Latest news with #OfficeoftheAustralianInformationCommissioner
The Guardian
26-03-2025
- Politics
- The Guardian
Australia government agencies use encrypted messaging apps such as Signal. But should they?
The revelation that a journalist was included in a highly sensitive Signal group chat for Trump officials planning a military operation on Yemen has raised questions about the broader use of encrypted apps by politicians and public servants in Australia. The Atlantic reported on Tuesday that its editor, Jeffrey Goldberg, was accidentally included in a group chat on the encrypted messaging app with more than a dozen senior Trump administration officials. The news sparked alarm about a potentially catastrophic breach of military information and raised questions about the use of commercially available encrypted apps among public officials in the US and beyond. So what's the situation in Australia? Politicians and their staff in Australia have long been known to use apps such as Signal to communicate. Use in the public service and political service is believed to be common, to the point where last week, Australia's information regulator released an investigation into how agencies were using encrypted apps and what security and record rules were in place for work-related conversations occurring on them. In it, the Office of the Australian Information Commissioner (OAIC) reported that of the 22 government agencies that responded to a survey on encrypted app use, 16 permitted its use by staff for work purposes. Of those, just eight had policies on the use of the apps, and five of those addressed security requirements for communicating on the apps. Guardian Australia contacted Penny Wong and Richard Marles' offices for comment on the use of encrypted apps by the foreign affairs and defence departments. In a response, a government spokesperson said: "The Government complies with the obligations under the Archives Act and the FOI Act," but did not answer specific questions about whether ministers used Signal for sensitive communications with department staff or officials. The home affairs department was also asked about its use of encrypted apps and did not provide an answer before publication. One unnamed large agency mentioned in the OAIC report had a 'comprehensive' policy on the use of Signal and endorsed its use for app security reasons, but only on mobile devices managed by the agency. It had cybersecurity guidelines and a requirement that the disappearing messages functionality should be turned off. It also included instructions on how to copy information from Signal to the agency's primary record-keeping system. In a response to the report, the Attorney-General's Department – which oversees the OAIC – said it would support government agencies with 'information management recommendations and guidance' on the use of messaging apps. A spokesperson said all commonwealth agencies had legal responsibilities to preserve records 'under Australian archival law, privacy law, and freedom of information law'. 'The report will assist the National Archives of Australia and Office of the Information Commissioner (OAIC) to provide effective regulatory guidance in this area,' the attorney general's spokesperson said. The National Archives of Australia (NAA) has responsibility for the repository of official documents of the government. The OAIC did not comment on the US news, but the commissioner, Elizabeth Tydd, told Guardian Australia last week that most agency policies, where they existed, were left wanting when it comes to security and record requirements. 'In the main the policies did not properly address archive, privacy, FoI requirements, and I think you can say with only five addressing security requirements that they're not adequate to support staff in upholding their responsibilities or delivering the rights that are provided to the community through legislation and that are [overseen] by the OAIC,' she said. In 2016, it was reported then prime minister Malcolm Turnbull and former prime minister Kevin Rudd communicated via Wickr about the Australian government supporting Rudd's push at the time to be appointed secretary general of the United Nations. It was also reported in 2018 that the then foreign affairs minister, Marise Payne, and her Indonesian counterpart, Retno Marsudi, communicated over WhatsApp about the Morrison government's decision to recognise West Jerusalem as the capital of Israel. Toby Murray, a former public servant and professor at the University of Melbourne's School of Computing and Information Systems, said the use of commercially available encrypted messaging apps in government was the next step in the encroachment of consumer technology such as smartphones into the workplace. He said it was important for agencies to have policies in place. 'It's very easy to make the assumption that because these apps are encrypted, that that therefore means that they are quite secure … when in fact, that may not be the case,' he said, adding that having clear guidance around use was 'really important'. Murray acknowledged that politicians and their staff were 'in quite a tricky position' when it came to setting rules – 'in the sense of being very time-poor, having access to all sorts of information and also being potential targets from, say, foreign intelligence services'. He also highlighted the importance of security hygiene for individual device users. 'It's difficult to get people to understand, for instance, that just because the app might be, you'd hope, highly secure, that doesn't mean the device that you're running on is necessarily going to be,' he said. 'Of course, it would be great if all of our politicians thought very hard and put a lot of effort into their security hygiene of their devices, but I think we all have to acknowledge the reality that's probably not the case.' 'Messaging apps may present recordkeeping and risk management challenges for agencies to consider when authorising their use,' an NAA spokesperson said. 'Australian government agencies are required to meet their recordkeeping obligations regardless of the tools and technology being used.'
