We maintain things for people

Photo of our 2016 Q2 plan that says, "We maintain things for people"

About a month ago we had our major planning session for 2017. The idea is to get everyone together for a few days, share and discuss project ideas, and ultimately come up with a plan for what OpenAustralia Foundation should work on over the whole year.

We’ve done quite a few of these sessions now and each one ends up being different. We spent the first day of our most recent session reviewing 2016 and writing down all the things we want to work on – from bugs we want to fix, right through to major new projects we want to work on.

Usually this ends up as a grab bag of amazing new civic projects we’ve been dying to create for Australia. Instead we noticed a distinct theme. Many of the things we most wanted to work on were essentially maintenance tasks – fixing long-standing bugs, paying off technical debt, or improving our infrastructure.

After a bit of thought we realised that this focus is a product of the environment we’ve been in for the last several months. Because Luke and I have been fire-fighting some challenging stability problems with our projects we weren’t in the frame of mind to come up with more projects to create – and maintain!

This made us remember another important thing too. In the more than 8 years that OpenAustralia Foundation has been creating civic projects we’ve seen a lot of other projects come and, sadly, go. A defining characteristic of our projects is that we maintain them. It’s one thing to create a shiny new project but it takes a different level of dedication to maintain things year in, year out. It might sound obvious but a project needs to be maintained for us all to benefit from the civic good and the change it promises to create.

So we’ve decided to dedicate this quarter to some much deserved maintenance work. At our next quarterly planning session in late March we’ll revisit things and see if we’re ready to explore major new projects and features. To help feed that inspiration we’re going to experiment with talking to different groups of people creating change in Australia that might benefit from some civic tech goodness.

The nuts and bolts

To do this work we decided to create a backlog in a Trello board and just start working through it, instead of estimating and scheduling projects like we have done to date. Here’s a selection of things we’ve already done:

And some of the things we’ve got in the backlog:

Here’s to showing our projects some extra maintenance love :)

Posted in Planning | Tagged , , , , , , , , , , , , , , , , | Leave a comment

See you at the Pub Meet, February 28th in Sydney

I hope everyone’s having a good start to the year, and keeping cool.

If you’re in Sydney, come say hi at our Pub Meet on Tuesday evening February 28th, at the Trinity Bar on Crown St, ten minutes walk from Central.

RSVP and see details here https://www.meetup.com/OpenAustralia-Foundation/events/236977994/

We’ve had a busy month since the last Pub Meet. We’ve been working on the tasks we set out in late January for our maintenance focused quarter. We’re aiming to fix a bunch of niggling problems that distract us from developing new features for the people using our services.

There’s been no bigger niggle than the issues morph.io has been suffering for months now. A few weeks ago, making a huge volunteer contribution to our work, morph.io user, familiar face at the Pub Meet, and lovely person Lindsay Holmwood, jumped into the fray and fixed one of the most serious issues for morph.io. Thank you so much Lindsay!

Speaking of Lindsay, you’ll see him at the Pub Meet on the 28th, sharing techniques for writing scrapers in a way that minimises the impact on the site you’re scraping. Web scraping is a huge part of civic tech, and Lindsay is a serious expert in this area—don’t miss it!

If you’ve got a civic tech project, seen something interesting, or have questions about civic tech and democracy in 2017, we’d love you to share them as a 5 minute lightning talk at the Pub Meet. Just leave a comment on the meetup page like Lindsay did.

If you can’t make it on the 28th, we’ve got our regular Pub Meet on the last Tuesday of March, and each month. https://www.meetup.com/OpenAustralia-Foundation/

P.S. You can get updates about OpenAustralia Foundation projects and events like this one by subscribing to our blog, here: http://eepurl.com/ch058H

Posted in Event | Tagged , , | Leave a comment

Hacking democracy and playing the long game – Luke Bacon at linux.conf.au 2017

Photograph of the front room of Frontyard. Cards are suspended from the roof across a room, and people look at them, thinking about what the future described might be like.

One of the slides from the talk: Looking in as people consider possible futures and how to reach them at Frontyard Projects in Marrickville, Sydney. Photo by Frontyard, CC BY SA

Last month Henare and I were in Hobart for linux.conf.au. We met lots of really nice people working on a dizzying array of interesting projects.

Linux.conf.au is Australia’s biggest conference for people building and using Free and Open Source Software. People come from all over the world to be there. Henare and Matthew from the OpenAustralia Foundation actually met at the conference last time it was in Hobart 2009, which kicked off Henare’s open source civic hacking.

I spoke on the last day of the conference. It was nerve-racking spot to be honest, but it also meant I got to learn from all the other speakers and draw some of their ideas together.

