By Bill Rowlings* CEO of Civil Liberties Australia
Are Tasmanian citizens being kept in the dark about police surveillance failures? Are federal authorities being given repeated false assurances by Tasmanian Police?
If Tasmania Police (TasPol) can’t obey the law, it’s time there was a full inquiry into its competence and particularly into its compliance with electronic surveillance, recording and storing of information in the state.
For the past few years, TasPol has been held up to the rest of Australia is the prime example of how NOT to do things.
Three years of formal reports indicate TasPol is hiding its failures and is unable to comply with state and federal electronic surveillance laws and requirements. It appears to be reacting to public criticism with worthless assurances that are not being implemented, leading to criticism federally and publicly Australia-wide.
A detailed analysis shows TasPol’s ongoing failures, year after year. TasPol’s proposed “solution” of a one-off inquiry into one incident will not cut the mustard, and will not solve the deeply entrenched cultural problems within the police force in Tasmania.
Electronic surveillance matters, particularly the Tasmania Police use of surveillance devices, has recently come to the fore in the “Jeff Thompson matter” where surveillance devices were left running in a meeting room in a Hobart prison for more than two months in 2017. They indiscriminately picked up private and legally privileged conversations.
The actual warrant allegedly giving police the power to plant and use the audio, and audio-visual, surveillance devices also had a serious defect in it and was invalid on its face. The judgment of Justice Brett can be found here: Tasmania v Thompson (No 2)  TASSC 55 (28 July 2022) (austlii.edu.au)
Criminal charges against lawyer Thompson, who assisted pro bono in the Sue Neill-Fraser matter, were “dropped” in August 2022.
The continuous recording of conversations outside the scope of a warrant is a shocking invasion of privacy and breach of legal professional privilege.
The relevant inspection entity under the Police Powers (Surveillance Devices) Act 2006 is the Tasmanian Ombudsman. (NOTE: To be clear, this analysis also later discusses reports of the Commonwealth Ombudsman).
Sadly the Tas Ombudsman’s succinct annual reports, required to be tabled in the Tasmanian Parliament, lack any detail about inspection methodology and very little analytical detail, particularly when compared with equivalent reports from other jurisdictions.
The Tas Ombudsman’s annual reports also lack any real detail about compliance by Tasmania Police concerning telephone tapping or the interception of actual telephone conversations. It appears his report is provided to the Tasmanian Minister and then the Commonwealth Minister (Minister for Home Affairs) who publishes a report covering a range of issues, including key statistics (See the Telecommunications (Interception) Tasmania Act 1999).
Tasmania Police give assurances re the Thompson matter:
Tasmanians were assured by the Commissioner of Police in a statement dated 31 August 2022, following the Thompson revelations (‘Secret Prison Tapes’, Wilson 2022, The Mercury), that no conversations outside the scope of the warrant had been listened to (despite apparently contradictory evidence of Constable A (from “technical services”) before Justice Brett). The state’s citizens were also advised that a review of procedures had already been completed. See Statement from Tasmania Police – Tasmania Police
TasPol hastily announced a review to be undertaken by former Solicitor-General, Michael Farrell SC to “ensure appropriate processes” had been followed in the “one-off” lawyer Thompson case.
(A good place for a reviewer to start would be to examine warrant authorisation processes, the contents of the supporting affidavit, relevant supervision and management, record keeping and security, quality assurance (QA) processes and data vetting, and quarantining policies and procedures. A reviewer should also ask whether disclosure to the Inspection Entity was undertaken (and when) and if legal advice on the issue was sought and actioned).
More reassurances after adverse comment by C’wealth Ombudsman:
After news broke in The Mercury on 22 September 2022 that Tasmania Police had also come under fire from the Commonwealth Ombudsman re stored communications and telecommunications data (Killick 2022b), as a result of the 2022 Commonwealth Ombudsman report, a TasPol assistant commissioner assured the public that significant improvements in training and procedures had been undertaken since the inspection period (ie 1 July 2019 to 30 June 2020).
The assistant commissioner stated that the Commonwealth Ombudsman’s annual report had made seven (7) recommendations which were said to have been implemented or were “under development”. (Note, the report also made a total of 26 “suggestions” and 13 “better practice suggestions”).
