Ministerial correspondence - Google Apple Exposure Notifications API

Waiting for an internal review by Digital Transformation Agency of their handling of this request.

Dear Digital Transformation Agency,

I write to request under the Freedom of Information Act any documents (including, but not limited to, emails, briefing notes, minutes, letters) sent to the office of Minister Stuart Robert and/or the Prime Minister which refer to Apple or Google's Exposure Notification APIs.

Yours faithfully,

Concerned Citizen

DTA FOI, Digital Transformation Agency

OFFICIAL

Dear Concern Citizen

DTA is currently experiencing a high volume of FOI requests and we apologies for the delay in responding to your request below.

In response to your request dated 12 October 2021 in which you requested under the Freedom of Information Act 1982 (the FOI Act) access to:

'any documents (including, but not limited to, emails, briefing notes, minutes, letters) sent to the office of Minister Stuart Robert and/or the Prime Minister which refer to Apple or Google's Exposure Notification APIs.'

I wish to inform you that your request contains information relating to third parties. As a result, DTA is required to consult.

Notice of Consultation

Your request covers a document relating to the business, commercial or financial affairs of an organization. Accordingly, DTA is required to consult with the organisation concerned before making a decision on the release of this document.

Section 27 of the FOI Act provides that if a request is made to an agency for access to a document containing business information organisation, and it appears to the agency that the organization might reasonably wish to make a contention that the document is exempt under section 47 (trade secrets etc), or section 47G (business information) of the FOI Act, then the agency must not decide to give access to the document unless the organisation concerned is given a reasonable opportunity to make submissions in support of their contention, if it is reasonably practicable to do so.

The DTA will take into account any comments we receive from the organisation. However, the final decision on whether to grant access to the document requested rests with DTA.

Extension of time to process the request In accordance with section 15(6) of the FOI Act, the period for processing your request has been extended by an additional 30 days in order to allow DTA time to consult with the organisation. The processing period for this request will now end on 12 December 2021.

If you have any questions, please don’t hesitate to contact me directly

Regards
Suzie Sazdanovic
FOI and Privacy Manager
Phone: 02 6120 8595

OFFICIAL

show quoted sections

Dear DTA FOI,

Thank you for responding to my request. I understand the need to consult with third parties. However, the Office of the Australian Information Commissioner's guidelines for processing FOI requests requires that the "agency or minister must inform applicant of extension as soon as practicable (s 15(6)(b))". Given that I made my request on the 12th of October then you have failed to inform me about the extension "as soon as possible" as required by the guidelines.

I would appreciate it if you are able to consult any third parties and reach a decision as soon as possible.

Yours sincerely,

Concerned Citizen

DTA FOI, Digital Transformation Agency

OFFICIAL

Dear Concern Citizen

Thank you for your email.

As previously advised, DTA is a small Agencies and is currently experiencing a high volume of FOI requests. So, I apologies for not responding sooner.

Please be assured that we are trying to process all our FOI request, as quickly as we can.

If you would like to get a status on your request, at any time, please don't hesitate to contact me directly. My direct contact details are provided below for your convenience.

Thank you for understanding.

Regards
Suzie Sazdanovic
FOI and Privacy Manager
Phone: 02 6120 8595

OFFICIAL

show quoted sections

DTA FOI, Digital Transformation Agency

1 Attachment

OFFICIAL

Dear Concerned Citizen

Please find enclosed the decision in response to your request.

Thanks
Suzie Sazdanovic
FOI and Privacy Manager
Ph: 02 6120 8595

OFFICIAL

show quoted sections

Dear DTA FOI,

Please treat this an administrative request.

I am confused by your response. In your response you have said:
"DTA undertook a search in accordance with [my] request but did not identify any documents related to the Apple Google Exposure Notification API’s"

However, in your earlier email requesting additional time to consult you said:
"Your request covers a document relating to the business, commercial or financial affairs of an organization. Accordingly, DTA is required to consult with the organisation concerned before making a decision on the release of this document"

Which of the two statements is correct? They can not both be correct. Did you actually find a document within the scope of my request that required you to request additional time to consult?

Or is your subsequent statement that you undertook a search and did not identify any documents incorrect?

