Tax Agent Portal security
Dear Australian Taxation Office,
I hereby request, under the Freedom of Information Act (1982),
copies of the following documents, available as of the date of this
letter:
(a) All documents pertaining to the breach of the Tax Agent Portal, which the Australian Taxation Office alerted tax agents to on February 5. For the purposes of the FOI officer investigating the matter, a copy of the message sent to tax agents is available here: http://www.icb.org.au/news/1825. I do not need a copy of it.
I am seeking documents such as emails between staff about the breach, as well as any other documents the ATO might have about it. Perhaps there are documents from third-party contractors. I'd like them too.
I am also seeking records of any warnings from the public to the ATO about the security (or lack thereof) of the Tax Agent Portal and AUSkeys (the authentication mechanism used to access the Tax Agent Portal).
For context, a news article in relation to the breach can be found here: http://www.smh.com.au/it-pro/security-it...
I also make the application that all costs for the processing of
this request be waived on the grounds that the release of this
information is in the public interest. Taxpayers have a right to know about whether the ATO is securely protecting their information.
--
Regards,
Ben Grubb
Deputy Technology Editor
Fairfax Media
02 9282 3652
Good Afternoon Mr Grubb
Further to our telephone call yesterday, please find attached our
letter.
Regards
Kate
Kate Roberts
Principal Lawyer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
ATO | Working for all Australians
-----Original Message-----
From: Ben Grubb [mailto:[FOI #61 email]]
Sent: Monday, 11 February 2013 11:14
To: FOI
Subject: Freedom of Information request - Tax Agent Portal security
Dear Australian Taxation Office,
I hereby request, under the Freedom of Information Act (1982),
copies of the following documents, available as of the date of this
letter:
(a) All documents pertaining to the breach of the Tax Agent Portal,
which the Australian Taxation Office alerted tax agents to on
February 5. For the purposes of the FOI officer investigating the
matter, a copy of the message sent to tax agents is available here:
http://www.icb.org.au/news/1825. I do not need a copy of it.
I am seeking documents such as emails between staff about the
breach, as well as any other documents the ATO might have about it.
Perhaps there are documents from third-party contractors. I'd
like them too.
I am also seeking records of any warnings from the public to the
ATO about the security (or lack thereof) of the Tax Agent Portal
and AUSkeys (the authentication mechanism used to access the Tax
Agent Portal).
For context, a news article in relation to the breach can be found
here:
http://www.smh.com.au/it-pro/security-it...
-system-20130208-2e2kn.html
I also make the application that all costs for the processing of
this request be waived on the grounds that the release of this
information is in the public interest. Taxpayers have a right to
know about whether the ATO is securely protecting their
information.
--
Regards,
Ben Grubb
Deputy Technology Editor
Fairfax Media
02 9282 3652
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #61 email]
Is [ATO request email] the wrong address for Freedom of Information
requests to Australian Taxation Office? If so, please contact us
using this form:
http://www.righttoknow.org.au/help/contact
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.righttoknow.org.au/help/offic...
If you find this service useful as an FOI officer, please ask your
web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Dear Kate,
Thank your for your letter and phone call.
I would like to go ahead with the second option. That option relates to removing duplicates, not requiring Tax File Numbers, only requiring final email chains and removing from scope purely administrative documents.
I would also like to clarify my first request which said I was after warnings to the Tax Office from the public about the security of the Tax Agent Portal. By public I mean anyone (including from the Tax Office's own staff and from third-party contractors/businesses/ people etc).
Thanks.
Regards,
Ben Grubb
02 9282 3652
Mr Grubb
Please find attached our letter in relation to this matter.
Regards
Kate Roberts
Principal Lawyer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
ATO | Working for all Australians
<<Request for Extension.pdf>>
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Hi Ben,
As discussed today, please find enclosed the notice of my intention to
refuse your FOI request (regarding the taxagent portal) in it's current
form.
<<Signeds24Notice.pdf>>
I am the officer you can contact to discuss reducing the scope of this
request.
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Hi Julie,
I would like to refine the scope of this FOI request to the following:
Briefing material provided to senior staff members (including the commissioner of taxation and deputy commissioner of taxation) of the office regarding this matter. I would also like documents (including emails) sent between senior IT staff members regarding this matter.
