Thursday, 31 May 2018
National Future Work Summit
I wanted to record here in parliament my congratulations to the organisers of the first National Future Work Summit held in Melbourne yesterday, an event that dealt with an issue of crucial importance to the nation: the impact of technology on the way we work and the jobs we have. I joined with 400 other attendees drawn from across government, industry and academia and, appropriately, given the downstream impact on jobs, a lot of secondary students also attended. The event reinforced in my mind something I've known for quite some time—that is, that there's not only a large degree of curiosity about what's approaching; it's been twinned with a degree of concern about whether the nation is prepared for that change. Some great speakers also lent their insights—Sally-Ann Williams from Google, Tim Reed from MYOB, Sarah Moran from Girl Geek Academy, Yohan Ramasundara from ACS, the Wade Institute's Georgia McDonald, and the one and only Michelle Mannering. Another event is planned for Sydney and, because it's in New South Wales, it'll obviously be bigger and better! I'm looking forward to that and the 2019 events as well. These events are vital because, while change is a constant, preparation isn't. These events play a part in that preparation. Well done to everyone involved.
A recent decision by the Turnbull government has the local tech community talking. It relates to how they've chopped and changed their approach to the way government data is managed—specifically, who will manage protected cloud services for the Australian government and how? For some time, Australia has been able to proudly rely upon local cloud service providers supplying those services to government. The framework has been set in stone for a while, even in the face of repeated questioning by local providers wanting to check that they wouldn't be caught off-guard by sudden policy shifts. Let's face it: that's a constant threat when dealing with this government.
A few months ago, I was interested to see Microsoft invest $100 million in setting up a cloud service presence in Canberra. On the face of it, it's great to see, but, in the absence of major contracts, it seemed like a big investment to make. Then, a few weeks later, it became clear. The Turnbull government decided to award Microsoft permission to house data in newly classified protected services, or so it seems. It would be fair to say this has caused some shock but not because of Microsoft. They're a great company and I've supported their work around things like skills development. But I'm interested in the Turnbull government shifting the goalposts and impacting local companies. The same Turnbull government that once yammered on about driving local innovation only gives it lip-service when it comes to the crunch.
There is a stack of serious questions the Turnbull government has to answer about this seismic policy shift—specifically: is Microsoft providing a public cloud to government or protected cloud services? What was the standard by which contracted cloud providers had to adhere prior to Microsoft obtaining the green light to provide its cloud offering. And why were these standards changed without notice or involvement of Australian firms? Who in the Australian Signals Directorate signed all the certifications for the first four protected cloud services? And did the same person sign off the most recent protected certification? At the time of the last certification, was the person who signed the first four still in the same role? Does the ASD take the view that a public cloud cannot be classified as a protected cloud?
Last week, the government's cybersecurity guru, Alastair MacGibbon, told estimates that Microsoft staff have access to the cloud system that holds protected data if they have Australian government security vetting agency clearances. So how many clearances have been issued to Microsoft staff who are not Australian citizens or are not based in Australia? Is it true that Microsoft's global head of sales and marketing specifically flew to Canberra—on a private jet, mind you—to lobby senior members of the government for the ability of Microsoft to provide its services? Mr MacGibbon stated, on behalf of the Australian government, that the data in Microsoft's cloud is covered under Australian law, yet isn't it the case that the US CLOUD Act shifts the jurisdiction to the US? What assessments were made by the ASD regarding legal sovereignty of the data housed in foreign clouds? Is a non-Australian based cloud provider subject to foreign laws around data access? And did our legal advice take into account what might happen to storage and accessing of protected data as a result of changes to law by foreign governments? These are just a few of the questions.
The Australian public deserves to know how the government is protecting and managing the data of ordinary citizens. It would also be good to know why the government has decided to treat local firms so shabbily: one day forcing those firms to spend up big to meet a big standard that is then chopped and changed to suit a multinational without regard to the impact on locals. The issue will not go away. It deserves a proper response from government and it certainly deserves to see local cloud services providers treated better than we have seen to date.