certified providers must cover the full transition costs associated with exiting a data centre due to a breach of the contract. They are also required to mitigate supply chain risks by adhering to a formal risk management framework, have key personnel vetted by the government and provide support from “locations that do not pose a threat to the Commonwealth”.
Certification approvals at each level will be made by the DTA deputy chief executive officer or an authorised delegate, according to the HCF. Maintaining certification will require providers to notify and obtain approval from the government of any “relevant change” to personnel, strategic direction, ownership, land sale, security or any other circumstance relating to security operations of the data centre.
In short, the HCF wrestles back much more control and oversight of data centres to government agencies while imposing tough new requirements on vendors and potentially significant penalties for breaches. But it raises questions for competition and the role of systems integrators and cloud service providers.
The framework applies to all direct and indirect providers of hosting and related data centre services to government customers, including involved systems integrators, managed service providers and cloud service providers.
A certification process for direct hosting service providers on the government Data Centre Facilities Supplies Panel began in March and remains open, with other registered providers eligible to apply from next month. All other providers are encouraged to apply now.
So far only three companies have been certified: Australian Data Centres and Canberra Data Centres at the Certified level, and Macquarie Telecom Group at the Strategic level.
The DTA declined to reveal how many other providers have begun the certification process and if any were direct or indirect providers, except to say it “continues to engage and evaluate additional hosting providers against the Framework”.
The Department of Home Affairs declined to answer repeated requests about how it will assess certification needs or how a provider’s personnel are vetted, making it unclear how the department, which has its own extensive hosting requirements and will be providing security advice to other agencies, will interpret the framework.
Home Affairs secretary Michael Pezzullo has flagged the tightening makes the Australian government an “exemplar” and will “not be very attractive” to multinational cloud vendors which have become popular with federal agencies.
The framework stipulates that for system integrators, managed service or cloud service providers certification will need to happen “for each data centre facility arrangement used by the provider”.
“This may result in a certification being granted for only some, but not all data centre facilities arrangements utilised by the provider. In such cases, providers will only be able to use the certified data centre facilities (certified data centre facilities arrangements) that satisfy the certification level required by agencies,” the framework said.
The first private company has received accreditation from the federal government as a digital identity provider, with legislation facilitating a significant expansion of the digital ID program set to hit Parliament soon.
Sydney-based startup OCR Labs, which offers an automated, contactless identity verification platform used by a number of banks, has been accredited by the government after meeting its requirements for privacy and security.
The company was accredited under the Digital Transformation Agency’s Trusted Digital Identity Framework (TDIF), which sets out standards, rules and guidelines for digital identity services, and joins Australia Post and the ATO’s myGovID as the only services validated so far.
Responsibility for the wider digital identity was moved from the DTA to Services Australia earlier this year.
The TDIF requires applicants to meet a number of privacy protections, security and fraud control, risk management and technical integrity. OCR Labs will also have to continually show that it is meeting these obligations as part of annual assessments.
The company satisfied 262 requirements to get the accreditation, which took four a half months. This made it the second-fastest accreditation so far, out of the three completed.
“We want Australians to have confidence that their information is private and secure, regardless of who holds it. It has become increasingly important in this digital age to be able to establish trust, particularly online,” Employment Minister Stuart Robert said.
“Digital identity underpins the government’s Digital Economy Strategy that will allow Australian businesses like OCR Labs, and in particular small businesses, to capitalise on the opportunities that digital technologies are creating, enabling them to grow and create jobs as part of Australia’s economic recovery.”
But OCR Labs will not yet be actually in the government’s digital identity system and its services can’t be used to access government services for the time being. This will be made possible when legislation is passed by Parliament facilitating an expansion of the program to the private sector and state and territory governments.
The startup has also not received the higher Identity Proofing Level 2 Plus level, but will attempt to do so by the end of the year.
The government’s digital ID program has been running for six years at a cost of nearly $500 million. It aims to create a whole-of-economy federated digital identity scheme, where individuals can use a range of digital identity services to access services and products across the economy, including government services.
The draft legislation, unveiled in June, also establishes permanent oversight and governance structures for the digital identity scheme, with a number of privacy and consumer protections to be enshrined in law.
Security researchers have also raised concerns with the TDIF, with Thinking Cybersecurity CEO Vanessa Teague saying the framework is “very vague” and “counter-intuitive”, with too much left up to the providers.
