Police metadata misuse raises questions over accountability

Police metadata misuse raises questions over accountability

Summary: Allegations of police misuse of telecommunications metadata raise questions of how many requests by law enforcement officers are illegitimate.

SHARE:

Looking up the call records of fellow police officers and cadets to determine whether they're chucking a sickie or sleeping with one another are some of the misuses of metadata that the Queensland Police is alleged to have taken part in.

According to a report in The Courier Mail last week, police investigators are alleged to have sought the call records of an officer who was thought to have been faking being ill for a day off, as well as one who was missing on the job for a number of hours, and in a case seeking to determine whether police cadets were engaged in sexual relationships at academies.

The Queensland Police denied the claim, but according to the report, Queensland Police was forced to reiterate to staff that records are only to be accessed as part of investigations of criminal matters.

The authorisation of telecommunications metadata record access doesn't currently require a warrant; just an internal authorisation. The Queensland Police tripled the number of requests it has made for the data in the last three years, from 10,223 in 2009-10 to 36,531 in 2011-12.

They could all be legitimate requests, but there is no data on how many of those requests led to a crime being solved or stopped a terrorist plot. But if the allegations made in The Courier Mail are true, it raises questions as to how many officers not only in the Queensland Police, but also across more than 40 agencies, currently have access to this power to request telecommunications providers to hand over metadata of their customers.

The likely defence would be that we can't condemn all authorisations for the acts of what would be just a few officers, but you could also argue that Australians by and large are also being treated as suspects without judicial oversight, ensuring that every access of private telecommunications information is legitimate and not just government snooping.

When Greens communications spokesperson Scott Ludlam put forward an amendment to require government agencies to obtain a warrant before accessing metadata records, the response from law enforcement agencies and the attorney-general was that such a system would strain resources and bring law enforcement to a halt.

Often cited was the fact that in the 2011-12 financial year, there were a total of 293,501 authorisations from over 40 agencies, and it would amount to a lot of court time to get all of those authorisations approved. In high-risk situations or when seeking to avert a terrorist attack, it makes sense to be able to get fast access to those records. But perhaps in light of alleged misuse by government agencies, the question should be asked: How many of those authorisations would have gone through if it required a judge to check that it was valid?

If a warrant is deemed too much effort and too time consuming, more accountability and transparency around the reasons for the authorisations could go a long way to disproving allegations of misuse of the power by law enforcement.

In any case, the inquiry into the Greens' proposed warrant amendment has ended due to the federal election, but the Greens party has indicated that it would return when parliament sits after the election on Saturday.

I understand that some telecommunications providers have all but stopped holding their metadata any longer than required, which can mean for just two months. The law enforcement agencies would like to see it held indefinitely, but have settled so far on two years. A parliamentary inquiry into that proposal recommended that the government decide whether to implement it, and we're still waiting for a government response.

Both of the major parties are keen for the issue to go away until after the election, though, with Attorney-General Mark Dreyfus and Shadow Attorney-General George Brandis both telling ZDNet that they are not taking a policy on data retention to this election. Both parties would likely have the same response, however, with Brandis stating that the Coalition and Labor are mostly in line when it comes to policies on national security.

Topics: Telcos, Government, Government AU

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • "The Queensland Police denied the claim"

    Do you have any evidence, just one shred of evidence, that any aspect of the allegations are true other than the allegations of the Courier-Mail?

    If not, then the title, "Police metadata misuse raises questions over accountability", is disgustingly misleading - as is the overall content of the article!
    Wakemewhentrollsgone
    • Summary mentions allegations

      And the line about denial is high up.
      Josh Taylor
      • That's weak. title should have said alleged too

        On top of that if officers go missing for hours that they're supposed to be on the job or are lying about being sick when they're supposed to be working then I wouldn't characterize that as misuse.
        Johnny Vegas
        • Alleged

          I mentioned alleged three times in the article. It is more a blog post about getting more transparency over the use of metadata access powers. It is the first word in the summary. If people are just reading the headline, they're missing the point.
          Josh Taylor
        • It would be misuse if it is against the Act

          If the Act only allows for accessing the data for criminal offences, then accessing the data for non-criminal, disciplinary matters would certainly be illegal use. However, the allegations have been denied and no contrary evidence has been supplied.
          Wakemewhentrollsgone
  • It happens everywhere

    I have worked for a couple of state police departments. This issue of looking up members of the public and other police officers details is common practice. If police officers were dismissed for every invasion of privacy or illegal access we wouldn't have too many serving officers left. I think the bigger issues is what are they doing with the information? - Every police officer seems to have his or her own laptop and usb drive these days and I know for a fact that these devices are not encrypted and they seem to go missing all the time... pity that they have your name and address details or your most recent assault statement to police on them..... What are we doing about protecting personal information in the hands of police which could be misused? Its an identity thieves wet dream of information.... !!
    Richard Romanov
    • In NSW , police are other staff

      are audited. In an audit, they have to justify their reason for every access.
      Wakemewhentrollsgone
      • Thats still isnt the answer.

        That may be so, but;
        1. It still doesn't cover the other states, (who he hell knows what a state like Tasmania does but they have access to national data);
        2. Doesn't cover lost devices and\or personal devices such as laptops and USB drives, and I know for a fact NSW Police have them in droves; and
        3. Audits are random in NSW. You may never get audited and rely primarily on the impartiality your LAC inspector or shift supervisor.

        :)
        Richard Romanov