Dear Digital Transformation Agency,

Please provide any reports or documents prepared by Boston Consulting Group (BCG) about the Google/Apple Exposure Notification system (GAEN, EN, or ENF) including reports comparing the effectiveness of Exposure Notification to the Bluetooth used in the COVIDSafe app.

Yours faithfully,

Concerned Citizen

DTA FOI, Digital Transformation Agency

OFFICIAL

Good morning Concerned Citizen

Thank you for your request.

To reduce the cost of processes your request would you consider, revising your scope to a particular document that you are seeking or reducing the date range to a particular moment in time?

If you could please let me know by 15 October 2021. If I do not hear back by this date, I will proceed based on your instructions, below, dated 9 October 2021.

Happy to discuss
Suzie Sazdanovic
Privacy and FOI Manager
PH: 02 6120 8595

OFFICIAL

show quoted sections

Dear DTA FOI,

Thank you for your response. I do not wish to reduce the scope of my request.

Yours sincerely,

Concerned Citizen

DTA FOI, Digital Transformation Agency

OFFICIAL

Dear Concern Citizen

In response to your request dated 9 October 2021 in which you requested under the Freedom of Information Act 1982 (the FOI Act) access to:

'any reports or documents prepared by Boston Consulting Group (BCG) about the Google/Apple Exposure Notification system (GAEN, EN, or ENF) including reports comparing the effectiveness of Exposure Notification to the Bluetooth used in the COVIDSafe app,'

I wish to inform you that your request contains information relating to third parties. As a result, DTA is required to consult.

Notice of Consultation

Your request covers a document relating to the business, commercial or financial affairs of an organization. Accordingly, DTA is required to consult with the organisation concerned before making a decision on the release of this document.

Section 27 of the FOI Act provides that if a request is made to an agency for access to a document containing business information organisation, and it appears to the agency that the organization might reasonably wish to make a contention that the document is exempt under section 47 (trade secrets etc), or section 47G (business information) of the FOI Act, then the agency must not decide to give access to the document unless the organisation concerned is given a reasonable opportunity to make submissions in support of their contention, if it is reasonably practicable to do so.

The DTA will take into account any comments we receive from the organisation. However, the final decision on whether to grant access to the document requested rests with DTA.

Extension of time to process the request
In accordance with section 15(6) of the FOI Act, the period for processing your request has been extended by an additional 30 days in order to allow DTA time to consult with the organisation. The processing period for this request will now end on 8 December 2021.

If you have any questions, please don’t hesitate to contact me directly

Regards
Suzie Sazdanovic
FOI and Privacy Manager
Phone: 02 6120 8595

OFFICIAL

show quoted sections

Dear DTA FOI,

Thank you for your email. I understand the need to consult with third parties. However, the Office of the Australian Information Commissioner's guidelines for processing FOI requests requires that the "agency or minister must inform applicant of extension as soon as practicable (s 15(6)(b))". Given that I made my request on the 9th of October then you have failed to inform me about the extension "as soon as possible" as required by the guidelines.

I would appreciate it if you are able to consult any third parties and reach a decision prior to the 8th of December.

Yours sincerely,

Concerned Citizen

DTA FOI, Digital Transformation Agency

1 Attachment

OFFICIAL

Dear Concern Citizen

Please find attached the decision in relation to your request.

If you have any questions, please don't hesitate to contact me directly.

Regards
Suzie Sazdanovic
FOI and Privacy Manager
PH: 02 6120 8595

OFFICIAL

show quoted sections

Dear DTA FOI,

Thank you for your email about your decision. Please consider this as an administrative request.

In your decision you have indicated that you identified 11 documents. To help me determine whether the decision to refuse access was consistent with the requirements of the FOI legislation could you please provide:
- the title of each document,
- the date that it was received by the DTA, and
- the number of pages.

It would also be helpful if you could indicate the exemption criteria that you have considered apply to each document individually rather than a blanket statement of reasons for the entire collection of 11 documents.

This information will help me to determine whether I agree that the exemptions seem reasonable for each of the documents or whether I think the decision should be reviewed.

