[LINK] Australian police fail to quantify metadata use in investigations

Wed Dec 17 15:31:35 AEDT 2014

Australian police fail to quantify metadata use in investigations
By Allie Coyne on Dec 17, 2014 11:11 AM
iTNews
http://www.itnews.com.au/News/398893,australian-police-fail-to-quantify-metadata-use-in-investigations.aspx

Law enforcement agencies lay out case for data retention.

Australia's police forces say they are unable to actually quantify how 
helpful metadata is to criminal investigations and convictions, despite 
today repeating their argument for a two-year period of mandatory data 
retention by telco providers.

The country’s three largest law enforcement and national security 
agencies today fronted a parliamentary committee investigating the 
Government’s draft data retention bill to plead their case for the 
scheme, arguing it is necessary to protect the nation against 21st 
Century security threats.

Representatives from the Australian Federal Police (AFP), spy agency 
ASIO, the Attorney-General’s Department and the Australian Crime 
Commission outlined several cases in which access to historical 
telecommunications metadata had proved crucial in law enforcement 
efforts, and aided in thwarting attacks and capturing dangerous individuals.

But despite asserting that the failure of the bill would throw law 
enforcement ‘into the dark ages’, the majority of Australia’s police 
agencies said they couldn't quantify how helpful metadata had been in 
operations and convictions.

In submissions to the inquiry, the SA, WA, NT and Victorian police 
forces - as well as the AFP - revealed the volume of requests each had 
made for metadata in each of the past five years.

Victoria topped the list in terms of volume, making 62,737 requests for 
historical metadata in 2013-14 - up from the previous year but down from 
2010 and 2011, which peaked at just over 67,000.

WA Police made 27,315 requests for metadata in 2013-14 , while SA Police 
accessed metadata on 1556 occasions in the past 12 months. NT Police did 
not break down its figures per year, saying only it had made over 15,000 
requests for metadata over the last five years.

The Australian Federal Police accessed metadata on 25,726 occasions in 
its 2012-13 year (the most recent year reported), adding to a total of 
110,225 requests over the past five years.

Neither the AFP, Victoria Police, NT Police nor WA Police detailed 
whether the accessed metadata had been used in investigations or to 
successfully convict offenders, claiming internal systems weren't 
configured to capture such information, or that it was not readily 
available.

Additionally, none were able to detail a percentage breakdown of the age 
of the data accessed.

The only police agency to offer any such detail was SA Police, which 
revealed more than half of the 1556 authorisations made in 2014-15 
related to metadata that was more than 12 months old. Around 43 percent 
related to data less than three months old.

It did not reveal how much of the data had been used in investigations, 
but said it had proceeded with 146 convictions as a result of metadata 
access.

The AFP argued the frequency of its requests for metadata or the data's 
age might not be the most relevant way of calculating its value.

“The nature of criminal investigations means that the bulk of matters 
subject to investigation relate to relatively recent conduct,” the 
police agency argued in its submission.

“However, where those investigations relate to historical events, the 
investigation will likely be more complex, relate to more serious 
conduct, or both. While the volume of requests for telecommunications 
data beyond 12 months old is likely to be lower than for more recent 
data, the relative value of that data is likely to be more significant.”

The AFP detailed three investigations in which it said metadata had been 
vital: a 2009 planned terrorist attack on the NSW Holdsworthy Barracks; 
a 2005 Melbourne homegrown terror cell led by Abdul Nacer Benbrika; and 
in the 2006 conviction of Faheem Khalid Lodhi relating to a plan to bomb 
part of the Australian electricity supply system.

In the Holdsworthy case, metadata revealed one individual’s relationship 
with others engaged in extremist activity, which then allowed the AFP to 
enter into a more comprehensive investigation which later led them to a 
local terrorist cell planning an attack, the police force said.

In the Lodhi investigation, historical call records proved 
communications between two individuals engaging in concerning behaviour 
and allowed the AFP to arrest the pair and prevent a terrorist act, the 
AFP said.

The AFP used metadata in conjunction with interception and surveillance 
devices in the Benbrika case to establish the identity of implicated 
individuals and prove communication and meetings between those under 
investigation.

Industry formally responds to draft bill

In its first formal response to the draft data retention bill, the 
industry body representing Australian telcos and internet services 
providers raised a number of concerns with numerous aspects of the bill.

“Agencies will naturally tend to ’ask for everything’ because 
completeness lowers the risk of any small detail being missed,” the 
Communications Alliance wrote in its submission.

“But when telecommunications users and taxpayers are liable for the cost 
of ‘everything’, some discipline should be applied to the scope and 
volume of agency requests, to increase the likelihood that the national 
cost incurred is reasonably proportionate to the additional national 
security garnered.”

The Comms Alliance said the Government had introduced legislation 
without specifying the financial liability approximately 600 providers 
caught under the scheme would be forced to bear; without detailing the 
specific data set to be retained; and without proving the proposed 
regime was proportional to the security threat faced.

“It is presently unclear to us what the level of contribution the 
Government will make toward the capital-expense of complying with the 
proposed data retention regime. Indications from Government to date 
imply that it will not amount to full reimbursement, but the extent of 
the reimbursement remains unclear,” it argued.

“We would like it to be noted that anything less than full reimbursement 
by Government of CSP costs will constitute an impost on Australian CSPs 
that will not necessarily be shared by offshore-based or local providers 
of ‘over-the-top’ (OTT) services in Australia that do not operate 
eligible infrastructure in Australia.”

It also raised concerns about the two-year period being proposed for 
retention.

While it agreed two years for telephone data was appropriate and close 
to industry practice, the Comms Alliance said a number of its members 
believed a period of six months would be more appropriate for 
internet-related data.

As such, the Government should implement a regime based on a six month 
retention model for internet data, and review its efficacy in its 
three-year review of the legislation.

It also recommended the Government reverse its decision to include the 
proposed dataset in supporting regulations rather than the main 
legislation, in order to “guard against unforeseen future scope-creep 
through the broadening of the types of data required to be created 
and/or retained”.

The author of the bill, the Attorney-General’s Department, needed to 
better consult with industry to ensure it uses terminology consistent 
with that used in industry, the Comms Alliance said.

“A common understanding of data set terminology is crucial to ensuring 
that retained data is both relevant to the needs of Government and 
negates any need for industry to create new data in order to comply with 
a differing interpretation.”

The scheme should also have safeguards against civil litigants seeking 
access to the retained data, and also make clear that telcos and ISPs 
are not required to provide individuals “on-demand access” to their 
stored data.

-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web:   www.drbrd.com
web:   www.problemsfirst.com
Blog:  www.problemsfirst.com/blog