“It leaves a lot of detail to the implementer. That’s the opposite of what a well-defined standard should be. The option standards and vague descriptions of how it might be done leaves a lot open to the implementer to potentially make a mistake,” Professor Teague said.
The DTA has previously said the TDIF is based upon the international standard OpenID Connect 1.0 and is “consistent” with the International Government Assurance Profile. But Professor Teague said it doesn’t stick to these best practice standards closely enough.
“It implements something a little similar to the OpenID Connect standard, but not quite. That ought to make you nervous to think that the DTA has taken an existing open standard quite carefully designed and then implemented something kind of similar,” she said.
“They should have implemented an existing standard. They should implement a real open standard that already exists. They shouldn’t have made up their own in the first place.”
State and federal ministers charged with digital transformations efforts have agree to the need for need for legislation to enshrine privacy and consumer protections and governance and oversights into law to support the expansion of digital identity.
The Data and Digital Ministers’ Meeting is a committee adjacent to the National Cabinet and is chaired by Employment minister Stuart Robert, who runs digital service delivery and coordination for the Federal government.
A meeting of ministers on Friday via videoconference continued long-standing work on national digital identity issues including on resilience and included a discussion on the need for improved security certification for data hosting.
Digital identity gets a workout in meeting of ministers
A communique said the meeting had welcomed the release of the federal government’s Digital Identity Legislation position paper in June, as part of ongoing collaborative efforts between jurisdictions to reap economic and citizen benefits of a national to digital ID.
“Ministers noted the need for legislation to enshrine into law a range of privacy and consumer protections, governance and oversight arrangements to support the expansion of Digital Identity nationally and to the private sector,” the communique said.
The ministers also acknowledged that the problem of identity crime and data breaches was growing and agreed to work toward a national approach to providing victims with recovery and remediation services.
“Ministers acknowledged governments are held to a high standard when it comes to the security and safety of Australia’s data,” the communique said.
“The public expects data held by governments to be managed with appropriate privacy, sovereignty and security controls. Ministers discussed the need for Australian data to be held in accordance with high standards of security across the board.”
No details were made available on how any of these acknowledgements would be progressed. The following ministers attended the meeting:
Digital Transformation Agency CEO Randall Brugeaud is set to leave at the end of the month, after three years in the role, with the agency facing a significant funding cut and major restructuring.
Mr Brugeaud notified DTA staff of the decision in an email on Friday morning, saying that he has been appointed to chair the new Simplified Trade Systems Implementation Taskforce in the Department of Trade.
In the email, seen by InnovationAus, Mr Brugeaud said it was a “hard decision”, and his last day at the DTA will be 30 June.
“I know this will come as a surprise to many of you, but the combination of the upcoming changes to the DTA and the urgency of filling the role I’ll be moving into means that the change needs to happen quickly,” Mr Brugeaud said in the email.
“Our work is and will continue to be important and I’m confident that the next evolution of the DTA achieves everything the government and the APS hopes to achieve.”
With Mr Brugeaud leaving the agency in less than two weeks, it’s unclear whether his replacement has already been lined up or if a recruitment process is underway.
The DTA is in the midst of a significant restructuring after being moved from Services Australia to the Department of Prime Minister & Cabinet in April. This coincided with a large funding and resourcing cut to the agency, and a shifted focus from service delivery and project management to delivering whole of government advice and strategy.
DTA chief Randall Brugeaud
Mr Brugeaud was appointed as CEO in July 2018 after serving as the deputy Australian Statistician, and previously as the chief information officer at the Department of Immigration.
His new role at the Simplified Trade Systems Implementation Taskforce will focus on cutting red tape around trade regulations and modernising outdated ICT systems, and will see Mr Burgeaud serving under trade minister Dan Tehan.
“In true DTA spirit, we’ll be taking a user focused approach to streamlining trade and border processes for Australian importers and exporters,” Mr Brugeaud said.
The DTA was launched in 2015 as a pet project of then-Prime Minister Malcolm Turnbull, originally named the Digital Transformation Office and sitting in the communications department.
In the time since it has moved across departments, with varying levels of influence on government policy and projects.
It was renamed to the DTA and moved to Prime Minister & Cabinet in 2016, before being shifted to the Department of Social Services and later Services Australia until earlier this year.
Mr Brugeaud said he remains confident in the DTA’s ability to achieve its goals and objectives.
