Australian Mandatory Data Retention Abused Just Weeks After Rules Are Put In Place

from the because-that's-what-happens-with-data-retention dept

We've been talking about Australian politicians' odd obsession with passing ever more draconian data retention rules for years now. As you may recall, the politicians pushing for this appeared to have absolutely no clue what it actually entailed. Just a few months ago, we wrote about reports about how Australia's data retention laws had been abused to spy on journalists and their sources. While some parts of the law went into effect a year and a half ago, it appears some parts just went into effect a few weeks ago. These new rules require every ISP to retain metadata on all online communications for at least two years. And... it took just about two weeks before the Australian Federal Police (AFP) were forced to admit that it had used the info to spy on journalists (again). They insist this was a mistake, of course.

"Earlier this week, the AFP self-reported to the Commonwealth Ombudsman that we had breached the Telecommunications Interception Act. The breach ... related to an investigator who sought and was provided access to the call records of a journalist without the prior authority of a journalist information warrant," AFP Commissioner Andrew Colvin said on Friday afternoon.

"No investigational activity has occurred as a result of us being provided with that material. Put simply, this was human error. It should not have occurred, the AFP take this very seriously, and we take full responsibility for a breach in the Act. I also want to say there was no ill will, malice, or bad intent by the officers involved who breached the Act. Quite simply, it was a mistake that should not have happened."

Even if this truly was an accident, it highlights why mandatory data retention is so dangerous. That information will be accessed, and not always for good reasons. There's a reason why we don't allow law enforcement to search our stuff willy nilly without a warrant, and mandatory data retention completely flips this whole concept on its head for no good reason. Such information will almost always be abused -- and sometimes pretty damn quickly after it's available.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, data retention, isps, journalists, privacy, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ThaumaTechnician (profile), 2 May 2017 @ 4:10am

    Link to ZDNet story is truncated...

    link to this | view in chronology ]

    • icon
      Peter (profile), 2 May 2017 @ 4:23am

      Interesting quote in ZDNet story

      "I have decided that a further amendment be moved that will require agencies to obtain a warrant in order to access a journalist's metadata for the purpose of identifying a source," Abbott said at the time.

      "The government does not believe that this is necessary, but is proposing to accept it to expedite the Bill."

      Is there any legitimate purpose for police or government to spy on journalists?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 May 2017 @ 8:41am

        Re: Interesting quote in ZDNet story

        Is there any legitimate purpose for police or government to spy on journalists?

        Yes. Being a journalist does not make one an angel. If journalists enjoyed absolute immunity from investigation, then it would make sense for career criminals to take a day job as a journalist solely for the cover it would provide for their illegal activities. There are legitimate purposes for the police to investigate anyone. However, that should not mean it is easy for them to do without oversight, nor should they do it without probable cause to believe that they will uncover evidence of a crime that, upon presentation to prosecutors, is likely to be pursued.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 May 2017 @ 11:31am

          Re: Re: Interesting quote in ZDNet story

          That's not spying on a journalist, that's spying on a Person who happens to be a journalist. Spying on a journalist means spying on them Because they're a journalist, not because they are a person who did something wrong.

          link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    My_Name_Here, 2 May 2017 @ 5:57am

    Again, I fail to see what the problem is here apart from Masnick's typical grousing about authority. After all, that's how they caught his buddy Kim Dotcom.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 2 May 2017 @ 6:12am

      Re:

      Again, I fail

      Should've just stopped there.

      link to this | view in chronology ]

    • icon
      PaulT (profile), 2 May 2017 @ 6:32am

      Re:

      I know you're a trolling moron, but a story about "the police openly broke the law the moment they had the tools handy to do so, just as predicated" is surely noteworthy even in your deranged obsessed mind?

      "the AFP self-reported to the Commonwealth Ombudsman that we had breached the Telecommunications Interception Act."

      ...although I think the real story here is that the police in Australia still had enough moral fibre to admit to the mistake the moment they realised, and still have a regulation body that has enough teeth to ensure they do this. Both of these things should be lauded, even if you personally think the breach was minor.

