The Australian Federal Police used a controversial retail surveillance tool previously subject to a privacy watchdog investigation more than 350 times last year, after earlier suspending its use to conduct a privacy impact assessment.
The Australian Federal Police (AFP) revealed in an answer to a question on notice from Greens senator David Shoebridge that it had accessed the Auror platform 365 times in 2024.
New Zealand-based Auror is used by some of Australia’s biggest retailers to “reduce crime, loss and harm”, and features a broad range of automatic data feeds, with staff also encouraged to upload incidents and data, including CCTV footage, descriptions of suspects, social media content and licence plate details.
The platform has generated concern over so-called 'proactive policing', given the potential tracking of individuals who may not be involved with a crime.
Proactive policing involves the creation of "in-depth profiles" of individuals alleged to have committed retail theft and the tracking of them between locations, including through licence plate recognition.
After an investigation by Crikey in 2023 revealed that the AFP had been using Auror without considerations over privacy and security, its use was temporarily suspended.
A privacy impact assessment was completed by the AFP on the use of Auror in December 2023, and its use of the surveillance platform subsequently ramped up in 2024.
Licence plates can be easily tracked to keep tabs on suspected criminals. Photo: Auror
Under the Australian Government Agencies Privacy Code, a privacy impact assessment is required for all projects deemed to be a high privacy risk.
The AFP has a licence agreement to use Auror through ACT Policing.
It said that reports of crimes are not being made through Auror, but it is being used as a “tool retailers may use to share information with police once an incident is reported”.
The licence between ACT Policing and Auror “stipulates access and use conditions and requirements” and is governed by the standard operating procedure for ACT Policing (ACTP) use of Auror.
The AFP said that it uses Auror “for intelligence purposes only, as an electronic means through which retailers can make available, and ACTP can request, access to information that will be pursued by ACTP.
The AFP has agreed to bi-annual audits of access restrictions on Auror, and for audit regulations to be continually reviewed.
The AFP declined to comment further on its use of Auror.
Privacy investigation
Auror was previously the subject of an investigation by the Office of the Australian Information Commission (OAIC).
The OAIC launched preliminary inquiries into the AFP’s use of Auror following the reporting in 2023, but opted in early 2024 to instead investigate the surveillance company.
Auror is used by some of Australia’s biggest retailers, including Bunnings, Coles, Myer and Woolworths, to track alleged criminals and share their details.
Auror creates profiles of suspected shoplifters. Photo: Auror
It also allows retailers to track the car number plates of these alleged criminals and set up alerts for when they are outside their stores.
The New Zealand tech company closed a $72.6 million funding round last year which valued it at more than $500 million.
The AFP has previously faced criticism over its use of facial recognition tool Clearview AI.
It was revealed in 2020 that several AFP officers had been testing the tool without departmental oversight, leading the privacy watchdog to launch a probe.
The OAIC found that the AFP had failed to comply with its privacy obligations when it came to its use of Clearview, with the agency not conducting a privacy impact assessment before beginning to use it.
AFP uses compulsory assistance notices
A new report has also revealed that AFP recently made use of powers handed to it five years ago to force communications companies to assist with inquiries using their current capabilities.
These new powers cannot require a company to build a new capability or function to provide this assistance.
The annual report on the Telecommunications (Interception and Access) Act revealed that AFP issued two Technical Assistance Notices in 2023-24, the first time it has used these powers.
The report also revealed that 60 voluntary Technical Assistance Requests were issued by law enforcement agencies around the country, down from 66 in 2022-23.
No agency issued the more powerful Technical Capability Notice, which is a compulsory notice issued by the attorney-general and communications minister that can order a company to build a new function or capability to assist with an investigation.