“Our work and our operating environment have been challenging, but we’ve been able to drive forward the whole of government digital and ICT agenda and deliver great outcomes for the people and businesses of Australia,” he said.
The DTA has not been without controversy, with the agency experiencing continually high levels of staff turnover, and large spending on consultants in recent years.
Under the changes announced earlier this year, the DTA also lost control of several of its most significant projects, including digital identity and the redevelopment of myGov.
The DTA also led the development and rollout of the controversial COVIDSafe contact tracing app last year, which thrust the agency into the national spotlight.
The Simplified Trade Systems Implementation Taskforce was announced by Mr Tehan and employment minister Stuart Robert on Friday morning.
“Mr Brugeaud is uniquely qualified to work hand in hand with businesses to design and implement a cross-border trade system that meets their needs,” Mr Tehan said.
The government has released more details on its plan to expand its digital identity scheme to the private sector and the states, as it pushes to significantly accelerate the program which has already cost more than $500 million over five years.
The federal government released a new position paper on its Digital Identity Legislation, which it plans to introduce to Parliament later this year. The government is now consulting on the paper, with submissions closing on 14 July.
The paper reveals the government is sticking with plans for an independent oversight authority and legislating privacy and consumer protections but has changed a key definition of digital identity, and left the verifications systems outside of the legislation.
Digital identity is an Australian government program that allows people and businesses to prove their identity and use the proof across several government and private sector services, with the goal of reducing time and costs associated with in person verification.
Identity service providers must gain accreditation and follow a set framework in verifying users’ documents and biometrics to participate in the scheme. Currently there are only two accredited identity service providers: Australia Post and the ATO’s myGovID.
The federal government wants to expand its system into a “whole of economy” solution but requires legislation to do so. A privacy impact assessment in 2018 also recommended legislation to enshrine the privacy and consumer protections currently only present as rules.
The federal government is drafting legislation to expand its Digital Identity program to the states and territories and the private sector.
In the latest consultation phase on the legislation, the government has kept its proposal for a permanent Oversight Authority, an accreditation system and non-mandatory participation in the scheme, which is already used in limited government services but will eventually expand to the private sector and state and territory governments.
A new interoperability principle has been introduced to clarify how participants will work together and the proposed definition for “digital identity” has changed and will now focus on participants generating a person’s identity rather than the characteristics of a digital identity itself, a new government position paper, released on Thursday, said.
The new paper defines digital identity as “a distinct electronic representation of an individual which enables that individual to be sufficiently distinguished when interacting online, including when accessing online services”.
The precise terminology will be considered further in the drafting of the bill, which is expected to be introduced to Parliament in late 2021.
The paper makes no changes to the plan to leave the Document Verification Service and the Face Verification Service outside the scope of the legislation.
“These services are verification tools for identity providers and are expected to be subject to their own standards and legislation,” the paper said.
The Australian Human Rights Commission recently warned of the dangers of biometrics and called for a moratorium on its use in important decisions until appropriate regulations are in place.
Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert said more than 2.5 million Australians and 1.27 million businesses use digital identity to access some government services.
“Establishing the right safeguards and protections will lay the foundations for the digital identity program and grow the digital economy by improving digital infrastructure,’ Mr Robert said.
“We want a system that Australians can use and trust. The legislation will ensure the expansion of the digital identity system meets the expectations of all Australians and that users can have confidence in the integrity as the system expands.”
The legislation will only include subject matter and general rules not likely to be compromised by advances in technology, including privacy safeguards and the power of ministers to set charges for participants. Users of digital identity will not be charged.
Rules on how the wider scheme will operate are to be made by the minister but can be disallowed by Parliament, according to the proposal. Written guidelines and policies will also be provided by a new statutory office.
Technical specifications on how the scheme works won’t be a matter for Parliament, however, but will need to be publicly notified.
Under the legislation, the current interim Oversight Authority will be made permanent as an independent statutory officeholder to be advised by boards appointed by the minister. The authority will be in charge of providers accreditation and ensuring they comply with the legislation’s safeguards.
Identity providers and accredited participants will need to comply with rules and standards for usability, accessibility, privacy protection, security, risk management and fraud control.
The Information Commissioner will also oversee compliance with the privacy provisions in the Bill.
The paper suggests security requirements will continue to be updated in line with advice from the Australian Cyber Security Centre, but a baseline compliance will be with the Australian government’s own cyber policies, including the Protective Security Policy Framework PSPF and the Information Security Manual.