The Guardian
19-03-2025
- Politics
- The Guardian
Pocock says politicians using encrypted messaging apps damages ‘health of our democracy'
Independent senator David Pocock says the use of encrypted messaging platforms by politicians to avoid scrutiny is damaging to Australian democracy, urging the government to act on recommendations from the information commissioner and the National Archives that such messages should be retained. In a report on Wednesday from the Office of the Australian Information Commissioner (OAIC) and the National Archives, a survey of 22 government agencies found 16 allowed use of messaging apps, three did not allow their use, and three did not have a policy. Of the 16 agencies, eight had policies around the use of these apps and, of those, five did not address security classification requirements, six did not address archive requirements and five did not address FoI search requirements. The report has recommended agencies review or develop policies for encrypted messaging apps and address issues around retention of information for FoI purposes. The two agencies will re-examine the issue in two years. Sign up for Guardian Australia's breaking news email Pocock urged the Albanese government to give 'careful attention and prompt action' to the report, saying there were strong probity and transparency arguments for keeping records of all communications related to government decision-making. 'The use of messaging apps to deliberately avoid scrutiny through freedom of information is deeply concerning and will have long-term negative impacts for the health of our democracy, good governance, and the accountability of our decision-makers,' he said. When Kevin Rudd was lobbying the then Turnbull government to advocate for Rudd to be appointed United Nations secretary general in 2016, it was reported in letters Rudd released that Rudd and Malcolm Turnbull had communicated about the matter over encrypted app Wickr. A freedom of information request seeking access to these messages was ultimately rejected by the prime minister's office, stating the messages could not be found. In a separate 2021 decision by the then information commissioner, Angelene Falk, the government claimed it could not find reported WhatsApp communications between the then foreign affairs minister, Marise Payne, and her Indonesian counterpart related to the Morrison government's decision to recognise West Jerusalem as the capital of Israel. The rise of encrypted messaging apps that have messages set to delete has presented a problem for freedom of information requests. If crucial government communications are sent over apps such as Signal and WhatsApp and are not retained, they cannot be obtained under FoI, and are also unable to be retained for the purposes of the National Archives. For FoI decisions where it is found that the documents have not been retained, the OAIC has no powers to penalise government officials for failing to retain the information, with responsibility falling to the National Archives under the Archives Act. But to date it has not been enforced in previously identified cases. Sign up to Breaking News Australia Get the most important news as it breaks after newsletter promotion The Australian information commissioner, Elizabeth Tydd, acknowledged that a view held by some agencies – that not every communication needs to be considered a public record subject to FoI – needs to be balanced with the public interest. 'There can be a privacy preserving dimension, if those records are destroyed, and so this holistic approach to information governance, inspired by digital government and our digital era, really needs this kind of joined up approach.' Tydd indicated public servants would have a role in ensuring their ministers' offices retained messages. 'We have an act, the FoI Act, that actually recognises that government information is a national resource and should be used for public purposes,' she said. 'So that's a real strength, and bringing that to the table in this report, coupled with the APS values of stewardship … really ensure that if we equip the [Australian public service] to do this well, with joined up guidance, then we have greater transparency, greater accountability and a more participative, healthier system of democracies.' A spokesperson for the National Archives said the agency 'takes seriously any known cases of unauthorised disposal of government records regardless of technology used to create them'.
