I’m speaking at CrikeyCon!
On Saturday 21 March, I’ll be speaking about my Freedom of Information case at CrikeyCon 11 in Brisbane. CrikeyCon is one of Australia’s top grassroots cybersecurity conferences. It’s also exceptional value. Tickets are still available.
Abstract follows. I look forward to meeting some of my supporters there—and perhaps enlisting some new ones!
Can the government stand on security by obscurity? §
Governments nowadays provide many kinds of digital services, and a menagerie of mobile apps for accessing them. With few exceptions, these applications are closed source. Transparency into what they do, and whether they do it securely, is limited. When asked to open the kimono, agencies typically double down on secrecy, eroding trust. Security and trust require transparency - and that means source code.
This is the story of Tweedale and CEO, Services Australia, a Freedom of Information matter currently before the Administrative Review Tribunal. In 2021 I requested the source code for the myGov Code Generator app, a basic 2FA app for myGov login. The agency refused on grounds that mostly boil down to “security by obscurity”. Five years after my initial request, the Tribunal will decide whether their arguments stand up to scrutiny.
In this talk I’ll explain how the (federal) Freedom of Information system works, the history of this matter, and the main arguments and evidence in play. I will critique Services Australia’s arguments within the broader context of government technology and cybersecurity policy. We will also compare and contrast the current matter with previous attempts to get source code via FOI. I will conclude by contemplating the consequences of success or failure in my proceeding.