The government also intends to mandate the Essential Eight requirements of the Protective Security Policy Framework for government entities after nearly a decade of low levels of compliance.
Accredited participants will be allowed to share some information with each other to manage cyber incidents, a process to be overseen by the Oversight Authority.
The federal government is in a “mad rush” to turn the NDIS into a “human-free robo-system” and should move to immediately scrap plans to introduce mandatory independent assessments, shadow government services minister Bill Shorten says.
The federal government is planning to introduce mandatory “independent assessments” for people already accessing or looking to access the National Disability Insurance Scheme (NDIS). Independent assessments would see government-appointed assessors deciding on an individuals’ needs and how much funding they will receive, rather than their existing specialists.
New Government Services Minister Linda Reynolds has “paused” the rollout of these assessments while a second trial is being conducted, but there is no indication they will be scrapped. A government website on the NDIS said these assessments will become mandatory in “late 2021”.
They have been slammed by advocates as a cost-cutting measure that will harm Australians with disabilities, and as a move to automate the NDIS.
At a National Press Club address on Wednesday afternoon, Mr Shorten backed these calls and said the government should immediately abandon plans to introduce the independent assessments, and tear up contracts it has signed with providers to conduct them.
“The promise of the NDIS is being betrayed. Not yet fatally, but certainly substantially. The NDIS has been chaperoned by the cavalier vandalism of successive Liberal governments. After eight years of neglect, and seven different ministers for disability, I’m sorry to say that the ongoing existence of the scheme, as it was dreamed to be, is at risk,” Mr Shorten said.
“It is not overstating things to say that those in charge at a ministerial and agency level have been more concerned with data points than people, that they are too secretive, that there is too much of a closed shop, a black box dealing with the key numbers as evidence and this approach is killing trust.
“It is not too much to say that they are in a mad rush to trade a vital public service for a human-free robo-system.”
The move to implement independent assessments is “privatisation by stealth”, Mr Shorten said.
“The so-called independent assessments are not independent at all. They are robo-planning from the government who brought us robodebt and, as with robodebt, robo-planning is based on flawed mathematical algorithms,” he said.
“It has been constructed in a black box and the disability community fear it and detest it legitimately. Those currently in charge of the scheme see people with disability as numbers on a page, data in a system, a cost to be reduced.”
On Tuesday, a number of disability advocates and people with a disability appeared before a public hearing as part of a senate inquiry into the independent assessments plans.
People With Disabilities president Samantha Connor told the Senators the “robo-planning” is a “travesty” that should be “ceased immediately”. Ms Connor also urged the committee to further investigate the trial of incorporating blockchain payments into the NDIS, attempts to link data and how privacy is being “disregarded” in this process.
People With Disabilities WA executive director Brendan Cullinan also appeared at the hearing, saying he has “deep concerns” about the independent assessments plan, which he said would “further exacerbate the entrenched disadvantage experienced” by many people with disabilities.
The independent assessments introduce the “problematic nature of automated decision-making”, Mr Cullinan said in a submission to the inquiry. He said that the independent assessments framework points to some level of automation taking place in deciding how much funding an individual will receive.
“We can only presume that an algorithm/logic has been developed to determine how the results of an independent assessment translate into a particular budget amount,” Mr Cullinan said.
“Without clear, transparent information on how the independent assessment is being translated to a plan budget there is no assurance that this process is not based, at least in part, on automated decision-making.
“Essentially both the information a decision is based on and the process for making that decision are unable to be scrutinised. The lack of effective remedy in these circumstances make it all the more concerning.”
The Digital Transformation Agency has a whole-of-government approach to data and digital policies in its new home in PM&C, employment minister Stuart Robert says.
Despite his new role in the employment portfolio, Mr Robert has retained control of the Digital Transformation Agency (DTA) and will be the “whole-of-government minister with responsibility” for the government’s data and digital agenda.
In a speech at the Australian Financial Review Government Summit, Mr Robert outlined the DTA’s new structure and mandate, and provided a series of updates on a number of government digital policies, including digital identity and myGov.
Stuart Robert says the DTA now has a whole-of-government approach
Earlier this month the DTA was moved from Services Australia to the Department of Prime Minister & Cabinet, where it was previously located, under the control of Mr Robert.
This move came with an updated mandate, Mr Robert said, with a focus on a whole-of-government approach to tech policies and digital transformation.
