In a late Friday afternoon news dump, Australian Federal Police commissioner Andrew Colvin has confirmed that a journalist’s metadata was accessed illegally by investigators trying to hunt down a leak.
A week’s worth of a journalist’s call records were accessed by an officer earlier this year as part of an investigation into the leak of classified material to a journalist, Colvin said in a press conference late last Friday afternoon. Colvin said that this access was illegal because the officer involved in the investigation failed to obtain a warrant.
Under compromises made to the mandatory data retention legislation passed in 2015, Labor forced the government to introduce warrants that law enforcement agencies must obtain prior to being able to access the metadata of a journalist. Prior to the legislation passing, no warrant was required. Since the legislation has passed, however, Colvin claims the AFP has sought none of these journalist-specific warrants.
But as the result of a “routine review” of an investigation, the AFP found that, in this investigation, the data had been accessed illegally, and this breach was subsequently reported to the Commonwealth Ombudsman. The ombudsman has announced an independent investigation will be conducted separately from the AFP’s own investigations.
[Keane: data breach illustrates danger of mass surveillance]
The investigation into the leak was halted, Colvin said, but no actions would be taken against the officer involved.
Colvin claimed that the officer’s failure to obtain a warrant was “human error” and no ill-will was involved in the illegal access of the journalist’s own metadata. While the illegally obtained data held by the AFP for the investigation has been destroyed, Colvin admitted that the investigators had seen the data and may have determined the journalist’s source:
“Clearly they can’t unsee it. They’ll need to consider in terms of next steps of the investigation what weight they put on what they saw but that material was accessed illegally so it can bear no — it can have no bearing on the conduct of the investigation. If in the judgement of the investigators that information may afford evidence at some point later, there is a different process we will have to go through.”
Colvin refused to name the journalist involved, and said the AFP would not consider informing the journalist themselves until the investigation into the leak has been completed.
“The investigation about the leak is still ongoing. That’s why I’m not going to say too much about it. For that reason, we haven’t notified the journalist that we have breached and accessed that particular journalist’s data without the warrant. Once the investigation takes its full course, we will be able to consider what actions we need to take but at this stage, we haven’t advised the journalist.”
In addition to the ombudsman’s review, Colvin said the AFP had refined its processes to prevent it happening again:
“We have raised the level of internal authorisation required for access to data of this type. We are limiting the number of authorised officers who can approve access of this type. We are also re-rolling out and stepping up mandatory training to all investigators and authorised officers to make sure they are fully aware of their obligations under the Act. I have been assured and I am confident that the changes we have made are robust and give me confidence that a breach of this nature should not occur again.”
The AFP is seeking to downplay the incident. While the agency informed the Commonwealth Ombudsman on Wednesday last week, it waited a full two days, late on Friday afternoon in the “news dump” territory, to announce it to the public.
[Did Brandis breach his own ‘journalist information warrant’ law?]
Senator Nick Xenophon told Crikey that he backs a Senate inquiry into the breach, and said he would be asking the AFP questions on the matter at Senate estimates hearings in the weeks after the budget.
“The AFP assured people nothing like this would ever happen. Well it has, in spectacular fashion,” he said.
“What has happened here should send a deep chill down the spine every journalist and every Australian who cares about a free press.”
Greens co-deputy leader Scott Ludlam called for a full investigation into the breach. “A scheme that was forced on to the public as a counter-terror tool was instead used in exactly the way we’ve long feared — in pursuit of a journalist and their source,” Ludlam said in a statement.
While journalists have their own metadata protected by this scheme — when law enforcement don’t break the law — the average citizen can still have their metadata accessed without the need for the agencies to get a warrant. In fact, if the officer in this case had simply just sought the metadata of people who might have potentially been talking to the journalist — rather than the metadata of the journalist directly — they never would have needed to obtain a warrant in the first place.
Surreal stuff. We really have slipped through the looking glass, when Colvin can spout that nonsense.
So the AFP can break the law without penalty and then dump the news on a Friday afternoon in an attempt to hide the violation of privacy, as well as a violation of journalistic freedom? SNAFU.
So the AFP can break the law without penalty and then … say that the cops who saw any identifying information can’t unsee it, but just have to find another way of pursuing that the person who may have been identified as the leaker.
In America, if shows like Law and Order are fairly accurate, this information would be deemed to be fruit from the poisoned tree, and effectively close down that line of investigation. In Australia it appears to be deemed to be a way of getting a lead in an ongoing investigation….
And we are supposed to trust these bastards!
Internet Australia, the NFP peak body representing Internet users, has called for a new parliamentary inquiry into the Data Retention Act. It was reacting to news that the AFP has admitted illegally accessing a journalist’s metadata.
IA wants a fresh inquiry into the entire scheme, noting that board director and former CEO Laurie Patton warned the original inquiry by the Parliamentary Joint Select Committee on Intelligence and Security that the legislation was “fundamentally flawed”. Patton told the PJCIS it had “clearly been drafted by lawyers who don’t understand how the Internet actually works”.