      Let me guess, you're one of the people who regularly rails against oversight and regulation here?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 May 2017 @ 6:38am

        Re: Re:

        This is the lunatic who would gladly watch babies get flashbanged, houses get torn down, family pets get gunned and old ladies pee themselves under interrogation, then demand that the police be commended for their actions.

        My_Name_Here is simply obsessed with wielded authority. Possibly to a sexual degree.

        link to this | view in chronology ]

      • icon
        Ninja (profile), 2 May 2017 @ 6:58am

        Re: Re:

        Roger summarized it well. He should have stopped at the "Again, I fail".

        link to this | view in chronology ]

  • icon
    Ninja (profile), 2 May 2017 @ 7:01am

    So we have plenty, PLENTY of examples of the Governments abusing powers that have no practical bounds, even when there are laws and constitutions that should prevent such abuses. The issue is actually that this is not going to stop and new laws and restrictions on the govt aren't going to do shit about it. So, knowing that much, how do you stop govt abuse?

    link to this | view in chronology ]

    • identicon
      David, 2 May 2017 @ 7:25am

      Re:

      You don't get to stop abuse.

      For every permitted use, there will be a proportional amount of abuse as a result. So for any governmental responsibility you have to find the point where the diminuishing returns of a wider permitted set of tools and actions no longer offset the drawbacks of the accompanying abuse.

      link to this | view in chronology ]

  • identicon
    Michael, 2 May 2017 @ 7:21am

    "The breach ... related to an investigator who sought and was provided access to the call records of a journalist"

    How is this possibly an "accident"? The investigator accidentally requested call records? The investigator was so inept that they did not know it was a journalist?

    I don't get how the "whoops!" defense can actually work here.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 May 2017 @ 8:45am

      Re:

      The investigator accidentally skipped the optional training session that would tell him/her not to do this, accidentally requested the full take data dump instead of the summary that is always available without a warrant, and accidentally checked the "exigent circumstances" box on the request form. The data retention agent accidentally overlooked all these mistakes and delivered up the data without even an "Are you sure?" confirmation. ;)

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 7:46am

    The issue here is not that the government spied on journalists. It is that, as citizens, we have wholly and completely accepted the idea that people with a specific job title (journalist) have more rights and privileges than everyone else. That it is perfectly acceptable to spy on anyone for any reason, as long as that person is not one of the privileged few with "Journalist" in their job title.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 2 May 2017 @ 8:21am

      Re:

      It is that, as citizens, we have wholly and completely accepted the idea that people with a specific job title (journalist) have more rights and privileges than everyone else.

      Not rights and privileges. We accept that they have more protections than everyone else.

      We accept that police have a few legal and physical protections that ordinary citizens do not. This is necessary to protect them from the criminals they are tasked to combat. Elected officials often get extra legal and physical protections too.

      To prevent abuse and corruption there are checks and balances. We accept that journalists are one of the big ones.

      We accept that journalists can keep their sources secret, because those sources are often whistleblowers telling of abuse and corruption. We accept that because journalists speak truth to power, they and their sources need protection from that power.

      Yes, the age of blogs casual journalism has blurred the definition of journalist. But that's only made the need to protect journalists more important:

      Consider the movie Spotlight, about the Boston Globe's investigation of systemic child sex abuse in the Boston area by numerous Roman Catholic priests. It's been said that if the story happened today, it wouldn't have been reported. The newspaper, with a much smaller subscription base and ability to absorb legal expenses, would have backed down in the face of Church opposition.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 8:06am

    "Put simply, this was human error."


    Yeah, no big deal .... it's sorta like that dude who tripped, fell and accidentally impregnated that chic.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 2 May 2017 @ 10:19am

      Re:

      Later referring to the error he was heard saying "It was DELICIOUS!"

