From: "Rice, Andrew" To: "Roger.Clarke@xamax.com.au" Subject: Document Verification Service [SEC=UNCLASSIFIED] Date: Tue, 13 Nov 2012 00:26:15 +0000 Dear Mr Clarke I write to offer you a briefing on the operation of the Document Verification Service (DVS). My area is responsible for operating the DVS. We are also progressing the Government decision to make the service available to the private sector. I have seen your interest in your comments to ITNews last week. We are happy to bring you up to date on our work. Regards Andrew Rice Assistant Secretary Cyber and Identity Security Policy National Security Resilience Policy Division Attorney-General's Department 3-5 National Circuit BARTON ACT 2600 Tel 61 2 6141 2704 Mob 0437 925 363 ___________________________________________________________________ Date: Sun, 18 Nov 2012 09:05:47 +1100 To: "Rice, Andrew" From: Roger Clarke Subject: Re: Document Verification Service [SEC=UNCLASSIFIED] Dear Andrew At 0:26 +0000 13/11/12, Rice, Andrew wrote: >I write to offer you a briefing on the operation of the Document Verification Service (DVS). >My area is responsible for operating the DVS. We are also progressing the Government decision to make the service available to the private sector. >I have seen your interest in your comments to ITNews last week. >http://www.itnews.com.au/News/322040,the-australian-governments-identity-catch-all.aspx >We are happy to bring you up to date on our work. Thank you for your email. We anticipated that your consultant IIS and/or PM&C would have provided you with a copy of APF's submission in relation to the NTIF, which was sent to them on 31 October. It made a number of comments in relation to the DVS project. Your email didn't mention that submission, so perhaps they haven't done so. A copy is here: http://www.privacy.org.au/Papers/PMC-NTIF-121031.pdf As regards your offer, a briefing on a fait accompli is no substitute for early engagement in risk identification and mitigation efforts, prior to commitments being made and schemes designed. APF commits its resources to, in the following priority order: (1) participation in meaningful consultation processes, which are held before decisions are made, with organisations that are committed to reflecting the outcomes of consultations in the design See http://www.privacy.org.au/Papers/PS-Cons-101106.html (2) publicly flaying organisations that breach reasonable public expectations about the design of potentially privacy-invasive schemes If we have misunderstood, and the design of the DVS enhancements remains open, and you undertake to reflect submissions made to you about the proposal, then we would be delighted to revert from approach (2) to approach (1). Would you please advise whether AGD proposes to engage on this matter, or is proceeding with its intentions irrespective of public opinion. We look forward to your response. Yours sincerely Roger Clarke Chair, for the Board of the APF