“It is a mess,” Patton told the ABC’s 7.30 program earlier this year, when Attorney General George Brandis floated the idea of expanding the scheme to include civil litigation. “The only way out of it now is to go back to the beginning, back to the parliamentary inquiry that looked into it in the first place and get them to run the ruler over it.”
Appearing before the PJCIS two years ago IA highlighted the lack of judicial oversight as one of the major flaws in the scheme.
“Our submission pointed to the potential for misuse and supported calls for more rigorous controls on who could access our data and under what circumstances”, said IA’s executive chair Anne Hurley today.
Like many other concerned civil society groups and individuals IA argues the scheme will not achieve the Government’s stated aims in relation to national security.
Since early this month (April, 2017) ISP’s are required to have systems in place to retain their customers’ metadata for a two-year period. However, IA points out that only a minority of ISP’s are known to be compliant and this makes the whole scheme of dubious benefit. The Attorney General’s Department received applications from 210 ISP‘s seeking funding to help them meet the costs of compliance, of which 180 were approved. However, industry estimates of the total number of Australian ISP’s ranges from 250 to more than 400.
“This means there are potentially hundreds of ISPs not known to the security agencies”, Ms Hurley commented. “They will not necessarily even be collecting the metadata they are required to keep. And even if they are how will the authorities know where to go to get it?”
IA has also warned that the costs of the data retention scheme will inevitably be passed onto consumers. PricewaterhouseCoopers estimated the cost of compliance to the industry at $738m over the first 10 years. IA believes that this underestimates the likely total given that the figure was based on an incomplete list of ISP’s.
Internet Australia, the NFP peak body representing Internet users, has called for a new parliamentary inquiry into the Data Retention Act. It was reacting to news that the AFP has admitted illegally accessing a journalist’s metadata.
IA wants a fresh inquiry into the entire scheme, noting that board director and former CEO Laurie Patton warned the original inquiry by the Parliamentary Joint Select Committee on Intelligence and Security that the legislation was “fundamentally flawed”. Patton told the PJCIS it had “clearly been drafted by lawyers who don’t understand how the Internet actually works”.
“It is a mess,” Patton told the ABC’s 7.30 program earlier this year, when Attorney General George Brandis floated the idea of expanding the scheme to include civil litigation. “The only way out of it now is to go back to the beginning, back to the parliamentary inquiry that looked into it in the first place and get them to run the ruler over it.”
Appearing before the PJCIS two years ago IA highlighted the lack of judicial oversight as one of the major flaws in the scheme.
“Our submission pointed to the potential for misuse and supported calls for more rigorous controls on who could access our data and under what circumstances”, said IA’s executive chair Anne Hurley today.
Like many other concerned civil society groups and individuals IA argues the scheme will not achieve the Government’s stated aims in relation to national security.
Since early this month (April, 2017) ISP’s are required to have systems in place to retain their customers’ metadata for a two-year period. However, IA points out that only a minority of ISP’s are known to be compliant and this makes the whole scheme of dubious benefit. The Attorney General’s Department received applications from 210 ISP‘s seeking funding to help them meet the costs of compliance, of which 180 were approved. However, industry estimates of the total number of Australian ISP’s ranges from 250 to more than 400.
“This means there are potentially hundreds of ISPs not known to the security agencies”, Ms Hurley commented. “They will not necessarily even be collecting the metadata they are required to keep. And even if they are how will the authorities know where to go to get it?”
IA has also warned that the costs of the data retention scheme will inevitably be passed onto consumers. PricewaterhouseCoopers estimated the cost of compliance to the industry at $738m over the first 10 years. IA believes that this underestimates the likely total given that the figure was based on an incomplete list of ISP’s.
“The Government’s funding is already nowhere near enough. ISP’s are out of pocket and they’re unhappy. This exercise has been a disaster from the start and it’s becoming clear that the scheme is only going to become more controversial”, Ms Hurley concluded.
“The Government’s funding is already nowhere near enough. ISP’s are out of pocket and they’re unhappy. This exercise has been a disaster from the start and it’s becoming clear that the scheme is only going to become more controversial”, Ms Hurley concluded.
Wherever one looks; whatever one reads or views . . . the inescapable conclusion is that the standard and/or accountability of Australian governance is under fierce attack . . . by public servants and parliamentarians appointed to administer said governance.
Politicians daily rort the very systems designed to hold them to account. Many are habitual liars. Public servants no longer see a need to account for their actions. Media self interest, suffering from financial constraint; has devolved into a complicit protector of power and privilege. Senior law enforcement ranks compete with one another; failing to notice or be concerned for their primary responsibilities.
. . . . and we the public point, towards a thunderous horizon; in disgust and fear of our children’s futures.