“We are now taking a whole-of-government and, where appropriate, a whole-of-nation approach to building scalable, secure and resilient data and digital capabilities that will not only deliver for Australia in a customer sense, but give us competitive advantage as a country and as an economy,” Mr Robert said in the speech.
This will involve the DTA working across portfolios, departments and agencies, and with state and territory governments, Mr Robert said.
“The problems we face currently as a nation – whether it is economic recovery from COVID and creating more jobs, protecting our health and the vulnerable, or defending our national interests – require that we interact across all portfolios and tiers of government,” he said.
“Government must operate as a consistent platform that brings together stakeholders, systems, processes and data to solve the challenges ahead of us. This is the only way to deliver the alignment we need, to be on the same pages with all Australians, to develop the right policies and deliver the right services.”
The DTA has also already covered many whole-of-government IT policies and strategies, including large deals with tech providers such as IBM.
The agency’s mandate now includes responsibility for whole-of-government ICT governance, strategy, policy, architecture, processes and procedures.
The DTA is currently developing a whole-of-government architecture to map out the existing capabilities of government and gaps that need to be addressed.
This strategy will take into account the age and complexity of existing government systems to get a “complete picture of what we have, what we need, what we must invest and by when”, Mr Robert said.
In the speech, the Minister also announced that three cyber hub pilots will be establish allowing large agencies such as Home Affairs and Services Australia to provide cybersecurity services for small agencies that “cannot match their breadth and depth of skills”.
“We can see a future where such hub models may be established for other types of scalable services, not just cybersecurity,” Mr Robert said.
Mr Robert flagged changes to address “long and complex” government procurement processes which only serve the “specialised industry that has been built around them”.
“Government often finds itself with investment proposals that are presented as urgent or critical, but with limited opportunity to consider the broader strategic context of those proposals,” he said.
“Such practices cost government and providers a lot of money, use precious time that can be more productively put towards implementation and artificially restrict the available providers to those that can afford the high costs and long timeframes involved.
“As a result, the government may be missing out on significant innovation from segments of the market, including Australian providers, who may find it easier and faster to engage with private sector customers, rather than go through the long procurement cycles in government.”
The Commonwealth’s federated digital identity program is now a “high priority” across government, with Mr Robert revealing that Eftpos has recently applied to have its digital identity service accredited under the scheme, the first private sector organisation to do so.
He also said that a further round of consultation on legislation underpinning the digital ID scheme will open soon.
Mr Robert also drew attention to the ongoing redevelopment of myGov, with a beta site launched several months ago.
Small business policy and programs responsibility has been moved to Treasury from the Department of Industry as part of a Machinery of Government rearrangement.
The Administrative Arrangements Order, signed by Governor-General David Hurley late last week, includes two key changes relating to industry and innovation-focused policy, with the Digital Transformation Agency shifted to the Department of Prime Minister & Cabinet from Services Australia.
The other significant change has seen the responsibility for small business policy and programs, and the Small Business and Family Enterprise Ombudsman Act, moved from the Department of Industry, Science, Energy and Resources to Treasury.
Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert, who was appointed in the role in late March, will retain responsibility for small business policy despite it being housed in the Treasury portfolio.
Small business policy has moved to Treasury but will remain under the control of Stuart Robert
Small business policy development is now likely to receive significant better resourcing now that it’s sitting within Treasury, which is responsible for a number of key policy areas for the sector, including competition and tax.
Following his appointment as part of the ministerial reshuffle last month, Mr Robert said support for small businesses in the wake of the COVID-19 pandemic will be a key focus in his new role.
“We need to ensure the backbone of Australia’s economic prosperity – small and family business – are given every opportunity to thrive,” Mr Robert said.
The administrative arrangements order from last week omitted “small business policy and programs” from the Department of Industry, Science, Energy and Resources’ remit, and added it to the Department of Treasury.
It also moved the Australian Small Business and Family Enterprise Ombudsman Act 2015 to Treasury. Former Liberal Minister Bruce Billson was earlier this year appointed the new small business ombudsman, and there is currently an inquiry running into the effectiveness and efficiency of the office.
The same order also shifted responsibility for whole-of-government information and communications technology and tech procurement policy and services from the Department of Social Services to the Department of Prime Minister and Cabinet.
This move has transferred the Digital Transformation Agency from Services Australia to Prime Minister & Cabinet, where it had resided until late 2018.
