In a late Friday afternoon news dump, Australian Federal Police commissioner Andrew Colvin has confirmed that a journalist’s metadata was accessed illegally by investigators trying to hunt down a leak.
A week’s worth of a journalist’s call records were accessed by an officer earlier this year as part of an investigation into the leak of classified material to a journalist, Colvin said in a press conference late last Friday afternoon. Colvin said that this access was illegal because the officer involved in the investigation failed to obtain a warrant.
Under compromises made to the mandatory data retention legislation passed in 2015, Labor forced the government to introduce warrants that law enforcement agencies must obtain prior to being able to access the metadata of a journalist. Prior to the legislation passing, no warrant was required. Since the legislation has passed, however, Colvin claims the AFP has sought none of these journalist-specific warrants.
But as the result of a “routine review” of an investigation, the AFP found that, in this investigation, the data had been accessed illegally, and this breach was subsequently reported to the Commonwealth Ombudsman. The ombudsman has announced an independent investigation will be conducted separately from the AFP’s own investigations.
[Keane: data breach illustrates danger of mass surveillance]
The investigation into the leak was halted, Colvin said, but no actions would be taken against the officer involved.
Colvin claimed that the officer’s failure to obtain a warrant was “human error” and no ill-will was involved in the illegal access of the journalist’s own metadata. While the illegally obtained data held by the AFP for the investigation has been destroyed, Colvin admitted that the investigators had seen the data and may have determined the journalist’s source:
“Clearly they can’t unsee it. They’ll need to consider in terms of next steps of the investigation what weight they put on what they saw but that material was accessed illegally so it can bear no — it can have no bearing on the conduct of the investigation. If in the judgement of the investigators that information may afford evidence at some point later, there is a different process we will have to go through.”
Colvin refused to name the journalist involved, and said the AFP would not consider informing the journalist themselves until the investigation into the leak has been completed.
“The investigation about the leak is still ongoing. That’s why I’m not going to say too much about it. For that reason, we haven’t notified the journalist that we have breached and accessed that particular journalist’s data without the warrant. Once the investigation takes its full course, we will be able to consider what actions we need to take but at this stage, we haven’t advised the journalist.”
In addition to the ombudsman’s review, Colvin said the AFP had refined its processes to prevent it happening again:
“We have raised the level of internal authorisation required for access to data of this type. We are limiting the number of authorised officers who can approve access of this type. We are also re-rolling out and stepping up mandatory training to all investigators and authorised officers to make sure they are fully aware of their obligations under the Act. I have been assured and I am confident that the changes we have made are robust and give me confidence that a breach of this nature should not occur again.”
The AFP is seeking to downplay the incident. While the agency informed the Commonwealth Ombudsman on Wednesday last week, it waited a full two days, late on Friday afternoon in the “news dump” territory, to announce it to the public.
[Did Brandis breach his own ‘journalist information warrant’ law?]
Senator Nick Xenophon told Crikey that he backs a Senate inquiry into the breach, and said he would be asking the AFP questions on the matter at Senate estimates hearings in the weeks after the budget.
“The AFP assured people nothing like this would ever happen. Well it has, in spectacular fashion,” he said.
“What has happened here should send a deep chill down the spine every journalist and every Australian who cares about a free press.”
Greens co-deputy leader Scott Ludlam called for a full investigation into the breach. “A scheme that was forced on to the public as a counter-terror tool was instead used in exactly the way we’ve long feared — in pursuit of a journalist and their source,” Ludlam said in a statement.
While journalists have their own metadata protected by this scheme — when law enforcement don’t break the law — the average citizen can still have their metadata accessed without the need for the agencies to get a warrant. In fact, if the officer in this case had simply just sought the metadata of people who might have potentially been talking to the journalist — rather than the metadata of the journalist directly — they never would have needed to obtain a warrant in the first place.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.