Australian police fail to quantify metadata use in investigations

Australia's police forces say they are unable to actually quantify how helpful metadata is to criminal investigations and convictions, despite today repeating their argument for a two-year period of mandatory data retention by telco providers.

The country’s three largest law enforcement and national security agencies today fronted a parliamentary committee investigating the Government’s draft data retention bill to plead their case for the scheme, arguing it is necessary to protect the nation against 21st Century security threats.

Representatives from the Australian Federal Police (AFP), spy agency ASIO, the Attorney-General’s Department and the Australian Crime Commission outlined several cases in which access to historical telecommunications metadata had proved crucial in law enforcement efforts, and aided in thwarting attacks and capturing dangerous individuals.

But despite asserting that the failure of the bill would throw law enforcement ‘into the dark ages’, the majority of Australia’s police agencies said they couldn't quantify how helpful metadata had been in operations and convictions.

In submissions to the inquiry, the SA, WA, NT and Victorian police forces - as well as the AFP - revealed the volume of requests each had made for metadata in each of the past five years.

Victoria topped the list in terms of volume, making 62,737 requests for historical metadata in 2013-14 - up from the previous year but down from 2010 and 2011, which peaked at just over 67,000.

WA Police made 27,315 requests for metadata in 2013-14 , while SA Police accessed metadata on 1556 occasions in the past 12 months. NT Police did not break down its figures per year, saying only it had made over 15,000 requests for metadata over the last five years.

The Australian Federal Police accessed metadata on 25,726 occasions in its 2012-13 year (the most recent year reported), adding to a total of 110,225 requests over the past five years.

Neither the AFP, Victoria Police, NT Police nor WA Police detailed whether the accessed metadata had been used in investigations or to successfully convict offenders, claiming internal systems weren't configured to capture such information, or that it was not readily available.

Additionally, none were able to detail a percentage breakdown of the age of the data accessed.

The only police agency to offer any such detail was SA Police, which revealed more than half of the 1556 authorisations made in 2014-15 related to metadata that was more than 12 months old. Around 43 percent related to data less than three months old.

It did not reveal how much of the data had been used in investigations, but said it had proceeded with 146 convictions as a result of metadata access.

The AFP argued the frequency of its requests for metadata or the data's age might not be the most relevant way of calculating its value.

“The nature of criminal investigations means that the bulk of matters subject to investigation relate to relatively recent conduct,” the police agency argued in its submission.

“However, where those investigations relate to historical events, the investigation will likely be more complex, relate to more serious conduct, or both. While the volume of requests for telecommunications data beyond 12 months old is likely to be lower than for more recent data, the relative value of that data is likely to be more significant.”

The AFP detailed three investigations in which it said metadata had been vital: a 2009 planned terrorist attack on the NSW Holdsworthy Barracks; a 2005 Melbourne homegrown terror cell led by Abdul Nacer Benbrika; and in the 2006 conviction of Faheem Khalid Lodhi relating to a plan to bomb part of the Australian electricity supply system.

In the Holdsworthy case, metadata revealed one individual’s relationship with others engaged in extremist activity, which then allowed the AFP to enter into a more comprehensive investigation which later led them to a local terrorist cell planning an attack, the police force said.

In the Lodhi investigation, historical call records proved communications between two individuals engaging in concerning behaviour and allowed the AFP to arrest the pair and prevent a terrorist act, the AFP said.

The AFP used metadata in conjunction with interception and surveillance devices in the Benbrika case to establish the identity of implicated individuals and prove communication and meetings between those under investigation.

Industry formally responds to draft bill

In its first formal response to the draft data retention bill, the industry body representing Australian telcos and internet services providers raised a number of concerns with numerous aspects of the bill.

“Agencies will naturally tend to ’ask for everything’ because completeness lowers the risk of any small detail being missed,” the Communications Alliance wrote in its submission.

“But when telecommunications users and taxpayers are liable for the cost of ‘everything’, some discipline should be applied to the scope and volume of agency requests, to increase the likelihood that the national cost incurred is reasonably proportionate to the additional national security garnered.”

The Comms Alliance said the Government had introduced legislation without specifying the financial liability approximately 600 providers caught under the scheme would be forced to bear; without detailing the specific data set to be retained; and without proving the proposed regime was proportional to the security threat faced.

“It is presently unclear to us what the level of contribution the Government will make toward the capital-expense of complying with the proposed data retention regime. Indications from Government to date imply that it will not amount to full reimbursement, but the extent of the reimbursement remains unclear,” it argued.

“We would like it to be noted that anything less than full reimbursement by Government of CSP costs will constitute an impost on Australian CSPs that will not necessarily be shared by offshore-based or local providers of ‘over-the-top’ (OTT) services in Australia that do not operate eligible infrastructure in Australia.”

It also raised concerns about the two-year period being proposed for retention.

While it agreed two years for telephone data was appropriate and close to industry practice, the Comms Alliance said a number of its members believed a period of six months would be more appropriate for internet-related data.

As such, the Government should implement a regime based on a six month retention model for internet data, and review its efficacy in its three-year review of the legislation.

It also recommended the Government reverse its decision to include the proposed dataset in supporting regulations rather than the main legislation, in order to “guard against unforeseen future scope-creep through the broadening of the types of data required to be created and/or retained”.

The author of the bill, the Attorney-General’s Department, needed to better consult with industry to ensure it uses terminology consistent with that used in industry, the Comms Alliance said.

“A common understanding of data set terminology is crucial to ensuring that retained data is both relevant to the needs of Government and negates any need for industry to create new data in order to comply with a differing interpretation.”

The scheme should also have safeguards against civil litigants seeking access to the retained data, and also make clear that telcos and ISPs are not required to provide individuals “on-demand access” to their stored data.