This blog is totally independent and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Wednesday, July 06, 2016
Despite The Plans The myGov Web Site Seems To Have Some Real Risks. I Hope The Implementation Is Well Planned!
As part of the election campaign we had the following announcement.
Malcolm Turnbull said the DTO would "partner" with other departments who used the gateway, like the ATO, Centrelink and Medicare in an effort to improve the user experience of myGov.
He promised to revamp the hated log-in protocols with a new system allowing users to choose their own unique username, starting with their email address and "the overall sign-in experience will be simplified and improved".
Users will be able to sign in to participating agencies directly without having to first go through myGov and better usability and design of the portal has been promised, especially on phones and tablets.
The myGov site was launched in 2013 and is used by several million Australians as a portal to access their Centrelink, Medicare, Child Support, Department of Veteran Affairs, e-health, and DisabilityCare accounts.
But serious problems have emerged with the security and operability of the site, with users complaining of being locked out of their accounts, outages and other glitches.
A storm of criticism was aimed in mid-2015 at the myTax portal, linked to the myGov system, for its performance at the end of the 2014-2015 financial year as millions of taxpayers tried to finish their tax returns.
With the announcement that, from this year onwards, Australians will have to file their taxes online using the myGov portal, a nice new target has been created for hackers who, like all other humans, want maximum returns for minimum work.
While the idea of having a single portal for all government dealings online sounds very good in theory, it may not be the best idea in practice.
Part of this tasty data soup will be the material collected in the forthcoming 9 August census. The Australian Bureau of Statistics has announced plans to store the names and addresses collected in the 2016 census for years to come.
In the short term, it will be cheaper for the government to have a portal that holds all the information about its citizens; if it were hacked, there would be hell to pay.
But many of the government's policies, the latest being the move to crack down harder on welfare cheats announced by treasurer Scott Morrison, can only be implemented if all the data is available in one place and in a format that lends itself to being searched.
When different agencies control different datasets in formats that are often incompatible with other systems — and vice versa — little correlation can be done. Government offices often tend to have antiquated technology which does not lend itself to being used across platforms.
Big data is a concept that has become more and more fashionable recently and the idea of using it for governmental purposes is very seductive.
The lack of security on myGov was exposed two years ago when a security researcher found very basic vulnerabilities in the setup and was able to demonstrate the extraction of data without jumping through too many hoops. And that's not the only case of bungled security.
The problem is that when a researcher or even a group of researchers finds weaknesses in government or corporate systems, their findings are not taken seriously until they go public. And when they do that, quite often red-faced officials try to retaliate for having been shown up.
Or the Australian Federal Police could land up on your doorstep and proceed to trash your home.
So what eventuates is that many individual researchers end up selling their discoveries on the dark web and keeping quiet about it. It's a much better option than trying to do good and then getting harassed about it.