AFP blasted over illegal metadata use
Electronic Frontiers Australia (EFA) is calling for the immediate introduction of a universal warrant requirement for access to stored metadata under the mandatory telecommunications data retention scheme, after it emerged that the AFP illegally accessed the data of a journalist without a warrant.
On Friday, the AFP told the Commonwealth Ombudsman the agency had breached the act by accessing call charge records and telecoms data stored on a journalist reporting on confidential police material leaked to the journalist without authorisation.
Obtaining a specific Journalist Information Warrant is a requirement for legal access to the stored metadata.
In a press briefing, AFP Commissioner Andrew Colvin blamed “human error” for the breach, which he said was identified during a routine review of the case by a senior officer.
“Once the breach was confirmed, immediate steps were taken to mitigate the effects of the breach and to ensure that this was an isolated incident,” he said.
“All relevant records in the AFP’s possession were destroyed and no investigative activities were undertaken as a result of the telecommunications data obtained from the journalist’s records.”
He declined to name the journalist or officer involved, and stated that the journalist has not and will not be informed of the breach while the investigation is ongoing. The journalist is not the subject of the investigation and is not being investigated for any alleged illegal act.
The Ombudsman has informed the AFP it will conduct a full audit of the breach commencing on Friday, and the AFP plans to fully co-operate with the investigation, Colvin said.
“The AFP put comprehensive guidance and training material in place to support compliance with this legislation when it commenced in 2015,” he said.
“This is the first investigation where the AFP was required to obtain a Journalist Information Warrant under the TIA Act, and the processes we had in place were found to be lacking. Our internal procedures have been changed to prevent a repeat of this incident.”
But EFA Executive Officer Jon Lawrence said the incident validates the organisation’s previous warnings that warrant protections limited to one group provides no effective protection whatsoever against an indiscriminate, society-wide mandatory data retention scheme.
“A whole range of relationships are no less deserving of independent protection than are journalists’ communications with their sources, including lawyers and their clients, doctors and their patients, and any other relationship where privacy is critical,” he said.
“The only effective means to achieve such protection is to have a universal warrant requirement for access to retained telecommunications data. Without a universal warrant requirement we will continue to see instances of unauthorised access to data, regardless of whether such access is inadvertent or malicious.”
He said most EU member states have some form of independent, judicial authorisation required for access to stored telecommunications data — proving that such arrangements can work — and that Australians are no less deserving of such protections.
Lawrence also slammed Colvin’s assertion that officers did not realise they needed a warrant to access the metadata, noting that the requirement to obtain a warrant to access journalists’ data has been in place since October 2015. He added that ignorance of the law is no excuse.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.