Only The Sangfroid

Mark is of fair average intelligence, who is neither perverse, nor morbid or suspicious of mind, nor avid for scandal. He does live in an ivory tower.

These are his draft thoughts…

Can you read my mind? Can you picture the things I’m thinking of? … On the ‘illegal’ access to metadata

As a result of our 2016–17 inspections we formed the view that agencies were generally exercising their powers to access stored  communications and telecommunications data appropriately. Agencies had frameworks in place to ensure appropriate access to intrusive powers and these frameworks appeared to be working as intended. Agencies also demonstrated a commitment to compliance and responded appropriately to compliance issues. (Commonwealth Ombudsman, ‘A report on the Commonwealth
Ombudsman’s monitoring of agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979: For the period 1 July 2016 to 30 June 2017’ [Source], 1)

If you read that paragraph and immediately thought, ‘Holy Hell, we live in an authoritarian police state where the Government is abusing its powers’, congratulations on your new job as an Australian journalist.

I have complained about it before.  I will no doubt complain about it again.  Our discussion about national security law in Australia is extremely bad because we have so few journalists who both specialise in the topic and also know what they’re talking about.  The topic is complex and, instead, we get journos who act more as lobbyists than as facilitators of debate — hence the huge number of practically unworkable carve-outs in various laws specifically to placate journalists.

Our story today begins with two paragraphs on page ten of the report:

During 2015–16 the AFP disclosed to our Office that, between 13 and 26 October 2015, all authorisations within ACT Policing were made by an officer not authorised under s 5AB(1A) of the Act. This issue affected 116 authorisations during the period. This issue also affected a large number of authorisations dating back to March 2015, which precede the commencement of our Office’s oversight on 13 October 2015.

The AFP advised this non-compliance occurred due to the Commissioner’s written authorisation under s 5AB(1A) failing to authorise any officers within ACT Policing. The AFP advised this omission on the written authorisation was due to an administrative oversight. Upon identifying the error, the AFP updated the Commissioner’s written authorisation on 26 October 2015 to appoint the relevant position within ACT Policing as an authorised officer.

There are two different responses available, equally sensible.  The first is that our legal system is built upon procedural justice and administrative defects — no matter how trivial or minor — are inexcusable.  If Police want to use this data, they should get it right.  No excuses.

The second is that minor and trivial defects in administration should not be fatal to policing.  What we want to know is that we had a just outcome, and typos and technical errors should not get in the way of a just outcome.  Indeed, so committed to this view are we that we will even give courts and tribunals the ability to fix minor and trivial defects.

You might even go a little bit further and say that this triviality of defect should not even affect appointments under statute.  Imagine that there is a position, the Director of Reviews, created under some piece of legislation and the legislation says that the Government can appoint the Director of Reviews only if the Government first consults with a lobby group.  One day, the Government appoints a Director of Reviews but does not clearly consult with the lobby group.  The Director conducts a whole lot of reviews and fines a bunch of people for serious non-compliance with their statutory obligations.  Should the slight bump in the appointment of the Director of Reviews invalidate all of those fines?

It’s known as the de facto officers doctrine, and its status in Australian law is unclear.  A Federal Court case, Kutlu v Director of Professional Services Review (2012), cast it into some doubt.  The decision has this rather lovely description:

  1. The origins of this doctrine are indeed ancient. On one account it has been traced back to 1431: G J Coles & Co Ltd v Retail Trade Industrial Tribunal (1986) 7 NSWLR 503 at 526. It is said to have had its origins in the Wars of the Roses, when it was held that the judicial acts of a usurping king whose authority de facto was recognised during the usurpation were good and in some cases good even against the king de jure on his return to power: R v Cawthorne (1977) 17 SASR 321 at 330 per Bray CJ.
  2. Whatever its precise origins, the chains of this ancient ghost continue to be jangled whenever it seems convenient to do so.

In Re Governor, Goulburn Correctional Centre; Ex parte Eastman (1999), the Government of South Australia intervened to say that ‘anarchy and chaos’ would reign if we didn’t have the de facto officers doctrine.  It’s not difficult to see why: really trivial errors in the appointment of judges would cause convictions of the worst people to be quashed for no sane reason.

So we end up with two positions: police who want to access metadata should be 110% compliant with the rules; minor and trivial errors in administration should not infect the pursuit of justice.

This is a real tension and it’s not easily answered.  We also don’t need to be strictly binary about our decision here: maybe we want more information about how minor and trivial the issue is before we place ourselves somewhere in the grey region between the two camps.

The tone of the report suggests that this really was a trivial and minor issue rather than something catastrophic.  At the time of the report, AFP was seeking legal advice about what impact the defect would have and the Ombudsman undertook to monitor the situation.  It’s hardly end of days stuff.

But you’d be forgiven for thinking otherwise if you just relied on sensationalist media accounts.

The issue was about a defective authorisation that seems to have arisen due to the weird legal relationship between ACT Policing and the Australian Federal Police (ACTPol is part of the AFP, so it looks like 5AB(1) – ‘The head (however described) of an enforcement agency may, by writing, authorise a management office or management position in the enforcement agency for the purposes of subparagraph (b)(iii) of the definition of authorised officer in subsection 5(1)‘- was purported to be used rather than 5AB(1A) – ‘The Commissioner of Police may authorise, in writing, a senior executive AFP employee who is a member of the Australian Federal Police to be an authorised officer‘. I could be wrong but I wouldn’t be surprised).

The thing that was also worth noting was the number of invalid authorisations.  The report (quoted above) noted 116 invalid authorisations, with a significant number prior to the reporting period.  That number was subsequently revealed to upwards of 3,000.  Should you be worried? How do so many requests get infected by error?  I think this shows that the use of data in support of police operations have become so routine that huge numbers of authorisations are being processed.  This, I think, is the second source of a reasonable disagreement.

Should access to telecommunications data be exceptional or routine?  I really understand the view that this power of the police should be exceptional.  You require specific access to a specific person’s telecommunication information for a specific purpose: granted.  If batch data is used, then everybody is under surveillance to some degree.  This argument is given some strong support given that recent changes to the Telecommunications (Interception and Access) Act 1979 were about preserving existing capabilities of police agencies: the shift from landline telephones to mobile data radically curtailed the police’s ability to do their job.  So the TIA should authorise police to do what they could already do, adjusted for technology, but no more.

But technology has also empowered police to be more efficient and more effective.  You don’t need to physically tap a line; you can virtually tap dozens at once.  The police are no longer confined to the same resource limitation that they were once under.

Thus the problem: I require specific access to a specific person’s telecommunication information for a specific person, and I need this a dozen times.  The resource limitation that used to exist meant that there was a slower oversight mechanism.  Now, the resource limitation is the oversight mechanism.

I think that’s a legitimate worry.  I don’t think it’s catastrophic, but the person who thinks an exceptional power has become a routine power would be on fairly firm footing here.

What we need is a good public debate about this issue to see if community attitudes are genuinely changing.  There is a lot of evidence to suggest that the media’s presentation of these issues is out of line with community opinion, but does this instead mean that the community isn’t worried about something that it should be worried about?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: