27 August 2010

Confidentiality Failures: An ACT Government Story

| Skidbladnir
Join the conversation
13

On 24 August, TaMS originally released its report into the GDE Bridge collapse.
You can review the finalised and fully redacted version of the report here.

Normally, there is a process with releasing government documentation, by which the information which isn’t necessary (mostly personal information like names, phone numbers, etc) or the sensitive parts (like the names of everybody who was onsite and involved with the concrete pour, the order of contacts in an emergency, or the name, qualification, and association of the engineer who signed off on the formwork) is removed before the public ever get to see it.

When the process works correctly, nobody really cares.

However, leaking personal and sensitive information is kind of a big deal, and in this case, one that was overlooked by everyone involved at TaMS.

In this case the redaction method used on the original version of the GDE Report was a spectacular failure, in that TaMS unknowingly released a document which effectively named names, gave away phone numbers, included statements revealing who signed off on the bridge.

When this uncomfortable fact was brought to their attention a day later, TaMS re-released a sanitised version.

I have no idea how many of your read the original during the original 24 hours that it was available, downloaded copies, or distributed links to it to other interested parties.

However, the only way the people responsible learn their lessons is when things get unexpected public attention.

As such, most of the unredacted pages are now available over on MediaFire, under a temporary account.

The actual hosting of it is administered by Mediafire under a temporary use account, when people stop downloading the files within that, the temporary mediafire account will expire.

Download and distribute how you see fit.

But just as eggs can’t be reassembled, the damage to privacy is done.

I did a relatively honest thing, and told those in authority about the breach of confidentiality when I found out about it.

This unintended (but consequential) release of Government information was brought to the attention of the Chief Minister more than 24 hours after it originally occurred, and in the same email as requesting a response as an enrolled voter, was mentioned as a potential story item for publication by RiotACT.

It received the below reply.

Interestingly, it involves time travel.

Dear [Skidbladnir]

Thank you for your letter of 2:56PM yesterday afternoon regarding the method used to blank out personal details included in the SMEC report on the collapse of bridge formwork.

The Government takes its responsibilities to protect the privacy of individuals very seriously and this is why it was careful to ensure details were not published online as a part of the report.

It is unfortunate that the manner adopted to do this was not more robust.

The matter was addressed immediately after it was brought to the attention of Government with more secure documents posted to the server at 2:50 which became live shortly after.

INTACT, the Government’s IT unit, has subsequently been asked to provide advice to agencies on the procedure for undertaking such deletions in more robust manner.

With regards

Shane Breynard
Senior Advisor
Office of Jon Stanhope MLA

Caroline Le Couteur, Greens Spokesperson for TaMS (and also IT) response is below:

Hi [Skidbladnir]

Thank you for your email. By now you have received an email from Mr Stanhope’s senior advisor Mr Shane Breynard about how the government has fixed the issue. I think they acted appropriately once you alerted them to the problem. However I am also the Greens’ IT spokesperson so this is of double interest to me. I will see assurances that it will not happen again.

Caroline Le Couteur MLA
ACT Greens Member for Molonglo
ACT Greens Spokesperson for Planning, Territory and Municipal Services, Business and Economic
Development, Indigenous Affairs, Arts and Heritage

Alistair Coe, Shadow Minister for Transport and Urban Services, was also informed, and responded within half an hour of the email to ask how it was done.

It really was astoundingly simple, whichever work experience candidate was at TaMS that day performed the original ‘redaction’ by putting white boxes over the parts they didn’t want you to see, and the current version of Adobe Acrobat 9 reveals these layers as big red rectangles.

This is the equivalent of putting a yellow post-it note on a sheet of paper, with “Please, don’t look under this” written on it.

With a bit of effort, you can either delete the big rectangles, or if that is too hard, just copy a page and paste it into any document editing software (such as Microsoft Word).

Others have been caught out by such computer voodoo before.
Law.com special article, “Sloppy Redaction: To Err Is Automated”
“…Associated Press was able to uncover some of the confidential details of the settlement between Facebook and ConnectU…”
PDF Redacting Failure by the US Government

Both of the emails quoted above came with the footer “This email, and any attachments, may be confidential and also privileged. If you are not the intended recipient, please notify the sender and delete all copies of this transmission along with any attachments immediately. You should not copy or use it for any purpose, nor disclose its contents to any other person”, but I suggest the same legal footing for that statement relies on similar legal grounds as the various statement’s relating to TaMS’ Privacy Policies.

Quoted from various places on the TaMS website:
Use of personal information collected
“Any personal information you choose to provide will only be used for the purpose for which it was provided and will not be disclosed to other persons or organisations without your prior consent or if required by law.”
Source: TaMS Privacy Statement
“The ACT Government recognises the importance of personal privacy and has implemented measures to ensure personal details are not disclosed to other parties. Please familiarise yourself with our privacy statement if you have any concerns.”
Also, the ACT Government’s Full Privacy Statement is over here.
And according to the Federal Privacy Commission, the ACT Government is bound by the Federal Privacy Act.

