Illegal metadata searches, invalid warrants and unauthorised data access: government agencies broke the law hundreds of times when accessing data between 2016/17, according to a Commonwealth Ombudsman report. The Australian Federal Police (AFP) was the worst offender — its officers accessed data without proper authority 116 times between 2016-17.
The report is supposed to give an overview of how well agencies obey the law. But given it was tabled just this week — two years after the period it reported on — the findings seem a little futile.
The Department of Home Affairs is a whole year ahead of the ombudsman, releasing its annual report into what telecommunications data they accessed, and how often, on Tuesday. Call logs, messages, and conversations have been checked hundreds of thousands of times across the country in the last financial year. How much of that was accessed outside the law is yet to be known.
So, what are your rights? Who can access your call history, check your messages or listen in on your conversation, and when?
Who can see who called who?
Metadata is information on who contacted who, when, and how long they communicated for — whether by phone or computer. It can show how many times two people have emailed each other — but doesn’t show the content of the emails. It shows which phone or computer a message was sent from, but doesn’t include what was said or any web browsing history (though the government asks internet providers to track traffic on dodgy websites).
Since 2016, telecommunication providers have had to store this information for a minimum of two years under data-retention laws. It’s the vaguest data available, and the easiest to access. Laws about who could access your metadata were pretty lax up until 2015, with a vast array of organisations requesting strange details. The RSPCA, Australia Post and Taxis Services Commission were all accessing call logs following up on, for example, animal cruelty cases and SIM card thieves.
Since then, amendments have been made to restrict access to 20 criminal law enforcement agencies. These include state and federal police, lawyers represented by the Association of Corporate Counsel, and corruption and crime commissions. If someone within these agencies wants stored call logs, they don’t need a warrant but do need the go-ahead from a senior officer at their agency. An authorisation for disclosure is sent to a telecommunications carrier, who will provide information for calls during the dates specified.
If an agency wants to be notified of calls taking place in real time — this is called prospective data — it must be to investigate crimes punishable by at least three years’ jail. They can only monitor data for up to 45 days at a time. Again, this is just knowing who is contacting who, without knowing what they’re saying.
Thankfully, journalists have slightly more protection. If the data could identify a journalist’s source, agencies need a warrant, which must be issued from outside their agency.
Exactly 301,113 historical data authorisations were made during 2017/18, according to the Department of Home Affairs’ report, up by nearly 3000 from the previous year. New South Wales Police was responsible for nearly a third of these.
Who can read your messages?
The intimate details of a written conversation, be it through emails, text, or voice message is categorised as “stored communications” and can be accessed by any criminal law-enforcement agency (as listed above), as well as any authority, body or person the minister (be it of the state, for Defence or for Foreign Affairs) declares to be a criminal law-enforcement agency officer.
The agency has to request a warrant, and can only read messages that constitute a “serious contravention”. These include crimes that are punishable by three years in jail or fines of $37,800 for individuals or $189,000 for organisations and corporations.
They can jump straight to reading messages without a warrant if it’s deemed to be a life-threatening emergency.
No applications for stored communications warrants were refused in 2017/18, with a spike in warrants issued — up by 154 from the previous year from 674 to 828.
When can they tap your calls?
Burner phones and phone booths are not just for ‘90s criminals and conspiracy theorists; there were 3951 warrants issued 2017/18 to allow agencies to access conversations in real-time. Warrants can only be issued by judges of the federal, family or family circuit courts. They last a maximum of 90 days, with renewals available for up to six months.
These interception warrants, which allow officers to listen in on and read content as it’s communicated — be it calls, messages or emails — are reserved for serious offences. A warrant must be issued, and they’re only available to 17 Commonwealth, state, and territory agencies including police, state anti-corruption agencies, the Australian Criminal Intelligence Commission and the Australian Commission for Law Enforcement Integrity.
A judge has to consider the gravity of the offence, how listening in would help an investigation, and whether there are any other alternatives — but refusing a warrant is rare, with only five refused out of 3,524 nationally in 2017/18.
The laws are there, and on paper they seem fairly rigid. But with independent oversight coming years after warrants have been served, and with the AFP’s current investigation into journalists, it remains to be seen just how compliant government agencies have been.
What’s the takeaway? Download WhatsApp.