ACARA killed a website?
Dear Australian Curriculum, Assessment and Reporting Authority,
At an AppHack, Monday, one of the guys showed an app where the user, like a parent, could do all myschool kind of stuff only without accessing myschool. It just used a world data repository so you don't have all that stuff about how many schools you can access. That was the design anyhow, only it didn't really work. He was actually using a CD for the myschool data cause he said the data link the app needed (I think it came from an e-zine) has disappeared. It sounded real wierd to me but he had the same experience with his own website and said its "the "transparency enforcement league at ACARA".
It still sounds wierd to me so I want to see (with FOI) anything about a. if ACCARA has discussed with anyone (staff?) if you should tell a global data repository to take something down b. any letter, email, etc telling someone to take something off of a website. Also, i looked at the files on the CD and they don't look anything like myschool, so I want know if you checked the content is actual Myschool content. So c. anything (email, internal memo) about checking the content is the same as Myschool. Thanks alot.
Yours faithfully,
Josh Jones
Dear Josh,
Thank you for your email.
Your enquiry has been forwarded to ACARA's Freedom of Information team for
a response ([1][ACARA request email]). Please see information on [2]ACARA's
Freedom of Information policy on the ACARA website.
Kind regards,
ACARA info
Dear Australian Curriculum, Assessment and Reporting Authority,
Awesome! So it was true. I never expected that.
Something else, can you tell me about you claiming something is exempt by 47Ed. I read your letter but there's not enough info so I would know to ask you to reconsider. Also, is there anything that makes me in the wrong with ACARA if I was given a copy of the CD at our next AppHack? If you can answer by next Tuesday that would be awesome. Thanks alot.
Yours faithfully,
Josh Jones
Dear Australian Curriculum, Assessment and Reporting Authority,
That's really disappointing. I thought you'd answer my question yesterday so I'd know if I could ask the other developer to bring along a copy of his CD on Friday.
Now I don't know if you didn't read my email or if it's because you figure there's no need to tell me when there's no problem. I guess you would actually tell me if there's some problem. Anyways, our AppHack isn't till Good Friday and I won't actually get a copy of the CD until then so you can still let me know if it would put me in the wrong with ACARA.
About the other question, it's OK if you take longer to answer because you said I've got 35 days if I want you to reconsider.
Yours faithfully,
Josh Jones
Dear Josh
Thanks for your queries. I respond as follows:
1. Your query: “can you tell me about you claiming something is exempt by 47Ed”.
Our response: Thanks for your interest in s. 47E(d) of the Freedom of Information Act 1982 (Cth) (FOI Act). One of the best ways to examine this section and understand how it applies to ACARA’s work is to review the decision of the Administrative Appeals Tribunal (AAT) in the matter of Mark R Diamond and Chief Executive Officer of the Australian Curriculum, Assessment and Reporting Authority [2014] AATA 707 at www.austlii.edu.au/au/cases/cth/aat/2014... (Diamond Decision).
The Diamond Decision canvasses the fundamental issues concerning the capacity for simplistic league tables to undermine the work that ACARA and school authorities are trying to achieve.
In the Diamond Decision, the AAT affirmed the decision of the Freedom of Information Commissioner to refuse to grant access to the document sought by Dr Diamond in his request (the My School database), except for the list of schools. The Diamond Decision is a unanimous decision of Deputy President S.A. Forgie and Ms S. Taglieri, Member. It answers the submissions put by Dr Diamond in that case.
The members of the AAT in the Diamond Decision applied, amongst other things, s. 47E(d) of the FOI Act. Their reasoning in explaining their decision is clear and cogent.
2. Your query: Also, is there anything that makes me in the wrong with ACARA if I was given a copy of the CD at our next AppHack?
Our response: Assuming that the CD contains some or all of the information displayed on the My School website:
• the Diamond Decision provides a useful starting point at para [207]: “A user of the My School website is not permitted to use the My School website or content from the site in a manner that is outside the scope of the Terms of Use unless that user has ACARA’s written permission to do so”; and
• ACARA is not aware of any legitimate source from which the full data on the CD could have been obtained; and
• it follows that the Terms of Use on the My School website apply to the data taken; and
• there has been a breach of clause 7 of the Terms of Use; and
• the CD contains data that has been obtained as a result of this breach.
In ACARA’s view, the CD is an illegitimate copy which is in breach of ACARA’s terms of use. As such, in ACARA’s view, it should not be used, communicated or reproduced for any purpose.
