Australian Police Routinely Engage in Unauthorised Access of Our Confidential Details

0

Advocates say complaints about unauthorised access of police databases may be ‘tip of the iceberg’ – and are particularly worried about cases involving family violence.

Fran* noticed her son-in-law’s behaviour was escalating. She says he was increasingly controlling of her daughter Sarah’s* life – monitoring her finances and being verbally abusive.

The three were all living together and the situation felt particularly risky because he was a police officer. He had surveillance skills and access to information that seemed to give him a sense of power, and he held it over their heads.

This blew up after Simon*, a family friend, started pushing back on her son-in-law’s conduct. Simon called “a spade a spade”, Fran says, and he wouldn’t back down.

Not long after, her son-in-law called her out on to the patio, saying he “had something to tell” her. “He sat me down [and] said, ‘I’ve investigated Simon’s background’ … and just basically told me everything that was on the police record.

“He told me [because] he was a cop he knew how the system worked, and he would never get caught.”

Fran and Sarah believe that her abuser used his access to internal police information in a bid to get Simon out of their lives. “I think it was a control thing for him,” Sarah says. “Just to control his environment and not have someone there who would question him and his behaviour.”

A Guardian Australia investigation has found that police forces around Australia have fielded hundreds of complaints about misuse of information, and in particular unauthorised access of internal police databases, since 2020.

The reasons for the complaints are not detailed in the documents released under freedom of information laws, but advocates say they want more attention paid to the risks of misuse – particularly in situations involving family violence.

“What we find is that if the victim-survivor has officer-involved family violence … we’re in a different league,” says Karen Bentley, the chief executive of Wesnet, a peak body for family violence services, because police have “access to information that the general public don’t”.

Internal databases might include addresses, phone numbers, incident reports and car registration details.

A 2022 Commission of Inquiry into Queensland Police Service responses to domestic and family violence report found that access to information and weapons meant that “when police officers perpetrate domestic and family violence, they are particularly dangerous”.

Lauren Caulfield from Beyond Survival, who coordinates a family violence project focused on police perpetrators in Victoria, says: “There has never been an investigation into the scale of misuse of the database committed by officers in cases of family violence and stalking.”

“What we know is potentially the tip of the iceberg.”

Complaints against police

Guardian Australia used freedom of information laws to request the number of complaints about unauthorised access to information by police each year since 2020.

In Queensland, police shared there had been 547 complaints or notifications, while in Tasmania there were 89.

Neither jurisdiction shared the outcome of those complaints.

A Tasmania police spokesperson says it adopts “a best practice approach to information security” and points to a 2018 Tasmanian Integrity Commission report that found its approach was “adequate and appropriate”.

In South Australia, there were 350 complaints about confidentiality of information between 2020 and 2023, including improper access to and disclosure of information.

No further action was taken in more than half of those complaints after an assessment by the internal investigations section.

Of the remaining complaints, according to a South Australia police spokesperson, nine warranted charges in the police disciplinary tribunal and most others resulted in “training, counselling or education”.

South Australia police believes its current framework “provides adequate protection of the confidential information which it holds”.

Between January 2020 and April 2024, the Australian federal police received 22 complaints involving 32 allegations of information access or information misuse against ACT police, of which seven were established and seven were still under investigation.

Of these allegations, one involved a situation linked to domestic violence and was part of an ongoing professional standards investigation.

“Information access breaches are not tolerated in the AFP,” a spokesperson says.

According to data released by New South Wales police, there have been more than 1,000 complaints about potential unlawful access and improper disclosure of police information since 2020 – although there may be duplicates where an incident included both allegations.

Assistant commissioner Peter Cotter, the commander of the professional standards command, says the NSW police force acknowledges the approximately 1,000 complaints, and the number is “considered to reflect an accurate identification of those employees who have breached the trust afforded to them”.

Cotter says NSW police have safeguards in place, including audit processes and training. “When such matters are identified, a full and comprehensive investigation follows … and where there are significant and severe breaches they are investigated criminally,” he says.

Two broad categories of misuse

In NSW, the internal police data system is called the Computerised Operational Policing System, or Cops. Thirty-six officers have been charged with “accessing or modifying data held in computer” between 2020 and March 2024.

Samantha Lee, a supervising solicitor at the Redfern Legal Centre, says the number of complaints in NSW suggests “that unauthorised access to information is a systemic issue that needs immediate attention from law enforcement”.

There are several cases now before the NSW courts concerning alleged misuse of Cops, including an officer who is defending charges of domestic violence offences and accessing or modifying restricted data. Police allege he checked Cops to search information related to his then girlfriend and her family and friends.

Another officer allegedly used his position to have a sexual relationship with a woman and also allegedly used Cops to access details about other individuals, knowing it was unauthorised.

Estelle Petrie, a lawyer with Robinson Gill Lawyers with a focus on police misconduct, says she has seen two broad categories of misuse in her work: officers who use these internal systems to track down people they’ve met while working, and officers who use it as part of family violence and other offending.

“They use it as their own private library,” she says.

‘It’s just data, “what’s the harm?”’