If you are in fact, one of the persons named within the documentation, I would suggest that:
1) You find out more about your rights, and what the ACT Government has done.
2) Contact the Privacy Commissioner and file a complaint if you feel you have been wronged.

(For reference, Adobe actually put together a How-to Guide for situations like this, which goes through how to do it correctly step-by-step.)

Join the conversation

13
All Comments
  • All Comments
  • Website Comments
LatestOldest
eh_steve1:26 pm 28 Aug 10

Anyone who describes their actions as ‘relatively’ honest knows where they stand already.

Reports that are tabled in Parliament and the like, or publicly available court documents into major events like this, will have contact details in it. If you trawled through publicly available court judgements etc you’d probably come up with more revealing info.

If there was home addresses that may be different, but I reckon they would have been just as safe sticking this out without redactions.

Skidbladnir, what exact parts of the privacy act do you think have been breached?

Reply
Pommy bastard12:44 pm 28 Aug 10

Skidbladnir is, in reality, Julian Assange, I spotted it first!Do I get a prize?

Reply
screaming banshee11:01 am 28 Aug 10

Be honest now, how many people chastising Skidbladnir downloaded the docs to see who signed off on the formwork…..

Reply
dvaey10:36 am 28 Aug 10

H1NG0 said :

I would suggest removing this link or face the consequences

Sounds like something Id expect to hear from US or Russian government agencies, not TAMS.

Reply
Lazy I10:23 am 28 Aug 10

*Highlighting in my pervious post

…and in before “information wants to be free” and “Streisand effect” justification for actions.

Reply
Lazy I10:20 am 28 Aug 10

Unfortunately you lost that kudos being a douchebag and rehosting the document for the purpose of sensationalism

or highlighted some serious breaches in ACT PS procedures.

Hilighting the issues and rehosting the documents are completely different issues. There is proof they have acknowledged the error and have taken steps to mitigate the impact, what value does the OP rehosting the documents add? all it does is further disrespect the privacy (unnecessarily) of those involved.

The fact that the OP rehosted the documents using an anonymous service such as Mediafire shows he realises the potential implications, unfortunately for him (as mentioned above) the departments involved likely have his full name from the emails he sent.

Reply
Golden-Alpine8:15 am 28 Aug 10

I have to agree, it was good pointing this out to the Government but republishing the originals is unnecessary and irresponsible. You lost karma points doing that. To be fair to those involved I would suggest removing the documents.

Reply
Woody Mann-Caruso9:27 pm 27 Aug 10

Everybody look at Skidbladnir! Isn’t he awesome?

(That’s what you wanted, right?)

Reply
H1NG08:11 pm 27 Aug 10

I would suggest removing this link or face the consequences

Reply
Deano6:13 pm 27 Aug 10

So you complain about an accidental breach of privacy by intentionally publishing private information and encouraging others to access it.

Sorry but your actions belie your words.

And it would appear that you were dumb enough to use your real name in contacting various officials and then tie it directly to your actions by posting here.

Reply
Jivrashia5:28 pm 27 Aug 10

Seems like TAMS also needs to be audited in regards to privacy policy and handling of sensitive data, such as individual’s name and their contact details.

It would be in our right to demand that TAMS show that they have rectified their procedures and are now compliant.

If not then it would also be in our right to withhold sensitive data from them until they do.

Reply
Lazy I4:38 pm 27 Aug 10

Kudos for finding this and raising it with them.

Unfortunately you lost that kudos being a douchebag and rehosting the document for the purpose of sensationalism.

Reply
Mathman4:01 pm 27 Aug 10

However, the only way the people responsible learn their lessons is when things get unexpected public attention.
As such, most of the unredacted pages are now available over on MediaFire, under a temporary account.

Sorry but publishing the unredacted pages containing the personal information does not equate to unexpected public attention.

Yes, TAMS stuffed up but they addressed the issue as soon as it was brought to their attention. The fact that personal information was accessible is the issue that needed the public attention, not the information itself.

I did a relatively honest thing, and told those in authority about the breach of confidentiality when I found out about it.

But then you did the dishonest thing of further publishing the information. By publishing this information you have done nothing to improve the situation. In fact I would argue that you acted in bad faith – how does further breaching the privacy of the individuals who are not involved with the actual issue (that of ensuring the protection of private information) help the situation.

Reply
View more conversations

What's Trending

Opinion15

Living in the bush may not be all it's cracked up to be, but how's the serenity?

