Paul Wilkins paulwilkins369 at gmail.com
Thu Sep 19 10:21:30 EST 2019

NSW Police Force submission #39

On Wed, 11 Sep 2019 at 10:51, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Home affairs unlawfully accessed stored metadata, ombudsman reveals
> <https://www.theguardian.com/australia-news/2019/sep/11/home-affairs-unlawfully-accessed-stored-metadata-ombudsman-reveals>
> The home affairs department ordered companies to preserve metadata and
> used warrants to access it “without proper authority” and twice
> unlawfully accessed stored communications, according to an ombudsman’s
> report.
> In a sequel to the report revealing 116 illegal metadata searches by the
> ACT police
> <https://www.theguardian.com/australia-news/2019/jul/23/police-made-illegal-metadata-searches-and-obtained-invalid-warrants-targeting-journalists>,
> later admitted to number more than 3,000
> <https://www.theguardian.com/australia-news/2019/jul/26/act-police-admit-unlawfully-accessed-metadata-more-than-3000-times>,
> the Commonwealth Ombudsman has declared that unlawful access by government
> agencies has “reduced significantly” since 2016-17.
> But despite improved compliance, the ombudsman still found a litany of
> errors between 1 July 2017 and 30 June 2018 such as 31 instances of
> agencies receiving data outside the parameters of the authority, including
> 26 at the home affairs department.
> In 2015 law enforcement agencies gained the power to access individuals’
> metadata – information about a communication which does not include its
> content – when investigating certain offences, subject to oversight from
> the ombudsman.
> In its latest report, tabled in parliament on Tuesday, the ombudsman
> concluded that agencies were “generally exercising their powers …
> appropriately” but highlighted lapses including:...
> On Tue, 13 Aug 2019 at 15:53, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>> I found this rather cryptic observation in the submission
>> <https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18&subId=668584>
>> from the Inspector General of Intelligence and Security. It points out
>> where metadata retained under the Data Retention regime, may be accessed
>> without a warrant, where the data in question is not content. Such would
>> obviously be the case where LEAs sought access to metadata datastreams
>> using a TCN as the enabling authorisation. After due consideration of a
>> number of other PJCIS submissions, I'm yet more confident than where I
>> first laid out the case to PJCIS back last November, that a combination of
>> s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
>> metadata datastreams without warrant or any judicial or parliamentary
>> oversite.
>> It should also be noted that although the obligations in the
>> Telecommunications Act 1997 prevent carriers and carriage service providers
>> from disclosing telecommunications data without a warrant or authorisation
>> in place, these obligations do not prevent agencies from accessing that
>> data using other means. Any access by an agency to telecommunications data
>> that does not require disclosure by a carrier or carriage service provider
>> would therefore not require a warrant or authorisation, unless it also
>> involved accessing content or unauthorised access to a computer.
>> *Access to telecommunications data outside Chapter 4 of the TIA ActThe
>> Committee may wish to discuss with relevant agencies the extent, if any, to
>> which telecommunications data is accessed outside the framework provided by
>> Chapter 4 of the TIA Act.*
>> The Australian Information Commissioner's submission
>> <https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f&subId=668240> could
>> also be regarded as making the case that s280/s313 substantiate warrantless
>> access to metadata.
>> The OAIC recommends that the Committee consider implementing an
>> enforceable restriction on the agencies that are permitted to access
>> telecommunications data, noting this was a safeguard that provided privacy
>> protections in the absence of more formal mechanisms such as a
>> warrant-based access regime. As the law currently stands, there appears to
>> be mechanisms for accessing telecommunications data outside of the TIA Act
>> that, while permitted, have the practical impact of reducing the
>> effectiveness of safeguards in the TIA Act.
>> Kind regards
>> Paul Wilkins
>> On Sat, 27 Jul 2019 at 14:56, Paul Wilkins <paulwilkins369 at gmail.com>
>> wrote:
>>> Report in the Guardian today of judicial and governance experts
>>> increasingly concerned Australia is stifling journalism and State
>>> accountability playing the security trump card.
>>> National security being used to stifle public interest journalism,
>>> former judges warn
>>> <https://www.theguardian.com/australia-news/2019/jul/27/national-security-being-used-to-stifle-public-interest-journalism-former-judges-warn>
>>> As regards the consequences of this, Data Retention means that
>>> conventional avenues for whistleblowers to contact national media are
>>> severely curtailed, where the Feds can apply for journalist warrants, as
>>> they have recently, to go after the ABC et al. And as has been pointed out,
>>> no warrant is required to access data retention of non journalist sources
>>> suspected of leaking, which gives police an end around the journalist
>>> warrant process anyway.
>>> Now from a jurisprudential prism within the Australian jurisdiction,
>>> this looks like a simple conflict of security versus accountability, but
>>> not so. Because of the reach of the internet beyond Australia's
>>> jurisdiction, the Data Retention regime creates a situation where
>>> whistleblowers have options. They can either leak their concerns to an
>>> Australian media organisation, and run the gambit of being exposed, or,
>>> they may prefer to leak to organisations outside the Australian
>>> jurisdiction, to organisations who won't have the national interest as a
>>> concern, nor the constraints of operating as a media organisation within
>>> the Australian jurisdiction. Which is kind of germane if you were say,
>>> inclined towards leaking matters pertaining to national security.
