Home Affairs Minister Peter Dutton has defended the checks and protections within Australia’s data retention regime, following the tabling yesterday of a Commonwealth Ombudsman’s report that was released in February.
That report called on Home Affairs to ensure it could “accurately account for the number of telecommunications data authorisations it issues in any given period” in order to comply with its record keeping obligations, and have a central system to store or monitor telecommunications data once it had been handed to investigators.
It was disclosed five months ago by the Australian Federal Police that between October 13 to 26, 2015, all authorisations by ACT Police were not authorised due to the AFP Commissioner failing to authorise any ACT officers for that period.
“In response to this disclosure, our Office suggested the AFP quarantine all telecommunications data obtained under the 116 authorisations made by the unauthorised ACT Policing officer between 13–26 October 2015 from further use and communication,” the report said.
“Following the inspection, the AFP accepted this suggestion; however it did not act to quarantine the affected data at that time, which resulted in additional use and communication of the data.”
Must read: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
In February 2018, the data was partially quarantined only after being prodded by the Ombudsman.
The Ombudsman also found one area of NSW Police that routinely used its power without written or electronic approvals.
“The area’s process at the time of our inspection was for access to telecommunications data to be verbally approved and a written record of the verbal approval to be made in a log,” the report said.
“We do not consider this practice is permitted by the Act and suggested to NSW Police that it review its policies and procedures to ensure all authorisations for telecommunications data are in written or electronic form and signed by the relevant authorised officer.”
Overall, the report said agencies were “generally exercising” their powers appropriately.
Speaking on Sky News on Wednesday morning, Dutton said the protections around the metadata regime have been working.
“There are mechanisms in place, safe checks, and they should be adhered to, and if not, there are consequences for that,” he said.
“Take the protections very seriously. But in the end, the vast majority of cases, 99% of the use of these laws will be appropriate, and they’ll be used in a way that that will result in protecting Australians — and that’s the reality.”
In November 2017, a Commonwealth Ombudsman report into how the Australian Federal Police managed to trip over the one caveat in Australia’s metadata retention system — needing a warrant to access the metadata of a journalist when attempting to identify a source — found AFP officers did not “fully appreciate their responsibilities” when using metadata powers.
The one recommendation from the report called on the AFP to make all staff that used metadata powers undergo training to have a “thorough understanding” of the laws and their responsibilities.
Dutton further added that he thinks Australians believe they are immune to Christchurch style attacks.
“We are dealing with now seven attacks that have taken place, we thwarted 16, but the threat of an attack on our country is very real,” the former Queensland policeman said.
“And we need to be very cognisant of the fact that these people either in our own country already, or those that would seek to return to our country, pose a very serious threat to the security of our nation.
“And we’re dealing with that threat through all of these laws.”
Last year, Dutton called a number of very minor changes to the then-proposed encryption laws as compromising the Bill.
He said then-Opposition Leader Bill Shorten needed to decide whether he was on the side of Silicon Valley multinationals or with “law enforcement and intelligence agencies in this country who want to protect Australians”.
“It is essential. Given we are talking about nine out of 10 national security investigations now being impeded because of the use of encryption, we need to deal with it. It doesn’t go as far as some people would want, but it is a measured response,” he added.
Australia’s data retention laws, which were passed by both major parties in March 2015, force telecommunications carriers to store customer call records, location information, IP addresses, billing information, and other data for two years, and make this information accessible without a warrant by law-enforcement agencies.
The nation’s encryption laws were made into law in December 2018, following the utter capitulation of the Labor party.
Labor had its amendments to the laws stranded in the Parliament before the election, but committed to passing them after they were widely expected to be elected to government.
Labor lost the May election, and cannot amend the laws without the government’s agreement.
Agencies that are allowed to view metadata should be spelled out in legislation, Law Council of Australia states.
Use of legacy applications allow Optus to seek an exemption from the rules.
Agencies are very happy with Australia’s data retention scheme, with one using it in 90% of investigations.
The Communications Alliance has listed 27 other agencies that have tried to access metadata following the introduction of Australia’s data retention regime.
Law enforcement agencies have stumped up only AU$39 million to poke around in Australia’s metadata.