GrumpyGrandpa11 hours ago

Both myself and GrumpyGrandma grew up on farms; not 5 acre hobby farms, real farms. We were both… View

Malcolm Roxburgh3 days ago

We have found that most people who move to our country location (30Klm from Canberra) on small… View

Stephen Page-Murray3 days ago

Elisa Boughton We’re telling bout moving away from the cities. Many have done and returned. View

Join the conversation
Opinion34

Supermarkets check out on customers at our expense

teddy bear12 hours ago

Obviously no concern about juveniles getting job ready by manning checkouts at Supermarkets, etc. View

GrumpyGrandpa17 hours ago

JS9 Sure, no one is forcing me to claim back my partial refund. I know people who still throw their… View

Kate Tricks1 day ago

I prefer the self checkouts, so much quicker than queueing View

Join the conversation
Public Sector74

No one's rushing to help Pocock get more senators for the ACT

chewy1412 hours ago

Justsaying, This is going around in circles but I do have to pick up a few points that you are… View

JustSaying15 hours ago

@chewy14 What S7 of the Constitution specifies, in part, is the composition of the Senate, which (as… View

JustSaying2 days ago

@chewy14 I didn’t gloss over the other territory rights … they are irrelevant to this… View

Join the conversation
News31

More roadside drug tests needed after a 'bad year' on ACT roads, NRMA says

psycho13 hours ago

Alcohol is still the biggest cause of injury and violence in our society as well as a huge health… View

psycho13 hours ago

This has nothing to do with progressive society. It's just selfish individualistic stupid reckless… View

psycho13 hours ago

That is a large part of the problem in the ACT. People do not expect to get caught for drink or drug… View

Join the conversation
News

Transport Canberra apologises for disastrous first day of MyWay+ system

By James Coleman
39
Public Sector

Dozens of public servants sacked for code of conduct breaches: State of the Service Report

By Chris Johnson
5
Opinion

Supermarkets check out on customers at our expense

By Ian Bushnell
34
News

Fare Free Friday heralds new era for public transport system

By Ian Bushnell
20
Property

Canberra housing prices tipped to fall further in 2025

By Ian Bushnell
20
Lifestyle

This iconic little Canberra store is going national

By James Coleman
Start the conversation

Featured Properties

Zango Logo

Today's Poll

Do you support banning under 16s from social media?

View Results

Loading ... Loading ...
Explore 'Probing the Polls'

Featured Businesses

Insurance Brokers

allinsure

Allinsure has been a trusted insurance advisory to thousands of Australian business owners for almost 20 years.

Find out more

Lawyers

BDN Lawyers

BDN has provided legal services to to Canberra, Queanbeyan and the region for over 160 years.

Find out more

Lawyers

Kamy Saeedi Law

When you need a criminal or commercial lawyer, you don’t want to take any chances. You want someone in your corner that you can trust like your life depends on it - because it does.

Find out more

Electricians

True Connection Electrical

Since 2014, True Connection Electrical have been servicing residential and small commercial clients with reliable, trustworthy and top-quality electrical work.

Find out more

Lawyers

MV Law

Through a spirit of entrepreneurialism, collaboration, and future-forward thinking, MV Law have earned an industry-leading reputation.

Find out more

Mortgage Brokers

Clarity Home Loans

A passionate team of Canberrans helping other Canberrans secure their home loans. No frills, no commissions, no brainer.

Find out more

Community Club

Canberra Southern Cross Club

We're proud to give you a place where friends and family can come together for good food and great entertainment.

Find out more

Podiatrists

The Walking Clinic

The Walking Clinic has perpetuated an attitude of excellence in foot health provision. The experienced Podiatric team provide current and innovative care to all patients.

Find out more
View the best of Canberra

What's On

Research Festival 2024
View all upcoming events

Related Stories

Double trouble: Former ombudsman brought in for review after Finance leaks confidential data again

Double trouble: Former ombudsman brought in for review after Finance leaks confidential data again

24 February 2024 | By Chris Johnson
Start the conversation
Inquiries, redactions and the drip: ACT Government is keeping public in the dark

Inquiries, redactions and the drip: ACT Government is keeping public in the dark

24 March 2023 | By Ian Bushnell
10
Redacted report into Jervis Bay MRH 90 helicopter crash highlights procedural shortfalls

Redacted report into Jervis Bay MRH 90 helicopter crash highlights procedural shortfalls

18 September 2024 | By Andrew McLaughlin
1
CHS had 'well-founded reason' to dismiss Dhulwa nurse for privacy breaches, but acted in 'undue haste'

CHS had 'well-founded reason' to dismiss Dhulwa nurse for privacy breaches, but acted in 'undue haste'

20 December 2023 | By Claire Fenwicke
2
Heavily redacted Heritage Council review released, warns of 'imminent risk' to ACT sites

Heavily redacted Heritage Council review released, warns of 'imminent risk' to ACT sites

22 March 2023 | By Claire Fenwicke
4
National Digital ID system a step closer with exposure bill and consultation

National Digital ID system a step closer with exposure bill and consultation

24 September 2023 | By Chris Johnson
8
'Stop hiding behind investigations': Mental health minister slammed after patient records 'deliberately emailed' to unknown organisation

'Stop hiding behind investigations': Mental health minister slammed after patient records 'deliberately emailed' to unknown organisation

21 March 2023 | By Claire Fenwicke
5
Walter Sofronoff appears to make accusations against ACT's chief justice, attorney-general

Walter Sofronoff appears to make accusations against ACT's chief justice, attorney-general

12 September 2024 | By Albert McKnight
ACT Policing pauses use of surveillance tool through 'abundance of caution' following privacy concerns

ACT Policing pauses use of surveillance tool through 'abundance of caution' following privacy concerns

24 July 2023 | By Claire Fenwicke
8

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.