[Linux-aus] ART FOI review - myGov Code Generator app source code

[Matthew Lye]

Probably worth remembering that the basis for determining that something is
exempt from FOI under national security grounds only requires a
determination that the release of the information has the potential to
cause some level of harm/damage to the government or public.

They could very easily block it on the basis that the solution is currently
operational, and a flaw identified by a threat actor on the basis that it
was open sourced would likely result in harm to the public or
government interests. A discussion about technical compliance to ISM
requirements doesn't even come into it.

-Matthew


On Sat, 3 Jan 2026 at 12:46, Glen Turner via linux-aus <
linux-aus at lists.linux.org.au> wrote:

>
> 1) a FOI request might not result in the Code Generator source code,
> but FOI should be able to illuminate the decision making around how the
> app came to be, say versus a list of recommended TOTP apps.
>
> 2) a potential claim that the app has a national security sensitivity
> would imply the agency has done a lot of paperwork to meet the
> requirements of a novel national security cryptographic system, and
> some of that may be obtainable by FOI. In particular the list of ISM
> exceptions would be long and fundamental, eg: the TOTP secret key does
> not roll over often enough, the app is fielded onto uncontrolled
> hardware and unmanaged operating systems.
>
> -glen
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> https://lists.linux.org.au/mailman/listinfo/linux-aus
>
> To unsubscribe from this list, send a blank email to
> linux-aus-unsubscribe at lists.linux.org.au
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20260103/26c9e291/attachment.htm>