Yours sincerely,

Concerned Citizen

Dear DTA FOI,

In additional to my earlier email requesting a list of the 11 documents, I also request access to edited copies of each of the documents with exempt or irrelevant matter deleted as provided for by Section 22 of the Freedom of Information Act which states:

“(2) The agency or Minister must:
(a) prepare the edited copy as mentioned in paragraph (1)(b); and
(b) give the applicant access to the edited copy.”

Yours sincerely,

Concerned Citizen

Dear Digital Transformation Agency,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Digital Transformation Agency's handling of my FOI request 'Reports about the effectiveness of Exposure Notifications'.

I am requesting an internal review by an independent decision maker.

To be quite frank, I am not sure of the value of an internal review at this stage as it is clear from this decision that the DTA is not taking its obligations under the Freedom of Information Act seriously. However, I would like to take this process seriously and will give you the opportunity to conduct an internal review before I request one from the Information Commissioner.

You have identified 11 documents within the scope of my request but have refused to provide access to any of them in whole or in part.

Section 22 - Access to edited copies with exempt or irrelevant matter deleted

In the decision you have stated that you are refusing to provide access under a section of the FOI Act that requires you to provide edited copies of documents with any exempt matter deleted (22). This section does not provide a reason to refuse access. Rather it requires that you provide access to edited documents “with reasons for each of the deletions”. I know that you know this because I am quoting from the letter you wrote outlining your decision. Yet you have not provided access to edited documents as required by the law.

Furthermore, you claim that you “have decided that parts of the documents would disclose information that could reasonably be regarded as irrelevant to [my] request because it contains information that is outside the scope of [the] request”.

To remind you my request was for:
“any reports or documents prepared by Boston Consulting Group (BCG) about the Google/Apple Exposure Notification system (GAEN, EN, or ENF) including reports comparing the effectiveness of Exposure Notification to the Bluetooth used in the COVIDSafe app”

For the avoidance of doubt my request was for the entirety of the reports or documents. Therefore with the exception of any exempt material I would expect to receive the documents in full.

My expectation is that under this section you would:
- provide access to edited copies of all 11 documents you identified with only the exempt material deleted, and
- not delete any material other than the exempt material as I specifically requested the entire document so it is all by definition relevant to my request.

Section 47G - Public interest conditional exemptions – business

The section of the Act allows for a conditional exemption. That is, even if you find that the documents contain material that would be exempt under section 47G that does not necessarily mean that you should deny access.

First you are required to determine whether there is material that is exempt under 47G.

Then you are required to separately consider whether there is a public interest in disclosing the conditionally exempt material anyway.

On the first point: do any of the 11 documents contain some information that should be exempt under 47G?

To refuse access to information under this exemption requires that disclosure would “unreasonably affect…that organisation… in respect of its lawful business”.

BCG is a multinational consulting firm that has been paid over $70 million dollars by the Commonwealth Government in the past few years(1). It has 22,000 employees, offices in 50 countries and an annual revenue of $8.6 billion (USD).

It is a matter of public record that BCG provided advice to the Government about the COVIDSafe app (2)(3)(4).

It is also a matter of public record that BCG provided advice to the German Government about their contact-tracing app which uses Google and Apple’s Exposure Notification system (5)(6).

The documents requested contain information that BCG provided to the Australian Government about the effectiveness of Google and Apple’s Exposure Notification system and how it compares to the approach taken in the COVIDSafe app.

You claim without evidence that providing access to these documents would unreasonably affect BCG in respect of its lawful business. It is difficult to see how this could be true.

If the documents show that BCG recommended the adoption of Google and Apple’s Exposure Notifications then this would be consistent with the approach taken in Germany with the app developed in collaboration with BCG. Revealing this would not unreasonably affect BCG in respect of its lawful business as it is already a matter of public record that BCG recommended this approach in Germany.

On the other hand, if the documents show that BCG recommended against the adoption of Google and Apple’s Exposure Notification system in Australia then it could be the cause of some embarrassment for BCG (and the DTA), but it is hard to see how this could unreasonably affect them in respect of their lawful business. Given BCG’s public role in the development of the COVIDSafe app then it does not seem unreasonable that they adhere to the principles of transparency by providing public access to information about the nature of their advice about the development of the app and how the approach taken compares with alternatives.

