Australia markets closed

    +43.30 (+0.60%)

    +0.0022 (+0.29%)
  • ASX 200

    +42.40 (+0.60%)
  • OIL

    +0.27 (+0.41%)
  • GOLD

    -0.20 (-0.01%)

    +112.27 (+0.19%)
  • CMC Crypto 200

    +66.40 (+5.54%)

AFP ‘unlawfully’ accessed data on Australians over 1,700 times

Jessica Yun
·4-min read
Image of Australian Federal Police officers and badge.
(Source: Getty)

Australian Federal Police officers wrongfully accessed Australians’ real-time location data more than 1,700 times between 2015 and 2019, a new report has found.

ACT Policing – the community policing arm of the AFP – were given proper authorisation to access an Australian individual’s metadata only nine times out of 1,713 incidents during this time period.

This was the finding of a recent report into AFP access of telco data powers by the Commonwealth Ombudsman, which investigates Australian agencies over any misconduct.

Also read:

One of these incidents included an unauthorised breach of a journalist’s metadata, the report revealed.

“In April 2017, the AFP disclosed to our Office a breach of the TIA Act, whereby it had accessed telecommunications data pertaining to a journalist without a journalist information warrant being issued,” the report stated.

Data on an individual’s real-time location is used by law enforcement to find people of interest when investigating a crime – but lawful access to this real-time data must follow certain requirements, the report said.

Commonwealth Ombudsman report chart demonstrating workflow for AFP officers to get access to telco data.
(Source: Commonwealth Ombudsman)

However, AFP officers did not follow protocol when accessing this data, the report revealed, with the Commonwealth Ombudsman’s investigation uncovering a “culture” of non-compliance.

“My Office’s investigation identified that the internal procedures at ACT Policing and a cavalier approach to exercising telecommunications data powers resulted in a culture that did not promote compliance with the TIA Act,” said Ombudsman Michael Manthorpe.

“This contributed to the non-compliance identified in this report.”

The location-based data could have been accessed “unlawfully”, he added, and will have consequences for individuals, particularly if they’re convicted of an offence.

The Ombudsman expressed concern over the “AFP’s inability” to account for how location-based data (LBS) had been used.

“While the AFP advised its practice was to only access LBS for operational reasons (for example, locating an individual in order to arrest them) rather than to gather evidence, we were unable to discount the possibility that such information could have contributed to, or had a bearing on, prosecutorial and evidentiary matters. The consequence of a prosecution relying on unlawfully obtained LBS could be very serious.”

The Ombudsman also found that the AFP did not properly report the full extent of its access of metadata on time.

“A critical factor in effective oversight of such powers is that law enforcement agencies need to report to the Ombudsman about how the powers are being used, so that compliance can be assessed and publicly reported. In this case full reporting did not occur to the Ombudsman for a considerable period of time.”

Additionally, the Ombudsman said he was not satisfied that the investigation uncovered all possible breaches, and that it was possible that there have been further breaches in the AFP outside of ACT Policing.

The AFP engaged PwC to conduct an internal audit of the breaches, and have since made “several changes” to the way staff access real-time data to improve compliance.

But the AFP need to do more, the Ombudsman said.

“These have been useful first steps towards the AFP achieving future compliance. However, I consider the AFP needs to do more to confirm the extent of non-compliance with the legislation for this type of telecommunications data and remediate any consequences of non-compliance with the TIA Act identified in this report.”

The Ombudsman laid out eight recommendations, including revamping its compliance approach, revising its reporting of all authorisations of metadata to the Minister of Home Affairs, and establishing regular methods of communication between the AFP and ACT Policing.

All eight recommendations have been accepted by the AFP.

But Law Council President Jacoba Brasch described the breaches as “deeply troubling”.

“The individual breaches identified by the Ombudsman, and their causes, are deeply troubling in isolation and appear to identify systemic failings in the exercise of a highly intrusive power and comes at a time when the government is moving to extend the powers of law enforcement and security agencies,” he said.

Brasch said the Law Council had long called for “stronger statutory safeguards” to be applied to electronic surveillance powers.

“It is disappointing that up until now, and as recently as last week, the Department of Home Affairs has publicly expressed opposition to nearly all of the Law Council’s recommendations.

“It is hoped that in view of the Ombudsman’s findings, the prevailing approach of delegating extremely broad discretions to security agencies, including the AFP, will be re-considered.”

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.