Rethinking our approach to open-source data
Originally posted by Melissa Liberatore @ aspistrategist.org.au
Open-source data is built on the foundation of long-term useability, authenticity and reliability. Its public nature means that it can be accessible anywhere with an internet connection.
Yet when we talk about the government data that needs to be protected for national security reasons, classified information—related to defence and intelligence services—often takes precedence. But what about the protection of unclassified, open-source government data?
Websites like data.gov.au, Trove and Parl Info Search host a broad range of data that collectively documents the political, social and cultural history of Australia. Over time, this data accumulates to paint a detailed picture of our country. It’s a high-value dataset given the trends big data analytics can reveal.
The Department of Communications and the Arts has estimated that the value of open government data is $25 billion per year—which represents 1.5% of Australia’s GDP. To give that some context, Australia is budgeting to spend 1.91% of its GDP on defence in 2018–19.
As outlined in the Attorney-General’s Department’s Protective Security Policy Framework, simply increasing the classification level of data isn’t enough to ensure its protection. The department recommends that agencies consider the potential business impact if something were to happen to their data. The policy framework outlines risks to aggregate data, including unauthorised disclosure and inconspicuous copying, modification or dissemination of information. And it warns of possible operational, reputational or monetary impacts for an individual agency or the government as a whole.
In an era of technological disruption, all it takes is the dissemination of disinformation to undermine national security.
Governments and private companies around the world are already starting to implement technologies and software to address data security. We’re now seeing the powerful combination of traditional information security, relating to controlled access to information and security of ICT systems, with the application of principles of long-term data preservation.
One example is Preservica, a software platform that incorporates the key data-preservation principles of useability, accessibility, security and authenticity. Once digital data has been created and stored, it is continually checked not only to prevent the obsolescence of file formats, but also to confirm the integrity of the data and metadata and ensure it hasn’t been manipulated. Preservica is being used by the UK National Archives, the European Commission and the Provincial Archives of New Brunswick in Canada.
Swedish company Enigio Time is based on similar principles. Its aim is to ‘provide proof of the truth’ and digital data integrity in what it calls a ‘#PostTruth era’. Enigio Time software generates a timestamp on a digital document, leaving unchangeable proof of the content of the document when it was created.
Another technology that could also contribute to data integrity is blockchain. Blockchain is commonly associated with Bitcoin and cryptocurrencies, but it could also contribute to data integrity. It creates a record of data that is stored permanently in multiple locations. Despite some scepticism about it, governments around the world have already begun testing and implementing blockchain technology.
The Netherlands, Georgia, Sweden, the UAE, Canada and Estonia either use blockchain or have piloted blockchain projects for a variety of government services.
One example that stands out is the Chilean government’s use of blockchain for the preservation and security of its environmental data.
Earlier this year, the Chilean National Energy Commission launched a project called Energia Abierta (Open Energy). It aims to increase the security, integrity and traceability of energy information by storing publicly available data, such as national electric capacity, energy prices and emission levels, on the Ethereum blockchain technology. The commission says that public information, particularly related to energy, is critical for investment decisions and shaping policies.
Chile’s emissions data could, for example, be manipulated by foreign actors who could then criticise the government for not meeting its commitment to the Paris climate agreement, which Chile has ratified. A discrepancy in the information held by energy providers, the energy commission and other national agencies could severely undermine trust in Chile’s governance.
In Australia, blockchain is starting to appear on the government’s agenda. Last year CSIRO’s Data61 conducted research into blockchain and its potential applications in the government and business sectors. Its report Distributed ledgers: scenarios for the Australian economy over the coming decades, concluded that blockchain technology can enhance the trust, accountability and auditability of data storage.
In the 2018–19 budget, the Australian government allocated $700,000 to the Digital Transformation Agency to research how blockchain could be used to support government services. And only last week the government signed a five-year agreement with technology company IBM to help further its digital transformation agenda.
Data accessibility is also on the government’s agenda, as seen by the Productivity Commission’s 2017 report into data availability and use, the data sharing for innovation agenda, and the 2015 public data policy statement.
The value of accurate, reliable and verifiable open-source information shouldn’t be underestimated. Australia needs to take advantage of new technologies as they emerge and reframe its approach to the security and preservation of open-source data.