Wednesday, July 06, 2016

Despite The Plans The myGov Web Site Seems To Have Some Real Risks. I Hope The Implementation Is Well Planned!

As part of the election campaign we had the following announcement.

Malcolm Turnbull promises $50 million reboot for troubled myGov

Date June 22, 2016

Noel Towell

Reporter for The Canberra Times

The Coalition says it will spend $50 million in an effort to sort out the government's much maligned myGov web portal if it wins the election.
The Prime Minister has also confirmed that his pet project the Digital Transformation Office will be taking the lead in trying to reinvent the service, as revealed by Fairfax in January.
Malcolm Turnbull said the DTO would "partner" with other departments who used the gateway, like the ATO, Centrelink and Medicare in an effort to improve the user experience of myGov.
He promised to revamp the hated log-in protocols with a new system allowing users to choose their own unique username, starting with their email address and "the overall sign-in experience will be simplified and improved".
Users will be able to sign in to participating agencies directly without having to first go through myGov and better usability and design of the portal has been promised, especially on phones and tablets.
The myGov site was launched in 2013 and is used by several million Australians as a portal to access their Centrelink, Medicare, Child Support, Department of Veteran Affairs, e-health, and DisabilityCare accounts.
But serious problems have emerged with the security and operability of the site, with users complaining of being locked out of their accounts, outages and other glitches.
A storm of criticism was aimed in mid-2015 at the myTax portal, linked to the myGov system, for its performance at the end of the 2014-2015 financial year as millions of taxpayers tried to finish their tax returns.
More here:
Very recently some commentary on the portal appeared.

myGov is a disaster waiting to happen

With the announcement that, from this year onwards, Australians will have to file their taxes online using the myGov portal, a nice new target has been created for hackers who, like all other humans, want maximum returns for minimum work.
While the idea of having a single portal for all government dealings online sounds very good in theory, it may not be the best idea in practice.
Part of this tasty data soup will be the material collected in the forthcoming 9 August census. The Australian Bureau of Statistics has announced plans to store the names and addresses collected in the 2016 census for years to come.
In the short term, it will be cheaper for the government to have a portal that holds all the information about its citizens; if it were hacked, there would be hell to pay.

But many of the government's policies, the latest being the move to crack down harder on welfare cheats announced by treasurer Scott Morrison, can only be implemented if all the data is available in one place and in a format that lends itself to being searched.
When different agencies control different datasets in formats that are often incompatible with other systems — and vice versa — little correlation can be done. Government offices often tend to have antiquated technology which does not lend itself to being used across platforms.
Big data is a concept that has become more and more fashionable recently and the idea of using it for governmental purposes is very seductive.
The lack of security on myGov was exposed two years ago when a security researcher found very basic vulnerabilities in the setup and was able to demonstrate the extraction of data without jumping through too many hoops. And that's not the only case of bungled security.
The problem is that when a researcher or even a group of researchers finds weaknesses in government or corporate systems, their findings are not taken seriously until they go public. And when they do that, quite often red-faced officials try to retaliate for having been shown up.
Or the Australian Federal Police could land up on your doorstep and proceed to trash your home.
So what eventuates is that many individual researchers end up selling their discoveries on the dark web and keeping quiet about it. It's a much better option than trying to do good and then getting harassed about it.
Lots more here:
Given that the myHR consumer portal uses the myGov gateway it is clearly vital that it be easy to use, secure and reliable.
It will be interesting to see what impact the recent election has on these plans.
David.

1 comment:

Terry Hannan said...

David, this is Alfoil chewing information. To my simpleton logic if an organisation in charge of the MyHR record project cannot get the 'portal' right how can we expect them to come close to a 'functional' MyHR?