Lydia Shelly, the president of the NSW Council for Civil Liberties, says she is concerned about the lack of public information about incidents of abuse of police data – a situation she says “erodes public confidence in the police”.

“The lack of information concerning these incidents is disturbing, given the high numbers exposed through the FoIs, and there should be an increased level of transparency,” she says.

After Guardian Australia’s FoI request, the Northern Territory police said that information about misuse of police data does not exist in “a documented format”. Western Australia police force denied the FoI request on the basis that such information would be held by the internal affairs unit, which is exempt from disclosure.

However, the state’s Corruption and Crime Commission says there have been 406 allegations made against employees of WA police regarding alleged “unlawful use of computer” from 2019-20 to date.

The WA police force has “zero tolerance of fraud, corruption or misconduct”, a spokesperson says. “All reports of misconduct are robustly investigated and are overseen by the CCC.”

Victoria police, meanwhile, advises that FoI requests now take on average 35 weeks to complete.

That squares with the experience of Emma*, whose partner pleaded guilty to family violence offences in 2020. She obtained an apology from Victoria police after her safety plans to escape interstate with her children were leaked to her abuser and his colleagues, but says she faced delays getting her records from police.

In Victoria, 68 police and one protective services officer were charged with criminal and/or discipline matters relating to the misuse of police databases between January 2020 and June 2024. Of these, three police were charged relating to “family violence information”.

Emma now works with the Independent Collective of Survivors. One change she pushed for was a recent change to the Victoria Police Act, which extended the 12-month limit on when an officer can be charged with misuse of the Victorian police database, called Leap, to three years.

“Even Vicpol couldn’t tell you the extent of the problem, because they’re not monitoring it,” Emma says. “If you are really taking misconduct seriously, if you are taking police perpetrators seriously and stalking seriously … you put those controls in place.”

A 2019 report from the police oversight body the Independent Broad-based Anti-corruption Commission (Ibac), which looked at unauthorised access and disclosure of information held by Victoria police, found it is likely underreported. Leap administrators receive an alert if employees access records for someone with the same surname, or if employees look up the file of someone under investigation by another unit. Ibac said in 2019 these kinds of alerts were “of limited use as a deterrent”.

Petrie says there still hasn’t been sufficient change within Victoria police. “This idea that it’s just data, ‘what’s the harm?’, is influencing the way they respond to this issue,” she says.

A Victoria police spokesperson says it is committed to meeting its FoI obligations, and has increased the department’s resources.

It also has “stringent measures in place” to ensure the proper use of Leap, including proactive monitoring, extensive records of who has accessed the system, restrictions on especially sensitive information, and tiered levels of access.

“This strong oversight means the number of Leap breaches is relatively small, given the millions of legitimate uses every year,” the spokesperson says.

Not just family violence

The cases before the courts have heard varied reasons for access to internal police databases.

In 2022, the police officer Jayden Faure was among the first Victorian police officers to be sentenced in relation to Leap misuse. He pleaded guilty to misconduct in public office after accessing the Leap database on multiple occasions, including to look up the background of women after they approached police for help. He was sentenced to a three-year community corrections order.

In November, the Blue Mountains officer Ricky Dean Heness, 31, pleaded guilty to unauthorised access to restricted data after accessing the Cops database. He looked up information multiple times about a woman he knew, according to court documents. He told police he did it for “for personal reasons”. He was convicted but no further penalty was imposed.

For those whose data has been accessed, finding out exactly what happened can be difficult.

In 2005, Malcolm Craig was waiting in line at his local hardware store in Alexandria, Sydney, when he says someone pushed in front of him, prompting consternation from other shoppers. The man confronted Craig, wrongly believing he had made derogatory remarks, and they had what a police report later called a “verbal altercation”.

Craig walked out of the store to avoid the confrontation. The man followed him out to where there was a woman sitting in a van nearby – the man’s partner.

He drove away. Not long after, Craig woke up and found his house damaged and every panel of his car had been scratched. The scratches were deep, right down to the metal, he says.

He later found out the man’s partner, the woman in the van, was a police officer.

Worried they knew where he lived, Craig filed a complaint and requested an internal investigation. The heavily redacted report of that investigation, seen by Guardian Australia, found the female police officer had engaged in misconduct by calling another officer and “requesting personal information” from Cops linked to Craig’s number plate.

Craig hasn’t asked for much in the years since. All he wants is for the NSW police and the state government to pay him back for the damage caused to his car and for the stress and anxiety he suffered.

He applied for an ex gratia payment in 2019, which was declined by NSW police because his losses were “not caused by government actions”. He then initiated court proceedings but says he was forced to drop the case when he ran out of money. “I’m not even asking for much,” he says. “Just pay back the damage you did by letting out my sensitive personal information.”

Craig has also been left oblivious as to the fate of the officer. His efforts to get answers out of NSW police and the state government have yielded little, in his view. “They don’t give a shit, quite frankly,” Craig says.

Sarah says she tried to report her now former partner to police several times, but claims she wasn’t taken seriously and he was never charged. “Every sort of investigation was either abandoned or went nowhere,” she says. “They’re just a law unto themselves.”

* Names have been changed

Do you know more? Email abogle@protonmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *

RSS
Follow by Email
YouTube