Australian Federal Police Redaction Failures Expose Targets, Officers And Investigations

from the and-it-still-wants-more-data dept

Australian intelligence and law enforcement agencies are pushing for access to more personal data and other records with a minimum of court oversight. The most recent development tells us they should be trusted as much with this additional info as the guy standing in front of an empty barn asking for more horses. If they can't keep what they already have safe and secure, why on earth would you give them access to more?

The Australian federal police mistakenly published highly sensitive information – including metadata – connected to criminal investigations, in a serious breach of operational security.

Guardian Australia can reveal that the AFP provided documents to the Senate, which were then made publicly available online on parliamentary sites and other sources for several years, and which accidentally disclosed information about the subjects and focus of criminal investigations and telecommunications interception activities.
Not only did the AFP reveal targets (something deemed incredibly sensitive because exposure means targets will change methods, route around surveillance, etc.), thus jeopardizing the safety of the public (or so they say), but they also revealed the names of operatives, thus jeopardizing the always-paramount safety of police personnel.

This apparently happened because the AFP doesn't understand proper redaction techniques.
The spokesman said the information was “hidden behind electronic redactions within the document” and “one phone number and an address could, under certain circumstances, be accessed”.
The actual exposed information was far more extensive than this understatement-delivered-with-an-apology tries to present it.
The information that police disclosed included the address of a target subject to surveillance, the types of criminal investigations and offences being investigated, the names of several AFP officers that are not publicly available and other identifying information including the phone number of an individual connected to an investigation.
The AFP is "truly sorry" about the self-inflicted breach and says it has apologized to "relevant stakeholders" (does this include the target?) but as one senator notes, this doesn't really instill a whole lot of confidence in an agency that is "arguing strenuously for data retention."

The agencies collecting the data can't seriously claim it will always be 100% secure, but most arguing against expanded collections conjecture the exposure will come from the outside, rather than from those collecting it. This shows that the AFP is more infatuated with its surveillance tools than its operational security, as are most agencies in the data collection business. (See also: NSA, Snowden, multiple new leakers.)

Sure, mistakes will happen, but that's one of the many reasons why law enforcement and intelligence agencies need fewer collections and more oversight. Apologizing for exposing targets and officers doesn't really do anything to fix the underlying issue: collecting for collecting's sake and the unearned swagger that accompanies it. These agencies think they can handle more because they've got the ability and the storage, but while strutting around secure in their technical superiority, they're failing Redaction 101 or allowing contractors to head out the door with thousands of sensitive documents.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, australian federal police, failures, investigations, privacy, redaction, security

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.