Governments and data logging
There was a recent article in The Age whereby police gained access to a journalist’s phone records without a warrant.
There are many issues here - it is described “as a mistake”. Policy and procedure are designed to eliminate the possibility of this kind of mistake:
Police: “Can I have access to Fred’s phone metadata?”
Data person looks up step number 1 and says… “Do you have a warrant?”
Data person looks up flowchart which says “If warrant is no”
Data person: “Sorry, no warrant, no query”
We then read that “The vulnerability is the investigator needs to understand that that’s their requirement” - this is just wrong. Both the investigator and the person receiving the request need to know that is the requirement.
Later we read something slightly more disturbing - “He stressed the content of the journalist’s phone calls were not accessed, just the call records.” This implies that the content was also available, but not accessed at this point in time.
The processes and procedures that should be in place would have been developed in response to reasonable concerns about possible abuses of the system(s). What does it say about these processes and about the attitudes of those implementing them that we have this situation arise?