Recommendations, better practice suggestions – compliance culture needed:
A “recommendation” is nothing for TasPol to be proud of. An inspection may identify a range of issues, from minor administrative errors through to serious non-compliance and systemic issues.
If an issue is sufficiently serious and/or had been previously identified and not resolved, an ombudsman may make formal recommendations for remedial action. Where an issue is less serious, in the first instance the ombudsman will make “suggestions” for improvement. The ombudsman may also make “better practice suggestions” where it is considered an agency’s existing practices may expose it to a risk of non-compliance.
The Commonwealth Ombudsman reports consistently note the importance of a “compliance culture”. The inspections look at whether the agency:
- was proactive in identifying compliance issues;
- adequately addressed issues at previous inspections;
- engaged openly with the office;
- was cooperative and frank.
It is noted that a strong compliance culture is fundamental to an agency’s capacity to comply with the Act.
Recent reports of the Commonwealth Ombudsman on TasPol
The results for the Commonwealth Ombudsman’s three most recent reports (2020, 2021 and 2022) in relation to stored communications and telecommunications data are:
2020 – primarily covers period 1 July 2017 to 30 June 2018
(The period during which the Thompson surveillance was undertaken via surveillance device was 15 June to 17 August 2017).
Tasmania Police was singled out as a “Case Study” to show the broader effects that the lack of a compliance culture has on an agency’s ability to identify and reflect on compliance issues (p.13).
The inspection found that Tasmania Police did not have a well-developed compliance culture. This was indicated by a large number of issues across several of its processes, including limited progress in addressing previous inspection findings and significant variances in the level of awareness of requirements under the Act.
It was considered that the required improvements could not be implemented without fundamental changes to the way Tasmania Police approached compliance (p.14).
Two major recommendations about the overall approach to compliance were made concerning a training and awareness program and a compliance program (p.14). The Commonwealth Ombudsman stated that the office would monitor the efficacy of changes at future inspections (p.14).
There were five (5) pages of findings/comment in relation to Tasmania Police regarding stored communications (pp.34-38). Two recommendations, 10 suggestions and one better practice suggestion were made in relation to stored communications.
During the relevant inspection, it was identified that Tasmania Police had not taken sufficient remedial action to address findings from the 2017-18 inspection (p.35).
This was regarded as a “significant” finding (emphasis added). Specifically, Tasmania Police had failed to take any action to manage information it had received from a carrier that did not comply with warrant conditions (p.35).
The Commonwealth Ombudsman also found issues concerning the destruction of stored communications information (p.36). At both the 2017-18 and 2018-19 inspections, it was identified that all stored communications a particular carrier provided to Tasmania Police were received by a staff member who was not authorised to receive them under the Act (p.36).
The inspection also identified instances where an ineligible issuing authority invalidly issued stored communications warrants (p.36). They were not satisfied that Tasmania Police had taken appropriate remedial action to manage the unlawfully accessed stored communications (p.37).
The inspection also identified that, at the time of the inspection, Tasmania Police had not provided its annual report to the Minister for the 2017-18 period, contrary to s.159 of the Telecommunications (Interception and Access) Act 1979 (p.37).
There were four (4 ) pages of comment in relation to telecommunications data (pp.67-70). Again, the Commonwealth Ombudsman was not satisfied that Tasmania Police had taken required remedial action from the 2017-18 inspection (p.67). A number of “significant” findings were listed.
The report noted that, at is 2019-20 inspection, Tasmania Police could not demonstrate that the quarantining that had been suggested had taken place (p.69).
Overall, there were two recommendations, 10 suggestions and one better practice suggestion as a result of the inspection (pp.34 & 67). There were also two (2) recommendations to the Tasmania Police about its overall approach to compliance.
2021 – covers records from 1 July 2018 to 30 June 2019
In addition to the recommendations, suggestions and better practice suggestions the Commonwealth Ombudsman made to agencies in relation to telecommunications data and stored communications findings, the report made four (4 )recommendations to Tasmania Police regarding its overall approach to compliance (p.6).
Tasmania Police was again selected as a “Case Study” for an agency with a lack of a compliance culture (emphasis added) (pp.6-7).
