This is an HTML version of an attachment to the Freedom of Information request 'myGov Code Generator app: source code and technical documentation'.


If not delivered return to PO Box 7820 Canberra BC ACT 2610                        
 
 
 
 
11 November 2021 
 
 
 
 
 
Our reference:  LEX 64833 
Mr Fraser Tweedale 
 
 
Only by email: xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx  
 
Dear Mr Tweedale,  
Decision on your Freedom of Information Request 
I refer to your correspondence dated 12 October 2021, seeking internal review of the 
decision made by Services Australia (the agency) on 13 September 2021 in relation to your 
request for access to documents under the Freedom of Information Act 1982 (the FOI Act
(the original decision).  
Summary of my internal review decision 
Consistent with the requirements of section 54C(2) of the FOI Act, I have made a ‘fresh’ 
decision.  
I am satisfied that the documents are exempt under the FOI Act. Furthermore, I have 
decided on balance it would be contrary to the public interest to release this information.   
Please see the schedule at Attachment A to this letter for a detailed list of the documents 
and the reasons for my decision, including the relevant sections of the FOI Act. 
You can ask for a review of our decision 
If you disagree with any part of this decision you can ask for an external review by the Office 
of the Australian Information Commissioner. See Attachment B for more information about 
how to request a review.  
Further assistance 
If you have any questions please email xxx.xxxxx.xxxx@xxxxxxxxxxxxxxxxx.xxx.xx.  
 
Yours sincerely 
 
Hannah  
Authorised FOI Decision Maker 
Freedom of Information Team 
Information Access Branch | Legal Services Division  
Services Australia 
 
PAGE 1 OF 8 


If not delivered return to PO Box 7820 Canberra BC ACT 2610                        
 
Attachment A 
SCHEDULE OF DOCUMENTS 
TWEEDALE, Fraser (RIGHT TO KNOW) - LEX 64833 
 
 
Doc 
Description 
Decision 
FOI Act 
Comments 
No. 
Exemption 
 
 
Source Code 
Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
1.  
the operations of the agency (section 47E(d)). 
 
 
Source Code 
Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
2.  
the operations of the agency (section 47E(d)). 
 
 
Proposed Solution Brief 
Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
3.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
4.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
5.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
6.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
7.  
the operations of the agency (section 47E(d)). 
 
PAGE 2 OF 8 

Doc 
Description 
Decision 
FOI Act 
Comments 
No. 
Exemption 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
8.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
9.  
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
10. 
the operations of the agency (section 47E(d)). 
 
 
Use Case Documentation  Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
11. 
the operations of the agency (section 47E(d)). 
 
 
API Documentation 
Exempt in ful  
s 47E(d)  
Information that would have a substantial adverse effect on the proper and efficient conduct of 
12. 
the operations of the agency (section 47E(d)). 
 
 
 
 
PAGE 3 OF 8 
 
Department of Human Services 
3180049_004.xml  


If not delivered return to PO Box 7820 Canberra BC ACT 2610                        
 
 
 
REASONS FOR DECISION 
What you requested 
On 13 July 2021, you made a request under the FOI Act for access to the following: 
‘(1). Source code of the myGov Code Generator iOS and Android apps, including 
build scripts, manifests, software license terms, and media assets (icons, audio files, 
etc). 
 
(2). Technical documentation describing the operation of the myGov Code Generator 
app, such as design documents, architecture diagrams, API documentation, security 
assessments, technical presentation slides, and similar documents. 
 
If it assists in the expeditious processing of my request, source code may be 
delivered as a "snapshot" or export of source repositories, in ZIP, "tarball" or similar 
format. However, the full development history is preferred.’ 
 
