An increasing number of local councils spied on residents by requesting access to their phone metadata without a warrant last financial year, with the number of requests from government agencies hitting an all-time high.
The Australian Federal Police also shared data and further disclosures to foreign countries, including Russia, in the period, the figures from the Attorney-General’s department, released this week, reveal.
The telecommunications data available to government agencies under federal law, often referred to as “metadata”, includes phone and internet account information,
outward and inward call details, phone and internet access location data, and details of Internet Protocol addresses (though not the actual content of communications).
Although thousands of these authorisation requests were made by criminal law enforcement agencies, including police, a long list of other government agencies have also accessed metadata
without a warrant to chase fines or to protect revenue, including a growing number of local city councils, Australia Post, the RSPCA, racing bodies and more.
The data is also used by agencies to investigate leaks to the media.
In the year ending June 30, 2014, two new councils jumped on the bandwagon in an attempt to access citizens’ metadata, including The Hills Shire council,
covering the northern Sydney suburb of Castle Hill and surrounds, and Darebin City Council, in Melbourne’s trendy inner north.
In a statement, the The Hills Shire council said it made a request to track down a roof cleaner who “left some hoses running in a resident’s downpipe”.
“As a result, a nearby creek turned orange,” it said.
“Throughout investigations, council staff were only able to track the contractor’s mobile phone number.
“As a result, council requested a telecommunications company provide the contractor’s name and address so that a caution could be issued.
“However, before the request could be approved, Council identified the business and issued a caution.”
A total of six local councils across the eastern states are now digging up residents’ metadata to chase minor infringements including unauthorised advertising, unregistered pets and littering.
The list also includes Bankstown council in Sydney; Knox and Wyndham councils in Melbourne; and Ipswich city council, south-west of Brisbane.
Darebin and The Hills Shire made only one metadata request each, however Ipswich made 21 requests in the year – more than any other council – up from six requests in the previous period.
In 2011-12, only two councils – Bankstown and Wyndham – were accessing metadata.
However, councils and other non-criminal law enforcement agencies’ access to citizens’ metadata may be curbed in the current financial year thanks to mandatory data retention laws that passed in March.
Now, these agencies must first gain authorisation from the Attorney-General before they can begin accessing metadata.
The Attorney-General must consider a range of criteria when granting a request, including whether the agency has a binding privacy scheme, and whether the functions of the agency include investigating “serious contraventions” of the law.
Police, however, retain the same level of access, and have been criticised in the past by privacy advocates for scooping up innocent people’s data when requesting large blocks of data from mobile phone towers – known as a “tower dump” – when scrambling for leads.
Meanwhile, officials at Queensland Police began accessing the private metadata of cadets to determine whether they were sleeping with one another or faking sick days. This access was labelled by the state’s police union as “disturbing” and “potentially unlawful”.
The latest figures on telco metadata collection also reveal the Australian Federal Police shared metadata with Russia and a dozen other countries in the past financial year for the purposes of enforcing laws in those countries.
In 2013-14 the AFP authorised 19 metadata requests, followed by 17 more disclosures to foreign law enforcement bodies in France, Germany, Greece, Hong Kong, Hungary, India, Italy, Japan, Lithuania, Norway, Poland, Russia, Sri Lanka and Singapore.
Government agency requests for citizens’ metadata from their telco providers leapt by 10,590 overall in the period, to an all-time high of 349,820.