Skip to main content
Home
  • The Legislative Assembly meets today (01:00 PM)Watch live
    Watch Assembly live
  • The Legislative Council meets today (01:00 PM)Watch live
    Watch Council live
  • The Estimates Committee meets tomorrow (09:30 AM)
    Committee meet tomorrow
  • The Joint Standing Committee on the Corruption and Crime Commission meets tomorrow (09:45 AM)
    Committee meet tomorrow

Parliamentary Questions


Question On Notice No. 374 asked in the Legislative Assembly on 23 February 2022 by Ms M.J. Davies

Question Directed to the: Minister for Public Sector Management
Parliament: 41 Session: 1


Question

I refer to the Service WA application, and I ask:
(a) Who is the Minister directly responsible for the Service WA application;
(b) Who developed this application;
(c) Who manages this application:
(i) How many people are employed to manage the application on a day-to-day basis and are these Government employees;
(d) Was there a tender process:
(i) If yes, when did the tender process open and close;
(ii) How much was the tender contract worth; and
(iii) How many applications were received and how many were shortlisted;
(e) Are there projections or modelling on the number of anticipated downloads for Service WA:
(i) Have the actual downloads met those expectations;
(ii) How many downloads have occurred to date; and
(iii) How many downloads are anticipated by the end of July 2022;
(f) What are the funding sources for Service WA;
(g) Which Government department(s) hold data created and recorded by the application:
(i) How long is data held for; and
(ii) Who has access to the data, and why have they been given access;
(h) Is the application's coding related to any 'Services' applications used in other jurisdictions;
(i) Does the application have PIN or identification access requirements (for example, FaceID or fingerprint recognition) inbuilt into the program, even if it is not used:
(i) If not, why not;
(j) Is it anticipated that West Australians will, in future, be required to check out of venues through the Service WA application;
(k) Why was the Service WA FAQ page published on 20 December 2021 when the application was not publicly available until 11 January 2022;
(l) Is the State Government subject to any licence or commission fees for development and/or ongoing costs and if yes:
(i) What is the total cost of those fees;
(ii) Who are the fees payable to;
(iii) Please provide an individual breakdown and length of time those fees are payable;
(iv) Are there fees for accessing servers to store information logged in the application or by the application; and
(v) In the interests of transparency, will there be a specific line item in the Budget Papers for Service WA;
(m) What is the estimated carbon footprint of Service WA;
(n) What is the timeline to facilitate:
(i) Fines and infringements to be managed or paid through Service WA;
(ii) Boat Licences to be managed or paid through Service WA;
(iii) Vehicle Licences to be managed or paid through Service WA; and
(iv) WA Seniors Cards to be managed through Service WA;
(o) What WA Government services will not be facilitated through the Service WA application;
(p) Is there a policy in place to allow for departments to request modules or functionality to be added to Service WA? If yes, please table the relevant policy;
(q) Will Department of Transport Direct (DOT Online) be phased out as a separate website/application and if yes when;
(r) Will SafeWA be discontinued as a separate application and if yes when;
(s) Will G2GPass be discontinued as a separate application and if yes when;
(t) What State legislation does Service WA operate under;
(u) Can you confirm that the Protection of Information (Entry registration information relating to COVID-19 and other infectious Diseases) Act 2021 will apply to the application:
(i) If no, will legislation be introduced to protect personal information from being accessed unreasonably by Government; and
(ii) Does any other State legislation currently protect the data in the Service WA application;
(v) Has the application been tested for security;
(w) Did any of the following have input into the development of the application, if not why not:
(i) Department of the Premier and Cabinet, Office of Digital Government;
(ii) Department of the Premier and Cabinet, Office of Digital Government, Cyber Security Unit;
(iii) Chief Information Security Officer; and
(iv) Australian Signals Directorate;
(x) Did any group other than the groups in (w) provide input to the application? If yes, please list;
(y) Were the findings of the Auditor General's Report 2 for 2021-22 titled ‘SafeWA Application Audit’ considered in the creation of Service WA:
(i) If no, why not; and
(ii) If yes, how will:
(A) Confidentiality and integrity be monitored;
(B) Access management controls be monitored;
(C) Weaknesses identified and addressed in a timely manner; and
(D) Key management model maintained and updated as required;
(z) Can a Service WA user's Individual Health Identification number be found anywhere in the application or in the application's source code;
(aa) Will this application result in the closure of the Service WA shopfront trial in Bunbury;
(bb) Will the Government release a timeline of when features will be added to the Service WA application;
(cc) In relation to mobile applications currently on various application stores, will existing mobile applications published by State departments or entities be republished or managed by a central agency? If yes, which agency;
(dd) Regarding the manual mentioned in The West article on 2 February 2022 titled: "ServiceWA: 1.5 million West Australians yet to download app as Premier concedes it is ‘complex’":
(i) When did the Government commission a manual to assist users set up Service WA;
(ii) When will the manual be ready for distribution;
(iii) How will the manual be distributed;
(iv) Who is drafting the manual;
(v) What is the cost of drafting the manual; and
(vi) What is the cost of distributing the manual; and
(ee) Referring to an article in The West Australian on 17 February 2022 titled ‘Anti-vaxxers create fake Service WA app in attempt to sabotage mandatory check ins’":
(i) When did the Premier’s office first become aware of fake applications in circulation;
(ii) Did the Premier’s office write to any technology companies to remove these applications and if yes, which companies and on what dates;
(iii) Is the Premier concerned that the Service WA application was so easily duplicated and had over 6000 users within a short time frame;
(iv) What actions are underway to ensure the Service WA application is future proofed to prevent similar events from occurring in the future, given the long term uses for Service WA; and
(v) Have the following been requested to investigate and started investigations into the fake applications:
(A) Western Australia Police?
(B) Department of the Premier and Cabinet, Office of Digital Government, Cyber Security Unit?

