Secrets about Labor’s vast voter tracking system were sitting in Google search results for weeks and potentially months.
- Software firm used by Labor accidentally published a task list online
- Records detailed work done for Labor’s voter tracking database and MPs’ websites
- Political parties are exempt from the Privacy Act
They detailed how the software firm behind the system carried out upgrades to allow the party to store individuals’ beliefs about the same-sex marriage survey.
Those upgrades were made in a development “sprint” over four days, and were completed on the day the survey form was released in September last year.
The information inadvertently released consisted of dozens of tasks in the task management system within the software firm Magenta Linas across 2016 and 2017.
An ALP spokesperson confirmed that an administrative task list relating to campaign software was “inadvertently cached” due to a “contractor error”.
“The contractor advises that no personal information and no electoral roll information was published or made accessible at any stage,” the spokesperson said.
Each task contained fields such as the type of job, its status, the priority, a description, who assigned it, and an estimate of the time required.
The information was only removed from Google when the ABC alerted the firm.
The firm’s campaigning software, dubbed Campaign Central, links voters’ personal information from the electoral roll with data useful for campaigning.
The same-sex marriage upgrades expanded Labor’s ability to record people’s intentions about the controversial survey.
These were stored in part of its database called the “Propensity Table”.
‘Not a data breach’
Magenta Linas spokesperson Andrew Navakas said the release of this information was not a data breach, as part of a three-line statement provided to the ABC.
“This is an administrative task list and does not constitute a data breach,” he said.
David Vaile, executive director of the UNSW Cyberspace Law and Policy Centre, the release was caused by a failure to take even simple precautions.
“It’s not a personal information data breach — although there were quite a lot of names of politicians and the people in the companies involved — but it is a really fundamental breach of security,” he said.
“It’s not as if hackers have broken through your defences, it’s as if you didn’t bother to put the defences up in the first place.”
ALP’s spokesperson said the party “takes our responsibilities under the Commonwealth Electoral Act very seriously”.
It’s not clear when the task list was first published, but the listings note they were “updated” in March this year.
The links were no longer active but the Google cache of results had kept copies of the tasks. These were created in August.
Apart from the work on the same-sex marriage survey, the information included jobs completed for Labor MPs including Mark Butler, Peter Khalil, Murray Watt and Wayne Swan.
Details and discussion about jobs were also included.
Labor organisers’ daily work program as outlined in ‘2014 Victorian Field Program Field Organiser Roles & Responsibilities’ (Supplied)
In one listing, Queensland Deputy Premier Jackie Trad’s office wanted a change to her website to remove a flag.
One developer said “my view is we should quote them for this even if it takes a very small amount of time because it is a change to the template”.
Spokesperson Mr Navakas said “Magenta Linas Software maintains the highest standards in data protection for its clients, as it has done for 25 years”.
“Our company continually strives to strengthen its quality systems and processes,” he said.
The task management program is called Jira and is developed by Australian outfit Atlassian.
A spokesperson for Atlassian explained to the ABC how this might have happened.
“When a customer is using a self-managed version of Jira, as it appears in this case, they are responsible for hosting and managing their data on their own servers,” the spokesperson said.
The importance of Campaign Central to Labor campaigning was confirmed in a March report from the Victorian ombudsman into the use of MP staff budgets prior to the 2014 Victorian election.
It included field organisers’ daily work program, which showed they are required to insert new information into Campaign Central every day.
The Liberal Party’s use of similar software has been detailed by the ABC.
Political parties are exempt from the Privacy Act, which requires businesses to comply with privacy principles covering handling of and access to personal information.
In a 2008 report, the Law Reform Commission recommended these exemptions be removed.
A 2017 survey conducted by the Privacy Commissioner found 64 per cent of the Australian public incorrectly believed political parties were covered by the Privacy Act.