My talk Hacking democracy and playing the long game was about how I currently understand the ways OpenAustralia Foundation projects actually impact society. I’ve been thinking a lot lately about where our work to transform democracy stands in 2017. It seems like we’re in an important moment to really think about the impact of civic tech, and above all, continue working hard.

Giving this talk was a great opportunity to think this all through and share these ideas. Thanks so much to the linux.conf.au team for inviting me, supporting me to get there, and putting on such a great event—I really appreciate it.

Producing this talk became a way to think through all those ideas–so it does cover quite a lot of ground. It starts out talking about the elements of democracy that we’re interested in, different ways to think about it’s futures, and one framework for understanding how change happens drawn from Lawrence Lessig’s 1999 book Code and Other Laws of Cyberspace.

The second half gets into Right To Know as a case study. I go through how the project is making it easier for people to get information they need from our governments. In the end I go through the practical things you can start doing to support and contribute to this work.

I hope it’s interesting and useful. I’d love to know what you think.

If this sounds interesting and you’re new to the OpenAustralia Foundation, here’s some links for finding out more:

All the conference talks are up on YouTube. Here’s some of the ones I most enjoyed:

Posted in Presentation, RightToKnow.org.au | Tagged , , , , , , | Leave a comment

Right to Know, the ATO, independence and transparency

Since August 2016, the Australian Taxation Office (ATO) has been refusing to process the valid Freedom of Information requests they receive from people using Right To Know.

At least two of the people who have had their requests blocked have lodged complaints to the Office of the Australian Information Commissioner (OAIC).

One of them is Right to Know volunteer administrator Ben Fairless, who lodged his complaint in a personal capacity after the ATO blocked his information request.

On November 21 2016, the Freedom of Information Director of the OAIC’s Dispute Resolution Branch contacted us with a request for information to help their investigation into the ATO’s blocking of requests raised in the complaints. We have decided to publish those questions and our answers below.

Note that the OAIC’s questions are unlikely to have been raised by the people who made the complaints about the ATO’s actions to block their requests. Rather, they appear to be based on statements provided by the ATO that match their response to the ABC last August, that we take “no responsibility for supervising posts or removing unacceptable material”. This is false.

We’ve also provided a timeline below covering all communications that we have had with the ATO in 2016. We think it’s important to point out that we responded to over 70% of requests from the ATO within 24 hours. Of those, we responded to all but one in less than 1 hour. We are an independent charity and Right To Know is a largely volunteer administered project, and this record is a testament to the dedication of our community to a well run, transparent and accountable Freedom of Information system in Australia. You can compare it to the response times of all our government agencies at righttoknow.org.au.

We work hard to ensure that Right To Know is a safe environment where people can work productively with government on furthering the government’s own goals of being open and transparent. We stand by our community and join their polite and respectful calls to the ATO to start processing the valid FOI requests made to them by people using Right To Know.

Questions from the OAIC to the Right To Know Team, 21 November 2016

On November 21 2016, the Freedom of Information Director of the OAIC’s Dispute Resolution Branch contacted us with the following questions to help their investigation into the ATO’s blocking of information requests made by people through Right To Know. Here are those questions with the answers we responded with on the December 4 2016.

Who is legally responsible for the maintenance of the RTK website?

As is clearly stated on the The Right to Know website, the footer includes the information that the website is s project of the OpenAustralia Foundation Limited (ABN 24 138 089 942) (“OAF”) a charity registered with the ACNC and was created using Alaveteli, an Open Source software product created by MySociety. It was created by staff and volunteers. Again this information is clearly stated at righttoknow.org.au

Who is legally responsible for the publication of content on the RTK website?

Righttoknow.org.au is more akin to an open email server, rather than a traditional content publisher. We make it very clear to requesters and authorities that their correspondence is automatically be published on the internet as part of this service. Users are able to send FOI requests using the site, and agencies are able to respond to requests. In addition, users and OAF staff and volunteers are able to annotate requests. OAF staff and volunteers are able to modify content (except for attachments). OAF does not own this content

We work hard to ensure that Right To Know is a safe environment where people can work productively with government on furthering the government’s own goals of being open and transparent. We stand by our community and join their polite and respectful calls to the ATO to start processing the valid FOI requests made to them by people using righttoknow.org.au.

Users register on the site and confirm they have a valid email address for the site to send them emails.

Users can then submit a limited number of requests per day. The requests are sent directly to the agency without human intervention, just like sending an email from Webmail.

OAF staff and volunteers will sometimes check requests and remove requests based on our published guidelines. For example, we don’t allow requests containing personal information or requests which are clearly not requests for information.