Despite the shift, Mr Robert has retained control of the DTA in his current role as employment minister.
Mr Robert has also gained a new role in the powerful Cabinet expenditure review committee, and will also keep his role as chair of the Service Delivery and Coordination committee
State, territory and Commonwealth digital ministers have agreed to press ahead with the Prime Minister’s plan for national consistent digital identity and data sharing schemes, and noted the rollout of COVID-19 vaccination certificates.
Last week, Prime Minister Scott Morrison announced the federal government’s plan to greatly increase data sharing between public sector agencies and private organisations through new legislation would be expanded to state and territory governments.
On Friday, Ministers responsible for digital and data from each of Australia’s state and territory governments except Tasmania met with Commonwealth Employment Minister Stuart Robert, who has retained control of whole of government digital projects in his new portfolio.
Ministers “discussed development of the intergovernmental agreement to support national data sharing between governments” at the meeting. The agreement will eventually be considered by state and territory Premiers at National Cabinet.
States and territories are in talks for a new agreement to support national data sharing between governments.
An intergovernmental agreement paves the way for the federal government to expand its own data sharing plan to state and territory governments.
Three years in the making, the Coalition’s data sharing plan includes new legislation, the Data Transparency and Availability Act, to get around current secrecy provisions and other laws blocking data sharing by government agencies.
But the proposed laws have been criticised because of significant privacy implications, the sharing of identifiable information and the potential for consent to not always be required.
The legislation was introduced in December and immediately questioned by a group of senators about its lack of detail and privacy safeguards in the legislation. The legislation was sent to a Senate inquiry which has attracted more than 30 submissions. A report is expected by the end of the month.
State and territory ministers also agreed to a “seamless digital identity for Australians” delivered through a nationally consistent approach.
“A consistent approach to digital identity will make it easier for the Australian public to interact online across a wide range of digital services, regardless of the jurisdiction they live in or the service they are accessing,” the latest communiqué stated.
“Work is continuing between the Commonwealth, states and territories to make this a reality.”
Ministers also noted updates to the rollout of digital proof of vaccination, which can now be accessed through government apps. Ministers noted the digital proof will be an important step in the reopening of the Australian economy.
The intergovernmental data and digital Minister’s meetings began in 2018, occurring only a few times each of the first two years. But as the pandemic put pressure on service delivery last year, Ministers agreed to meet more frequently last year – nearly once a month in 2020.
Mr Robert, who began chairing the meetings in 2019, retained control of whole of government digital projects in his new portfolio through committee appointments and the move of the Digital Transformation Agency back to Prime Minister and Cabinet.
The government’s back-to-the-future decision to move the Digital Transformation Agency into the Department of Prime Minister & Cabinet is a good outcome for the sector and for progress in digitization across government, according to the Australian Information Industry Association.
The shift back to a central agency would give the DTA more clout to lead digital transformation across government and to align with the work of the Digital Transformation Taskforce and other PM&C activities, the AIIA said.
The Governor-General David Hurley last week signed an administrative arrangements order with the Prime Minister shifting the DTA from its home in the Social Services portfolio back into Prime Minister and Cabinet.
Separate orders specified that newly installed Employment Minister Stuart Robert, who had been Government Services Minister until the reshuffle earlier this month, would retain responsibility for the Digital Transformation Agency.
My life as a MOG: The Digital Transformation Agency is back to PM&C
The tech industry’s peak advocacy body, the AIIA renewed a memorandum of understanding with the Digital Transformation Agency in March to continue the strong collaboration between the Australian Government and the information technology industry.
“The DTA sitting inside PM&C also means it can align to the work of the Digital Transformation Taskforce and other PM&C activities and taskforces that involve government transformation and digitization projects,” AIIA policy and advocacy general manager Simon Bush told InnovationAus.
“This will give the DTA more access and influence to lead digital government projects and provide portfolio agency advice.
“The AIIA has argued that government tech should lead in the digital transformation of the economy and not be excluded from policy and we see this shift to the centre as positive,” Mr Bush said.
Not everyone heralded the changes, with shadow minister for government services and the NDIS Bill Shorten lampooning Stuart Robert’s continued involvement in service delivery.
“After the Robodebt scandal, I would not trust Stuart Robert to run a digital calculator, let along the Digital Transformation Agency,” Mr Shorten told InnovationAus.