>>> Kind regards
>>> Paul Wilkins
>>> On Wed, 17 Jul 2019 at 11:29, Mark Smith <markzzzsmith at gmail.com> wrote:
>>>> On Wed, 17 Jul 2019 at 10:32, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>> Comms Alliance submission
>>>>> <https://www.aph.gov.au/DocumentStore.ashx?id=10156360-86ba-4fff-93c9-f2caa3577dd6&subId=668168>
>>>>> makes the case that the costs of Data Retention are not being properly
>>>>> compensated, with substantial incurred costs being a carrier expense.
>>>>> The initial capital costs incurred by industry to meet the
>>>>> requirements of the regime were
>>>>> partially – but not fully – met via grants from Government. As has
>>>>> been highlighted in
>>>>> information presented to the committee, industry has incurred a net
>>>>> cost to meet its
>>>>> obligations under the regime of *at least $171m over a four year
>>>>> period*, despite cost-recovery mechanisms being in place.
>>>>> This gets more interesting still, when you begin to consider the
>>>>> substantially more expensive and complex TCNs/TANs.
>>>> The less carriers there are, the better suited it is to the
>>>> government's surveillance agenda. It must have been really easy for LEAs to
>>>> only have to deal with PMG and then Telecom. So if they cost a carrier out
>>>> of business, they'll only be crying crocodile tears.
>>>> There are many threats to many parties in this agenda, that's perhaps
>>>> one not really recognised.
>>>>> Kind regards
>>>>> Paul Wilkins
>>>>> On Thu, 11 Jul 2019 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>> wrote:
>>>>>> This enquiry has data retention back in the news, that and recent AFP
>>>>>> execution of search warrants on journalists.
>>>>>> Link to PJCIS submissions
>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Submissions>
>>>>>> Kind regards
>>>>>> Paul Wilkins
>>>>>> On Tue, 2 Jul 2019 at 11:38, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>> News this morning that the Victorian government is developing plans
>>>>>>> to use mobile apps to track commuters. The government argues the data will
>>>>>>> be used to improve travel times. This however, ignores the larger picture,
>>>>>>> that across all Australian governments, both State and Federal, there's a
>>>>>>> forward going agenda to widen the meta data kept on citizens - CCTV facial
>>>>>>> recognition, license plate capture, and that these data bases are being
>>>>>>> integrated by law enforcement.
>>>>>>> So where there exists the theoretical possibility that data
>>>>>>> retention metadata can now, under existing law, be integrated into other
>>>>>>> law enforcement databases under TANs/TCNs, there is a genuine concern that
>>>>>>> blandishments by law enforcement that "we wouldn't do that" may not
>>>>>>> actually be an effective check on creeping extensions of police powers, and
>>>>>>> that there should in fact be legislated protections against the use of data
>>>>>>> retention datasets.
>>>>>>> Kind regards
>>>>>>> Paul Wilkins
>>>>>>> On Fri, 21 Jun 2019 at 17:05, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>>> wrote:
>>>>>>>> Submissions close 1st July for those so foolhardy as to throw their
>>>>>>>> random stream of consciousness into the void of Dep't Home Affairs'
>>>>>>>> accountability.
>>>>>>>> And when you throw your random stream of consciousness into the
>>>>>>>> void, the void throws its random stream of consciousness back at you, or
>>>>>>>> something.
>>>>>>>> Kind regards
>>>>>>>> Paul Wilkins
>>>>>>>> On Sat, 13 Apr 2019 at 11:26, Paul Wilkins <
>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>> I raised the point in my PJCIS submissions regarding the
>>>>>>>>> Assistance and Access Act, that TANs/TCNs are potentially sufficient
>>>>>>>>> grounds to serve as authorisation under s280/s313 of the Telecommunications
>>>>>>>>> Act for the access of Data Retention datasets, and so provide the necessary
>>>>>>>>> enabling legislation for law enforcement to institute access to metadata
>>>>>>>>> datastreams.
>>>>>>>>> I had thought with the election announced, there'd be some respite
>>>>>>>>> from this rinse/repeat cycle of calling for public submissions. Just when
>>>>>>>>> you thought it was safe to go back in the water.
>>>>>>>>> Kind regards
>>>>>>>>> Paul Wilkins
>>>>>>>>> On Fri, 12 Apr 2019 at 19:29, Robert Hudson <hudrob at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>> From: ITPA President <president at itpa.org.au>
>>>>>>>>>> Date: Wed, 10 Apr 2019 at 20:27
>>>>>>>>>> To: <exec at itpa.org.au>
>>>>>>>>>> FYI
>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>> From: Little, Robert (REPS) <Robert.Little.Reps at aph.gov.au>
>>>>>>>>>> Date: Fri, 5 Apr 2019 at 13:23
>>>>>>>>>> To:
>>>>>>>>>> The Parliamentary Joint Committee on Intelligence and Security
>>>>>>>>>> has commenced a review of the mandatory data retention regime proscribed by
>>>>>>>>>> Part 5-1A of the *Telecommunications (Interception and Access)
>>>>>>>>>> Act 1979 (TIA Act).*
>>>>>>>>>> <https://www.legislation.gov.au/Details/C2019C00010> On behalf
>>>>>>>>>> of the Committee I am writing to invite you to make a submission to the
>>>>>>>>>> Committee’s review.
