Recalling the many social media voices which expressed concern when legislation was before the Australian Parliament, none of this comes as any surprise......
The Guardian, 23 July 2019:
In addition to one instance of the Australian federal police accessing a journalist’s data without a warrant reported in 2017, the ombudsman discovered two instances where the WA police applied for – and obtained – a journalist information warrant from a person not authorised to provide it.
“This occurred due to a lack of awareness by WA police regarding to whom an application for a journalist information warrant could be made,” the report said. “In response to this issue, WA police took steps to quarantine all information obtained under the invalid warrants.”
The Guardian, 24 July 2019:
The home affairs minister Peter Dutton has claimed “there are consequences” for unlawful metadata searches but conceded he doesn’t know if any action has been taken after revelations of widespread breaches by law enforcement agencies.
On Wednesday the ACT’s chief police officer, Ray Johnson, brushed off the fact his officers accessed metadata at least 116 times without proper authorisation in 2015, labelling it an “administrative oversight”.
The revelations were contained in a commonwealth ombudsman’s report which also found Western Australian police twice obtained invalid warrants targeting journalists’ data and the department of immigration received data outside the authority’s parameters in 42 cases.
Labor’s home affairs spokeswoman Kristina Keneally said the report shows metadata powers “have been abused to allow illegal searches and to target journalists”.
ZDnet, 25 July 2019:
The Commonwealth Ombudsman report [PDF] into how 20 agencies across federal and state levels government agencies across Australia handle stored communications and metadata over the period of the 2016-17 financial year has been released, with Home Affairs being the only agency that was handed recommendations.
Home Affairs was called upon to ensure it could "accurately account for the number of telecommunications data authorisations it issues in any given period" to comply with its record keeping obligations, and have a central system to store or monitor telecommunications data once it had been handed to investigators.
The recommendations were a result of the former Department of Immigration and Border Protection (DIBP) having 8 record keeping issues identified, as well as a statistical issue, and 42 instances of telecommunications data being accessed outside the parameters of authority. The Ombudsman explained that 41 of those instances were due to an automatic input from DIBP's database which has since been resolved.
Also falling under the Home Affairs banner following its transferral into the Peter Dutton-helmed superministry is the Australian Federal Police, which disclosed that between October 13 to 26, 2015, all authorisations by ACT Police were not authorised, due to the AFP Commissioner failing to authorise any ACT officers for that period.
The Guardian, 26 July 2019:
ACT Policing has admitted it unlawfully accessed citizens’ metadata a total of 3,365 times, not 116 as previously disclosed in an explosive commonwealth ombudsman’s report on Monday.
The new disclosures include a total of 240 cases that resulted in information valuable to criminal investigations and two that “may have been used in a prosecution”.
In a statement on Friday, ACT Policing revealed the 116 unlawful metadata requests detailed in the report tabled in parliament on Monday are the tip of the iceberg, with a further 3,249 requests made from 11 March to 13 October 2015 under an invalid authorisation.
The revelation comes as Western Australia’s top cop has said there have been no consequences for police who unlawfully accessed a journalist’s metadata,
contradicting Peter Dutton’s suggestion they might be penalised.
Police made illegal metadata searches and obtained invalid warrants targeting journalists Read more In the statement ACT Policing revealed it is still seeking legal advice about how to deal with two cases where invalidly obtained metadata was used in “a missing persons case and a criminal matter where the data in question may have been used in a prosecution”.
“It is not appropriate to identify particular cases,” it said.