Kind regards
Peter
Peter Matheson
Board Secretary, Office of the CEO
Australian Curriculum, Assessment and Reporting Authority
Level 10 | 255 Pitt Street | SYDNEY | NSW | 2000
Phone: +612 8098 3116
[mobile number]
Email: [email address]
Please consider the environment before printing this email
Hi Peter,
That's awesome. Thanks alot for answering even if it was too late to impact the data sharing at our AppHack. That's why I asked if someone could answer by Tuesday and then before Friday but I guess everyone at ACARA must be really busy if you're working on Good Friday!
I didn't follow everything in the link but it was really interesting anyway. I actually meant something different about the 47Ed stuff.
What I meant was, there's not really enough information so I can ask you to reconsider when you say disclosing certain information would enable people to get data from the My School website. I can't say "No it wouldn't" because there is not enough information to say anything about if it would or wouldn't. So what I meant was whether you can tell me anything more about what the problem is in a way that's not going to do what you're trying not to do!
Thanks alot. Hope you had a good Easter.
Josh
Dear Josh
Thanks for your query. There is no further information we can provide you at this time.
Kind regards
Peter
Peter Matheson
Board Secretary, Office of the CEO
Australian Curriculum, Assessment and Reporting Authority
Level 10 | 255 Pitt Street | SYDNEY | NSW | 2000
[mobile number]
Email: [email address]
Please consider the environment before printing this email
Dear Australian Curriculum, Assessment and Reporting Authority,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Australian Curriculum, Assessment and Reporting Authority's handling of my FOI request 'ACARA killed a website?'.
There's two things. There's nothing about how old were the documents you looked for so maybe there's lots of times you sent emails or letters to say someone has to take something off of a website from before January 2016 and you should have sent it to me. Did you really only ever ask someone to take something off this year? Maybe but I don't think so.
Also you said there's stuff you cut out because it could let people source data from the My School web site. About what you cut out I don't think there's good reasons because anyone can see how to get stuff from My School. It's not like it's this awesome locked iPhone. You can get myschool stuff by every page or maybe get it totally at once.
For totally at once maybe there's an SQL exploit. It's not new. There's hundreds of SQL exploits on the web. So if it's not about a zero-day exploit (why don't you fix it!), why would you blank out the idea in what you sent me. Anyhow that's hacking.
Or else you can do it one page at a time. There's alot of ways you can do it like using webscraping service or else Google "webscraping service" and choose. You don't care how there going to do it. So, if you're not advertising WeScrapeMyschool.com.au ;) why should you chop something about webscraping out in what you sent me. Also you can use your own catpcha bypass or hire one. Obvious. Google captcha defeat and do whatever, so why cut out Captcha Bypass in what you sent me. Or you just look at the pages and save whatever. It's kinda slow but like really really obvious so why chop that out. If two people share it its half the time. Crowdsource 200 people and its less.
Is there anything else? I don't think so so why should you delete it.
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/a...
Yours faithfully,
Josh Jones
Dear Australian Curriculum, Assessment and Reporting Authority,
Its obviously too hard so what if I only ask you reconsider the censorship where you cut stuff out of what you sent me the first time? Can you do that?
Just to say again what I already said, you cut it out because it could let people source data from the My School web site. That's what you said. About what you cut out I don't think there's good reasons because anyone can see how to get stuff from My School. It's not like it's this awesome locked iPhone the FBI tried to crack. You can get Myschool stuff by every page or maybe get it totally at once.
For totally at once maybe there's an SQL exploit. It's not new. There's hundreds of SQL exploits on the web. Microsofts got a page all on it (https://msdn.microsoft.com/en-us/library...). So if it's not about a zero-day exploit, why would you blank out the idea in what you sent me. If it is zero-day you should fix it!
Or else you can do it one page at a time. There's alot of ways you can do it like using webscraping service (http://www.scraping.pro/choosing-web-scr...) or else Google "webscraping service" and choose. So, if your censorship was not advertising WeScrapeMyschool.com.au ;) why should you chop something about webscraping out in what you sent me. Also some one can use their own catpcha bypass or hire one so why cut out Captcha Bypass in what you sent me. Or you just look at the pages and save whatever. It's kinda slow but like really really obvious so why chop that out. If two people share it its half the time. Crowdsource 200 people and its less.
Is there anything else? I don't think so so why should you delete it.