If it turns out that the advice was misplaced and contributed to the poor performance of the app then it is undoubtedly in the public interest for this to be known. BCG and the DTA should not be exempt from scrutiny merely because you have claimed that there may be *some* affect on their business. To override the public interest in disclosure you must demonstrate that there is an *unreasonable* affect.

You do not provide any evidence to justify your claim that the disclosure would have an unreasonable affect on BCG’s business, you merely assert that it could.

My expectation is that under this section you would:
- determine whether there is actually an unreasonable affect on BCG’s business,
- provide access to the 11 documents with any material that you claim is exempt under 47G deleted with reasons given for each specific deletion that provide evidence for how access to the deleted material would impact BCG’s business.

What constitutes documents that relate to business affairs?

47G provides exemptions for material within documents that relate to “the lawful business, commercial or financial affairs of an organisation” (7). Given that your decision provides no evidence for its assertion that the 11 documents identified are all exempt under 47G it is difficult to know to what extent this exemption may apply - but it seems that you might be claiming that merely because the documents were produced by a business that they pertain to the affairs of that business and their disclosure would have an affect on that business.

If this is the case, then I do not believe it is correct to take this broad interpretation of “business affairs”. My interpretation is that for material in a document to be exempt under 47G the exempt content of the document would need to be largely about the “business affairs” of the business. That is, the content would need to be about the financial interests of the business, the organisational structure of the business, the way in which the business plans to conduct itself in the market etc.

In reviewing the decision I request that the decision maker to clarify how they interpret “business affairs” in this context and to explain how that interpretation applies to any information that is considered to be exempt under 47G.

My expectation is that:
- you would only apply this exemption to some material within the 11 documents and not the entirety of the documents, and
- you would only apply this exemption to any material that is actually about the business affairs of BCG.

Avoiding scrutiny by outsourcing policy?

The objects of the Freedom of Information Act include:
“(a) increasing public participation in Government processes, with a view to promoting better-informed decision-making;
(b) increasing scrutiny, discussion, comment and review of the Government’s activities”

During this unprecedented global pandemic it is more important than ever that the public are able to understand the basis for governments’ decisions.

Increasingly governments are engaging consulting firms such as BCG to perform functions that have previously been the responsibility of the public service. In a recent paper the Australia Institute suggest that up to $1.1 billion has been spent in a 12 month period and that this “could have employed an additional 12,346 public servants” (8)

If an agency can avoid disclosure merely by alleging that it could affect the business of a consulting firm this would undermine the objects of the FOI Act as more and more of the core business of government is outsourced to consulting firms.

If there is a genuine, *unreasonable* detrimental impact on a business that has provided services to government by the disclosure of documents relating to the business affairs of that business then it is reasonable to redact parts of the documents to prevent the unreasonable impact. However, the agency that is claiming an exemption should provide some evidence that there would be an unreasonable impact. They should not be able to avoid scrutiny by outsourcing their core business to a consulting firm and then merely claiming that there could be some vague affect on that firm’s business as reason to deny access to every single document produced by the consulting firm.

In reviewing this decision to refuse access to these documents under section 47G I request that the decision maker:
- review each of the documents individually,
- consider whether parts of the documents can be released with any exempt information deleted,
- consider what specific harm would be done to BCG’s business by the disclosure of any potentially exempt information,
- consider whether that harm is unreasonable or whether it is reasonable given BCG’s central role in the development of this app that could have had a much greater impact on our ability to prevent the spread of COVID-19 in Australia,
- determine whether on balance it is of greater public interest to provide access to the potentially exempt information despite the fact that it may be conditionally exempt, and finally
- consider the broader ramifications if agencies are able to avoid scrutiny by outsourcing policy to consulting firms and then relying on unsubstantiated claims of a potential affect on their business as a justification to deny access to otherwise relevant information.

Public interest conditional exemption considerations

In your decision you quote section 11A of the FOI Act that states:
“The agency or Minister must give the person access to the document if it is conditionally exempt at a particular time unless (in the circumstances) access to the document at that time would, on balance, be contrary to the public interest”.

