Victorian Police could be allowed to copy, delete and add data to a computer as well as remotely access a target's PC to prevent a terrorist attack as part of an overhaul of state law, at the same time as the state's police data watchdog raised concerns about internal security practices at the force.
The powers are among a range of new abilities tabled in parliament following a review of the state’s counter terrorism legislation by a former County Court judge, former Victoria Police deputy commissioner and a retired lieutenant-general.
The review committee highlighted a need for state legislation to allow the Supreme Court to issue a search warrant for remote access to data on a target's computer where it was satisified there were "reasonable grounds" to suspect it would substantially assist in the prevention of a possible terrorist act.
The government accepted the suggestion, which recommended the use of federal law governing ASIO powers as a precedent in setting the new state legislation.
The ASIO legislation allows for the addition, deletion or alteration of data on a target computer under warrant “if necessary” to obtain access to relevant data, as well as “anything reasonably necessary to conceal the fact that anything has been done under the warrant”.
The review made 13 recommendations to help police investigate suspected terrorists, 12 of which were backed by the state government.
The government said it also supported allowing police to seek preventative detention orders during an imminent threat, rather than being limited to threats expected within two weeks; and aligning the state’s definition of a terrorist act to that of the Commonwealth.
The review did, however, reject a Victoria Police submission which said police should be able to bypass the Supreme Court and apply to a senior officer to be able to remotely access computers and tap phones in an emergency.
It said prior Supreme Court authorisation for the use of such an “intrusive” power was a “necessary and justifiable safeguard”.
The only recommendation the government opposed was that tenants or occupants of a premise be notified of a property search after it had occured, due to warnings by both the Victoria Police and the Australian Federal Police that such notices could potentially jeopardise ongoing investigations.
Watchdog still concerned about ability to protect sensitive data
The likely granting of extended powers comes as the state's commissioner for law enforcement data security (CLEDS) raised concerns about the force's approach to the security of its own data in his final report to parliament.
David Watts' office has been a prominent critic and sparring partner of the Victoria Police over the past eight years, and last night tabled its final report before the office is merged with the state privacy commissioner.
While Watts commended the police on a number of improvements, he said that a lack of strategic clarity around its Police Information Process and Practice (PIPP) reform program meant that internal information management still had holes.
The one-year old PIPP reforms propose a wholescale re-engineering of business processes within the agency, the most high profile element of which is dealing with Victoria Police's green-screen LEAP system, which is still inefficiently updated from paper by a dedicated data entry team.
The report also highlighted the problematic use of personal devices by officers in the line of duty, which - despite warnings of the risk of unauthorised access - continues to be a problem.
CLEDS has so far counted 47 confirmed breaches of police data security in the past financial year, down from the eight-year average, but said that number would rise as it completes further investigations.
The number of instances of staff inappropriately accessing the LEAP system rose from an average of around 20 per year to 29.
Watts did however acknowledge that the force had lifted its game over the past year by clearing several years’ backlog of outstanding CLEDS recommendations.
Additionally, after several years of prompting, Victoria Police has finally signed up all third parties authorised to access its systems (such as IT vendors) to the same data security standards expected of the agency itself.
When CLEDS was formed, Watts said, not a single person inside the police could list who had and who didn’t have access to these highly sensitive systems.
“This significant achievement deserves acknowledgement,” he said.