A full history of my FOI request and all correspondence is available on the Internet at this address:
https://www.righttoknow.org.au/request/a...
Yours faithfully,
Josh Jones
Dear Josh
I appreciate your interest regarding the documents that you are requesting.
As this is an internal review, I advise that the FOI decision maker in this case is Robert Randall, Chief Executive Officer, ACARA. In order for ACARA’s FOI decision maker to properly assess your request, we need to be clear on its scope.
1. FOI decision of Robyn Ziino
I have reviewed the FOI decision dated 14 March 2016 of Robyn Ziino. In this decision, Robyn Ziino:
A. identified three (3) documents relevant to your request in whole or part; and
B. decided to release one (1) document in full and two (2) documents in part.
2. Internal review – documents in scope
I note the reasons you provided in requesting an internal review (posted 8 April 2016), repeated in your latest posting (8 May 2016). Quite clearly, the document that was released in full (email correspondence between Peter Matheson and Figshare support dated 20 January 2016) falls outside the scope of your internal review request. Of the two (2) sets of documents that were released in part:
A. The first set of documents consist of internal email correspondence. There was one (1) redaction in these documents. The FOI decision maker, Robyn Ziino, was satisfied that one (1) document was exempt as the document would be privileged from production in legal proceedings on the ground of legal professional privilege: s.42 of the FOI Act. It seems clear from your recent posts that you are not requesting a review of this part of Robyn Ziino’s decision.
B. The second set of documents consist of email correspondence between ACARA staff and also between ACARA staff and their external legal advisers. There were a number of redactions in these documents. The FOI decision maker, Robyn Ziino, was satisfied that the documents that were redacted were exempt on one of three (3) grounds:
i. some of the documents in scope would be privileged from production in legal proceedings on the ground of legal professional privilege: s.42 of the FOI Act;
ii. one document is outside scope and is irrelevant to your request: s.22(1)(a)(ii) of the FOI Act; and
iii. one document in scope is conditionally exempt under s.47E(d) of the FOI Act (substantial adverse effect on the proper and efficient conduct of the operations of an agency) and disclosure of the document is contrary to the public interest.
It seems clear from your recent posts that your interest lies in the second set of documents and, more particularly, in the document that relates to Robyn Ziino’s decision concerning s.47E(d) of the FOI Act. In particular, it appears that there is one (1) paragraph in the reasons for decision relating to s.47E(d) of the FOI Act that has triggered your interest, being:
“Disclosure of certain information in the documents would enable people to source data from the My School website in breach of the Terms of Use, and use the data in a way contrary to ACARA’s principles and protocols”.
In this regard, I note that in your post of 8 May 2016 you state, amongst other things:
“Just to say again what I already said, you cut it out because it could let people source data from the My School web site. That's what you said. About what you cut out I don't think there's good reasons because anyone can see how to get stuff from My School”.
3. My understanding of the scope of your request for internal review
It is my understanding that what you are requesting is an internal review of that document that the FOI decision maker, Robyn Ziino, was satisfied was conditionally exempt under s.47E(d) of the FOI Act and disclosure of which would be contrary to the public interest.
Can you please confirm that my understanding of your request for internal review aligns with what you have stated in your posts of 8 April 2016 and 8 May 2016.
Kind regards
Peter
Peter Matheson
Board Secretary, Office of the CEO
Australian Curriculum, Assessment and Reporting Authority
Level 10 | 255 Pitt Street | SYDNEY | NSW | 2000
Phone: +612 8098 3116
[mobile number]
Email: [email address]
Please consider the environment before printing this email
Dear Peter Matheson,
I didn't follow all the first bit of the email but I think you've got it right. Thanks.
Yours sincerely,
Josh Jones
Dear Josh
Thanks for your post of 14 May 2016. I am glad that we have clarified the scope of your request for internal review.
As foreshadowed in our practical refusal letter of 6 May 2016, the 30 day time limit to provide you with our internal review decision has expired, due to the need to clarify scope. The 30 day deadline expired on Monday 9 May 2016 (30 days + next business day). Our FOI decision maker will be making an internal review decision. We anticipate that the internal review decision will be uploaded on the Right to Know website by close of business on Friday 3 June 2016.
We ask for your patience. You do have the right to go directly to the Office of the Australian Information Commissioner requesting a review. If you can allow us time so that we can provide you with our internal review decision, I would greatly appreciate it.
Kind regards
Peter Matheson
Board Secretary