On 13 September 2021, the agency provided you with the original decision, refusing access 
in full to 12 documents. 
On 12 October 2021, you requested an internal review of the original decision.  
You made extensive submissions in support of your request stating, in summary, that release 
of the source code would not pose significant security risks and outlining additional public 
interest factors in favour of disclosure of the documents.  
What I took into account 
In reaching my decision I took into account: 
•  your original request dated 13 July 2021; 
•  the documents that fall within the scope of your request; 
•  your submissions dated 12 October 2021; 
•  whether release of the material is in the public interest; 
•  consultations with agency officers about: 
o  the nature of the documents; 
o  the agency's operating environment and functions; 
•  guidelines issued by the Australian Information Commissioner under section 93A of 
the FOI Act (the Guidelines); and 
•  the FOI Act.  
Reasons for my decisions 
I am authorised to make decisions under section 23(1) of the FOI Act. 
PAGE 4 OF 8 

I have decided that the documents you requested are exempt under the FOI Act.  My 
findings of fact and reasons for deciding that the relevant exemption applies to those 
documents are discussed below.  
Operations of the Agency  
I have applied the conditional exemption in section 47E(d) to the documents. 
This section of the FOI Act allows the agency to redact material from a document if its 
disclosure would have a serious or significant effect on the agency’s ability to conduct its 
operations efficiently and properly. 
 
The documents  in question contain  information on source code and other technical 
documentation  relating  to the myGov Code Generator application. I am satisfied this 
information is relevant to the operations and management of programs administered by the 
agency, and therefore relevant to the conduct of the agency’s operations. 
 
I have considered your submissions regarding the nature of the documents and your 
contentions that (in summary): 
•  source code and technical documentation is not a prerequisite to developing 
counterfeit applications or finding vulnerabilities or security risks in the software; 
•  distribution via ‘app stores’ offer a level of safeguarding against counterfeit 
applications and your assertion that users wil  largely download the app from an 
‘app store’; 
•  the original decision did not provide you with sufficient information to adequately 
describe the predicted effect of disclosure, and the reasons given were generic 
to all documents rather than individual documents.  
 
Whilst the release of source code and technical documentation is not a prerequisite for the 
development of counterfeit applications, or for members of the public to find vulnerabilities 
with the software, I consider that providing the exempt material to you would negatively affect 
the conduct of the operations of the agency. Having regard to the content of the documents 
and advice from subject matter experts from within the agency, I have found that the release 
of the information could have a serious and significant effect on the agency’s ability to 
conduct its operations efficiently and properly.  
 
This is because the information contained within the documents is not publicly available, and 
disclosure of the information would significantly increase the risk of others creating 
counterfeit applications. Disclosure would also al ow nefarious actors to circumvent security 
features and potentially gain unauthorised access to third party information.  
 
In my view, the fact that the applications are distributed via ‘app stores’ which list the 
publisher of the application does not mitigate the significant risks outlined above, given that 
the agency provides services to the most vulnerable members of the Australian community 
who have varying levels of technological literacy.  
 
Having carefully reviewed all of the material falling within scope of the request I am satisfied 
that  release of the  documents would disclose information about the code and technical 
information  for  the myGOV code generator application  and put  the agency at risk of 
counterfeiting and unauthorised access, leaving the agency vulnerable to cyber-attack and 
privacy breaches.  
 
 
 
PAGE 5 OF 8 
 
 

 
Public interest considerations  
 
Access to conditionally exempt material must be given unless I am satisfied it would not be in 
the public interest to do so. 
 
I have considered your contentions  that there are additional public interest considerations 
favouring disclosure of the documents.  
 
I agree with the following public interest considerations you outlined favouring disclosure:  
 
•  promote the objects of the FOI Act, including: 
o  Increase public participation in Government processes; and 
o  increase recognition that information held by the Government is to be 
managed for public purposes, and is a national resource. 
•  inform debate on a matter of public importance 
•  contribute to innovation and the facilitation of research 
•  ensure compliance with Digital Service Standard. 
 
In relation to your submission that the release of the source code would promote effective 
oversight of public expenditure, I find that the release of the source code would not contribute 
to this in any significant way. I find that the published product and the expenditure used to 
create that product are more relevant to this point, and that much of this information is 
already available in the public domain.  
 
