Scott Morrison has compounded a serious data breach by the Department of Immigration by providing the location of documents that reveal personal information on asylum seekers.
Immigration Minister Scott Morrison appears to have worsened the Department of Immigration’s accidental release of information relating to asylum seekers by revealing exactly where the information was located, further exposing asylum seekers and their families to the potential for retribution.
The Guardian revealed yesterday that information on the personal details of nearly 10,000 asylum seekers and other people in immigration detention had been embedded in data available on the Department of Immigration’s website, after journalist and information activist Asher Wolf found the information in documents downloadable from the site. The department removed the material after being contacted by The Guardian mid-morning.
Those with the right tools could access not merely the names of asylum seekers but their mode of arrival, the vessels they arrived on if they are maritime arrivals, their countries of origin, whether they are a child or adult, the family groups they are travelling with, whether they are in community detention or in a Department of Immigration facility and internal departmental nomenclature.
In its initial report, The Guardian declined to reveal where the information was located. Crikey — which was also tipped off about the breach and in possession of both the downloadable files and the information embedded in them — also chose not to reveal any information about the nature of the files, given that anyone who had downloaded them before they were removed would know where to look for the information.
However, Morrison issued a media release yesterday that stated in which documents the personal information of asylum seekers was located and when they had been released. The media release was still online this morning. Crikey has again decided to err on the side of caution and not to link to the media release, or quote the relevant section of it, for fear of compounding the problem. Fairfax, however, has quoted the relevant passage of the release.
Morrison went on to call the data breach by his department as “unacceptable” and was correct to do so. An independent review of what happened by KPMG is now underway.
This error by departmental staff may well have extended back well before the Coalition’s period in government. However, in identifying which documents contained the information, Morrison has gone much further than The Guardian or Crikey chose to do and has potentially tipped off anyone who has previously downloaded the documents that they have considerable personal data about asylum seekers in their possession. HTML versions of the documents were also still available via Google’s cache, but the Department has told Crikey they do not contain the embedded information.
Personal information about the identities of asylum seekers is tightly controlled out of concern that the governments of countries from which people are seeking asylum, or non-government forces in those countries, may take reprisals against the families of asylum seekers, or asylum seekers themselves if they fail in their bid for asylum overseas. Any information about asylum seekers in Australia is thus likely to be closely monitored by the intelligence agencies of countries like Iran, China and Vietnam.
Morrison’s media release has made it significantly easier for anyone to locate crucial information about people who have sought our protection.