      I'm not talking about the dude impregnating the chic.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 8:42am

    It's always a mistake and the mistake is always in getting caught.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 10:01am

    The usual

    "we take full responsibility for a breach in the Act"

    Since it is the same government that will investigate and punish the actions of itself that means...

    link to this | view in chronology ]

  • identicon
    Kronomex, 2 May 2017 @ 5:11pm

    I call bullshit on the AFP "accidentally" breaching the Telecommunications Interception Act. One of our politicians, probably from the LNP, wanted information on the journalist. Any investigation will be perfunctory to the extent of almost non-existent and the AFP will be found to be blameless and get a soggy noodle slap on the wrist.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 May 2017 @ 8:29pm

      Re:

      Now, now, don't just label the LNP as the problem. ALL of our politicians can be (and probably should be tainted with the same brush). When we have the likes of Senator George Brandis (Liberals) and Premier Daniel Andrews (Labour) as examples of the upstanding and honourable Men of our Nation, we have some very serious thinking to do about our future.

      link to this | view in chronology ]

  • identicon
    Châu, 2 May 2017 @ 5:14pm

    Reverse

    Can use meta data for spy police and government? Maybe ISP share all meta data with every person.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 7:38pm

    The response

    I was waiting for TechDirt to post this. Good to see they did pick up on it.

    I am surprised TechDirt didn't mention the reply of the Attorney-General, Geroge Brandis in the story. His reply could be summarised as "meh". (This is the same guy who wanted to legalise racism, so the response is not a surprise.)
    http://www.abc.net.au/news/2017-04-29/metadata-laws-need-reform:-expert/8482104

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 8:26pm

    I'm curious as to how a system that requires special warrants for a journalist is supposed to work.

    I mean, does an ISP know whether one of their customer accounts is a journalists account? Is there some magic account type that is flagged as a journalist account? When signing up for an account, is the customer expected to ask for a special journalist account? Or is it just some flag on that account that a journalist has to request the ISP to set?

    Or does the ISP, or some global registration body, keep some register somewhere of who is a journalist?

    What happens if a non-journalist then becomes a journalist (however that is defined), are they supposed to inform the ISP to get their account flagged? Or create a new special journalist account? Or register with some body?


    So, when am ISP receives a 'regular' warrant, are they supposed to first verify whether the target is a journalist or not? Are they on the register, have a special account or a flagged account, or do they have to do some sort of investigation first - google searches, contact the target and ask them, what?

    If there is no reasonable way for an ISP to know whether an account is a journalists account, then to them the warrant-type is pretty much irrelevant - they have a warrant, hand over the data.

    OK, so whether there is a way or not for the ISP to know whether the account is a journalists account, how is the requesting officer supposed to know? I mean, if they suspect some person of some crime where they want the browsing data - probably automatically requested for any suspect for any crime no matter what it is (mugging, auto-theft, assault, causing a public disturbance, public urination...) that data is there so why not get it - how do they know whether the suspect is a journalist?

    Again, is there some register kept, such that when they enter the name into the software that creates the warrant it automatically flags it as a journalists account for additional approval processes? Or do they have to specifically choose the "journalist metadata warrant" form type, therefore they already need to know so as to choose the right form?

    Or, before requesting any metadata warrant, ever, for anyone, are they supposed to do some sort of investigation first into whether the suspect is a journalist or not?

    I can see all sorts of problem with requiring any sort 'special' warrant for some specific class or classes of individuals.

    link to this | view in chronology ]

    • icon
      Eldakka (profile), 2 May 2017 @ 8:30pm

      Re:

      Sigh, I was signed in for the comment above, but ever since the cloudfare issue a few months ago when passwords were reset (and looks like now with akamai) when submitting a post it signs me out unless I do a process:
      1) preview (which now shows as signed out)
      2) sign in - and get an error
      3) hit back twice to get back to the preview
      4) hit preview again which now shows as signed in
      5) submit

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 May 2017 @ 9:00pm

      Re:

      As far as I recall, a court issued warrant is required in all cases, irrespective of who the person is. Being a journalist is just a highlight of this specific breach. Even the investigation of a terrorist still has to have a court approval.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2017 @ 1:29am

    All the talk regarding saving journalists meta data started to occur around the same time a journalist went public with the story of ASIO bugging trade negotiations with Indonesia.
    It did not paint either side of Government in a good light, hence the laws sailed through quite quickly.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.