We rely heavily on our volunteers and others within the RTK community (including government agencies) to report requests that they feel need a second look. We take action on those requests in line with our policies, and in most cases respond the same day

How does the RTK team respond to requests from agencies or individuals for specific FOI requests or other correspondence to be taken down from the RTK website? Please provide any information on the process, timing and criteria for acceding to such requests.

All requests received via contact forms on our site are directed to a central email address (contact@righttoknow.org.au). We assess each request in line with the policies stated on our website and respond promptly.

The ATO has sent us 5 takedown requests. We give every request serious consideration and have responded to each within a day. We agreed with 4 requests and promptly acted on them to remove the material. One of the most recent requests did not meet our takedown policy so we have not taken it down.

We’ve previously been asked to redact the names of ATO staff due to a processing error made by the ATO which put their staff at risk. We responded within an hour and agreed to take down the material, giving the ATO time to supply correctly redacted documents a few days later.

In once case we were not asked to redact names. Instead we were asked to remove a request by a member of the public for an internal review into the decision about their FOI request. The ATO claimed that they found it abusive towards their staff members. The ATO’s takedown request did not meet our takedown policy, so we left the request up on Right To Know.

The ATO has responded by refusing to accept lawful requests* made via Right to Know until we comply with their demands. These include “a manned contact number, address for service, and [undertaking] to remove any unacceptable material promptly”. The ATO has already stated that they’d “probably not be successful in obtaining a court injunction to remove the offending material on the grounds it was defamatory, or threatening in a criminal sense.” (See here for the documents where this is mentioned). This appears to be a clear attempt by the ATO to impose requirements over and beyond what are required by the Freedom of Information Act, which is disappointing considering the ATO was perfectly willing to respond to several requests before our request to remove an internal review.

We work hard to ensure that Right To Know is a safe environment where people can work productively with government on furthering the government’s own goals of being open and transparent. We stand by our community and join their polite and respectful calls to the ATO to start processing the valid FOI requests made to them by people using righttoknow.org.au.

Correspondence timeline

This is a list of all contact between the ATO and Right to Know:

  • 10 March 2016 – ATO request removal of 6 requests containing personal information.
    • Requests were hidden on the same day as they contained personal information.
  • 13 May 2016 – ATO request removal of documents that were inadvertently published which contained names of employees who deal with criminal investigations.
    • Documents were hidden within 1 hour of the request being sent to our designated contact email address
    • Documents were not re-sent by the ATO until 19 May 2016.
  • 21 June 2016 – ATO request removal of a request containing personal and business information.
    • Request was hidden in less than 10 minutes.
  • 30 June 2016 – ATO Assistant Commissioner (General Counsel) request removal of an Internal Review request made by a person using Right To Know.
    • Right to Know volunteers and staff discuss the request and determine it doesn’t meet our published guidelines for removing information from the site.
    • 1 July 2016 – Right to Know volunteer calls the ATO Assistant Commissioner at his request to discuss the matter.
      • Right to Know advise that it appears that the request doesn’t meet our published guidelines for removal.
      • ATO advises that they believe the Internal Review request implies that staff were “untruthful and behave appallingly”. The ATO Assistant Commissioner advises they will obtain an injunction against Right to Know should Right to Know refuse to remove the request.
      • The matter is referred to the directors of the OpenAustralia Foundation.
    • The OpenAustralia Foundation directors decide to no longer respond to the ATO on this request and await the injunction order.
  • 5 August 2016 – ATO request that Right to Know contact a user of the site in relation to the request on 21 June 2016
    • 15 August 2016 – Right to Know forward the information to the user as requested
  • 18 August – ATO stops responding to requests via Right to Know and advises users to contact them directly to make their request.
  • 19 August 2016 – ATO Assistant Commissioner (General Counsel) sends an email about the refused requests to Right to Know
  • 29 August 2016 – Office of the Australian Information Commissioner (OAIC) acknowledges a review request made by a volunteer of Right to Know
    • The review request was made in response to an application made using Right to Know.
    • The review request was made from the volunteer’s personal email account, and it was clearly stated that the volunteer made the application in a personal capacity and not on behalf of Right to Know.
  • 15 September 2016 – ATO contact Right to Know in relation to FOI requests made in relation to decision to refuse to process requests
    • 16 September 2016 – Right to Know advise that we have no objection to the release of the document
  • 14 October 2016 – ATO request removal of request containing a Tax File Number
    • Request was hidden within 15 minutes of ATO email
  • 20 October 2016 – ATO request removal of a request that contains a number of business names and ABN/ACN numbers
    • Right to Know seek clarification within 30 minutes as the information is available publicly (via the ASIC register).
    • No response is received by the ATO
  • 2 November 2016 – OAIC contacts the Right to Know volunteer in relation to the review (now a complaint) acknowledged on 29 August 2016
    • This includes a request from the ATO to remove material previously considered on 30 June
    • The request is referred by the volunteer to the directors of the OpenAustralia Foundation who take no further action as they have not been contacted by the OAIC at this stage.
  • 21 November 2016 – OAIC make a request for information to Right to Know (see questions and responses above)
    • The directors of the OpenAustralia Foundation respond to the request on 4 December 2016

