Australian Mandatory Data Retention Abused Just Weeks After Rules Are Put In Place
from the because-that's-what-happens-with-data-retention dept
We’ve been talking about Australian politicians’ odd obsession with passing ever more draconian data retention rules for years now. As you may recall, the politicians pushing for this appeared to have absolutely no clue what it actually entailed. Just a few months ago, we wrote about reports about how Australia’s data retention laws had been abused to spy on journalists and their sources. While some parts of the law went into effect a year and a half ago, it appears some parts just went into effect a few weeks ago. These new rules require every ISP to retain metadata on all online communications for at least two years. And… it took just about two weeks before the Australian Federal Police (AFP) were forced to admit that it had used the info to spy on journalists (again). They insist this was a mistake, of course.
“Earlier this week, the AFP self-reported to the Commonwealth Ombudsman that we had breached the Telecommunications Interception Act. The breach … related to an investigator who sought and was provided access to the call records of a journalist without the prior authority of a journalist information warrant,” AFP Commissioner Andrew Colvin said on Friday afternoon.
“No investigational activity has occurred as a result of us being provided with that material. Put simply, this was human error. It should not have occurred, the AFP take this very seriously, and we take full responsibility for a breach in the Act. I also want to say there was no ill will, malice, or bad intent by the officers involved who breached the Act. Quite simply, it was a mistake that should not have happened.”
Even if this truly was an accident, it highlights why mandatory data retention is so dangerous. That information will be accessed, and not always for good reasons. There’s a reason why we don’t allow law enforcement to search our stuff willy nilly without a warrant, and mandatory data retention completely flips this whole concept on its head for no good reason. Such information will almost always be abused — and sometimes pretty damn quickly after it’s available.
Filed Under: australia, data retention, isps, journalists, privacy, surveillance
Comments on “Australian Mandatory Data Retention Abused Just Weeks After Rules Are Put In Place”
Link to ZDNet story is truncated...
Should be:
http://www.zdnet.com/article/afp-mistakenly-accessed-journalist-call-records-breaching-metadata-laws/
That and: ‘mistakenly’, my ass!
Re: Interesting quote in ZDNet story
“I have decided that a further amendment be moved that will require agencies to obtain a warrant in order to access a journalist’s metadata for the purpose of identifying a source,” Abbott said at the time.
“The government does not believe that this is necessary, but is proposing to accept it to expedite the Bill.”
Is there any legitimate purpose for police or government to spy on journalists?
Re: Re: Interesting quote in ZDNet story
Yes. Being a journalist does not make one an angel. If journalists enjoyed absolute immunity from investigation, then it would make sense for career criminals to take a day job as a journalist solely for the cover it would provide for their illegal activities. There are legitimate purposes for the police to investigate anyone. However, that should not mean it is easy for them to do without oversight, nor should they do it without probable cause to believe that they will uncover evidence of a crime that, upon presentation to prosecutors, is likely to be pursued.
Re: Re: Re: Interesting quote in ZDNet story
That’s not spying on a journalist, that’s spying on a Person who happens to be a journalist. Spying on a journalist means spying on them Because they’re a journalist, not because they are a person who did something wrong.
Again, I fail to see what the problem is here apart from Masnick’s typical grousing about authority. After all, that’s how they caught his buddy Kim Dotcom.
Re: Re:
Should’ve just stopped there.
Re: Re:
I know you’re a trolling moron, but a story about “the police openly broke the law the moment they had the tools handy to do so, just as predicated” is surely noteworthy even in your deranged obsessed mind?
“the AFP self-reported to the Commonwealth Ombudsman that we had breached the Telecommunications Interception Act.”
…although I think the real story here is that the police in Australia still had enough moral fibre to admit to the mistake the moment they realised, and still have a regulation body that has enough teeth to ensure they do this. Both of these things should be lauded, even if you personally think the breach was minor.
Let me guess, you’re one of the people who regularly rails against oversight and regulation here?
Re: Re: Re:
This is the lunatic who would gladly watch babies get flashbanged, houses get torn down, family pets get gunned and old ladies pee themselves under interrogation, then demand that the police be commended for their actions.
My_Name_Here is simply obsessed with wielded authority. Possibly to a sexual degree.
Re: Re: Re:
Roger summarized it well. He should have stopped at the “Again, I fail”.
So we have plenty, PLENTY of examples of the Governments abusing powers that have no practical bounds, even when there are laws and constitutions that should prevent such abuses. The issue is actually that this is not going to stop and new laws and restrictions on the govt aren’t going to do shit about it. So, knowing that much, how do you stop govt abuse?
Re: Re:
You don’t get to stop abuse.
For every permitted use, there will be a proportional amount of abuse as a result. So for any governmental responsibility you have to find the point where the diminuishing returns of a wider permitted set of tools and actions no longer offset the drawbacks of the accompanying abuse.
“The breach … related to an investigator who sought and was provided access to the call records of a journalist”
How is this possibly an “accident”? The investigator accidentally requested call records? The investigator was so inept that they did not know it was a journalist?
I don’t get how the “whoops!” defense can actually work here.
