AFP accidentally lets sensitive metadata go public

Summary:The Australian Federal Police inadvertently let sensitive metadata from an active criminal investigation be published online, after providing documents that had not been redacted to Greens Senator Scott Ludlam.

The Australian Federal Police (AFP) allowed sensitive metadata from a live criminal investigation to be published online, after handing over documents that had not been redacted to Greens Senator Scott Ludlam.

The sensitive documents were made public after Ludlam requested a copy of a sample of AFP template forms for telecommunications intercept and stored communications warrants in a Senate Estimates committee in 2012.

The documents, which contained metadata including the addresses, names, and phone numbers of police officers and the targets of open criminal investigations, were inadvertently posted on the senator's website.

They have since been removed from the site after The Guardian, which discovered the breach, alerted Ludlam's office.

It is an offence to disclose information relating to interception activities under the Telecommunications (Interception and Access) Act.

Ludlam, who has been heading up an inquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act by the Senate Legal and Constitutional Affairs Committee, expressed concern over AFP's handling of the sensitive information.

"This is the very agency that is requesting warrantless access to every Australian citizen's metadata," said Ludlam in a statement on his website. "The AFP have since provided clean copies of the request templates."

This is not the first time that a government agency has accidentally published sensitive data online, with the Department of Immigration and Border Protection accidentally publishing the details of 10,000 asylum seekers earlier this year in its push to get immigration data online by a deadline.

In February, the full names, nationalities, locations, arrival dates, and boat arrival information of the asylum seekers, housed both on the Australian mainland and Christmas Island, was accidentally published online by the department.

Like the AFP metadata documents, they were removed only after the department was alerted of the breach.

This latest breach of sensitive data comes as the federal government moves to introduce legislation requiring internet service providers to retain customers' metadata for a mandatory two years.

In May, AFP assistant commissioner Tim Morris reiterated the government's need for telecommunications companies in Australia to mandatorily retain metadata in order to aid the nation's police and security agencies' efforts to fight online crime.

Earlier this month, Attorney-General George Brandis confirmed that the Federal Cabinet gave in principle support for the new regime, which would allow government agencies to access without a warrant as part of law enforcement investigations.

However, it remains to be seen how much metadata and what sort of metadata would be required under the government's plan.

When asked by Ludlam during Question Time in parliament to provide a definition on the exact data required to be retained, Brandis said that there is no definition of metadata.

"This is a term that does not have a precise definition. It is a description rather than a definition," he said. "The essential concept ... is that metadata is information about the communication, not the content or the substance of the communication," said Brandis.

Yesterday, Ludlam announced an extension to the inquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act by the Senate Legal and Constitutional Affairs Committee.

The inquiry was due to table its report on the issue on August 27, but the Senate voted to extend the inquiry's reporting date. The committee will now report on October 29, 2014.

Topics: Security, Australia, Government : AU


Leon covers enterprise technology and start-ups from ZDNet's Sydney newsroom.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.