More background material

You can view peoples’ information requests to the ATO on Right To Know. In response to a request made directly through private email to the ATO, they released other relevant documents. You’ll also find correspondence between the ATO and the OAIC relating to the ATO’s actions, and peoples’ analysis of those documents, on Right To Know.

Posted in Announcement, RightToKnow.org.au | 1 Response

Join us for our 2016 End of Year Picnic in lovely Sydney Park

A photograph of someone looking out at the water at Sydney Park Wetlands

Sydney Park Wetlands, City of Sydney photograph.

To celebrate all our achievements in 2016, and all you great people who make them possible, we’re having a little party on Sunday the 11th of December in Sydney. We’d love to see you there!

While some of the biggest contributors to OpenAustralia Foundation projects are spread across Australia, unfortunately a national tour is not on the cards—this year :)

We’ll be at lovely Sydney Park Wetlands, behind the big hills of Sydney Park, from 11:00am to enjoy some sunshine. Bring along something to munch on and a drink or two. Here’s the details for your calendar:

OpenAustralia Foundation End of Year Picnic
Sydney Park Wetlands (south-east side), St Peters, Sydney
Sunday, 11th December 2016, 11am on.

Please RSVP on meetup.com

You can read more about the facilities at Sydney Park and about the award winning wetlands on City of Sydney’s website.

Getting there

Star marks the spot:

A maps with a star showing our spot on the south-east corner of Sydney Park Wetlands

Our sheltered picnic spot on the south-east corner of Sydney Park Wetlands

Sydney Park is just across the road from St Peters Train Station. There’s also a number of bus routes that pass the park, and heaps of free parking around Euston Rd.

You can enter an address in Google Maps using this link to get directions to the spot.

Posted in Event | Leave a comment

There’s no better way to learn how easy FOI requests are than to make one

Meme from Yes Minister TV show, stuffy minister saying “Freedom of Information?! What on earth for?”

Yes Minister Meme by CryptoParty Sydney organiser Gabor Szathmari

Most people I speak to about making Freedom of Information requests think it’s too difficult to waste time on—it’s for lawyers, not them. When I’ve seen our FOI system presented in a teaching context, the clear message is ‘FOI is too hard, too slow, and too expensive’. The message has sunk in, including with journalists, lawyers, researchers, and activists, many of whom have decided not to worry with it.

This assessment doesn’t ring true with my experience, or what I see in the 2500 requests made through Right To Know, our best public record of our FOI system. The results you get vary wildly depending on what you’re asking for, which public body you’re asking, and who’s processing it for you on their end. In my experience, FOI is often free, fast, and easy. I’ve taken to popping in a request on my phone at lunch when an interesting question comes to mind (#lunchtimeFOI).

The prevalence of the idea that FOI is too hard might explain why each year people in Australia only make roughly 3 FOI requests per 100,000 people, compared to about 70 by people in the UK (an amazing stat Henare calculated). We’ve got some work to do.

There’s no better way to discover how easy and useful FOI requests are than to make one yourself and experience it.

Workshop with CryptoParty Sydney

Picture of Luke Bacon presenting to a group of people at laptops about FOI requests

Luke presenting to the wonderful gang at the OpenAustralia Foundation/CryptoParty Sydney mashup event

Last Tuesday, Henare and I ran a workshop with CryptoParty Sydney to help people who care about privacy and security learn a new way to get the practical information they want from our governments using FOI requests.

CryptoParty attendees are inquisitive people who want real, detailed information. The event was packed out with people keen to learn how to get it.

We ran the event in two sections. Henare kicked things off by introducing everyone to our Freedom of Information rights and system in Australia. He showed how you can use FOI to learn about what’s happening in your local area, or to reveal information that impacts all of us. He also demonstrated why the OpenAustralia Foundation’s Right To Know website is the best way to make requests.

I then lead an hour long workshop for everyone to make a real FOI request. To make the process straight forward, we walked through four simple questions to generate ideas and narrow in to specify the documents we wanted:

  1. What are you interested in?
  2. What do you want to know about that?
  3. Which documents have that information?
  4. Who has those documents?

