Paul Wilkins paulwilkins369 at gmail.com
Wed Sep 11 10:51:01 EST 2019

Home affairs unlawfully accessed stored metadata, ombudsman reveals

The home affairs department ordered companies to preserve metadata and used
warrants to access it “without proper authority” and twice unlawfully
accessed stored communications, according to an ombudsman’s report.

In a sequel to the report revealing 116 illegal metadata searches by the
ACT police
later admitted to number more than 3,000
the Commonwealth Ombudsman has declared that unlawful access by government
agencies has “reduced significantly” since 2016-17.

But despite improved compliance, the ombudsman still found a litany of
errors between 1 July 2017 and 30 June 2018 such as 31 instances of
agencies receiving data outside the parameters of the authority, including
26 at the home affairs department.

In 2015 law enforcement agencies gained the power to access individuals’
metadata – information about a communication which does not include its
content – when investigating certain offences, subject to oversight from
the ombudsman.

In its latest report, tabled in parliament on Tuesday, the ombudsman
concluded that agencies were “generally exercising their powers …
appropriately” but highlighted lapses including:...

On Tue, 13 Aug 2019 at 15:53, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> I found this rather cryptic observation in the submission
> <https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18&subId=668584>
> from the Inspector General of Intelligence and Security. It points out
> where metadata retained under the Data Retention regime, may be accessed
> without a warrant, where the data in question is not content. Such would
> obviously be the case where LEAs sought access to metadata datastreams
> using a TCN as the enabling authorisation. After due consideration of a
> number of other PJCIS submissions, I'm yet more confident than where I
> first laid out the case to PJCIS back last November, that a combination of
> s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
> metadata datastreams without warrant or any judicial or parliamentary
> oversite.
> It should also be noted that although the obligations in the
> Telecommunications Act 1997 prevent carriers and carriage service providers
> from disclosing telecommunications data without a warrant or authorisation
> in place, these obligations do not prevent agencies from accessing that
> data using other means. Any access by an agency to telecommunications data
> that does not require disclosure by a carrier or carriage service provider
> would therefore not require a warrant or authorisation, unless it also
> involved accessing content or unauthorised access to a computer.
> *Access to telecommunications data outside Chapter 4 of the TIA ActThe
> Committee may wish to discuss with relevant agencies the extent, if any, to
> which telecommunications data is accessed outside the framework provided by
> Chapter 4 of the TIA Act.*
> The Australian Information Commissioner's submission
> <https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f&subId=668240> could
> also be regarded as making the case that s280/s313 substantiate warrantless
> access to metadata.
> The OAIC recommends that the Committee consider implementing an
> enforceable restriction on the agencies that are permitted to access
> telecommunications data, noting this was a safeguard that provided privacy
> protections in the absence of more formal mechanisms such as a
> warrant-based access regime. As the law currently stands, there appears to
> be mechanisms for accessing telecommunications data outside of the TIA Act
> that, while permitted, have the practical impact of reducing the
> effectiveness of safeguards in the TIA Act.
> Kind regards
> Paul Wilkins
> On Sat, 27 Jul 2019 at 14:56, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>> Report in the Guardian today of judicial and governance experts
>> increasingly concerned Australia is stifling journalism and State
>> accountability playing the security trump card.
>> National security being used to stifle public interest journalism, former
>> judges warn
>> <https://www.theguardian.com/australia-news/2019/jul/27/national-security-being-used-to-stifle-public-interest-journalism-former-judges-warn>
>> As regards the consequences of this, Data Retention means that
>> conventional avenues for whistleblowers to contact national media are
>> severely curtailed, where the Feds can apply for journalist warrants, as
>> they have recently, to go after the ABC et al. And as has been pointed out,
>> no warrant is required to access data retention of non journalist sources
>> suspected of leaking, which gives police an end around the journalist
>> warrant process anyway.
>> Now from a jurisprudential prism within the Australian jurisdiction, this
>> looks like a simple conflict of security versus accountability, but not so.