“It’s another chaotic change when Australians are longing for a stable government. The Government also shows it lacks faith in Linda Reynolds,” he said.
But the AIIA’s Simon Bush backed Mr Robert, saying he had been a strong advocate for the role of the DTA, and for the role of the technology sector in the economy. The AIIA welcomed the continuity of working with the same minister on digital transformation, despite Mr Robert’s shift to the Employment portfolio.
“Minister Robert has been a strong advocate and supporter of the role of DTA and its continued funding,” Mr Bush said.
“The Minister wanted to continue to have the responsibility for the DTA and we look forward to continue to have a good working relationship with him.”
“One area we look forward to working with the DTA moving forward is improving the digital skills and leadership of the APS, as well as cloud hosting, tech procurement and data policies.”
Mr Robert has cemented his imprint on whole of government digital transformation. He has retained his role as chair of the Cabinet’s important Service Delivery and Coordination Committee and been promoted to the powerful Expenditure Review Committee.
The DTA’s shift back into Prime Minister and Cabinet is a back-to-the-future move. The agency had started life in the Communications portfolio while Malcolm Turnbull was Communications Minister under then Prime Minister Tony Abbott.
The agency moved into PM&C under Malcolm Turnbull as Prime Minister – a champion of government-led service innovation as an engine for economic growth – but was then moved to the Department of Human Services within the Social Services.
That experiment has run its course, and the DTA is now shifted back to the PM&C as a central agency.
The Digital Transformation Agency has been moved to the employment portfolio and will remain under the control of Minister Stuart Robert.
An order signed by Governor-General Peter Cosgrove shifting the Digital Transformation Agency (DTA) from Services Australia to the Department of Employment was revealed late on Friday afternoon.
It’s a significant move for the DTA, which had at one point been housed within Prime Minister & Cabinet.
It means the government’s tech agency will remain under the control of Mr Robert, who was recently appointed as Minister for Employment, Workforce, Skills, Small and Family Business after serving as government services minister.
It was revealed this week that Mr Robert had retained his role as chair of the Cabinet Service Delivery and Coordination Committee despite the ministerial reshuffle. He has also recently been promoted into the powerful expenditure review committee by the Prime Minister.
Stuart Robert will retain control of the DTA
The DTA had previously been in the human services portfolio due to significant amounts of IT spending from that department, and its role in key IT projects such as myGov.
The DTA was launched in 2015, as the Digital Transformation Office, as a pet project of then-Prime Minister Malcolm Turnbull, who hand-picked its inaugural chief executive in Paul Shetler.
It was originally housed in the communications department before a significant restructuring the following year saw it renamed to the DTA and moved directly under Mr Turnbull in Prime Minister & Cabinet.
In late 2018 the DTA was moved away from PM&C and into the human services portfolio, and was switched to government services in May 2019 with the launch of Services Australia.
The amendments to the Public Service Act 1999, revealed on Friday, also outline the DTA’s key functions, which have remained largely stable from previous years.
The DTA has been tasked with providing strategic and policy leadership on whole-of-government and shared ICT investments and digital service delivery, and to “develop, deliver and monitor” strategies, policies and standards for tech investment, including procurement.
It will also manage strategic coordination and oversight functions for digital and ICT investment across the life cycle of projects, manage whole-of-government digital procurement and provide advice to Minister Robert on whole-of-government digital.
The DTA is in the midst of a number of significant government tech projects currently, including the redevelopment of myGov and the whole-of-government digital identity program.
It also received widespread attention last year after leading the development of the government’s controversial COVIDSafe contact tracing app.
The DTA’s spending on contracts with tier one management consultants increased by nearly five times in the time since Mr Robert took control of the agency in May 2019. In the 2019-20 financial year, more than $30 million in contracts were handed to Deloitte, McKinsey, KPMG and the Boston Consulting Group, compared with just over $6 million in the previous year.
In the previous 18 months, the DTA also experienced close to 100 per cent staff turnover.
Despite being created by Mr Turnbull in part to bring tech expertise back inside the public sector, the DTA has become increasingly reliant on short-term contractors and consultancy firms.
Australia is racing into the next decades of the digital era wilfully blind and ill-prepared as to the impact of algorithms on its citizens.
I say wilfully blind because notwithstanding the very serious concerns and legal challenges about algorithms around the world over many years, the current Digital Transformation Strategy 2025 and the recent APS Workforce Strategy 2025 contain no reference to algorithms.