We created some boilerplate request text for everyone to use (and you can too):

Dear <Organisation with the information>,

Could you please send through <documents with the information you want>.

If possible, please treat this as an administrative/informal request. Otherwise please proceed with my request as a formal information request under the Act.

Yours faithfully,

<Your name>

By the end of the night over 30 requests had been made, with more coming through the week. We were really impressed by everyone’s attitude and great ideas.

A few of the interesting requests were for NSW Police’s guidelines for protecting the privacy of those in custody, the Department of Education’s process for deciding that a student can be exempted from their Unique Student Identifier system, and discussions at the Attorney-General’s Department about banning forms of encryption.

You can see our slides if you’re interested to read more about our process.

A huge thanks to Gabor Szathmari of CryptoParty Sydney for partnering with us and making the event so smooth. Thanks so much to everyone who came and made it a great night!

“Friendly, easy to understand and welcoming.”

Judging from the feedback we received, and the number of requests submitted, I think this was a really successful workshop. One attendee commented that the process was “Friendly, easy to understand and welcoming.” This is the exact opposite of the scary reputation that FOI has in Australia—this really warmed my heart! One person who works in youth support services told me that a lawyer at their organisation asked why they were going to something about FOI, saying “it’s too hard”. Their experience in the workshop completely changed their mind and now they want to empower the kids they work with with this skill.

Sounds exciting?

This is the first time we’ve run a workshop like this to walk people through the process of asking our government for information. There are lots of communities and civil society groups formed around issues like local planning, music, art, human rights, the environment, education, etc. . You might be part of one. If you are, and you’d like to discover how useful and easy it is to make FOI requests, we’d love to talk with you about running more workshops like this in 2017.

Posted in Event, RightToKnow.org.au | Tagged , , | 4 Responses

Our look at Australia’s current draft of its first Open Government National Action Plan

On November 13, the Open Government Partnership (OGP) wrote to the Australian Government


“This letter is to inform you that, the Government of Australia has now acted contrary to the OGP process for three consecutive action plan cycles (2014, 2015 and 2016).”

Australia is now at the final stages of preparing an action plan. It’s been a long road and we’re only just now really getting started. Let’s hope that we do a better job with our finalised action plan.

“As you are aware, the OGP Articles of Governance state that all participating countries are expected to: Make concrete commitments, as part of a country action plan, that are ambitious and go beyond a country’s current practice.“

The Open Government Partnership is a partnership between civil society and government to work towards open government, reducing corruption, improving transparency and improving participation.

In this letter the OGP clearly reminds the government that the action plan needs to be ambitious in these areas. The Australian government needs to go beyond our current practice here, beyond business as usual.

So, let’s take a deeper look how the draft action plan measures up according to those criteria.

“Make concrete commitments”

There are a number of examples where the national action plan makes vague statements of intent that have little specific outcome.

The Open Government Partnership Anti-Corruption Working Group points out our failure to be specific in this area:

“Overall, Australia’s anti-corruption commitments within the nation action plan are considered to be consistent with strategic areas identified at international events and have the potential to be transformative in the long run. However, most commitments are composed of milestones that stop short of catalysing institutional, policy or behavioural change against corruption. It is our belief that Australia can and should be able to include additional milestones that will ensure meaningful steps forward in the fight against corruption.”

In the current draft national action plan, reform on Beneficial Ownership transparency says “We will consult with the corporate sector, non-government organisations and the public on a beneficial ownership register for companies.”

Promising to “consult” is not a concrete commitment. It is an intent to follow a process that could very easily end up with no beneficial ownership register at all. Yet by this measure it would have “succeeded”.

A concrete commitment with a measurable outcome would say:

“We will establish a beneficial ownership register. We will work with civil society, the corporate sector and the public to do this and we will make the register publicly available.”

For Open Contracting the draft says “We will undertake a public review of the Australian Government’s compliance with the Open Contracting Data Standard.”

Again, this is not a concrete commitment. It’s a fluffy promise to have a look at something. To be a firm commitment, this should instead read:

“We will make Australian Government publishing of tender contracts compliant with the Open Contracting Data Standard”

The Australian Open Government Partnership Network’s review of the Action Plan contains more examples where promises to consult are stated over promises of action.

“That are ambitious and go beyond a country’s current practice”

The National Action Plan in its current form is largely comprised of commitments that have already been made outside the Open Government Partnership, before any “co-creation” took place with “civil society”. The OGP process can add value to these if they stretch the ambition of the existing commitment, and if civil society has a concrete way to hold government to account for their implementation documented in the milestones.

If government isn’t at least little uncomfortable, then this plan isn’t ambitious enough.