>> Because of the reach of the internet beyond Australia's jurisdiction, the
>> Data Retention regime creates a situation where whistleblowers have
>> options. They can either leak their concerns to an Australian media
>> organisation, and run the gambit of being exposed, or, they may prefer to
>> leak to organisations outside the Australian jurisdiction, to organisations
>> who won't have the national interest as a concern, nor the constraints of
>> operating as a media organisation within the Australian jurisdiction. Which
>> is kind of germane if you were say, inclined towards leaking matters
>> pertaining to national security.
>> Kind regards
>> Paul Wilkins
>> On Wed, 17 Jul 2019 at 11:29, Mark Smith <markzzzsmith at gmail.com> wrote:
>>> On Wed, 17 Jul 2019 at 10:32, Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>> Comms Alliance submission
>>>> <https://www.aph.gov.au/DocumentStore.ashx?id=10156360-86ba-4fff-93c9-f2caa3577dd6&subId=668168>
>>>> makes the case that the costs of Data Retention are not being properly
>>>> compensated, with substantial incurred costs being a carrier expense.
>>>> The initial capital costs incurred by industry to meet the requirements
>>>> of the regime were
>>>> partially – but not fully – met via grants from Government. As has been
>>>> highlighted in
>>>> information presented to the committee, industry has incurred a net
>>>> cost to meet its
>>>> obligations under the regime of *at least $171m over a four year
>>>> period*, despite cost-recovery mechanisms being in place.
>>>> This gets more interesting still, when you begin to consider the
>>>> substantially more expensive and complex TCNs/TANs.
>>> The less carriers there are, the better suited it is to the government's
>>> surveillance agenda. It must have been really easy for LEAs to only have to
>>> deal with PMG and then Telecom. So if they cost a carrier out of business,
>>> they'll only be crying crocodile tears.
>>> There are many threats to many parties in this agenda, that's perhaps
>>> one not really recognised.
>>>> Kind regards
>>>> Paul Wilkins
>>>> On Thu, 11 Jul 2019 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>> This enquiry has data retention back in the news, that and recent AFP
>>>>> execution of search warrants on journalists.
>>>>> Link to PJCIS submissions
>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Submissions>
>>>>> Kind regards
>>>>> Paul Wilkins
>>>>> On Tue, 2 Jul 2019 at 11:38, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>> wrote:
>>>>>> News this morning that the Victorian government is developing plans
>>>>>> to use mobile apps to track commuters. The government argues the data will
>>>>>> be used to improve travel times. This however, ignores the larger picture,
>>>>>> that across all Australian governments, both State and Federal, there's a
>>>>>> forward going agenda to widen the meta data kept on citizens - CCTV facial
>>>>>> recognition, license plate capture, and that these data bases are being
>>>>>> integrated by law enforcement.
>>>>>> So where there exists the theoretical possibility that data retention
>>>>>> metadata can now, under existing law, be integrated into other law
>>>>>> enforcement databases under TANs/TCNs, there is a genuine concern that
>>>>>> blandishments by law enforcement that "we wouldn't do that" may not
>>>>>> actually be an effective check on creeping extensions of police powers, and
>>>>>> that there should in fact be legislated protections against the use of data
>>>>>> retention datasets.
>>>>>> Kind regards
>>>>>> Paul Wilkins
>>>>>> On Fri, 21 Jun 2019 at 17:05, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>> Submissions close 1st July for those so foolhardy as to throw their
>>>>>>> random stream of consciousness into the void of Dep't Home Affairs'
>>>>>>> accountability.
>>>>>>> And when you throw your random stream of consciousness into the
>>>>>>> void, the void throws its random stream of consciousness back at you, or
>>>>>>> something.
>>>>>>> Kind regards
>>>>>>> Paul Wilkins
>>>>>>> On Sat, 13 Apr 2019 at 11:26, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>>> wrote:
>>>>>>>> I raised the point in my PJCIS submissions regarding the Assistance
>>>>>>>> and Access Act, that TANs/TCNs are potentially sufficient grounds to serve
>>>>>>>> as authorisation under s280/s313 of the Telecommunications Act for the
>>>>>>>> access of Data Retention datasets, and so provide the necessary enabling
>>>>>>>> legislation for law enforcement to institute access to metadata datastreams.
>>>>>>>> I had thought with the election announced, there'd be some respite
>>>>>>>> from this rinse/repeat cycle of calling for public submissions. Just when
>>>>>>>> you thought it was safe to go back in the water.
>>>>>>>> Kind regards
>>>>>>>> Paul Wilkins
>>>>>>>> On Fri, 12 Apr 2019 at 19:29, Robert Hudson <hudrob at gmail.com>
>>>>>>>> wrote:
>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>> From: ITPA President <president at itpa.org.au>
