There are a lot of Australian government agencies who can access your telecommunication data without you ever knowing. One failsafe that’s supposed to ensure accountability is an annual review of how these powers are being used, conducted by an independent body. And the most recent review found that, yet again, these government agencies are accessing telco data when they’re not allowed to.
Last week, the government’s Commonwealth Ombudsman tabled its Monitoring agency access to stored communications and telecommunications data report for the 2018-2019 financial year, as first reported by ZDNet.
Out of the 20 agencies who can use this power — state and federal police forces, Department of Home Affairs and ASIC to name a few — the Ombudsman’s office looked at how ten of them covertly preserved and accessed data including text messages, emails, voicemails and metadata.
Overall, they found that the number of issues were up, year-on-year, and that every government body that was inspected had issues.
“At many agencies, we saw an increase in the number of compliance-related findings compared to our inspections in 2017–18. However, we note that a number of these findings were proactively identified and disclosed by agencies,” the report said.
The errors ranged from administrative errors to faulty processes that allowed agencies to get data when they didn’t have authorisation. There were also issues even reviewing agencies’ use of data because of their internal practices, meaning it’s impossible to know if they were acting correctly or not.
Clearly, these problems aren’t just examples of government agencies intentionally flouting the law.
But even if it’s assumed that these were carless mistakes, these violations of privacy have real impacts both for the people who are impacted and for the reputation of the agencies.
If government needs to power to violate the privacy of its citizens in the name of safety, it is reasonable to expect that it will be extremely careful while doing so.
This report shows that government bodies are failing to do that — but does suggest these organisations are responding by taking steps to improve their performance.