There is little evidence of substantial new reform in this action plan that the government didn’t already have other reasons for committing to.The Interim Working Group should clearly identify if and how goals have been “stretched” by connecting them to the OGP process.

Civil society have a strong desire to make commitments concrete and ambitious. Since t the OGP refresh after the federal election, the government, did create an Interim Working Group. Government then talks about a spirit of genuine collaboration. It’s true that there are reform commitments in integrity that were not being considered previously. However the whole action plan creation methodology has a way to go before you could really call it co-created by government and civil society.

And that’s ok. Kinda. For now.

A Deeper Dive: Genuine Participation and Concrete Change?

The idea behind commitment 2.2 “Build and maintain public trust to address concerns about data sharing” seems to be that the general public has a problem trusting government and that the general public’s trust need “fixing”.  Government characterises the problem being simply about their concerns with personal data being held by government & being shared within government. There’s no recognition that the public might have good reason be concerned, or that these issues should be addressed.

This is a stark example of missing the point of engagement entirely. In the commitment on building trust, the language used communicates government’s needs and position, as though government is right, and people are wrong. How can you have a dialogue with people if you think you know better and your job is to convince them they are mistaken?

How absurd and condescending is it, when there are very real problems in government systems, to state this matter as a trust problem, and then to outlaw practises that could help find real problems.

We’ll dive into this reform commitment in a bit more detail to unpick some of these criticisms with the current draft.

The Australian people have every right to be suspicious and wary of government’s ability to secure its data. The government has a duty-of-care to ensure that people’s privacy is maintained. This complex issue needs constant attention and continuous improvement.

However, there is nothing in this commitment that indicates that government acknowledges that any of these concerns are warranted. Let’s for a moment look at a small selection of data breaches in recent years in Australia.

  • Changes to the retention of names and addresses in the 2016 census caused widespread concerns amongst privacy advocates and the general public. These were largely dismissed by the ABS by saying that “little had changed”.
  • During the same census the online system failed during what should have been its peak use. This exposed the lack of technical competency of the ABS staff and its inability to manage and vet the vendors that actually carried out the work.
  • In September 2016, university of Melbourne academics discovered that it was possible to reidentify doctor ID numbers in published Medicare Benefits Schedule (MBS) data. http://www.huffingtonpost.com.au/2016/09/28/privacy-commissioner-to-investigate-medicare-data-breach/. Government responded by proposing to make it illegal to de-anonymise data.
  • In October 2016, the personal details of over half a million Australians who donated blood through the Red Cross was accidently posted online. As well as names and addresses this information included whether the individual had taken drugs or engaged in risky sexual activity.
  • In December 2013 it was discovered that the information of over 600,000 users of Public Transport Victoria’s website was accessible online
  • In 2014, the personal details of almost 10,000 adults and children held in detention centres was inadvertently released by the Department of Immigration and Border Protection.
  • In November 2015 it was revealed that a security problem in myGov exposed taxpayer records

This list is enough to make a simple point. There have been a number of very serious data breaches in recent years.

However, this is not a blame game. Securing people’s information is genuinely difficult. The government will only get better at this stuff if it takes a proactive and honest approach. It needs to understand its own failures, not point fingers at a few “bad apples” or blame something on “human error” and it can’t cover up its own failings with legislation.

And of course it’s important for the general public to trust government with its information. However, the only way to truly build trust is to be honest and open – that includes with failures. Every time a data breach happens and the government says “just trust us. It won’t happen again” it’s not surprising that people don’t believe them.

So, we recommend that this draft commitment is amended to include detail and associated milestones that:

  • Introduce and enforce, the long awaited Mandatory Serious Data Breach Notification Legislation, show this as a requirement in the milestones.
  • Organise a multistakeholder forum to track success of implementing Serious Data Breach Notifications, including identifying and oversight by relevant civil society
  • Communicate open and honestly in the event of data breaches and:
  • Be open and honest about what happened. (No cover ups, no sugar coating, no whitewashing, just the facts – saying “human error” is not good enough) – Explain without embellishment what set of circumstances and actions led to the outcome
  • Explain what the root causes of the problem were (Saying a human made a mistake is not good enough) – what are the systemic problem or problems?
  • Explain what you are doing in the long term to ensure it doesn’t happen in the future. (e.g. We are standing up a new team to automate the website publishing process so that any private information is automatically processed and doesn’t require staff to manually handle it – this will take six months)
  • Explain what you are going to do in the short term to ensure it doesn’t happen soon. (e.g. Until the long term solution is in place any person publishing content to the website needs to get approval from the security team)
  • Outline timeline and milestones to report on how Government improves, when dealing with and talking about breaches
  • Offer incentives to people to report security problems (bug bounties, etc..) –
  • Not punish people who report problems. Specifically, not introduce legislation to criminalise the de-anonymising of published data.
  • Criminalising de-anonymising data punishes the good guys not the bad guys. Bad guys will never get caught because they won’t tell the government what they’ve done and the government will have no way to find out what they’ve done. The only people that can ever get punished are the good guys that might tell the government about data that has not been properly de-anonymised. So, it effectively silences anyone who might help the government get better at its job. This is not the way to do security and it’s not the way to incentivise the correct behaviour.