Answered on 23 March 2022

The Department of the Premier and Cabinet advises, as at 1 March 2022:

(a) The Hon Stephen Dawson MLC, Minister for Innovation and ICT.

(b) Genvis Pty Ltd.

(c) The Department of the Premier and Cabinet’s Office of Digital Government manages the ServiceWA application. Agencies with modules within the ServiceWA application manage their own module, for example, the Department of Health manages SafeWA.

(i) There are eleven Office of Digital Government employees who have either sole or partial responsibility to manage the ServiceWA application. The development and technical support of ServiceWA is provided as a managed service by Genvis Pty Ltd. 

(d) No.

(i)-(iii) Not applicable.

(e) Yes.

(i) Yes.

(ii) 1,242,020

(iii) It is anticipated that downloads may reach 1.5 million by July 2022.

(f) ServiceWA was funded from existing budget allocations within the Department of Health, the Department of the Premier and Cabinet, and the WA Police Force.

 

 

(g) (i – ii) The Department of Health has access to ServiceWA data for contact tracing purposes.  Check in data is automatically deleted on the 29th day. All other data is retained for a period in accordance with the requirements of the State Records Act 2000 (WA). WA Police retains G2G Pass data in accordance with the provisions of the Emergency Management Act 2005 (WA). Staff within the Department of the Premier and Cabinet, the Department of Health and the WA Police Force have access to data specific to their modules within the ServiceWA application. Genvis Pty Ltd staff have access to data to fulfil their contractual obligations for the managed services contract in place for the ServiceWA application.

(h) No.

(i) No.

(i) There was insufficient time to include these features in the original release of the ServiceWA application.

(j) There is currently no intention to introduce this requirement.

(k) To publish a new application to both the Apple App Store and the Google Play Store, a review process is undertaken by the Stores, which includes the requirement of a live link with application information. In order to facilitate this process, the ServiceWA FAQ page was published, and once the Apple and Google reviews were complete, the page was removed until the ServiceWA App was released on 11 January 2022.

(l) Yes.

(i) The total estimated contract value of three of four contracts for Service WA is currently
$2,753,027.52. The fourth contract, with Amazon Web Services (AWS), is a pay as you consume service. The current monthly cost of the AWS services is approximately $20,000.

(ii) Genvis Pty Ltd, Queue-It Pty Ltd, MongoDB and AWS.

(iii) Genvis Pty Ltd: 12 month contract term expiring January 2024. Contract value $2,573,210 (inc GST).

