ACT Policing had an unauthorised metadata access party 3249 more times in 2015

Add 3,249 metadata requests to the 116 requests disclosed in February.
Written by Chris Duckett, Contributor

ACT Policing has confessed that it found 3,249 extra times it accessed metadata without proper authorisation during 2015, on top of the 116 requests disclosed earlier this year.

In a statement released on Friday afternoon, ACT Policing said it found extra requests during 2018.

"Once the issue was discovered, ACT Policing notified the Ombudsman's Office to seek advice on how to remedy this administrative oversight," it said.

From the extra requests, 240 were forwarded to case officers, which had landed ACT Policing in legal hot water.

"ACT Policing has sought legal advice regarding the management of two matters relating to a missing persons case and a criminal matter where the data in question may have been used in a prosecution," it said.

"The Ombudsman's Office has been kept informed throughout the examination and quarantining process. It is not appropriate to identify particular cases."

The Ombudsman report from February found the concerned authorisations for metadata were not authorised, due to the AFP Commissioner failing to authorise any ACT officers for that period.

"In response to this disclosure, our Office suggested the AFP quarantine all telecommunications data obtained under the 116 authorisations made by the unauthorised ACT Policing officer between 13–26 October 2015 from further use and communication," the report from the start of the year said.

"Following the inspection, the AFP accepted this suggestion; however it did not act to quarantine the affected data at that time, which resulted in additional use and communication of the data."

See also: Commonwealth Ombudsman singles out Home Affairs over stored communications and metadata handling

In February 2018, the data was partially quarantined only after being prodded by the Ombudsman.

"In April 2018 the AFP advised the affected telecommunications data had not yet been fully quarantined and it was seeking legal advice regarding the use of the affected telecommunications data," the report said.

Earlier this week, Home Affairs Minister Peter Dutton defended the checks and protections within Australia's data retention regime.

"There are mechanisms in place, safe checks, and they should be adhered to, and if not, there are consequences for that," he said.

"Take the protections very seriously. But in the end, the vast majority of cases, 99% of the use of these laws will be appropriate, and they'll be used in a way that that will result in protecting Australians -- and that's the reality."

The only consequences identified by ACT Policing on Friday was "refresher training" for officers.

In November 2017, a Commonwealth Ombudsman report into how the Australian Federal Police managed to trip over the one caveat in Australia's metadata retention system -- needing a warrant to access the metadata of a journalist when attempting to identify a source -- found AFP officers did not "fully appreciate their responsibilities" when using metadata powers.

The one recommendation from the report called on the AFP to make all staff that used metadata powers undergo training to have a "thorough understanding" of the laws and their responsibilities.

On Wednesday, Dutton skirted any responsibility the federal police might have for the metadata access without authorisation in the ACT.

"The ACT Police ... operate under the ACT government, under the local council government here, so that's an issue for the ACT government," he said.

"That's a contracted arrangement between the AFP and the ACT government, and we don't direct those officers, they operate under ACT law and under the commission of the ACT."

Related Coverage

Boomers and Coalition voters least worried by metadata and encryption laws

Almost 40% of those aged over 55, as well as Coalition voters, are not concerned by the introduction of Australia's encryption laws, according to Digital Rights Watch.

Optus gained exemption to store metadata unencrypted

Use of legacy applications allow Optus to seek an exemption from the rules.

Dutton defends metadata protections, claims consequences exist for breaches

Minister for Home Affairs also takes opportunity to try to scare the population.

Law Council wants warrants and crime threshold for metadata retention scheme

Agencies that are allowed to view metadata should be spelled out in legislation, Law Council of Australia states.

Australian enforcement agencies angling for metadata review on telco cost recovery

Agencies are very happy with Australia's data retention scheme, with one using it in 90% of investigations.

Clean Energy Regulator, WA Mines Department, and Vet Surgeons Board trying to access metadata: Comms Alliance

The Communications Alliance has listed 27 other agencies that have tried to access metadata following the introduction of Australia's data retention regime.

Data retention costs Australian telcos upwards of AU$210 million to date

Law enforcement agencies have stumped up only AU$39 million to poke around in Australia's metadata.

Editorial standards