THE Australian Federal Police has admitted to a metadata breach which occurred after a journalist’s phone calls to a police officer were illegally accessed.
AFP Commissioner Andrew Colvin told reporters at a press conference today that the record of private phone calls was accessed this year, but not the actual content of the calls.
The breach occurred during an investigation into a leak of confidential police material.
Once the breach was confirmed, he said the AFP immediately moved to destroy all of the material that was provided to them.
He said the journalist involved had not been notified, as the investigation into the leak of their private information was still ongoing. But the journalist had done nothing wrong, and was not being investigated.
“The investigation about the leak is still ongoing,” he said.
He said that the breach happened after “human error” occurred, and the record of phone calls obtained was illegal.
Commissioner Colvin took full responsibility for the breach of the law, but said it was the unintended result of the investigators’ actions.
“We take full responsibility for breaching the act,” he said. “I don’t believe that there’s been any ill will or bad intent here.”
Under the Telecommunications Interceptions Act, a warrant must be obtained in order to access a journalist’s private information. But this did not occur.
“Put simply, this was human error. It should not have occurred. The AFP takes it very seriously and we take full responsibility for a breach of the Act but I also want to say there was no ill will or malice or bad intent by the officers involved who breached the Act,” he said.
“Quite simply, it was a mistake that should not have happened. It was a mistake that was not picked up and corrected before it occurred by our internal practices and procedures.”
Commissioner Colvin said that the metadata breach has led to the AFP raising the level of internal authorisation required for access to data of this type.
They are also limiting the number of authorised officers who can approve access of this type.
He also said they will be putting AFP investigators through more training to ensure it does not happen again.
“We are also re-rolling out and stepping up mandatory training to all investigators and authorised officers to make sure they are fully aware of their obligations under the Act,” he said.
Commissioner Colvin said the AFP was also being audited by the Commonwealth Ombudsman after the AFP notified it of the breach on April 25-26.
“Any recommendations the Ombudsman makes we will obviously take very seriously,” he said.
“I have been on the record many times saying that it is extremely rare that we are interested in a journalist’s metadata but it’s not rare that we use metadata on nearly all of our investigations. It is a very common tool we use. The Ombudsman regularly inspects the Australian Federal Police’s compliance with that.”
The breach is the first incident that has emerged since the Turnbull government’s new metadata retention regime was introduced. It requires service providers to store customer data for two years.