Police made illegal metadata searches and obtained invalid warrants targeting journalists

Tue 23 Jul 2019 17.23 AEST

ACT police alone accessed data 116 times without proper authorisation

The ombudsman discovered two instances where the WA police applied for – and obtained – a journalist information warrant from a person not authorised to provide it. Photograph: Dave Hunt/AAP

Police have conducted a series of illegal metadata searches, including Western Australian police obtaining invalid warrants targeting journalists and ACT police accessing data 116 times without proper authorisation.

The breaches of the Telecommunications (Interception and Access) Act are revealed in a Commonwealth Ombudsman report for the period July 2016 to June 2017, tabled in parliament by the government on Monday.

The metadata retention laws, introduced in 2015, allow law enforcement agencies to access telecommunications data including call records, IP addresses and other so-called metadata when investigating certain offences. Journalists’ data can also be accessed, but only with a warrant.

In addition to one instance of the Australian federal police accessing a journalist’s data without a warrant reported in 2017, the ombudsman discovered two instances where the WA police applied for – and obtained – a journalist information warrant from a person not authorised to provide it.

“This occurred due to a lack of awareness by WA police regarding to whom an application for a journalist information warrant could be made,” the report said. “In response to this issue, WA police took steps to quarantine all information obtained under the invalid warrants.”

The report also revealed that between 13 and 26 October 2015 “all authorisations within ACT policing were made by an officer not authorised” by the relevant section of the law.

“This issue affected 116 authorisations during the period,” it said. “This issue also affected a large number of authorisations dating back to March 2015, which precede the commencement of our office’s oversight on 13 October 2015.”

The AFP advised the breach occurred because its commissioner failed to authorise any officers within ACT Policing to access metadata due to an “administrative oversight”.

The ombudsman recommended the AFP quarantine all telecommunications data obtained under the 116 authorisations, which the AFP accepted. “However it did not act to quarantine the affected data at that time, which resulted in additional use and communication of the data,” the report said.

Despite the quarantine process beginning in February 2018, the data had still not been fully quarantined by April 2018.

The ombudsman said that at five inspections it found agencies received telecommunications data not specified by the authorisation because it was “erroneously omitted”, or carriers provided data that was not requested, or due to transposition errors.

The ombudsman discovered “one area of the NSW police which was routinely exercising its telecommunications data powers without a written or electronic authorisation in place”.

That area accessed data with verbal approval, recorded in a log, which the ombudsman said in its view was “not … permitted by the act”. It recommended a policy review “to ensure all authorisations for telecommunications data are in written or electronic form and signed by the relevant authorised officer”.

The ombudsman said in “several” instances agencies were “unable to provide access to, or locate the telecommunications data obtained under authorisations”.

The ombudsman also found the Australian Securities and Investment Commission (Asic) had circumvented its inability to issue ongoing preservation notices for data to telecommunications companies because it is not an authorised interception agency.

Ongoing notices allow a law enforcement agency that is also an interception agency to require a carrier to preserve stored communications from the time it receives the notice until the end of the 29th day after that date.

The ombudsman found that Asic issued daily historic preservation notices 29 days in a row, which had “a similar effect to giving an ongoing preservation notice” despite Asic not having the powers of an interception agency. The ombudsman said the practice was “not strictly” in breach of the law.

The ombudsman inspected 170 authorisations at the Department of Immigration and Border Protection, finding that in 42 cases data outside the authority’s parameters were obtained, in 41 cases due to “automatic and unintentional” input from its database.

Labor has questioned why the ombudsman’s report, dated November 2018, was tabled nine months later and two years after the period it reported on. The 2017-18 report is also overdue.

The metadata retention laws are currently the subject of a parliamentary joint committee on intelligence and security committee review.

Through that process the AFP has revealed it accessed the metadata of journalists 58 times in the 2017-18 financial year, while the WA police complained it had difficulty obtaining a journalist information warrant and had to make an application in South Australia owing to a public interest advocate not being based in WA.

The ABC’s Media Watch program on Monday night revealed for the first time the names of the public interest advocates selected to argue on behalf of journalists about information warrants.

Those the government has selected so far are former judges and, according to Media Watch, at least one had argued against a warrant, while another had pointed out errors in the application for a warrant that led to the application being dropped.

The PJCIS is also examining the impact of the use of national security laws such as the mandatory data retention legislation on freedom of the press in the wake of the AFP raids on the ABC and the home of the News Corp journalist Annika Smethurst over leaks related to national security and defence matters.