Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
AFR GovTech, Canberra, 19-20 July 2007
Roger Clarke **
Notes of 19 July 2007
© Xamax Consultancy Pty Ltd, 2007
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/EC/GovTech07.html
My comments are primarily from my perspective as a 40-year IT industry veteran and a 25-year consultant in IT in Government, tempered by over 30 years as a privacy advocate.
It was a great relief to see far less preoccupation among the speakers with 'The World Changed on 11 September 2001'. It changed a lot more on 12 September 2001, when the national security extremists got control of the agenda. But we're now getting back to the real business of government business.
There's an explosion in various forms of malware, with zombies and hence botnets looming as a serious matter. I'm involved in a Malware Programme with the UNSW Cyberspace Law & Policy Centre. We're seeking solutions in the consumer and SME space. This interlocks with Priority 3 of the E-Security National Agenda.
We're concerned, however, that Priority 3 may be attracting too little federal government focus and support. My point to Robert Campbell (who was originally to be on this Panel) is that we're forcing him to be schizoid. We need two of him and his Branch, one within DSD focussed on Milsec, and the other outside DSD and focussed on business - especially SMEs and consumers. That new Information Security Branch would work closely with existing expertise in these areas, including of course DSD, but also AusCERT.
There's a raft of factors that we know are associated with IT Project Failure. I did a slide in another presentation this week that evaluated the National ID Scheme against that list. (That's the soft-sell Joe-Hockey version of the National ID Scheme, dressed up as an 'Access Card'). The Access Card scores high on almost every Failure Factor, not least its huge scale on multiple dimensions, and its combination of multiple leading-edge and bleeding-edge technologies. A novel additional Failure Factor was Hockey's immortal line "pilots are for aircraft".
Ellison's staff have realised it's an unmitigated disaster (and I'm limiting my comments here to project risk and not going into the impact it would have on privacy). They've shunted it into a siding, and cancelled papers like the one that was originally scheduled for presentation at this event. For background to it, see the APF's Campaign Site. Public interest advocates and the media have been feeding off APF resources ever since Peter Beattie fired the starting gun for Australia Card Mark II precisely 2 years ago.
The big Booz Allen Hamilton contract will be paid out. But the tenderers for the big contracts can pack up and go home now, and the public servants can go hunting for their next jobs. That will save us, as taxpayers, a cool billion dollars that would have been sadly wasted if the project had proceeded.
There are some key features of the Australian Government Authentication Framework (AGAF) that aren't always grasped by agencies and their IT suppliers:
Too many major projects are being conducted without a PIA. But the problem is more fundamental than that. Far too few agencies have a privacy strategy at all, let alone one integrated with their broader corporate strategy. There's a serious lack of appreciation about impediments to adoption, particularly privacy. Rejection by the public, and media controversy, are major project risks. The public doesn't interpret 'joined-up government', 'identity management' and 'identity provisioning' in a positive way, and the media will have a field day with each new project that adopts them. The APF is providing an awful lot of background briefings.
An important part of privacy strategy formation is understanding culture - within your own organisation, among the organisations you are (or have to be) partnered with, but crucially also in society as a whole. I wonder what degree of relevance delegates see in the presentations by Howard Dickson (Hong Kong's CIO, on eGovernment) and Eddy Cheah (trumpeting the Malaysian national ID scheme - Mykad). Don't get me wrong: I've enjoyed my visits to K.L. and Penang, I've been active in smartcard consultancy ever since the very beginning of the 1990s, I've consulted to government in Hong Kong, and I'm a Visiting Professor at the University of Hong Kong.
But I suggest that we need to appreciate the gulf that separates values and expectations among the populations in different nations.
Roger Clarke was invited onto the Panel in his role as Chair of the Australian Privacy Foundation.
He is Principal of Xamax Consultancy Pty Ltd, Canberra, which has operated since 1982, and focusses on strategic and policy aspects of eBusiness, information infrastructure, and dataveillance and privacy.
He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 19 July 2007 - Last Amended: 19 July 2007 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/GovTech07.html