The Commonwealth Ombudsman was not satisfied that Tasmania Police had taken sufficient action to address previous recommendations. They found a lack of detailed or authoritative agency-level policies and procedures to assist officers in their decision-making (p.7). The report stated:
“Tasmania Police is yet to implement a compliance-focused approach to using these intrusive powers” and
“Tasmania Police was not able to clearly identify or demonstrate the remedial action it had taken to address our previous findings” (p.7).
Tasmania Police advised that it was committed to developing a strong compliance culture and outlined steps it was taking to provide comprehensive training and guidance to staff (p.7).
The report made a further two (2) recommendations, nine (9) suggestions and one better practice suggestion about access to stored communications (p.44). Significant findings were outlined at pp.45-47. They included issues around data vetting and quarantining processes and destruction of stored communications.
Tasmania Police was a further “Case Study” in relation to providing insufficient levels of training and support to staff (emphasis added) (p.57).
The report made a further three (3) recommendations and 13 suggestions about telecommunications data (p.91). Significant findings are outlined at pp.92-94.
Overall, the Commonwealth Ombudsman Office made 21 recommendations in relation to 3 agencies (Tasmania Police being one of these).
The report attracted media comment by The Examiner (Holmes 2021).
2022 – covers records from 1 July 2019 to 30 June 2020
In this report, the Commonwealth Ombudsman Office made a total of 29 recommendations in relation to six (6) agencies (of the 19 to 20 agencies inspected (p.5)). The report stated that while the Commonwealth Ombudsman was satisfied with the remedial action taken by many agencies in response to previous inspection findings, there were several agencies where issues re-occurred.
In relation to stored communications, Tasmania Police was the subject of one (1) recommendation, 12 suggestions and 8 better practice suggestions (p.13).
Following the 2020-21 inspection of Tasmania Police, there were two (2) instances identified where stored communications warrants were issued by a magistrate who did not have a valid appointment in force (p.16). The Commonwealth Ombudsman’s Office had previously raised a similar issue with Tasmania Police in their 2018 inspection – emphasis added – (where two (2) magistrates had issued four (4) warrants but were not eligible issuing authorities) (p.16).
The Ombudsman advised Tasmania Police that it should quarantine all stored communications obtained and seek legal advice regarding any use or communication of the accessed information. (emphasis added)
Tasmania Police subsequently identified an additional instance occurring in the 2020-21 records period (p.17). In response, Tasmania Police advised that they had quarantined all affected data and taken action to manage any use or communication in accordance with advice received (p.17).
In relation to telecommunications data, the Commonwealth Ombudsman’s Office, in relation to Tasmania Police, made six (6) recommendations, 10 suggestions and five (5) better practice suggestions. There were also four (4) suggestions re the issue of a Journalist Information Warrant (JIW) (p.32).(emphasis added).
This most recent report made a total of seven (7 )recommendations, 26 suggestions and 13 better practice suggestions in relation to Tasmania Police.
This report stated in relation to the important issue of data vetting (p.39):
Over several previous inspections of Tasmania Police, we made findings about data it received outside the parameters of authorisations that were not identified and quarantined. We previously made suggestions to Tasmania Police regarding establishing data vetting and quarantining policies and procedures. (emphasis added)
The Commonwealth Ombudsman’s Office noted that it was pleased to see in its most recent inspection that Tasmania Police had developed procedures for data vetting in line with previous findings (p.39).
These data vetting (and quarantining) procedures were clearly not in force at the time of the Jeff Thompson matter in 2017.
In conclusion, Tasmania Police was singled out in the 2020 and 2021 reports as a “Case Study” of an Australian agency without an appropriate compliance culture. Tasmania Police has a concerning number of recommendations when compared to other agencies the subject of inspection. Whilst various undertakings have been given across the years examined, the findings in the most recent report are concerning.
Clearly, there are numerous and serious questions for TasPol to answer.
In relation to the issue of invalid warrants for stored communications, has legal advice been sought? If so, what was the outcome? Has disclosure been made to relevant parties who may be the subject of prosecution? Are there broader implications for historical cases/convictions where invalid warrants were involved?
The Commonwealth Ombudsman Office has published inspection methodologies and well established processes. What does the lack of an appropriate compliance culture within Tasmania Police mean for compliance in other areas of electronic surveillance including surveillance devices (listening, optical and tracking devices) and telephone tapping or interception?
