Encrypted messages should be kept as gov records, committee says

By

Without existing legislation needing changes.

Public servants ought to retain all records about government decisions, including any messages sent to ministers via encrypted messaging and social media apps, according to a new parliamentary report.

Encrypted messages should be kept as gov records, committee says

The report [pdf] from the Parliamentary Joint Committee on Public Accounts and Audit, released following the start of the caretaker period last week, stopped short of endorsing any changes to record keeping obligations, despite calls to strengthen existing legislation.

During the inquiry, former Nation Achieves of Australia (NAA) director-general David Fricker raised concerns with powers to capture encrypted messages under the Archives Act, describing it as a “grey area”.

“I would like to see our legislation modernised, first and foremost, to embrace a more 21st-century definition of a Commonwealth record, one that incorporates a message sent on WhatsApp, for example,” he told the inquiry last year.

Guidance developed by the NAA asks public servants to retain a copy of encrypted messages sent using platforms such as WhatsApp, Signal and Telegram and enter it into the Commonwealth record keeping system.

But Fricker told the committee that no “transfers of social media records from Commonwealth government agencies or ministerial offices” had been received by the NAA, noting that initial planning discussions were underway with some agencies.

There are similarly no penalties available under the Archives Act for not doing so, because the legislation only applies to records that have been created in the first place.

In its report, the committee noted that under existing laws, including the Public Governance, Performance and Accountability Act and the Archives Act, Commonwealth officials were required to “maintain a record of government business”.

“The committee points to the need for information management governance to continue to reinforce that when a record is created for the conduct of official government business – including through social media platforms and (encrypted) messaging apps – it must be duly incorporated into an approved government information management system,” the report said.

The committee also highlighted the need for information management governance to “continue to ensure that there is clarity on the definition of a Commonwealth record, consistent with technological developments.”

It has asked the Attorney-General’s Department to report back on “how the relevant information management and archives legislation provides clarification on record-keeping obligations ... regardless of the technology and method used to create the record”.

Labor MP and committee deputy chair Julian Hill said the inquiry’s recommendations could have gone further by urging the government to introduce legislation, or take other actions, to update the definition of “Commonwealth record”.

“The committee failed to clearly acknowledge in its findings the evidence received that the Archives has received few or no records of social media or encrypted messages from public servants or ministers,” he said in the report’s additional comments.

“Dancing around this evidence and failing to make a finding doesn’t change the fact this is a government addicted to secrecy, and that the definition of Commonwealth record requires updating to ensure government records made or transmitted via modern forms of communication are captured.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

The full list of IT projects in the 2024-25 federal budget

The full list of IT projects in the 2024-25 federal budget

Home Affairs' ICT modernisation needs backed by another review

Home Affairs' ICT modernisation needs backed by another review

India's mid-tier IT firms gain share from industry goliaths

India's mid-tier IT firms gain share from industry goliaths

Defence readies a three-year technology roadmap

Defence readies a three-year technology roadmap

Log In

  |  Forgot your password?