Furthermore, this request is the same as an earlier request which was refused on the grounds that it "would substantially and unreasonably divert the resources of the DTA from its other operations" as it "would require [the DTA] to make extensive searches of our files to be confident we had captured everything". In response to the original request you claimed this "would exceed the limitations of a simple text search of our records management system and email server" and "once [you] had collected these documents they would need to be reviewed for their possible relevance, and then [you] would have to undertake the decision making process on **all of these documents**" (emphasis mine).

The original request can be found here:
https://www.righttoknow.org.au/request/m...

Finally, you have previously released a Ministerial Brief (MB20-000013) about the "Apple and Google Exposure Notification Framework" (document 193 in your disclosure log).

Wouldn't that document have been within the scope of this request? I am not sure how you could have conducted a thorough search as you have claimed and not have found that document?

So, in summary:
- On the 10th of August you provided access to a Ministerial Brief about Apple and Google's Exposure Notification APIs (document 193 in your disclosure log),
- In September 2020 you refused this request because it would be too much work to review all of the documents,
- On the 9th of November you had identified a document that required consultation, and
- today you claim that no documents exist?

Could you please clarify which of these responses is accurate? I would appreciate it if you could please respond as an administrative request because perhaps by clarifying the request and how you have conducted your search we can identify the relevant documents and avoid the need for an internal or external review of this decision.

Yours sincerely,

Concerned Citizen

Dear DTA FOI,

Could you please indicate if you intend to reply to my earlier email? I am genuinely trying to understand the inconsistencies in your responses to this request and would appreciate if we were able to work together to clarify the scope such that you are able to identify the documents.

However if you aren’t interested in engaging constructively and do not intend to reply to my email then I’d appreciate knowing as there is a timeframe I need to meet if I wish to seek a review of your decision.

Yours sincerely,

Concerned Citizen

DTA FOI, Digital Transformation Agency

OFFICIAL

Dear Concern Citizen

I sent your query to the Decision Maker on 14 December 2021.

I shall follow this up today.

Thanks
Suzie Sazdanovic
FOI and Privacy Manager
PH: 02 6120 8595

OFFICIAL

show quoted sections

Dear Digital Transformation Agency,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Digital Transformation Agency's handling of my FOI request 'Ministerial correspondence - Google Apple Exposure Notifications API'.

It is not plausible that there is no correspondence between the DTA and the offices of Minister Stuart Robert or the Prime Minister about Apple or Google’s Exposure Notification APIs.

In your response you have said: 
"DTA undertook a search in accordance with [my] request but did not identify any documents related to the Apple Google Exposure Notification API’s"

However, in your earlier email requesting additional time to consult you said: 
"Your request covers a document relating to the business, commercial or financial affairs of an organization. Accordingly, DTA is required to consult with the organisation concerned before making a decision on the release of this document"

Which of the two statements is correct? They can not both be correct. Did you actually find a document within the scope of my request that required you to request additional time to consult?

Or is your subsequent statement that you undertook a search and did not identify any documents incorrect?

Furthermore, this request is the same as an earlier request which was refused on the grounds that it "would substantially and unreasonably divert the resources of the DTA from its other operations" as it "would require [the DTA] to make extensive searches of our files to be confident we had captured everything".

In response to the original request you claimed this "would exceed the limitations of a simple text search of our records management system and email server" and "once [you] had collected these documents they would need to be reviewed for their possible relevance, and then [you] would have to undertake the decision making process on **all of these documents**" (emphasis mine).

The original request can be found here: 
https://www.righttoknow.org.au/request/m...

You have previously released a Ministerial Brief (MB20-000013) about the "Apple and Google Exposure Notification Framework" (document 193 in your disclosure log).

Wouldn't that document have been within the scope of this request? I am not sure how you could have conducted a thorough search as you have claimed and not have found that document?

Furthermore, it is a matter of public record that the Government worked with Apple and Google to understand their APIs and the extent to which they could improve the Bluetooth performance of COVIDSafe.

On the 6 May 2020 the DTA appeared before the Senate Select Committee on COVID-19 (1). During the hearing the DTA were asked questions about the poor performance of the COVIDSafe app when running in the background on iOS devices.