Regards,
Ben Grubb
02 9282 3652
Dear Ben,
As discussed today, I have had difficulty in defining the reduced scope of
your FOI request regarding the taxagent portal. This is an issue of
identify fraud rather than an IT issue and there are a number of business
lines involved covering areas such as refund fraud, auskey, various risk
management areas and client identity management.
Your amended scope has not reduced the work involved in processing this
request and I have suggested that you limit the request to the briefings
to senior officers (Commissioner and Second Commissioners). Could you
please confirm your agreement to this reduced scope by return email?
Please contact me if you have any questions.
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Thanks Ben
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
-----Original Message-----
From: Ben Grubb [mailto:[FOI #61 email]]
Sent: Wednesday, 10 April 2013 17:39
To: Galeotti, Julie
Subject: Re: ATO FOI request [SEC=UNCLASSIFIED]
Julie,
I agree to the suggested amended scope.
Regards,
Ben Grubb
-----Original Message-----
Dear Ben,
As discussed today, I have had difficulty in defining the reduced
scope of
your FOI request regarding the taxagent portal. This is an issue
of
identify fraud rather than an IT issue and there are a number of
business
lines involved covering areas such as refund fraud, auskey,
various risk
management areas and client identity management.
Your amended scope has not reduced the work involved in processing
this
request and I have suggested that you limit the request to the
briefings
to senior officers (Commissioner and Second Commissioners). Could
you
please confirm your agreement to this reduced scope by return
email?
Please contact me if you have any questions.
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #61 email]
Write your response as plain text. Only send PDF documents as a
last resort. Government guidelines make it clear that PDF is not an
acceptable format for you to use in the delivery of government
information.
http://www.righttoknow.org.au/help/offic...
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.righttoknow.org.au/help/offic...
If you find this service useful as an FOI officer, please ask your
web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Dear Ben,
We have identified 12 documents relevant to your request regarding the tax
agent portal. This matter is currently due tomorrow but I expect it will
take us until the 3 May to finalise this matter. This is due to the
sensitivities regarding security matters and tax agent material. We will
also have to consult with another Commonwealth agency in relation to some
of the material.
I will be requesting an extension of time from the Office of the
Australian Information Commissioner for this matter. A copy of my request
for an extension to the OAIC is attached.
<<Extension of time request.doc>>
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Dear Julie,
I accept that an extension is needed.
Don't worry about getting an extension from the OAIC.
Regards,
Ben Grubb
Hi Ben,
Sorry about the delay. I am now expecting that we will be able to provide the documents by Friday 10 May.
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
-----Original Message-----
From: Ben Grubb [mailto:[FOI #61 email]]
Sent: Sunday, 5 May 2013 21:52
To: Galeotti, Julie
Subject: Re: Extension of time re FOI request [SEC=UNCLASSIFIED]
Hi,
Can you please advise where this is at since it has now passed May
3?
Regards,
Ben Grubb
-----Original Message-----
Dear Ben,
We have identified 12 documents relevant to your request regarding
the tax
agent portal. This matter is currently due tomorrow but I expect
it will
take us until the 3 May to finalise this matter. This is due to
the
sensitivities regarding security matters and tax agent material.
We will
also have to consult with another Commonwealth agency in relation
to some
of the material.
I will be requesting an extension of time from the Office of the
Australian Information Commissioner for this matter. A copy of my
request
for an extension to the OAIC is attached.
<<Extension of time request.doc>>
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #61 email]
Write your response as plain text. Only send PDF documents as a
last resort. Government guidelines make it clear that PDF is not an
acceptable format for you to use in the delivery of government
information.
http://www.righttoknow.org.au/help/offic...
Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.righttoknow.org.au/help/offic...
If you find this service useful as an FOI officer, please ask your
web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
Dear Mr Grubb,
Please find enclosed our decision, schedule and documents provided in
response to your FOI request regarding the Tax Agent Portal.
<<Signed decision.pdf>> <<Schedule.xls>> <<CombinedWorkingDoc(for
release).pdf>>
Regards,
Julie Galeotti
Senior Legal Officer
General Counsel Practice l Legal Services Branch l Law & Practice
Australian Taxation Office
Phone: 03 9285 1810 | Facsimile: 03 9285 1702
Email [email address]
ATO | Working for all Australians
**********************************************************************
IMPORTANT
The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************