On
17 July 2015 Deputy
Secretary of the Dept.
of Human Services
(now
Services Australia) Malisa
Golightly, of ‘Robodebt’
notoriety,
wrote to the Deputy Secretary of the National
Security and Criminal Justice Group
in
the Attorney-General’s Department, seeking the department's continued
inclusion as an enforcement agency under
the Commonwealth
Telecommunications
(Interception and Access) Act 1979.
At
that time the Dept. of Human Services employed 295 investigators and
89 intelligence analysts who typically conducted 3,000 criminal
investigation per year – using the full range of powers available
to an “enforcement agency” in the 1
July 2015 version
of the Telecommunications
(Interception and Access) Act.
Here
is a potted history of what happened after that.
ITNews,
4
April 2022:
Services
Australia is using telecommunications metadata and password-bypassing
software to investigate welfare recipients suspected of claiming
single payments while in relationships.
The
Centrelink administrator told the Attorney General’s Department
(ADG) that metadata is used to detect “people who receive payments
as a single person while in a marriage-like relationship,”
according to documents obtained by iTnews.
Submissions
to AGD in 2015 and again in 2022 [pdf],
obtained through a freedom of information request, list types of
fraud the agency uses welfare recipients’ telecommunications
metadata to detect.
A
Services Australia spokesperson told iTnews that both
telecommunications metadata and password-bypassing technology from
Israeli vendor Cellebrite are only used when fraudulent claims
trigger criminal investigations.
This
contrasts with the more common non-compliance investigations, which
prevent and recover debts resulting from over-payments, such as the
notorious robodebt scheme.
However,
the spokesperson would not say how much money a person needs to be
suspected of being overpaid before a non-compliance investigation is
tipped into a criminal investigation, making it hard to estimate the
extent to which the technologies are used to determine
relationship-status.
Moreover,
welfare recipients told iTnews, while Services Australia has said
that Cellebrite is only used for criminal investigations, data may be
extracted from their devices before charges have been laid; and
Services Australia may continue to pursue the debt as a
non-compliance investigation even if the suspect is not
prosecuted…...
Metadata
and relationship-status
It
is not clear what types of metadata are used to glean if welfare
recipients are single, however criteria listed on Services
Australia’s website for “how we assess if you’re a couple”
includes: “financial aspects of your relationship, the nature of
your household, social aspects of your relationship, [and] if you
have a sexual relationship.”
The
Services Australia spokesperson told iTnews that "the key
metadata we request enables us to identify records linked to
telephone numbers or IP addresses to support criminal
investigations.”
The
spokesperson did not answer whether it includes geolocation data on a
device’s connection to the internet or the sender-recipient records
of a user's communications.
Services
Australia was cut off from directly asking telcos for metadata in
late 2015, after having had the power since 2009.
It
now makes requests for metadata, "where required", through
the Australian Federal Police.
Services
Australia has asked the government at least twice to have its powers
back.
According
to the FoI, Services Australia requested AGD declare it an
'enforcement agency' under Section 176A of the Telecommunications
(Interception and Access) Act (TIA) in 2015 and made the same request
seven years later during a current review of electronic surveillance
laws…...
In
response to its 2015 application, AGD suggested “joint
investigations arrangements with a criminal law-enforcement agency”
as an “alternative means of accessing historical telecommunications
data.” The welfare provider took the advice.
Since
Services Australia started accessing telecommunications metadata
indirectly through the AFP, it is unclear how many investigations
involved fraud claims based on relationship-status.
According
to its most recent annual reports, in 2021–22 Services Australia
conducted 709 criminal investigations, 988 administrative
investigations and made 203 referrals to the CDPP.
A quick look at the Commonwealth Ombudsman' views on the often erratic response of the Australian Federal Police to its requirement to comply with telecommunication data law:
https://www.ombudsman.gov.au/__data/assets/pdf_file/0021/112476/Report-into-the-AFPs-use-and-administration-of-telecommunications-data-powers.pdf
There
were several important factors that informed my decision to commence
an investigation, including:
• the
covert and intrusive nature of this power
• the
duration and potential scale of non-compliance with the TIA Act as a
result of ACT Policing accessing telecommunications data outside the
AFP’s approved process
• the
omission of the affected records from our Office’s regular
compliance inspections
• previous
recommendations our Office has made to the AFP about non-compliance
with the TIA Act.
Like law enforcement Services Australia is not eager to advertise the shortcomings of its own errant staff, but the character of this bureaucracy which uses covert surveillance on welfare recipients is not above interrogation.
Services Australia is a federal government department which includes Centrelink.
A brief Internet search reveals for the most part sparsely worded information. The following is a compilation from government and media sources.
In a two year period covering 2005 to September 2006 Centrelink investigated 790 APS Code of Conduct complaints, with 766 referred for investigation and 585 staff found to have accessed the private information of welfare recipients or entered into a conflict of interest situation in breach of the code. Sanctions for these breaches reportedly ranged from 19 dismissals, 92 resignations and, more than 300 salary reductions or fines. Another est. 134 staff were demoted, reprimanded and warned. Five cases were referred to the AFP or Director of Public Prosecutions.
