Australian Federal Police reportedly gained access to data without a warrant

police data breach

Can you trust anyone with your data nowadays?

The simple answer seems to be no when even the law enforcers don’t follow the rules. The Australian Federal Police (AFP) recently revealed that officers within the national agency were reportedly found to have accessed telecommunications data without a warrant.

According to the Guardian Australia, the AFP conducted 6 internal investigations in the past 18 months for allegations of professional misconduct against the officers who had access to telephone data.

Very worrying.

Unauthorised access to journalist’s data

On 28th April 2017, the AFP Commissioner, Andrew Colvin, admitted that the agency unlawfully accessed a journalist’s phone records without obtaining a “journalist information warrant”. This is a reportedly mandatory requirement since 2015.

You may be asking why the AFP needs a journalist’s phone records. Sometimes, the media is a wealthy source of information for law enforcement and therefore they may have needed to identify where a journalist got their information from in relation to a crime, perhaps, and analysing their phone records allows them to gain insight into their source.

Some argue that the warrants were only designed to give off the appearance that such information has to be requested through a warrant, but in reality the AFP gains the information without the warrant according to the news source. It’s argued that policing agencies don’t need to bother with a warrant to identify the source.

What happened?

In a press conference, Mr Colvin wanted to highlight that it was only records of calls that were accessed and not the content of the calls; it was ‘just’ the numbers and the existence of the calls taking place. The investigation also relates to the unauthorised release of sensitive police information to a journalist where a breach was identified as a result of the AFP reviewing their practices. Once the breach was confirmed, AFP immediately went to destroy evidence provided to them as a result of breach.

Mr Colvin states:

“Put simply – this was human error. It shouldn’t have occurred. AFP take it very seriously and they take full responsibility for breaching the act.”

He also wanted to add that there was no “no ill-will, malice or bad intent” by officers involved who breached the act. According to the Commissioner, it was just a mistake that shouldn’t have happened.

Investigations

The Guardian Australia obtained a list of the officers who accessed the data and investigations were undertaken. The documents released indicated that six professional standards investigations were launched. Four of the investigations were found to be “not established” while two were ruled as not requiring further investigation. One of the investigations alleged that an officer had disclosed information relating to the execution of two search warrants.

Officers weren’t dismissed for the breach…

Following these investigations, the Guardian Australia queried whether any of the officers had their metadata roles withdrawn/suspended. No, was AFP’s basic response, “as the matters disclosed… did not require further action – there was no reduction or removal of delegations regarding metadata applications.”

Some have understandably questioned the apparent lack of discipline.

Australia’s metadata law

Organisations and privacy advocates have expressed their disapproval of the way the AFP has handled their investigations and, as a result, called for reform of Australia’s metadata law. Since 13th October 2015, Australia’s metadata law provides that every call, text, email you make/send will be tracked by the government. The justification of doing so was to protect the country against organised crime and terrorism. However, it’s a huge intrusion of data privacy rights, and leading mobile provider Telstra has labelled it as a “honey pot for hackers“.

To conclude, Mr Colvin states that a “breach of this nature should not occur again”. We should hope not…

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.