Australian government metadata access up for scrutiny

The Australian Auditor General has flagged he may review Australian government agencies' access of telecommunications customer records following a massive increase in the number of authorisations granted.
Written by Josh Taylor, Contributor

Australian government agencies may face scrutiny over their access to telecommunications customer records, the Auditor General Ian McPhee has flagged.

The proposal came in the Auditor General's Audit Work Program (PDF) document released yesterday (PDF) outlining potential audits to be undertaken by the Australian National Audit Office (ANAO) in the 2014-2015 financial year.

Under the Telecommunications Interception and Access Act, government agencies can be authorised to obtain customer information, such as call records, IP addresses, physical address, and other so-called "metadata" from telecommunications companies without a warrant.

The access to this metadata is already under review by the Australian Parliament, and the Auditor General flagged that given the number of authorisations handed out has increased from 188,748 in 2007-2008 up to 330,640 in 2012-2013, an audit of the access regime might be appropriate.

"While the interception of telecommunications content is subject to biannual scrutiny by the Commonwealth Ombudsman, there is no equivalent independent monitoring of telecommunications data authorisations," he said.

"An audit would examine AGD's administration of the telecommunications data provisions of the Act. The audit may involve detailed assessment of the management of authorisation to obtain telecommunications data at selected enforcement agencies."

The proposed audit of the access regime is one of approximately 170 that McPhee has suggested could be conducted in this financial year, with the office only ultimately choosing to do 49 audits per year.

Last week the Australian government deferred making a decision on whether to act on law enforcement agency pleas to force telecommunications companies to retain the data that is accessed under the regime for two years.

IT projects up for audit

A number of IT projects are up for scrutiny by the ANAO, according to the report. Human Services in particular may face close scrutiny on the success of a number of its IT projects.

The integration of Human Services' legacy payments systems — the System for Payment of Residential Aged Care (SPARC), the Community Aged Care Packages (CACP) system, and the child support (CUBA) system — may all be up for review, McPhee said.

"The success of these initial system-migration projects and the lessons learned from them are likely to be significant indicators of Human Services' ability to manage the subsequent migration of larger and more complex systems."

The department's AU$474 million consolidated managed telecommunications services contract with Telstra is also up for audit ensure the department is getting value for money, and savings from consolidating the former 20 contracts it now covers.

Medicare electronic claiming may also be audited in this financial year.

The Department of Communications faces potential audits of the AU$100 million mobile blackspots program, the Do Not Call Register, the Australian Communications and Media Authority's management of spectrum auctions, and the digital economy grants program.

Defence's Network-Centric Warfare program aimed at improving the Australian Defence Force (ADF) with communications technology may be reviewed, McPhee indicated, and Defence's overall procurement, worth AU$19.5 billion in the 2012-2013 financial year, may also be examined.

The Coalition government's "digital first" policy that aims to move more government services online may also be reviewed.

"An audit would examine how selected entities are managing and implementing the Digital First policy, including whether the online services are user-focused and supported by service delivery strategies with defined and measured benefits. The audit may also examine whether online services are secure, available and relevant to the users," McFee said.

Other audits potentially listed by the ANAO include:

  • The Department of Foreign Affairs' AU$215.9 million Secure Australian Telecommunications and Information Network
  • The National e-health record roll-out
  • The Department of Immigrations and Border Protection's identity management systems
  • The National Television and Computer Recycling Scheme
  • The Department of Education and Employment's new Shared Services Centre
  • Whole-of-government compliance with the new Australian Privacy Principles
Editorial standards