In 2006–07 Centrelink staff breached the information privacy principal in 367 instances, including 108 unauthorised access, 4 unauthorised disclosure and 10 unauthorised use. Another 17 new cases were opened with the Office of the Privacy Commissioner, bringing the total to 20 cases for the year. Centrelink finalised six cases with the office and as at 30 June 2007, 14 cases were still open.
By the next financial year 2007-08, Centrelink recorded 355 privacy breaches of which 100 were unauthorised access, 13 unauthorised disclosure and 1 unauthorised use. The remainder of breaches said to be primarily mailing errors.
In 2008-09 Centrelink found 368 proven privacy incidents of which 85 were unauthorised access of information, 14 were unauthorised disclosure and 1 was unauthorised use.
Financial year 2009-10 saw Centrelink admitted to 465 proven privacy incidents and it appears to have undertaken 286 staff code of conduct complaints investigations in which 187 staff member were found to have breached the code of conduct.
The following financial year 2010-11, Centrelink undertook 197 staff code of conduct complaints investigations, including 25 investigations of improper use of internet or email, and 67 investigations of ‘improper access to personal information’. The latter occurring when employees accessed records either without a business reason, or despite being directed not to do so, for example if the records belonged to themselves, family or friends. A total of 128 Centrelink staff members were found to have breached the code of conduct.
In 2011 Centrelink & Medicare were integrated into the Dept. of Human Services.
In 2011-12 the Dept. of Human Services finalised 205 staff breaches of the APS Code of Conduct, including:
68
instances
of improper access to personal information;
5
unauthorised disclosure of information;
10
conflict of interest;
48
inappropriate
behaviour other than bullying or harassment;
17
harassment and/or bullying;
8
fraud other than theft;
1
theft;
8
improper use of resources other
than email;
25
improper use of internet or email;
8
inappropriate use of government vehicles;
7
improper
use of position or status;
4
behaviour of the employee outside of work;
2
misuse of drugs and/or alcohol, and
2
other.
The next year 2012-13 the Dept. of Human Services finalised 165 matters involving 214 breaches of the code of conduct - across the gamut of human behaviour displayed in the workplace including 82 instances of improper access to personal information, 5 unauthorised disclosure of information and 26 conflict of interest.
In 2013-14 the Department of Human Services reported there were 472 matters involving staff breaches of code of conduct of which 234 were finalised, including 118 improper access to personal information, 4 unauthorised disclosure, 181 conflict of interest and 66 fraud.
The next financial year 2014-15 saw reports of 1,939 substantiated privacy incidents from which there were officially 268 findings of staff breaches of the code of conduct.
In 2015-16 there
were 368 findings of a breach of the code of conduct.
Note: From 21.9.2015 to 18.2.2016 Stuart Robert was the Minister for Human Services.
In 2016-17 there were a reported 304 staff breaches of the code of conduct.
NOTE: From 21.9.2015 to 18.2.2016 Stuart Robert was the Minister for Human Services.
In 2017-18 a total of 235 staff code of conduct investigations were completed and 224 findings of a breach were made.
In
2018-19 the Department of Human Services reported a
total of 249
staff code
of conduct investigations were completed, with 241 findings of a
breach of the code.
NOTE: From 29.5.2019 to 30.3.2021 Stuart Robert was Minister for Government Services, which included the Dept. of Human Services in his portfolio.
In May 2019 the Dept. of Human Services had a name change, becoming Services Australia.
From July 2017 to end June 2019 almost half of the breaches arose from unauthorised access to information, where staff had inappropriately accessed customer records. Almost a quarter of all breaches allegedly related to incorrect reporting of income by staff who were also in receipt of Centrelink benefits.
The Commonwealth Ombudsman's Report of 2019-20 mention that; We
received more complaints about Services Australia than any other
agency (11,222), although this was a decrease
of 3.7 per cent compared to last year.
In one case; A
complainant’s disability support pension (DSP) was cancelled as a
result of a staff error and while seeking a review of this error they
received an inheritance.
A
trustee acting on behalf of the complainant contacted Services
Australia however was unable to have the DSP payments reinstated,
despite payments not being made in excess of 12 months.
As
a result of the Office’s engagement with Services Australia during
an investigation, the complainant’s circumstances were reviewed and
they were back-paid over $45,000 for the entire period since their
DSP was cancelled. Additionally, Services Australia provided feedback
to the officer who made the initial error to improve future service.
In his following 2020-21 annual report the Commonwealth Ombudsman placed Services Australia in; the
number of disclosures assessed meeting the criteria under s 26 of the
Public Interest Disclosure Act 2013 and alleged kinds of disclosable
conduct to which the disclosures relate.
This involves 8 instances of:
•
Contravention
of a law of the Commonwealth,
state or territory (5)
•
Maladministration
(2)
•
Abuse
of public trust (2)
•
Wastage
of public money (2)
•
Conduct
that results in, or that increases, the risk
of danger to the health or safety of one or
more persons (3)
•
Abuse
of public office (3)
•
Conduct
that may result in disciplinary action
(6)
In 2021-22 the Commonwealth Ombudsman reported that 52% of complaints it received from the public involved Services Australia-Centrelink.
