Oz refugee data leak a SNAFU, says KPMG report

Politically-explosive data accessed 123 times after gov worker ignores intranet rules


Australia's Department of Immigration and Border Protection needs to tighten up its publishing processes to prevent repeats of a January incident that saw personal details of 10,000 asylum seekers placed on the Web for all to see.

Asylum seekers are a very controversial issue in Australia, especially those that arrive by boat. The nation's recently-elected government has decided they must be repelled using secret naval operations and that nobody who arrives by boat will ever be settled in Australia. While popular among the electorate, the policies continue to attract much criticism as inhumane in their execution and inappropriate in their lack of generosity.

Such criticisms were fuelled anew by the January leak.

The Department commissioned a review and then a version of that document suitable for public consumption. Released yesterday, the public review (PDF) says the data became available because “... a Microsoft Word document … allowed access to source data”.

The Word document likely made it onto the web because “The processes adopted in producing and publishing the Document appears to have not conformed with the roles and responsibilities set out in either the web publishing and governance intranet guidance or the online style guide.”

The review says the style guide is “potentially ambiguous in some areas” but sets out requirements for publication that “appear not to have been followed.”

The report says it cannot find “any indications that the disclosure of the underlying data was intentional or malicious.”

In other words, someone in the Department didn't follow the rules and data ended up online.

104 unique IP addresses accessed the file 123 times.

The review goes on to suggest that processes be put in place to ensure that when Departmental staff access data it be “normalised and cleansed in a secure environment” to ensure it cannot reach the public. There are also calls for processes and checks to ensure that documents placed on the web don't link to data or other information intended only for staffers' eyes.

That the department needs such programs is not good news: it has been troubled for a decade or more and recently underwent a major IT overhaul. Questions-a-plenty about the efficacy of that program, and whether the department can effectively carry out its role, are probably being drafted as you read this story. ®

Similar topics


Other stories you might like

  • Samsung fined $14 million for misleading smartphone water resistance claims
    Promoted phones as ready for a dunking – forgot to mention known problems with subsequent recharges

    Australia’s Competition and Consumer Commission has fined Samsung Electronics AU$14 million ($9.6 million) for making for misleading water resistance claims about 3.1 million smartphones.

    The Commission (ACCC) says that between 2016 and 2018 Samsung advertised its Galaxy S7, S7 Edge, A5, A7, S8, S8 Plus and Note 8 smartphones as capable of surviving short submersions in the sea or fresh water.

    As it happens The Register attended the Australian launch of the Note 8 and watched on in wonder as it survived a brief dunking and bubbles appeared to emerge from within the device. Your correspondent recalls Samsung claiming that the waterproofing reflected the aim of designing a phone that could handle Australia's outdoors lifestyle.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Police lab wants your happy childhood pictures to train AI to detect child abuse
    Like the Hotdog, Not Hotdog app but more Kidnapped, Not Kidnapped

    Updated Australia's federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.

    Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don't want any nudity, even if it's a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.

    All the images will be amassed into a dataset managed by Monash academics in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.

    Continue reading

Biting the hand that feeds IT © 1998–2022