A Few Words About Participation

We’ve highlighted specific opportunities in the Commitment on Building Trust to work with civil society on implementing important reform.

What supports our ability to make effective decisions at a national level is a robust democracy with the rights, protections, and infrastructure that help us deal with them. The OGP hands us a powerful platform, with citizen needs at the heart of decision making, implementation and oversight. That’s where they need to be to put these difficult issues on the table and help fix them.

The government already has a comprehensive set of concrete tools to help frame this work appropriately.

In 5.2 “Enhance public participation in government decision making”, the milestones should be amended so that the development of a “whole-of-government framework” is preceded by the development of prototypes in collaboration with the Digital Transformation Agency (DTA) in accordance with the Digital Service Standard (DSS). At the core of this process is criterion 1 of the DSS – Understand user needs –  to improve public participation in government decision making by properly understanding what citizens need in talking to government about issues they care about.

The “whole-of-government framework” should only be written after completing user research and all the things have been learned from developing prototypes that were tested on real users.


We’ve highlighted a small number of problems. This is a fraction of the detail we should and could be analyzing in a National Action Plan, with more robust support for civil society’s role in future Open Government Partnership National Action Plans.

The scorecard is A for effort! That’s for everyone government and not government alike for plunging into the clear and magnifying waters of the Open Government Partnership. Taking part in a spirit of collaboration, with all the challenges and sideways thinking that requires.

Everyone can forgive a first action plan for large amounts of govspeak, for weasel words and a big dollop of business as usual?

Why? Because we’ve started, and that’s what’s truly important.

By Matthew Landauer and Katherine Szuminska, on behalf of the OpenAustralia Foundation

Posted in Announcement, OpenAustralia Foundation | 1 Response

How to send your Freedom of Information request to many authorities at once

Right To Know makes it simple for you to request information from any public authority in Australia. Sometimes you might want to ask the same question but to lots of different public authorities at once. Right To Know can help you there too, with batch requests.

Batch requests let you write one request that gets sent to lots of authorities at once. This is really handy if you want the same document but from different authorities, like this request for the social media policy of different government departments:

Screenshot showing the page of the Social Media Policy batch request on Right To Know

If you have a request you’d like to make to many authorities at once then get in touch and we can enable batch requests for your account too.

Posted in RightToKnow.org.au | Tagged , , , | Leave a comment

Bums on seats: how often is your representative present in Parliament?


Attendance levels in Parliament vary a lot. With the 45th Parliament just a few weeks in, our parliamentary vote tracking website They Vote For You is currently listing some federal politicians with 100% attendance and some with as low as 38% attendance.

But what do these figures actually tell us and how accurate are they?

The whole picture?

The attendance figures on They Vote For You do not give us the whole picture. Why? Because our Parliament only records who is actually in the room and voting when a division (or formal vote) takes place. During a division, our Members of Parliament (MPs) and Senators walk to either side of their chamber to show how they are voting. One side is for the ‘no’ voters and one side is for the ‘aye’ or ‘yes’ voters. Their names are recorded and that is the data used by They Vote For You.

However, this leaves a big gap in our records since there are some days in Parliament when no divisions take place. Instead, most voting in Parliament takes place ‘on the voices’, which is when our MPs and Senators shout ‘no’ or ‘aye’ and whoever shouts the loudest wins.

This means that most of the time we don’t know who is present in Parliament and who isn’t. The information we have is limited to when formal votes take place.

Then there is the issue of pairing in both the House of Representatives [218 KB] and the Senate. Sometimes when an MP or Senator knows they are going to be absent, their party will arrange for them to be paired with another MP or Senator who planned to vote the other way. For example, if a Coalition member is going to be absent for a particular division in which they were going to vote ‘aye’, a Labor member who intended to vote ‘no’ may be paired with them. This means the Labor member will not vote in the division either so that the Coalition member’s absence doesn’t affect the result of the division. Pairing arrangements like these are informal and not part of parliamentary procedure. They can last for just one vote or be an ongoing arrangement.