In your submission you contend that the release of the source code would advance the fair 
treatment of individuals and other entities in accordance with the law in their dealings with 
agencies. Your submission also contends that release of the source code may facilitate 
further accessibility of the application, allowing members of the public to more easily engage 
with the agency. However, given the significant security and privacy risks I have identified 
above, I do not find that creating any copy or imitation application would reasonable be 
considered to advance the fair treatment of members of the public engaging with the agency.  
 
I also consider that release of information relating to  the source code and technical 
information in the myGOV code generator application would more likely than not:  
 
•  prejudice the agency’s ability to properly and efficiently deliver services to the 
public; 
•  prejudice the agency’s ability to meet its obligations to customers under the 
Privacy Act 1988 (Cth)
•  prejudice the integrity of the myGov Code Generator application; and 
•  prejudice the security of the agency’s computer systems. 
 
On balance, I find the public interest factors in favour of disclosing the material are 
outweighed by the public interest factors against disclosure.  
 
I have not taken into account any of the irrelevant factors set out in section 11B(4) of the FOI 
Act in making this decision.  
PAGE 6 OF 8 
 
 


If not delivered return to PO Box 7820 Canberra BC ACT 2610                        
 
 
Attachment B 
 
INFORMATION ON RIGHTS OF REVIEW 
 
FREEDOM OF INFORMATION ACT 1982 
 
Asking for a full explanation of a Freedom of Information decision 

Before you ask for a formal review of a FOI decision, you can contact us to discuss your 
request. We wil  explain the decision to you. This gives you a chance to correct 
misunderstandings.  
Asking for a formal review of an Freedom of Information decision 
If you stil  believe a decision is incorrect, the Freedom of Information Act 1982 (FOI Act
gives you the right to apply for a review of the decision. Under sections 54 and 54L of the 
FOI Act, you can apply for a further review of an FOI decision by the Australian Information 
Commissioner. 
Applying for external review by the Australian Information Commissioner 
If you do not agree with the original decision or the internal review decision, you can ask the 
Australian Information Commissioner to review the decision.  
If you do not receive a decision from an Internal Review Officer in the agency within 30 days 
of applying, you can ask the Australian Information Commissioner for a review of the original 
FOI decision.  
You wil  have 60 days to apply in writing for a review by the Australian Information 
Commissioner.  
You can lodge your application
Online: 
www.oaic.gov.au   
Post:    
Australian Information Commissioner 
 
 
GPO Box 5218 
SYDNEY NSW 2001  
Email:  
xxxxxxxxx@xxxx.xxx.xx 
 
Note 3: The Office of the Australian Information Commissioner generally prefers FOI 
applicants to seek internal review before applying for external review by the Australian 
Information Commissioner. 
Important: 
•  If you are applying online, the application form the 'Merits Review Form' is available 
at www.oaic.gov.au.  
•  If you have one, you should include with your application a copy of the Services 
Australia decision on your FOI request  
•  Include your contact details 
•  Set out your reasons for objecting to the agency's decision. 
PAGE 7 OF 8 

Complaints to the Australian Information Commissioner and Commonwealth 
Ombudsman  
Australian Information Commissioner 
 
You may complain to the Australian Information Commissioner concerning action taken by 
an agency in the exercise of powers or the performance of functions under the FOI Act, 
There is no fee for making a complaint. A complaint to the Australian Information 
Commissioner must be made in writing. The Australian Information Commissioner's contact 
details are: 
 
Telephone:      1300 363 992 
Website:          www.oaic.gov.au  
 
Commonwealth Ombudsman 
 
You may also complain to the Commonwealth Ombudsman concerning action taken by an 
agency in the exercise of powers or the performance of functions under the FOI Act. There is 
no fee for making a complaint. A complaint to the Commonwealth Ombudsman may be 
made in person, by telephone or in writing. The Commonwealth Ombudsman's contact 
details are: 
 
Phone:             1300 362 072 
Website:          www.ombudsman.gov.au 
 
The Commonwealth Ombudsman generally prefers applicants to seek review before 
complaining about a decision. 
 
PAGE 8 OF 8 
 
 

Document Outline