The report of the Tasmanian Ombudsman into surveillance devices dated 16 August 2017 failed to identify any issues with the bugging scandal in relation to lawyer Jeff Thompson. This (and further reports) raises the issue of whether the capture of private conversations (including legally privileged conversations) outside the scope of the warrant over a two-month period was ever disclosed to him. It also appears that the 2017 Ombudsman report was not tabled in the Tasmanian Parliament, which is a formal requirement.
It is interesting to note the reassurances on electronic surveillance matters given by senior police to the Tasmanian community in recent times.
Why is it that a check of the Tasmania Police Annual reports (2018/19, 2019/20, 2020/21) in corresponding recent years make no mention of the significant issues raised in the reports of the Commonwealth Ombudsman?
A list of compliance with various pieces of legislation makes no mention of any surveillance legislation such as the Listening Devices Act 1991, the Police Powers (Surveillance Devices) Act 2006, the Telecommunications (Interception and Access) Act 1979 (Cwlth) or the Tasmanian Telecommunications (Interception) Tasmania Act 1999. The issues raised also do not appear as a “Business Priority” or a performance measure requiring urgent, or indeed any, attention.
It appears as if, by deliberate omission from its annual reports each year, TasPol has actively kept the Tasmanian Parliament and people in the dark as to its omissions and failures.
What investigation and actions were taken by Tasmania Police into the serious issues raised by the Commonwealth Ombudsman? The Code of Conduct in the Police Service Act 2003 states:
42. Code of conduct
Were relevant integrity entities or members of the Tasmanian Parliament made aware of the significant issues identified by the Commonwealth Ombudsman in recent years? If not, why not?
Is there a lack of proper oversight and accountability in Tasmania (Killick 2022a)? It is time for an independent commission of inquiry into TasPol’s competence and compliance, starting with electronic surveillance? Such an inquiry may prove essential to ongoing confidence and trust in Tasmania Police and the administration of justice in that State.
The full Inspection reports of the Commonwealth Ombudsman on stored communications and telecommunications data, over a number of years, can be viewed here: All Inspection Reports – Commonwealth Ombudsman
Commonwealth of Australia (2020) Commonwealth Ombudsman’s annual report. Monitoring agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979. For the period 1 July 2018 to 30 June 2019
Commonwealth of Australia (2021) Commonwealth Ombudsman’s annual report. Monitoring agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979. For the period 1 July 2019 to 30 June 2020 covering records from 1 July 2018 to 30 June 2019
Commonwealth of Australia (2022) Commonwealth Ombudsman’s annual report. Monitoring agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979. For inspections conducted in the period 1 July 2020 to 30 June 2021 covering records from 1 July 2019 to 30 June 2020
Duckett, Chris (2021) “Commonwealth Ombudsman finds instances of telco data accessed without authority at all agencies inspected” 9 February at Commonwealth Ombudsman finds instances of telco data accessed without authority at all agencies inspected | ZDNET
Holmes, Adam (2021) “Commonwealth slams Tasmania Police’s communications storage and destruction process” The Examiner, 10 February
Killick, David (2022a) “David Killick looks inside a ‘rotten’ Tasmanian government” The Mercury, 31 August
Killick, David (2022b) “Ombudsman’s Report shows Tasmania Police accessed ‘unauthorised” telecoms data” The Mercury, 22 September (online version includes the Full Response by Police)
Tasmania Police (2022) Statement from Tasmania Police (Commissioner Darren Hine) at Statement from Tasmania Police – Tasmania Police
Wilson, Amber (2022) “Secret Prison Tapes Twist” The Mercury, 31 August 2022
* Bill Rowlings, the CEO of Civil Liberties Australia, is a former journalist and senior federal public service manager and consultant. In 2013 he received an OAM for services to civil liberties and human rights. He received help from specialist information analysts with this article.
- 1 Stored communications are communications that have already occurred and are stored on a carrier’s systems – they contain the content of the communication e.g. Short Message Service (SMS), emails and voicemails. ↑
- Telecommunications data is information about a communication, but does not include the content or substance of that communication e.g. subscriber information, the date, time and duration of a communication, the location of a mobile device from which a communication was made. ↑