Ignoring for the moment that you have provided no evidence to support your assertion that there would be any unreasonable affect on BCG’s business, let’s just consider whether “access to the document at that time would, on balance, be contrary to the public interest”.

Factors favoring access to the document:

Promote the objects of this Act

As stated previously the objects of the Freedom of Information Act include:
“(a) increasing public participation in Government processes, with a view to promoting better-informed decision-making;
(b) increasing scrutiny, discussion, comment and review of the Government’s activities”.

There is undoubtedly public interest in understanding the Government’s decision not to adopt Google and Apple’s Exposure Notification system in COVIDSafe. Specifically of interest in this case is why Germany did adopt this approach and yet Australia did not - given BCG was involved in both apps.

In contrast to the considerable benefit to the public interest in providing access to these documents you have provided the following as your only reason not to provide access:

“In consultation with the third party, they have requested that the DTA considers the confidential arrangements and in particular the terms of those arrangements.

Considering the submissions of the third party, I am satisfied that releasing the requested information would not be in the public interest and would, if released, be in breach of confidence between the Commonwealth and the third party”

There is nothing in this reasoning that explains how providing access would in any way damage the public interest. How exactly did you become “satisfied that releasing the requested information would not be in the public interest”? What would be the damage to the public interest in releasing the information? How does the damage (if any) override the obvious benefit to the public interest in “increasing public participation in Government processes, with a view to promoting better-informed decision-making” and “increasing scrutiny, discussion, comment and review of the Government’s activities” as are the objects of the FOI Act?

Are you suggesting that if you provide access to *any* of the material in the 11 documents then BCG would consider it a breach of a confidentiality agreement? And presumably you’re suggesting this “could reasonably be expected to prejudice [your] ability to obtain confidential information” from BCG in the future? And that if BCG was unwilling to provide confidential information to you in the future then this would have such a big impact on the DTA’s ability to perform its functions so as to represent damage to the public interest?

If that is your argument then I’d suggest you are drawing a rather long bow. Firstly, surely not all of the content of the 11 documents would be considered by BCG to be confidential information under any agreement you have with them? Secondly even if BCG were so upset by the disclosure of the information in these documents then do you honestly think this would prevent them from performing work for the DTA in the future? And even if they were unwilling to provide services to the DTA in the future, does this necessarily constitute a damage to the public interest? There are many other consulting firms who could provide similar services.

Frankly, to suggest that a confidentiality agreement with a consulting firm can override the public interest in providing public access to information about Government decision-making is an outrageous suggestion.

In reviewing this decision I expect the decision maker to:
- clearly indicate their rationale for determining what (if any) damage would be done to the public interest by providing access to the conditionally exempt content contained in the 11 documents (if there is in fact any conditionally exempt content),
- reconsider whether the extent of any damage to the public interest is actually greater than the benefit to the public interest of providing access.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/r...

Yours faithfully,

Concerned Citizen

(1) Raising Hell: Cracking COVIDSafe: Part 2: The Boys From Boston - https://roycekurmelovs.substack.com/p/cr...

(2) BCG's fees for COVIDSafe app surpass $1 million mark - https://www.consultancy.com.au/news/2341...

(3) BCG gets another COVIDSafe contract - https://www.innovationaus.com/bcg-gets-a...

(4) COVIDSafe app: government throwing good money after bad - https://itwire.com/open-sauce/covidsafe-...

(5) BCG Digital Ventures’ 2020 Wrap-Up - https://medium.com/bcg-digital-ventures/...

(6) BCG Digital Ventures (@BCGDV) on Twitter - https://twitter.com/BCGDV/status/1276616...

(7) OAIC FOI Guidelines, Part 6 — Conditional exemptions - https://www.oaic.gov.au/freedom-of-infor...

(8) Talk isn’t cheap: Making consultants’ reports publicly available via Senate order - https://australiainstitute.org.au/wp-con...

DTA FOI, Digital Transformation Agency

1 Attachment

OFFICIAL

Dear Concern Citizen

Please find attached the Internal Review in relation to your request.

If you had any further questions please respond to this email.

Kind regards,

FOI and Privacy Officer
Digital Transformation Agency (DTA)
www.dta.gov.au

OFFICIAL

show quoted sections