Re: Re:
The investigator accidentally skipped the optional training session that would tell him/her not to do this, accidentally requested the full take data dump instead of the summary that is always available without a warrant, and accidentally checked the "exigent circumstances" box on the request form. The data retention agent accidentally overlooked all these mistakes and delivered up the data without even an "Are you sure?" confirmation. 😉
The issue here is not that the government spied on journalists. It is that, as citizens, we have wholly and completely accepted the idea that people with a specific job title (journalist) have more rights and privileges than everyone else. That it is perfectly acceptable to spy on anyone for any reason, as long as that person is not one of the privileged few with “Journalist” in their job title.
Re: Re:
Not rights and privileges. We accept that they have more protections than everyone else.
We accept that police have a few legal and physical protections that ordinary citizens do not. This is necessary to protect them from the criminals they are tasked to combat. Elected officials often get extra legal and physical protections too.
To prevent abuse and corruption there are checks and balances. We accept that journalists are one of the big ones.
We accept that journalists can keep their sources secret, because those sources are often whistleblowers telling of abuse and corruption. We accept that because journalists speak truth to power, they and their sources need protection from that power.
Yes, the age of blogs casual journalism has blurred the definition of journalist. But that’s only made the need to protect journalists more important:
Consider the movie Spotlight, about the Boston Globe’s investigation of systemic child sex abuse in the Boston area by numerous Roman Catholic priests. It’s been said that if the story happened today, it wouldn’t have been reported. The newspaper, with a much smaller subscription base and ability to absorb legal expenses, would have backed down in the face of Church opposition.
“Put simply, this was human error.”
Yeah, no big deal …. it’s sorta like that dude who tripped, fell and accidentally impregnated that chic.
Re: Re:
Later referring to the error he was heard saying “It was DELICIOUS!”
I’m not talking about the dude impregnating the chic.
It’s always a mistake and the mistake is always in getting caught.
The usual
“we take full responsibility for a breach in the Act”
Since it is the same government that will investigate and punish the actions of itself that means…
I call bullshit on the AFP “accidentally” breaching the Telecommunications Interception Act. One of our politicians, probably from the LNP, wanted information on the journalist. Any investigation will be perfunctory to the extent of almost non-existent and the AFP will be found to be blameless and get a soggy noodle slap on the wrist.
Re: Re:
Now, now, don’t just label the LNP as the problem. ALL of our politicians can be (and probably should be tainted with the same brush). When we have the likes of Senator George Brandis (Liberals) and Premier Daniel Andrews (Labour) as examples of the upstanding and honourable Men of our Nation, we have some very serious thinking to do about our future.
Reverse
Can use meta data for spy police and government? Maybe ISP share all meta data with every person.
The response
I was waiting for TechDirt to post this. Good to see they did pick up on it.
I am surprised TechDirt didn’t mention the reply of the Attorney-General, Geroge Brandis in the story. His reply could be summarised as “meh”. (This is the same guy who wanted to legalise racism, so the response is not a surprise.)
http://www.abc.net.au/news/2017-04-29/metadata-laws-need-reform:-expert/8482104
I’m curious as to how a system that requires special warrants for a journalist is supposed to work.
I mean, does an ISP know whether one of their customer accounts is a journalists account? Is there some magic account type that is flagged as a journalist account? When signing up for an account, is the customer expected to ask for a special journalist account? Or is it just some flag on that account that a journalist has to request the ISP to set?
Or does the ISP, or some global registration body, keep some register somewhere of who is a journalist?
What happens if a non-journalist then becomes a journalist (however that is defined), are they supposed to inform the ISP to get their account flagged? Or create a new special journalist account? Or register with some body?
So, when am ISP receives a ‘regular’ warrant, are they supposed to first verify whether the target is a journalist or not? Are they on the register, have a special account or a flagged account, or do they have to do some sort of investigation first – google searches, contact the target and ask them, what?
If there is no reasonable way for an ISP to know whether an account is a journalists account, then to them the warrant-type is pretty much irrelevant – they have a warrant, hand over the data.
OK, so whether there is a way or not for the ISP to know whether the account is a journalists account, how is the requesting officer supposed to know? I mean, if they suspect some person of some crime where they want the browsing data – probably automatically requested for any suspect for any crime no matter what it is (mugging, auto-theft, assault, causing a public disturbance, public urination…) that data is there so why not get it – how do they know whether the suspect is a journalist?
Again, is there some register kept, such that when they enter the name into the software that creates the warrant it automatically flags it as a journalists account for additional approval processes? Or do they have to specifically choose the “journalist metadata warrant” form type, therefore they already need to know so as to choose the right form?
Or, before requesting any metadata warrant, ever, for anyone, are they supposed to do some sort of investigation first into whether the suspect is a journalist or not?
I can see all sorts of problem with requiring any sort ‘special’ warrant for some specific class or classes of individuals.
Re: Re:
Sigh, I was signed in for the comment above, but ever since the cloudfare issue a few months ago when passwords were reset (and looks like now with akamai) when submitting a post it signs me out unless I do a process:
1) preview (which now shows as signed out)
2) sign in – and get an error
3) hit back twice to get back to the preview
4) hit preview again which now shows as signed in
5) submit
Re: Re:
As far as I recall, a court issued warrant is required in all cases, irrespective of who the person is. Being a journalist is just a highlight of this specific breach. Even the investigation of a terrorist still has to have a court approval.
All the talk regarding saving journalists meta data started to occur around the same time a journalist went public with the story of ASIO bugging trade negotiations with Indonesia.
It did not paint either side of Government in a good light, hence the laws sailed through quite quickly.