Ministers often have lower attendance rates because their other duties keep them from Parliament. This can also affect members of the opposition who are regularly paired with Ministers and so bring down their attendance figures.

So what’s the point in having attendance figures if they don’t give us the whole picture?

Even the limited attendance data made available by Parliament can tell us a lot about our elected representatives and how well they are representing our interests in Parliament. This is especially true for citizens whose representatives are independents, members of the smaller parties or backbenchers.

Absent politicians cannot properly represent their constituents. The lower their attendance figures, the less likely they are doing their jobs properly. Of course, they may have perfectly good reasons for being absent and may have arranged for a pair so that their absence doesn’t affect the ultimate outcome of a given division. Or they may not have. The only way to know for sure is to draw their attention to their attendance figures and ask them for an explanation.

Without these attendance figures, we wouldn’t be able to hold our representatives to account for their absences.

As the 45th Parliament continues, keep an eye on whose attendance figures are dropping below 50%. And if it’s your MP or Senator, perhaps it’s time to contact them and ask them to “please explain”.


Posted in They Vote For You | Tagged , , | Leave a comment

The year is almost over – here’s our plan for the rest of 2016

While our trip to Cockatoo Island a year ago seems like it was an age away, this year feels like it has sped by. We’ve already launched two major projects in 2016 – something I don’t think we’ve ever done before. No wonder it feels like we’ve been busy.

We had our final quarterly planning session for 2016 earlier this week. These last-quarter planning sessions feel different. You’ve already spent the year refining the plan so you just feel like you want to get on and do it. Save the big picture stuff for the new year.

At least that’s how our session started out. We spent a good deal of time reflecting on the last quarter. We were a month ahead of schedule at the start of last quarter. By the end of the quarter we were a month behind. Why did this happen? And why did we feel on the edge of burnout, and what structural changes can we make to ensure that doesn’t happen?

We didn’t come up with any big solutions but it’s good to be talking frankly about it and starting to plant the seeds of positive change. One small thing we have planned this quarter is to spend a bit of time discussing how we can improve the Foundation’s financial sustainability. This is something we need to address in the year ahead.

In August Luke spent a day exploring and hacking on a prototype that gives us feedback about the use and impact of PlanningAlerts. He was happy with what he created but left feeling like he had even more questions and a better sense of what those questions should be. We’ve also seen evidence recently of something we’ve long suspected – that when we don’t work on a project its use and impact can actually drop off.

This shows us that it makes sense for us to try having these days regularly. All this quarter we’ve got a day set aside each month to work on understanding the performance of a project. We’ll focus on a different project on each of the days.

Here’s what else we’ve got in store:

A photograph of our wall planner with what we've got planning from October through December in 2016

What we’ve got planning from October through December in 2016


Right To Know

Despite having spent more time on Right To Know than originally planned we’re going to keep working on it all through October. We’re really enjoying working on it and it seems to be having a big impact.

We’ve already gathered all sorts of data on how requests are working at the state and local government level. The next step is to analyse the data and learn what things we can do and what changes we can make to improve that process.

Other things

We’re finally going to do something with the late Civic Tech Monthly newsletter.

Our first ever project performance feedback day will be next week. We really should come up with a snappier name :) It will be dedicated to Right To Know.

Matthew is coming back from holidays and will continue work on morph.io stability. Hopefully we’re only a few weeks off having a much more stable and happy morph.io.


PlanningAlerts Supporters has been rescheduled to start in November. We learned a bit in our EOFY donation drive that will be useful in this work. We also need to spend a few days working on Ask Your Councillors so we can add in the recently elected NSW councillors. Our performance feedback day will be on PlanningAlerts.

We have a joint meetup with Sydney CryptoParty in the works and we’ll have our first OAF sustainability session.


We’re really disappointed and frustrated with the usability and appearance of our website and donations systems. They’re not the good examples we want them to be (special shoutout to those reading this on a mobile device!). In December we want to see how far we can get in just 3 days reworking the website so it at least works on mobile and generally looks and functions a bit better.

We’ll also start a couple of weeks work on some They Vote For You improvements. We’ll dedicate our performance feedback day to TVFY which will also help feed into this.

And finally, in December we’ll once again have a little celebration with you – the people that have made 2016 possible. Thank you all.

Posted in Planning | Tagged , , , , , , , , , , , , | Leave a comment
  • Occasional News

    Stay in the loop with occasional news and notes from the OpenAustralia Foundation in your inbox.

  • Categories

  • Archives

    • [+]2017
    • [+]2016
    • [+]2015
    • [+]2014
    • [+]2013
    • [+]2012
    • [+]2011
    • [+]2010
    • [+]2009
    • [+]2008
    • [+]2007