ACT Policing has revealed that in the 2015-16 financial year it accessed so-called telecommunications metadata on 3365 occasions without the lawful authority required.
A Commonwealth Ombudsman report tabled in parliament earlier this week revealed that during a two-week period in October 2015, an officer within ACT Policing had authorised access to telecommunications data on 116 occasions, despite not having the legal authority to do so.
The Ombudsman said that the Australian Federal Police, of which ACT Policing is part, told it that the “omission on the written authorisation was due to an administrative oversight”.
“The omission occurred when the AFP instrument of delegation was updated. In October 2015, ACT Policing identified the omission and made a request for it to be corrected,” a statement issued today by ACT Policing said.
“The ACT Policing position holder, who previously held the appropriate delegation, had continued issuing authorities in good faith unaware that the delegation had been omitted.”
Today ACT Policing revealed that the total number of unlawful authorisations was significantly higher than previously revealed.
The Ombudsman’s findings related only to a two-week sample of records examined as part of its oversight role. However, when examining the 116 requests for telco data, ACT Policing found an additional 3249 telecommunications data requests made from 11 March to 13 October 2015 that were also not duly authorised.
“The Ombudsman’s Office has been kept informed throughout the examination and quarantining process. It is not appropriate to identify particular cases,” ACT Policing said.
“ACT Policing has implemented measures to maintain enduring authorisation to prevent this issue reoccurring and is committed to ensuring access to telecommunications data is conducted appropriately and transparently.”
A report released earlier this week by the Department of Home Affairs revealed that during the 2017-18 financial year, law enforcement agencies accessed metadata on more than 296,000 occasions using the provisions of the data retention regime.
In 2017 the AFP announced that it had illegally accessed the metadata of a journalist during the course of an investigation.