The Australian Federal Police has admitted that it illegally obtained the phone records of an unnamed journalist, thus violating the new metadata regime put in place by the Coalition government in 2015.
AFP commissioner Andrew Colvin said on Friday the police officers were investigating a leak of confidential police information when they committed the breach.
Good news #notmydebt sufferers! This is a defence now. #metadata pic.twitter.com/xYg9Ui59RZ
— Justin Warren (@jpwarren) 28 April 2017
This leak will now be investigated by the Commonwealth Ombudsman who was informed of the mistake by Colvin on Wednesday.
He told the media that the officers were unaware that they needed to obtain a warrant to access the metadata of the journalist in question.
{loadposition sam08}Colvin was not asked why it took two days for the media to be told about the screw-up.
We are safely storing your metadata on this secure server... #auspol #metadata pic.twitter.com/08Uu4Tf2HF
— Will McDougall (@WillMcDougall) 28 April 2017
"This was human error. It should not have occurred. The AFP takes it very seriously and we take full responsibility for breaching the Act," Colvin said.
"There was no ill will or malice or bad indent by the officers involved who breached the Act. But simply it was a mistake."
Colvin said the phone records in question were relevant to the investigation but the method of accessing them was illegal.
The journalist in question had not been told about the breach because the investigation was a sensitive one. Police are required to obtain a warrant from a judge in order to obtain a journalist's metadata.
AFP disclosed the leak to the ombudsman TWO DAYS AGO. Only tells public on Friday afternoon....#auspol
— Bevan Shields (@BevanShields) 28 April 2017
"The vulnerability is the investigator needs to understand that that's their requirement," Colvin said. "On this occasion, the investigator didn't."
He said the material that had been accessed would not have any bearing on the investigation.
"Clearly they can't unsee it. They'll need to consider ... what weight they put on what they saw," Colvin said. "But that material was accessed illegally, so it can have no bearing on the conduct of the investigation."
Australian Greens deputy leader Senator Scott Ludlam said the AFP's screw-up illustrated the flaws in the Labor/Liberal mass-surveillance laws.
“A scheme that was forced on to the public as a counter-terror tool was instead used in exactly the way we've long feared – in pursuit of a journalist and their source,” he said.
Nice work on the #metadata boys. #auspol #afp pic.twitter.com/Aq2K9A31Du
— Jessica (@_jessticulate) 28 April 2017
"Why are the AFP misusing this power to spy on the fourth estate? Why won't they name the journalist or at least inform them they've been illegally accessing their phone records?
"This is the real battle for free speech and accountability in Australia. The Greens and crossbench opposed these laws when they were forced on us by the Coalition and its Labor allies. Now it is time this surveillance regime was overturned.
"A full and independent investigation must be given all the necessary access to swiftly address this breach, and parliament must act to ensure that such violations can never happen again."
Inabox Group chief executive Damian Kay said the illegal accessing of a journalist's metadata would not come as a shock to anyone in the media or IT industry.
"This is exactly what experts have been warning about for years," said Kay, head of the ASX-listed parent company of some of Australia’s leading managed IT, cloud and communications providers.
@ScottRhodie What about the Telco that supplied the info without at the very least sighting the warrant? #metadata
— adrian coleman (@adriancoleman56) 28 April 2017
“The government’s metadata retention laws are extremely flawed. It is simply not a good idea to have all this information in one place, leaving it open to human error or deliberate malice. It’s a massive honeypot for people who want to do the wrong thing," he told iTWire.
"It's not good enough simply to say this was a case of human error. Ask any security expert, and they’ll tell you that the weakest link in any security system is people. Human error will occur again and again.
"Australia has walked into a Big Brother state, and we call on the Turnbull Government not just to review this particular incident but reconsider the entire metadata retention policy."