An Australian Federal Police investigator obtained a journalist’s call records without a warrant, it was revealed today.
AFP commissioner, Andrew Colvin, said this afternoon that the data breach had taken place as part of an investigation into a leak of confidential police material. The metadata breach was referred to the Commonwealth Ombudsman on April 26.
Commissioner Colvin said the journalist at the centre of the breach has not been informed and it was the reporter’s metadata not the content of phone calls that was accessed during the leak. He blamed 'human error' for the breach.
He said that as a result of the breach, the AFP has raised the level of authorisation required for access to data of this type, is limiting the number of authorised officers who can approve access of this type; and stepping up mandatory training of investigators and officers “to make sure they are fully aware of their obligations under the Act.”
“As a result of this breach, we’ve also had cause to review other matters, other investigations underway in the AFP that also result to unathorised release of information in these circumstances to make sure we have not breached somewhere else. And I am satisfied on the back of that review that there have been no further breaches,” he said.
Damian Kay CEO, at ASX-listed tech firm, Inabox Group, was quick to weigh in on the breach, saying it won’t be a shock to anyone in the media or IT industry that a police officer has accessed the records of a journalist’s phone calls.
“This is exactly what experts have been warning about for years. The government’s metadata retention laws are extremely flawed. It is simply not a good idea to have all this information in one place, leaving it open to human error or deliberate malice. It’s a massive honeypot for people who want to do the wrong thing.
“It’s not good enough simply to say this was a case of human error. Ask any security expert, and they’ll tell you that the weakest link in any security system is people. Human error will occur again and again.
“Australia has walked into a Big Brother state, and we call on the Turnbull government not just to review this particular incident but reconsider the entire metadata retention policy.”
Journalists union and industry advocate, the Media Entertainment & Arts Alliance said it was "appalled at the revelation an Australian Federal Police officer has been able to access a journalist’s telecommunications data without being granted the necessary Journalists Information Warrant."
The MEAA said it has campaigned strongly against the ability of government agencies to access journalists’ and media companies’ telecommunications data in order to hunt down and identify confidential sources.
MEAA CEO Paul Murphy said: “Despite all of the requirements put in place before a Journalist Information Warrant can be granted, the system has failed. This is an attack on press freedom. It demonstrates that there is very little understanding of the press freedom concerns that we have been raising with politicians and law enforcement officials for several years now."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.