AFP abused metadata access powers 1,709 times: Ombudsman
Australian Federal Police officers have been given incorrect access to real-time Australian location data more than 1,700 times between 2015 and 2019, a new report finds.
ACT Policing, the AFP community police leadership, received proper permission to access an Australian person’s metadata only nine times out of 1,713 incidents during that time.
This was the discovery of a a recent report on AFP’s access to telecommunications powers by the British Community Ombudsman, who investigates Australian agencies for any misconduct.
One of these incidents involved an unauthorized violation of a journalist’s metadata, the report revealed.
“In April 2017, AFP revealed to our office a violation of the TIA Act, through which he gained access to telecommunications data relating to a journalist without issuing a journalist information order,” the report said.
Real-time location data is used by law enforcement to find people of interest in a crime investigation, but legal access to real-time data must follow certain requirements, the report said.
However, AFP officials did not follow the protocol when accessing this data, the report revealed, with the Community Ombudsman’s inquiry revealing a “culture” of non-compliance.
“My office’s investigation has found that ACT Policing’s internal procedures and cavalier approach to exercising telecommunications data powers lead to a culture that does not promote compliance with the TIA Act,” said Ombudsman Michael Mantorp.
“This has contributed to the inconsistencies identified in this report.”
Location-based data could be made available “illegally,” he added, and would have consequences for people, especially if convicted of a crime.
The Ombudsman expressed concern about the “inability of AFP” to explain how location-based data (LBS) was used.
“Although AFP recommends that its practice of accessing the LBS only for operational reasons (for example, finding a person to arrest them), instead of gathering evidence, we have not been able to rule out the possibility that such information could contribute, or had to do with prosecutorial and evidentiary matters. The consequence of an accusation relying on an illegally obtained LBS can be very serious. “
The Ombudsman also found that AFP had not properly reported the full scope of its access to metadata in a timely manner.
“A critical factor for effective oversight of such powers is that law enforcement authorities must report to the ombudsman on how the powers are used so that their observance can be assessed and publicly reported. In this case, the Ombudsman did not have full reporting for a significant period of time. “
In addition, the Ombudsman stated that he was not satisfied that the investigation had revealed all possible violations and that there might be additional violations in AFP outside ACT Policing.
AFP commissioned PwC to conduct an internal audit of the violations and has since made “several changes” to the way staff access real-time data to improve compliance.
But AFP needs to do more, the ombudsman said.
“These were useful first steps towards AFP to achieve future compliance. However, I believe that AFP needs to do more to confirm the degree of non-compliance with the legislation on this type of telecommunications data and to eliminate all the consequences of non-compliance with the TIA Act identified in this report. “
The Ombudsman made eight recommendations, including revising the compliance approach, reviewing the reporting of all metadata permissions to the Minister of the Interior, and establishing regular methods of communication between AFP and ACT Policing.
All eight recommendations have been adopted by AFP.
But Legal Council President Jakob Brasch described the violations as “deeply disturbing”.
“The individual violations identified by the ombudsman and their causes are deeply disturbing individually and seem to identify systemic shortcomings in the exercise of highly intrusive power and come at a time when the government is taking steps to expand the powers of law enforcement and security agencies,” he said.
Brash said the Legal Council has long called for “stricter legal guarantees” to be applied to electronic surveillance powers.
“It is disappointing that so far, and last week, the Ministry of Interior has publicly expressed opposition to almost all the recommendations of the Legal Council.
“We hope that, in the light of the Ombudsman’s findings, the prevailing approach of delegating extremely broad powers to security agencies, including AFP, will be reconsidered.”