Turnbull given ok to use Slack, Wickr

Prime Minister Malcolm Turnbull was advised there is no national security risk raised by his use of messaging applications like Slack and Wickr for official government communications, a document tabled in parliament last night reveals.

The PM made headlines in the past two weeks after his use of non-official communications apps and a private email server came to light.

In early October, Turnbull admitted to using a private server hosted by a non-government provider for email communications that included official government business.

He denied it could negatively affect freedom of information requests.

Turnbull has previously spoken of his fondness for messaging app Wickr, and reportedly asked his cabinet to communicate using the Slack collaboration tool.

Slack’s servers are located in Virginia in the US, and the company has been hacked several times in recent years. Wickr messages self-destruct after a set period of time.

Last night the government tabled a document as part of this week's budget estimates revealing Turnbull had sought advice on the use of such technologies and was informed it did not create security risks or breach freedom of information obligations.

The deputy secretary of national security within the PM's department, Allan McKinnon, informed Turnbull that non-official communication systems could be used to convey official government information that is unclassified and not sensitive.

"Even unclassified official information that is sensitive or otherwise caveated can be conveyed on non-government devices and systems if done so in accordance with [the ASD's Information Security Manual] ISM controls [pdf]," McKinnon advised.

"For example, ASD's website provides a list of certified cloud services. These services can be used in relation to sensitive unclassified information."

In practice, he said, this meant a wide variety of information could be conveyed on non-government systems.

In fact, McKinnon said, using such unofficial channels was "absolutely necessary" for the smooth operation of the government as it exchanges information with the private sector, members of the public and foreign governments - "none of whom are operating on secure Australian government information systems". 

The official said any documents in Turnbull's possession that relate to ministerial duties are subject to the FOI Act no matter where they reside.

He said the Archives Act sets out a framework for the creation, destruction and archiving of Commonwealth records, which did not apply to documents of a personal nature, those relating to party matters, or those containing correspondence with constituents about local matters.

The advice was raised in an estimates session today with Attorney-General George Brandis and Information Commissioner Timothy Pilgrim.

Pilgrim was recently given an extended appointment as Information Commissioner for three more months, and as Privacy Commissioner for a further 12 months.

Labor MP Jacinta Collins asked Pilgrim to consider an own-motion investigation into the use of non-official methods of communications and how that affects freedom of information.

Pilgrim said he had not considered the matter thus far, but said he would look at the advice provided to the PM and contemplate what response he could provide.

Concerns around the impact of using non-official communications channels for government business on FOI were raised by, among others, the South Australian ICAC in 2012.

"It has been suggested that the reason for doing so is to avoid the requirement to disclose those emails where an application is made under the Freedom of Information Act 1991 ('FOI Act')," the SA ICAC said at the time [pdf].

"If it is the case that public officers are engaging in this kind of conduct to avoid the consequences of the FOI Act, that conduct should cease immediately."