Today, the Commonwealth Ombudsman, Mr Michael Manthorpe PSM, released a report on his investigation into the AFP’s use and administration of telecommunications data powers.
The investigation was launched in response to a disclosure the AFP made to the Ombudsman that it had identified compliance issues affecting ACT Policing’s handling of requests for a certain type of telecommunications data—location-based services (LBS), colloquially known as ‘pings’ dating back to 2007.
‘My Office’s investigation identified that the internal procedures at ACT Policing and a cavalier approach to exercising telecommunications data powers resulted in a culture that did not promote compliance with the TIA Act. This contributed to the non-compliance identified in this report,’ Mr Manthorpe said.
The investigation identified that many of the authorisations made by ACT Policing for LBS between 13 October 2015 and 2019 were not properly authorised or reported to the Ombudsman or the relevant Commonwealth Minister.
‘This means LBS could have been accessed unlawfully,’ Mr Manthorpe said.
‘This could have a number of potential consequences, for example, the privacy of individuals may have been breached and we have been unable to rule out the possibility that unauthorised LBS may have been used for prosecutorial purposes.’
The investigation also found the AFP and ACT Policing missed a number of opportunities to identify and address that ACT Policing was accessing LBS outside the AFP’s approved process earlier.
Further, our Office was not satisfied that the scope of the breaches has been fully identified by the AFP nor the potential consequences and consider it is possible breaches have occurred in parts of the AFP other than ACT Policing.
‘Law enforcement agencies rely on a wide range of covert and intrusive tools to do their work, but to maintain public trust these tools need to be properly deployed, in accordance with the legislation which governs their use,’ Mr Manthorpe said.
‘Indeed, the Parliament currently has before it proposed legislation which will further extend the powers of law enforcement agencies, in relation to being able to detect and disrupt criminal activity. A critical factor in effective oversight of such powers is that law enforcement agencies need to report to the Ombudsman about how the powers are being used, so that compliance can be assessed and publicly reported. In this case full reporting did not occur to the Ombudsman for a considerable period of time.’
The report makes eight recommendations to assist the AFP in addressing these issues and implementing processes to prevent recurrence of similar issues. The AFP has accepted all eight recommendations.
The report can be found on the Commonwealth Ombudsman website here