In March 2015, Australia’s data retention law (Scribd) passed with support from both sides. The law required telecoms and ISPs to keep customer metadata for two years. It also brought new requirements for accessing journalist metadata. Law enforcement, including the Australian Federal Police (AFP), must apply for a Journalist Information Warrant before examining examining metadata. A mere two weeks after the laws officially came into play, the AFP announced that an officer illegally accessed a journalist’s phone calls.
The data retention law required the telecom and internet service provider companies to store a trove of customer data. Consumers expressed their disapproval of the new law as the law requested inherently personal data. Names, addresses, times, data, where a communication occurred, and even the length of the communication fell under the scoop pure of the new law. The journalist warrant element passed in the an example of effort to appease media organizations concerned with the freedom of press, CNET explained. Journalists, though, receive no notification if the police access their data.
AFP Commissioner Andrew Colvin announced that the police confirmed that a breach occurred, but upon further investigation, the beach occurred internally by an AFP officer. “Put simply, this was human error. It should not have occurred.” Once law enforcement concluded that data was obtained Illegally, they destroyed the information. “[The breach] was identified by the AFP as a result of our own review,” Colvin said. The Illegally obtained data contributed to no investigations, he reassured the public.
“It’s extremely rare that we’re interested in a journalist’s metadata,” the Commissioner explained. “We have breached in respect to a journalist’s particular circumstances on this occasion. I don’t think that gives cause to say that the public should have their confidence shattered in the system.”
Instances such as this, albeit not necessarily by the police themselves, made the majority of the public’s objection to the laws in the first place. The media compared the forced storage of customer data by telecommunication companies to a “honeypot.” Telecom companies became a bigger target since, to hackers, a breach carried far more value when accompanied by an enormous cache of user data. Additionally, the potential damage associated with employee error or negligence skyrocketed.
“The internet is a very busy place for people that choose to do harm,” said Michael Burgess, the Chief Information Security Officer of Australia’s largest carrier, Telstra, in 2015. “We would have to put extra measures in place… to make sure that data was safe from those that should not have access to it.”