>>>>>>>>>> The mandatory data retention regime is a legislative framework
>>>>>>>>>> which requires carriers, carriage service providers and internet service
>>>>>>>>>> providers to retain a defined set of telecommunications data for two years,
>>>>>>>>>> ensuring that such data remains available for law enforcement and national
>>>>>>>>>> security investigations.
>>>>>>>>>> Section 187N of the TIA Act provides for the review and requires
>>>>>>>>>> the Committee to report by 13 April 2020. Terms of reference are available
>>>>>>>>>> here
>>>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Terms_of_Reference>
>>>>>>>>>> .
>>>>>>>>>> The Committee has resolved to focus on the following aspects of
>>>>>>>>>> the legislation:
>>>>>>>>>>    - the continued effectiveness of the scheme, taking into
>>>>>>>>>>    account changes in the use of technology since the passage of the Bill;
>>>>>>>>>>    - the appropriateness of the dataset and retention period;
>>>>>>>>>>    - costs, including ongoing costs borne by service providers
>>>>>>>>>>    for compliance with the regime, any potential improvements to oversight,
>>>>>>>>>>    including in relation to journalist information warrants;
>>>>>>>>>>    - any regulations and determinations made under the regime;
>>>>>>>>>>    - the number of complaints about the scheme to relevant
>>>>>>>>>>    bodies, including the Commonwealth Ombudsman and the Inspector-General of
>>>>>>>>>>    Intelligence and Security;
>>>>>>>>>>    - security requirements in relation to data stored under the
>>>>>>>>>>    regime, including in relation to data stored offshore;
>>>>>>>>>>    - any access by agencies to retained telecommunications data
>>>>>>>>>>    outside the TIA Act framework, such as under the Telecommunications Act
>>>>>>>>>>    1997; and
>>>>>>>>>>    - developments in international jurisdictions since the
>>>>>>>>>>    passage of the Bill.
>>>>>>>>>> *Making a submission*
>>>>>>>>>> The Committee invites written submissions addressing any or all
>>>>>>>>>> of the areas of focus for the Committee’s inquiry. Submissions should
>>>>>>>>>> clearly identify which areas of focus are being addressed.
>>>>>>>>>> Prospective submitters are advised that any submission to the
>>>>>>>>>> Committee’s inquiry must be prepared solely for the inquiry and should not
>>>>>>>>>> be published prior to being accepted by the Committee. Documents do not
>>>>>>>>>> attract parliamentary privilege until they are accepted by the Committee.
>>>>>>>>>> Documents submitted during the election period will be held by the
>>>>>>>>>> Secretariat and provided to the Committee as established in the 46th
>>>>>>>>>> Parliament.
>>>>>>>>>> Submissions are requested by *1 July 2019*. Further information
>>>>>>>>>> about making a submission to a parliamentary committee inquiry is available
>>>>>>>>>> here
>>>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/House/Making_a_submission>
>>>>>>>>>> .
>>>>>>>>>> Regards
>>>>>>>>>> Robert
>>>>>>>>>> *Robert Little** |* *Inquiry Secretary*
>>>>>>>>>> *Parliamentary Joint Committee on Intelligence and Security*
>>>>>>>>>> *Department of the House of Representatives*
>>>>>>>>>> PO Box 6021 | Parliament House | Canberra ACT 2600
>>>>>>>>>> Ph. (02) 6277 4589 | *www.aph.gov.au/pjcis*
>>>>>>>>>> <http://www.aph.gov.au/pjcis>
>>>>>>>>>> *Facebook:* @AusHouseofRepresentatives
>>>>>>>>>> <http://www.facebook.com/aushouseofrepresentatives> | *Twitter:*
>>>>>>>>>> @AboutTheHouse <http://twitter.com/aboutthehouse>
>>>>>>>>>> Don’t take your organs to heaven, heaven knows we need them here.
>>>>>>>>>> Register to be an organ donor *here.*
>>>>>>>>>> <http://www.medicareaustralia.gov.au/public/services/aodr/index.jsp>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Robert Hudson
>>>>>>>>>> President, ITPA
>>>>>>>>>> president at itpa.org.au
>>>>>>>>>> 0408 860 595
>>>>>>>>>> _______________________________________________
>>>>>>>>>> AusNOG mailing list
>>>>>>>>>> AusNOG at lists.ausnog.net
>>>>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190919/bc698961/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 1136 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190919/bc698961/attachment-0001.jpg>

More information about the AusNOG mailing list