Of the four companies — Amazon Web Services, Sliced Tech, Vault Cloud and AUCloud — only Vault came clean on issues around compliance, and that directly to iTWire. The DTA said nothing at the time. AWS, AUCloud and Sliced Tech were all asked by iTWire whether they had any compliance issues, but all kept silent.
Given that, iTWire sent the following query to the DTA on Wednesday:
"On 7 October, four companies were certified for hosting government data: AWS, Sliced Tech, Vault Cloud and AUCloud.
"However, apart from Vault — which released details of its non-compliance issues to iTWire — none of the others have said anything about non-compliance. ITWire contacted both Sliced Tech and AUCloud but did not hear back.
"Which begs the question: did none of these three have any outstanding issues?
"Further, as I have pointed out, the fact that AWS uses a data centre owned by a Chinese entity does not seem to have raised any alarm at DTA - despite the government warnings about China.
"As you are no doubt aware, the government has cancelled a Belt and Road Initiative deal signed between China and Victoria. Canberra is also looking at the lease of the Port of Darwin by a Chinese firm and there is talk that it may be scrapped.
"Given this background, did not the fact that the Global Switch data centre used by AWS was Chinese-controlled raise any red flags?"
The DTA responded on Thursday: "Certification under the Hosting Certification Framework provides assurance that hosting providers meet defined security and risk management standards.
"This includes having mitigation measures in place that support the outcomes set out in the Whole of Government Hosting Strategy, and requirements outlined in the Hosting Certification Framework.
"Providers who have been assessed as being eligible and suitable for certification are required to enter into enforceable contractual undertakings with the Australian Government that give effect to the Certification Framework."
Exactly what that this means is difficult to parse. One can only infer one thing: like the government, the DTA prefers to obfuscate and avoid giving straight answers.
There has been a lot of blather from various interested parties about the alleged threat from China. Yet the American company AWS, which has links to a data centre that is owned by Chinese interests, has got the green flag to host government data.
Last year, when AWS was given the contract to host the government's COVIDSafe app, a similar question — that of using a data centre fully owned by a Chinese company — was raised, with Labor MP Ed Husic bringing up the issue on ABC News' afternoon briefing. The centre in question is Global Switch whose parent company is Aldersgate Investments which is now controlled by a Chinese entity.
Aldersgate owns two data centres in Ultimo where it stores classified Australian Government material, including sensitive Defence and intelligence files. Both these data centres have secure gateways certified by the ASD and can be used for secure access by government offices.
But the ASD is no longer in the picture when it comes to certification, having bowed out in March 2020. The DTA and the Australian Cyber Security Agency are now the two bodies involved in certification.
The issues with Global Switch go back to 2016 when Aldersgate sold a 49% stake to the Chinese firm, Elegant Jubilee.
Investors in Aldersgate are said to have been brought together by Li Qiang who owns Daily Tech, a leading data centre company in China. The main investor was the Jiangsu Sha Steel Group, China's largest private steel enterprise. Elegant Jubilee gained full ownership of Global Switch in August 2019.
But who cares? Certaonly not well-paid government bureaucrats who will talk about "communist China" till they are blue in the face. [The irony that China has been a communist nation from the time it came into being escapes these worthies. Do we talk about the "capitalist USA" or "socialist <insert_name_of_country_here>"?].
The DTA will be energised to do something only when the issue becomes one that costs the government votes. Until then, talk is fine, action is a dangerous course.