Australian agencies have “serious compliance issues” around their data access powers, leading to calls for these laws to be scrapped entirely.
The Commonwealth Ombudsman last week released its annual report on data access compliance under the Telecommunications (Interception and Access) Act, covering how 19 agencies are complying with the law.
The Interception and Access Act regulates access to telecommunications metadata in Australia, including by law enforcement agencies.
These agencies can access the data of Australians for the purpose of investigations after obtaining a warrant from a court or tribunal.
The Act also outlines how these agencies must store the data and destroy it once it is not needed.
Under the law, agencies must satisfy certain requirements when accessing these powers, including to weigh the value of the information to be obtained against the reasonableness and proportionality of the intrusion on a person’s privacy.
The 19 agencies are: Australian Competition and Consumer Commission (ACCC); Australian Criminal Intelligence Commission (ACIC); Australian Commission for Law Enforcement Integrity (ACLEI); Australian Federal Police (AFP); Crime and Corruption Commission (Queensland) (CCC QLD); Corruption and Crime Commission (Western Australia) (CCC WA); The Department of Home Affairs (the Department); Independent Broad-based Anti-corruption Commission (IBAC); Independent Commission Against Corruption New South Wales (ICAC NSW); Independent Commissioner Against Corruption (South Australia) (ICAC SA); Law Enforcement Conduct Commission (LECC); New South Wales Crime Commission (NSW CC); New South Wales Police Force (NSW PF); Northern Territory Police (NT Police); Queensland Police Service (QPS); South Australia Police (SA Police); Tasmania Police; Victoria Police; and Western Australia Police (WA Police).
The Ombudsman was scathing of all 19 agencies, finding they are regularly obtaining invalid warrants, failing to keep records, storing data inadequately, not destroying data properly and accessing the communications of victims of serious crime without consent.
Former Independent National Security Legislation Monitor Bret Walker branded the revelations in the report as “disturbing” and questioned whether the powers should remain, while Electronic Frontiers Australia called for them to be scrapped entirely.
The Ombudsman’s report made 29 recommendations to the agencies covered, 386 suggestions and 116 better practice suggestions.
These recommendations reflect “serious compliance issues” or issues on which an “agency has not made sufficient progress in implementation”.
Key issues identified in the report include agencies not keeping records showing that data preservation notices were properly given, agencies applying for warrants relating to a victim of a serious contravention, and warrants issued by an ineligible authority.
“Generally, we saw an increase in the number of compliance-related findings compared to previous inspections,” Commonwealth Ombudsman Iain Anderson said.
“There were also instances where we were not satisfied with the remedial action agencies took in response to previous compliance findings.
“In such instances, we made further recommendations or suggestions to agencies, including improving processes to prevent recurrence of issues we previously identified.”
Telco data accessed ‘covertly’
In terms of stored communications, there were three times as many recommendations made to agencies – or serious compliance issues identified – compared to last year’s report.
The number of recommendations made in relation to telecommunications data rose from 15 last year to 23 in this report.
When it came to telecommunications data, Tasmania Police copped six recommendations, South Australia Police got five and the Australian Federal Police received four from the Ombudsman.
In the report, the Ombudsman acknowledges how intrusive the agencies’ powers are.
“Access to stored communications and telecommunications data intrudes on an individual’s right to privacy and occurs covertly,” Anderson said.
“The individual generally does not know the agency has accessed their communications or data.
“This means the individual cannot access complaints or other review mechanisms that would ordinarily be available where they consider an agency has acted unreasonably.”
In response to the report, Walker said these incidents related to “contraventions of the safeguard provisions” put in place.
“We should be troubled by the fact there are still so many contraventions,” Walker told ABC RN Breakfast.
“We are having the public interest supposedly served by some agencies who are not observing the rules laid down in the public interest as a price for obtaining such drastic powers.
“That’s really serious.
“If you care about the rule of law and subjection to it of law enforcement agencies…then there has to be much more than just eyebrows raised to the Ombudsman’s report.”
These issues are much more than just clerical mistakes, Walker said.
“A warrant does not authorise what is done under it – this is not paperwork, this is not technicality, this is the price these agencies pay to get these drastic powers,” he said.
“There should be some resignations if this repeated pattern of non-observance of stipulated safeguards were to occur.”
Kill surveillance powers
Electronic Frontiers Australia (EFA) chair Justin Warren has written to federal Attorney-General Mark Dreyfus demanding the surveillance powers be withdrawn immediately.
“These are issues that were not only predictable, they were predicted,” Warren said in the letter.
“EFA has long warned of the dangers of granting too much power to those with few incentives to curtail its abuse.
“Agencies have already had more than enough time to learn to use their powers safely, and they have comprehensively failed.
“Why should they be given more time?
“Why should Australians tolerate ongoing, systemic law-breaking by those with power while we are expected to submit to increasing restrictions on our own freedoms?”