The DTA’s CEO indicated in his answers that the DTA were working with Apple and Google to adopt new APIs (the Exposure Notification APIs) that would have better Bluetooth performance.

Mr Brugeaud: “What we can say, though, is that we're aware of the performance issues as the app moves further into the background and are working with Apple and Google on the improvements that they're making to bluetooth, and we will be one of the first adopters of that improved bluetooth connectivity.”

Mr Brugeaud: “So we're improving it all the time, but the big shift in performance of the bluetooth connectivity will be the point at which we are able to leverage the new Apple and Google bluetooth management software”

Mr Brugeaud: “Yes, and, as I've mentioned, with the improvements that come from Apple and Google with the bluetooth software, that will improve the performance for all users”

Senator PATRICK: “So in terms of working out things like bluetooth and connectivity, are you engaging with anyone other than AWS, Boston Consulting, and the third contractor that's mentioned?”

Mr Brugeaud: “We've engaged directly with Google and Apple.”

On the 20th of May 2020 Apple and Google made their Exposure Notification APIs available in their releases of iOS 13.5 and an update to Google Play Services.

On the 21st of May 2020, the ABC reported that the DTA were continuing to test Apple and Google’s Exposure Notification APIs (2). The article quoted a spokesperson for the Minister Stuart Robert as saying:

"The Digital Transformation Agency and the Department of Health have been working with Apple and Google to understand and test the Exposure Notification Framework since it was released to see how it can be applied in Australia… That testing is ongoing."

Also on the 21st of May 2020 the Health Minister Greg Hunt met with Apple's vice-president for health, Dr Sumbul Desai to discuss COVIDSafe and Apple and Google’s APIs.

However, by July 2020 the COVIDSafe app still had not been updated to use Google and Apple’s new APIs.

In an interview on Sky News on the 22nd of July 2020 (3) Minister Stuart Robert was asked why the DTA’s own data showed the app was only effective on iPhones some of the time.

In response Minister Stuart Robert said:
“It is using the native Bluetooth on the handset so the limitation will always be what the handset allows you to do and certainly if the app is in the background on an iOS device that’s locked connecting to another iOS device it is not as effective as an Android device with the app in the foreground unlocked. Now that’s got to do with the handset, not to do with the app and of course we’re working with Apple and Google to get the handset Bluetooth signal as strong as possible”.

“Apple and Google could fix this tomorrow with their Exposure Notification framework which was their way of doing things. With an app in the background with a locked phone… the Bluetooth works perfectly. So Apple could fix this tomorrow. They could actually ensure that the Bluetooth strength works at the highest possible level tomorrow for applications built in a sovereign framework and we’re working constructively with Apple on this”.

It is not plausible that:
- the CEO of the DTA would give evidence about Apple and Google’s APIs before a senate committee,
- a spokesperson would provide a quote to the ABC about Apple and Google’s APIs,
- the Health Minister would meet with Apple’s Vice President for Health,
- Minister Stuart Robert would appear in an interview where he states that the Government is working with Apple
without any documents being sent from the DTA to the offices of the Minister Stuart Robert or the Prime Minister.

So, in summary: 
- On the 10th of August you provided access to a Ministerial Brief about Apple and Google's Exposure Notification APIs (document 193 in your disclosure log), 
- In September 2020 you refused this request because it would be too much work to review all of the documents, 
- On the 9th of November you had identified a document that required consultation, and 
- today you claim that no documents exist?

As mentioned previously I am honestly interested in working constructively to help you identify the documents I am requesting but despite my offer to help clarify the request in order to facilitate finding them the decision maker has not responded.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/m...

Yours faithfully,

Concerned Citizen

1 - SENATE SELECT COMMITTEE ON COVID-19, Official Committee Hansard, WEDNESDAY, 6 MAY 2020: https://parlinfo.aph.gov.au/parlInfo/dow...

2 - Google and Apple release technology to help with coronavirus contact tracing: https://www.abc.net.au/news/2020-05-21/g...

3 - COVIDSafe application working ‘just as intended’ (Interview with Minister Stuart Robert on Sky News): https://www.skynews.com.au/australia-new...