ACT Police has admitted it unlawfully gained access to stored communications data.
In more than 3,000 occasions between March and October 2015, the ACT Police accessed data despite not meeting the authorisation requirements.
ACT Police is an arm of the AFP.
Under the Telecommunications (Interception and Access) Act 1979, an authorised officer of a law enforcement agency can request access to stored telecommunications data from an ISP if it is pertinent to a criminal or missing persons investigation.
But for seven months in 2015, ACT Police’s delegated officer had been inadvertently omitted from the list of authorised personnel.
By the time ACT Police corrected what it called in a statement an “administrative oversight”, it had already used illegally obtained data in court.
“ACT Policing has sought legal advice regarding the management of two matters relating to a missing persons case and a criminal matter where the data in question may have been used in a prosecution," the statement said.
“Of the total telecommunications data requests, 240 generated information that was of value in progressing ongoing investigations and inquiries.
“Noting one investigation may require multiple telecommunications data requests, the 240 telecommunications data results were referred to individual case officers to conduct further examination and confirm its use and dissemination.
“During this process, steps were taken to commence quarantining the relevant material."
ACT Police reassured the public that the illegally accessed data was handled appropriately and that steps had been taken to ensure the same mistake does not happen again.
“It is important to note that while the delegation was not in place, all authorisations and requests were managed in accordance with the relevant policies and procedures, including security, storage and disclosure,” the statement said.
“ACT Policing has implemented measures to maintain enduring authorisation to prevent this issue reoccurring and is committed to ensuring access to telecommunications data is conducted appropriately and transparently.”
Data retention legislation is currently being reviewed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).
Submissions to a PJCIS review have revealed extensive use of metadata access by law enforcement agencies as well as the way these powers can overreach their initial stated intentions.
In a recent submission to the PJCIS review, the Law Council of Australia recommended that access to stored telecommunications data should be authorised by a warrant.
“Access to telecommunications data must be governed by a robust legislative regime to ensure access is only permitted when the public interest in detecting and addressing serious criminal activity outweighs the public interest in ensuring Australians can conduct their lives free from unnecessary intrusion of their privacy by the State,” the Law Council submission said.
“It is important that the regime provides safeguards against the wilful, systematic degradation of human rights in the digital era such as the fundamental human right to privacy.”