Why is this a problem?
Because of the speed with which government agencies are acquiring and applying powerful algorithm technologies, while at the same time the political mantra of “fairness” has become the very raison d’être for their use.
Marie Johnson: Sleep walking into an algorithmic miasma
The widespread application of algorithms changes the relationship between the citizen and the state: opaque algorithms enabling policies of the reverse onus-of-proof and non-appealable processes that target and impact the most disadvantaged in society.
The unlawful RoboDebt debacle and the visceral outcry from disabled people and their families over proposed NDIS RoboPlans generated from outsourced Independent Assessments, demonstrates that government is ethically ill-equipped for the era of algorithms.
In 2020 in the United Kingdom, there was outrage and political fights over the use of “unfair algorithms” to make all sorts of government decisions.
Controversially, the use of opaque algorithms to calculate the grades of secondary school students disproportionally impacted disadvantaged students who were denied access to universities. This “provoked so much public anger at its perceived unfairness…that the government was forced into an embarrassing U-turn.”
But the socio-economic discrimination problems are far bigger for both Australia and the UK alike. The UN special rapporteur for extreme poverty, Philip Alston, warns that the UK is “stumbling zombie-like into a digital welfare dystopia”. Alston argued that too often technology is being used to reduce people’s benefits, set up intrusive surveillance and generate profits for private companies.
What can be done?
Twenty-five years ago, as “government online” was gearing up, governments around the world undertook “forms and transactions” audits as a pillar of their online strategies. At the time, the Victorian Government was a globally recognised leader in government online. I undertook a number of these forms and transactions audits myself, and there is a whole other story to be told about what these audits revealed about the bowels of government.
The reason why the forms and transactions audits were undertaken, was to establish a baseline and priority for online delivery. For the first time, these audits established transparency as to the impact on citizens and business of their interactions across government.
Now twenty-five years later, given the magnitude of the impact of algorithms on citizens and democracy more broadly, a similar audit of algorithms is urgently needed.
The Stanford University Report “Government by Algorithm” cautioned that “little attention has been devoted to how agencies acquire such tools in the first place or oversee their use.” The Stanford report advocated that the US Federal administration undertake a “a rigorous canvass of AI use at the 142 most significant federal departments, agencies, and sub-agencies”. That is, an audit of algorithms.
It beggars belief that two of the most significant capability strategies in government (the Digital Transformation Strategy and the APS Workforce Strategy 2025), are devoid of any reference to algorithms. An algorithm audit would fundamentally change both of these.
Without this, it is impossible to understand the additive impact of algorithms on citizens and businesses, or the depth of policy skills and ethics required of the public sector. Or the forms of public scrutiny that are even possible by civil society.
In fact, in 2017 ABC News reported that it wrote to 11 Australian government departments responsible for administering legislation with computerised decision-making, asking what decisions the computers are making.
“The short answer is: we don’t know.”
We don’t know – but we may very well be shocked.
Application for grants. Application for Trade Marks. Job applications.
The ABC also reported that “the most recent new powers for automated decision-making apply to the departments of Health and Veterans Affairs.
“The Department of Veterans Affairs (DVA) is undertaking veteran centric reform to significantly improve services for veterans and their families by re-engineering DVA business processes.”
With this reform, there is concern that veterans may end up facing flawed processes similar to those implemented by Centrelink.
These concerns might be justified, given the disability sector-wide outrage over safety and human rights impacts of the proposed NDIS RoboPlans.
Stuart Robert, who retains significant influence over service delivery and digital transformation, described “the kind of transformation the government wants is its approach not just to the NDIS but also Veterans Affairs and Aged Care.”
All this would involve algorithms. Access determined by facial biometric algorithms; plans generated by algorithms; funding determined by algorithms; debt determined by algorithms; and the potential control of payments by blockchain algorithms.
The situation at present, is that there is no transparency, knowledge of or governance around the use and sharing of algorithms by government agencies in Australia.
Compounding this and of grave concern is the new intergovernmental agreement on data-sharing, which expands the sharing of data between public and private sector organisations.
The additive impact of bias on citizens from the use and sharing of algorithms across agencies, across jurisdictions and across sectors will be unfathomable. Pre-emptive legal challenges will take place, as happened in the UK.
So there should be a detente on the use and planning of algorithms until an audit of algorithms is done.
Fairness can only come from transparency, a duty of care and the active governance of ethics.
