❓ A WA parliamentary question on notice reveals that several government departments and agencies monitor WiFi and Bluetooth addresses of users connecting to their wireless networks, raising privacy concerns regarding transparency and opt-out options.
AnsweredQoN 2670Legislative Assembly
QuestionView source ↗
Does any department, agency and Government Trading Enterprise under the Minister's control maintain any wireless network that monitors a third-party's WiFi MAC (Media Access Control) or bluetooth address and if so: (a) Where is the wireless network located and who is being monitored; (b) What company supplies the software and/or hardware to monitor the addresses, what was the upfront and ongoing annual cost; (c) Why was the decision made to monitor the addresses; (d) What information is harvested as part of this monitoring, how is it stored and how long is it retained; and (e) Are the third-party's aware of the monitoring and do they have any way to opt-out?
AnswerView source ↗
Answered
9 May 2018
Responded by
Minister for Local Government; Heritage; Culture and the Arts
Response time
10 days
Department of Local Government, Sport and Cultural Industries
The following areas of the Department maintain wireless networks
- Sport and Recreation division
- Culture and the Arts, including the State Records Office and Statutory Authorities
(a)Sport and Recreation
Leederville, Bickley, Ern-Halliday, Woodman Point, Point Walter, Camp Quaranup, Albany, Bunbury, Mandurah, Kalgoorlie, Northam, Geraldton, Karratha and Broome.
Culture and the Arts including Statutory Authorities
The State Library of Western Australia, His Majesty’s Theatre, State Theatre Centre of Western Australia, Albany Entertainment Centre, Perth Theatre Trust, Subiaco Arts Centre, Screenwest, Art Gallery Broome, Art Gallery Geraldton, Art Gallery Perth, Culture and the Arts, State Records Office, WA Museum Geraldton, WA Museum Welshpool.
All users that connect are monitored.
(b) Cisco Meraki provides the software to monitor addresses related to the Sport and Recreation division with monitoring supplied as part of the standard system.
The product has been procured through Software as a Service (SaaS). Ongoing annual costs of $5,000 per year have been allocated to cover licensing costs.
For Culture and the Arts and associated entities monitoring is done by logging on existing corporate firewalls. There is no additional cost associated as all traffic is monitored by default. The State Library monitoring is done by Acurix Networks, who supply the wireless service, without additional cost.
(c) Monitoring of the networks under the SaaS software is automatically carried out as part of the standard software.
The decision related to the monitoring of Culture and the Arts networks and devices was made to ensure all connections that run across corporate lines are monitored by firewalls for network troubleshooting purposes and to limit potentially damaging data from entering the corporate environment. At State Library Acurix Networks collects the information to meet Federal Data Retention obligations.
(d) For information harvested by the Sport and Recreation division through the SaaS software the following information is collected:
Basic inventory including status, description, last connected, date and time, sites visited and data downloaded, operating system, IPv4 address, assigned policies, Wireless Access Point connected to, Media Access Control (MAC) address, manufacturer).
This allows tracking and filtering of sites visited and data consumed.
The information is stored as part of the service for 3 months.
For information harvested by Culture and Arts through monitoring firewalls the information collected includes; MAC address, site connected, length of connection and amount of data transferred.
This information is stored as part of firewall log for up to one year and would be held as part of an annual back up.
(e) Are the third-party's aware of the monitoring and do they have any way to opt-out?
For both by systems staff is aware of the network monitoring while guests are not aware of such monitoring. There is no option to opt out for either system.
Metropolitan Cemeteries Board
No
(a-e) Not applicable
National Trust of Western Australia
No
(a-e) Not applicable
Department of Planning, Lands and Heritage
(a-e) Please refer to Legislative Assembly question on notice 2665
The following areas of the Department maintain wireless networks
- Sport and Recreation division
- Culture and the Arts, including the State Records Office and Statutory Authorities
(a)Sport and Recreation
Leederville, Bickley, Ern-Halliday, Woodman Point, Point Walter, Camp Quaranup, Albany, Bunbury, Mandurah, Kalgoorlie, Northam, Geraldton, Karratha and Broome.
Culture and the Arts including Statutory Authorities
The State Library of Western Australia, His Majesty’s Theatre, State Theatre Centre of Western Australia, Albany Entertainment Centre, Perth Theatre Trust, Subiaco Arts Centre, Screenwest, Art Gallery Broome, Art Gallery Geraldton, Art Gallery Perth, Culture and the Arts, State Records Office, WA Museum Geraldton, WA Museum Welshpool.
All users that connect are monitored.
(b) Cisco Meraki provides the software to monitor addresses related to the Sport and Recreation division with monitoring supplied as part of the standard system.
The product has been procured through Software as a Service (SaaS). Ongoing annual costs of $5,000 per year have been allocated to cover licensing costs.
For Culture and the Arts and associated entities monitoring is done by logging on existing corporate firewalls. There is no additional cost associated as all traffic is monitored by default. The State Library monitoring is done by Acurix Networks, who supply the wireless service, without additional cost.
(c) Monitoring of the networks under the SaaS software is automatically carried out as part of the standard software.
The decision related to the monitoring of Culture and the Arts networks and devices was made to ensure all connections that run across corporate lines are monitored by firewalls for network troubleshooting purposes and to limit potentially damaging data from entering the corporate environment. At State Library Acurix Networks collects the information to meet Federal Data Retention obligations.
(d) For information harvested by the Sport and Recreation division through the SaaS software the following information is collected:
Basic inventory including status, description, last connected, date and time, sites visited and data downloaded, operating system, IPv4 address, assigned policies, Wireless Access Point connected to, Media Access Control (MAC) address, manufacturer).
This allows tracking and filtering of sites visited and data consumed.
The information is stored as part of the service for 3 months.
For information harvested by Culture and Arts through monitoring firewalls the information collected includes; MAC address, site connected, length of connection and amount of data transferred.
This information is stored as part of firewall log for up to one year and would be held as part of an annual back up.
(e) Are the third-party's aware of the monitoring and do they have any way to opt-out?
For both by systems staff is aware of the network monitoring while guests are not aware of such monitoring. There is no option to opt out for either system.
Metropolitan Cemeteries Board
No
(a-e) Not applicable
National Trust of Western Australia
No
(a-e) Not applicable
Department of Planning, Lands and Heritage
(a-e) Please refer to Legislative Assembly question on notice 2665
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.