Identity systems should avoid becoming surveillance infrastructure.
Formal policy submissions
Formal submissions and writing on privacy, identity, infrastructure governance, public-sector data handling and implementation risk. This page is intentionally limited to formal submissions I am comfortable publishing.
My primary positions
Public infrastructure claims should be tied to resource, resilience and public-benefit evidence.
Policy should be tested against implementation risk, not only stated intent.
Public submissions
Submission to the Senate Inquiry into Artificial Intelligence and Data Centres
Formal submission on AI data centres, infrastructure demand, resilience and public benefit.
Submission to the OAIC Children's Online Privacy Code
Formal submission on children's online privacy, safer defaults and practical governance for online services used by children in Australia.
Submission to the JCPAA Inquiry into Client Privacy
Formal submission on public-sector client privacy, privacy engineering and breach readiness.
Comments on NIST CSWP 50 IPD
Comments on NIST small-business cybersecurity guidance for non-employer firms.
Comments on NIST SP 1800-42A mDL
Comments on NIST mobile driver’s licence guidance for financial institutions.