>>>>>>>>> Date: Wed, 10 Apr 2019 at 20:27
>>>>>>>>> To: <exec at itpa.org.au>
>>>>>>>>> FYI
>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>> From: Little, Robert (REPS) <Robert.Little.Reps at aph.gov.au>
>>>>>>>>> Date: Fri, 5 Apr 2019 at 13:23
>>>>>>>>> To:
>>>>>>>>> The Parliamentary Joint Committee on Intelligence and Security has
>>>>>>>>> commenced a review of the mandatory data retention regime proscribed by
>>>>>>>>> Part 5-1A of the *Telecommunications (Interception and Access)
>>>>>>>>> Act 1979 (TIA Act).*
>>>>>>>>> <https://www.legislation.gov.au/Details/C2019C00010> On behalf of
>>>>>>>>> the Committee I am writing to invite you to make a submission to the
>>>>>>>>> Committee’s review.
>>>>>>>>> The mandatory data retention regime is a legislative framework
>>>>>>>>> which requires carriers, carriage service providers and internet service
>>>>>>>>> providers to retain a defined set of telecommunications data for two years,
>>>>>>>>> ensuring that such data remains available for law enforcement and national
>>>>>>>>> security investigations.
>>>>>>>>> Section 187N of the TIA Act provides for the review and requires
>>>>>>>>> the Committee to report by 13 April 2020. Terms of reference are available
>>>>>>>>> here
>>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Terms_of_Reference>
>>>>>>>>> .
>>>>>>>>> The Committee has resolved to focus on the following aspects of
>>>>>>>>> the legislation:
>>>>>>>>>    - the continued effectiveness of the scheme, taking into
>>>>>>>>>    account changes in the use of technology since the passage of the Bill;
>>>>>>>>>    - the appropriateness of the dataset and retention period;
>>>>>>>>>    - costs, including ongoing costs borne by service providers
>>>>>>>>>    for compliance with the regime, any potential improvements to oversight,
>>>>>>>>>    including in relation to journalist information warrants;
>>>>>>>>>    - any regulations and determinations made under the regime;
>>>>>>>>>    - the number of complaints about the scheme to relevant
>>>>>>>>>    bodies, including the Commonwealth Ombudsman and the Inspector-General of
>>>>>>>>>    Intelligence and Security;
>>>>>>>>>    - security requirements in relation to data stored under the
>>>>>>>>>    regime, including in relation to data stored offshore;
>>>>>>>>>    - any access by agencies to retained telecommunications data
>>>>>>>>>    outside the TIA Act framework, such as under the Telecommunications Act
>>>>>>>>>    1997; and
>>>>>>>>>    - developments in international jurisdictions since the
>>>>>>>>>    passage of the Bill.
>>>>>>>>> *Making a submission*
>>>>>>>>> The Committee invites written submissions addressing any or all of
>>>>>>>>> the areas of focus for the Committee’s inquiry. Submissions should clearly
>>>>>>>>> identify which areas of focus are being addressed.
>>>>>>>>> Prospective submitters are advised that any submission to the
>>>>>>>>> Committee’s inquiry must be prepared solely for the inquiry and should not
>>>>>>>>> be published prior to being accepted by the Committee. Documents do not
>>>>>>>>> attract parliamentary privilege until they are accepted by the Committee.
>>>>>>>>> Documents submitted during the election period will be held by the
>>>>>>>>> Secretariat and provided to the Committee as established in the 46th
>>>>>>>>> Parliament.
>>>>>>>>> Submissions are requested by *1 July 2019*. Further information
>>>>>>>>> about making a submission to a parliamentary committee inquiry is available
>>>>>>>>> here
>>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/House/Making_a_submission>
>>>>>>>>> .
>>>>>>>>> Regards
>>>>>>>>> Robert
>>>>>>>>> *Robert Little** |* *Inquiry Secretary*
>>>>>>>>> *Parliamentary Joint Committee on Intelligence and Security*
>>>>>>>>> *Department of the House of Representatives*
>>>>>>>>> PO Box 6021 | Parliament House | Canberra ACT 2600
>>>>>>>>> Ph. (02) 6277 4589 | *www.aph.gov.au/pjcis*
>>>>>>>>> <http://www.aph.gov.au/pjcis>
>>>>>>>>> *Facebook:* @AusHouseofRepresentatives
>>>>>>>>> <http://www.facebook.com/aushouseofrepresentatives> | *Twitter:* @
>>>>>>>>> AboutTheHouse <http://twitter.com/aboutthehouse>
>>>>>>>>> Don’t take your organs to heaven, heaven knows we need them here.
>>>>>>>>> Register to be an organ donor *here.*
>>>>>>>>> <http://www.medicareaustralia.gov.au/public/services/aodr/index.jsp>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Robert Hudson
>>>>>>>>> President, ITPA
>>>>>>>>> president at itpa.org.au
>>>>>>>>> 0408 860 595
>>>>>>>>> _______________________________________________
>>>>>>>>> AusNOG mailing list
>>>>>>>>> AusNOG at lists.ausnog.net
>>>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190911/5819c5b7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 1136 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190911/5819c5b7/attachment-0001.jpg>

More information about the AusNOG mailing list