Queue-It Pty Ltd: nine month contract term expiring November 2022. Contract value
$87,332.52 (inc GST).

MongoDB: 12 month contract expiring January 2023. Contract value $92,458 (inc GST).

AWS: Spend to date has been approximately $65,000 (inc GST).

(iv) Fees for storage and retrieval of data are covered in the above costs.

(v) The content of Budget Papers is Cabinet in Confidence until its release.

(m) This information is not available.

(n – p) The Department of the Premier and Cabinet will consider the implementation of additional features and/or services into the ServiceWA app in due course.

(q – s) These applications are managed by their relevant agencies, and questions relating to them should be directed to the relevant Minister.

(t) The Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA), the Emergency Management Act 2005 (WA) and the State Records Act 2000 (WA).

(u) The Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA) applies to information collected using the SafeWA function in the ServiceWA app in the same way that it applies to information collected using the SafeWA app.

(i) Not applicable.

(ii) Information held by the public sector is protected by other State legislation. For example, under the Public Sector Management Act 1994 (WA) there are statutory provisions, and associated subsidiary legislation and administrative instructions, which impose standards of conduct to be observed by public sector bodies and employees, including when dealing with information obtained by them in the course of their duty. Further, section 81(2) of the Criminal Code (WA) makes it an offence for a public officer to make an unauthorised disclosure of official information without lawful authority. These State protections are in addition to any applicable Commonwealth laws, such as in respect of vaccination information.

(v) Yes.

(w) Yes.

(x) Yes. Small Business Development Corporation, State Solicitor’s Office, Department of Health and the WA Police Force.

(y) Yes.

(i) Not applicable.

(ii) (A) Information is secured and monitored in accordance with the strict general computer controls applicable to the Department of the Premier and Cabinet and audited by the Office of the Auditor General.

(B) IT security access controls are applied and monitored as part of IT administration management. Senior IT support staff are responsible for providing these controls.

(C) System development and continuous improvement follows a Development, Security and Operations (DevSecOps) life-cycle management practice, ensuring system and/or feature weaknesses are addressed in accordance with change control and applied in a timely manner.  

(D) AWS provides key management as a service. ServiceWA information is encrypted to prevent unauthorised access. Encryption keys are stored in the AWS database and accessible through software so that AWS can perform platform maintenance and support the vendor with technical issues.

(z) No.

(aa) The Bunbury ServiceWA Centre is managed by the Department of Finance.

(bb – cc) See (n – p).

(dd) (i – ii) The step-by-step guide to ServiceWA was developed to support the launch of ServiceWA app in January 2022. It was developed prior to the launch of the application and has been available on the WA Government website since January 2022.

(iii) Hard copies of the manual were made available as part of a community outreach program from 31 January 2022 to 25 February 2022 across regional and metropolitan Western Australia. The manual was also handed out at Perth train station and stadium events. All WA local government authorities and Members of Parliament (both Government and Opposition members) were also provided with copies.

(iv – v) The manual was drafted by the Department of the Premier and Cabinet using existing resources.

(vi) Approximately $160 000 for community outreach and $15 000 for printing.

(ee) (i) It is important to note that the ServiceWA application was not duplicated. A fraudulent website was created to mimic its appearance. The Office of Digital Government was advised of the first of these sites by the Department of Health on 1 February 2022. Subsequent information that the malicious actor had established a new site was relayed to the Office of Digital Government from the Department of the Premier and Cabinet on 4 February 2022. Staff members in the Premier’s office became aware on 16 February 2022.

(ii) The Office of Digital Government contacted EasyDNS on 5 February 2022 and GitHub and DDOS-Guard on 7 February 2022.

(iii) An attempt to fraudulently represent vaccination status is a criminal offence and is therefore a concern. However, it is important to note that the ServiceWA application was not duplicated. A fraudulent website was created to mimic its appearance.

(iv) The fake ServiceWA app event did not occur and the ServiceWA App remains secure. If the Office of Digital Government becomes aware of fake applications or any new websites emulating the ServiceWA components in the future, it will be reported to the WA Police and the Office of Digital Government Cyber Security Team for action.

(v) (A-B) Yes.