3.1
This chapter examines the ongoing management of complaints by the Australia Federal Police (AFP), as well as an overview of the findings of the Commonwealth Ombudsman (the Ombudsman), which has a statutory oversight role in relation to the AFP.
3.2
Examination of the Ombudsman's findings with respect to the AFP is limited to oversight of complaints management and controlled operations, including the use of surveillance devices.
Complaints management
3.3
During 2017–18, the AFP received 428 complaints—a 1.6 per cent increase on the 421 complaints received in the previous reporting period. Figure 3.1 illustrates the trend in the overall number of complaints and alleged breaches from 2012–13 to 2017–18.
3.4
This figure classifies complaints according to the four categories of conduct for AFP appointees under Part V of the Australian Federal Police Act 1979 (AFP Act), defined as follows:
Category 1 complaints are the least serious and relate principally to customer service;
Category 2 complaints relate to minor misconduct and inappropriate or unsatisfactory behaviour;
Category 3 complaints related to serious misconduct that does not give rise to a corruption issue;
Category 4 complaints relate to corruption, and these are referred to the Australian Commission for Law Enforcement Integrity (ACLEI).
3.5
The AFP Annual Report 2017–18 identifies that the number of overall complaints were essentially steady compared to the previous report period. The number of new alleged breaches of the AFP Code of Conduct resulting from these complaints was 682, which was 18.9 per cent lower than the corresponding figure for 2016–17 (841).
3.6
Between 2016–17 and 2017–18 the number of serious complaints reduced, with Category 3 complaints decreasing by 45 per cent, and Category 4 complaints decreasing by 8 per cent.
3.7
On 24 May 2019, the Ombudsman tabled the Annual Report 2017–18 to Parliament on complaints resolved between 1 July 2017 and 30 June 2018. While the review did not identify any systemic issues in the AFP's processes, the Ombudsman made several suggestions on how the AFP could improve record-keeping, processes, and adherence to legislative requirements and standard operating procedures (SOPs). The Ombudsman indicated it would follow up on the AFP's progress in implementing these changes during the 2018–19 review. At time of writing, the 2018–19 review had not been published.
Ombudsman's report—controlled operations
3.8
Under the Crimes Act 1914, the AFP (as well as the Australian Criminal Intelligence Commission and the Australian Commission for Law Enforcement Integrity) may grant an authority to authorise a controlled operation.
3.9
Controlled operations are covert operations carried out for the purpose of obtaining evidence that may lead to the prosecution of a person for a serious Commonwealth offence. Participants involved in such operations are protected from criminal responsibility and indemnified against civil liabilities that may arise as a result of activities undertaken during the course of the operation, providing that conditions are met.
3.10
The Ombudsman performs independent oversight of this power by inspecting agencies' records, at least once every 12 months, to determine compliance with the Crimes Act. The Ombudsman annually releases the Report on the Commonwealth Ombudsman's activities in monitoring controlled operations which presents the results of inspections.
3.11
The Ombudsman assesses compliance based on the records made available at the inspection, discussions with agency staff, observations of agencies’ processes through information provided, and agencies’ remedial action in response to any identified issues.
Changes to inspection approach
3.12
During the 2017–18 period, the Ombudsman varied its approach to inspecting controlled operation authorities, by inspecting a sample of authorities at the AFP rather than all eligible authorities. At the AFP, it focused on authorities that reached 24 months, the maximum permitted period under the Crimes Act, as well as other authorities that appeared to be more complex and presented greater risks to compliance.
Revised assessment of variations to authorities
3.13
The Crimes Act provides for controlled operation authorities to be varied in certain circumstances. Authorising officers must not grant a variation of authority where doing so would constitute a significant alteration to the nature of the controlled operation. In its previous annual report, the Ombudsman premised assessments on the basis that a significant alteration to an authority would be one that authorised operations targeted at a different criminal activity. However, the approach was reviewed following discussions with agencies to assessing variations with regard to the legislative provision, the explanatory memorandum and the operation of legislation in practice. The Ombudsman now considers whether the variation is consistent with the character of the original authorised controlled operation.
Findings from 2017–18
3.14
In 2017–18, the Ombudsman conducted two inspections at the AFP, where it assessed 75 of its 146 controlled operations authorities.
3.15
In the second inspection, the Ombudsman focused its attention on inspecting records relating to complex and long-running controlled operations, for instance, those that had been subjected to numerous variations and extensions or those that involved significant numbers of participants.
Similar issues from previous inspections
3.16
During 2016—17, the Ombudsman found several instances where participants and/or activities of controlled operations were not authorised. Although the AFP made efforts to remediate the occurrence of these issues, the Ombudsman continued to see this issue during 2017—18 although the number of instances was markedly decreased. During 2016—17, the Ombudsman also found that the AFP either applied for new authorities when the original authorities could have been varied or varied authorities in circumstances where a new authority should have been sought. This issue arose again in 2017–18.
Finding 1 – ‘Standing’ major controlled operations authorities
3.17
The AFP is the only agency that may grant a major controlled operation authority, which is as a controlled operation that is likely to continue for more than three months.
3.18
Authorising officers must not grant authorities to conduct a controlled operation unless satisfied on reasonable grounds that any unlawful conduct involved in conducting the controlled operation will be limited to the maximum extent possible for conducting an effective operation. Where an authority needs to be varied to extend the period of effect to three months or more, an application must be made to an AAT member.
3.19
The Ombudsman identified two major controlled operations authorities, granted on the same day, which targeted specific serious offences the AFP considered were likely to occur in the future. Contrary to internal guidance, the two standing authorities granted by the AFP authorised a large number of participants to engage in conduct relevant to the operation. The Ombudsman noted that authorities of this nature should be limited to the minimum number of participants necessary.
3.20
The Ombudsman identified that the AFP intended to apply, at a later stage, for a separate major controlled operation authority to cover additional related offences. It suggested that where the AFP does grant such authorities, records should reflect the link between the new and original authorities and establish the basis on which an amendment to the original authority was not possible.
Finding 2 – Authorities not varied in accordance with Part IAB of the Crimes Act
3.21
The Ombudsman identified a number of instances where new authorities were granted when it appeared it was possible for the original authority to have been varied.
Finding 3 – Participants or conduct not authorised by authority
3.22
Authorities provide protection from criminal and civil liability for participants that engage in controlled conduct during the course of an operation, if certain conditions are met. The Ombudsman identified one authority where, in the course of the authorised controlled operation, a law enforcement officer engaged in activities with a class of persons in a location not specified on the authority. The Ombudsman acknowledged the difficulty in anticipating the scope of activities that may be involved in operations, however, in limiting the scope of the original authority, it considered that the AFP had not contemplated circumstances where engagement may inadvertently occur with persons in a location other than was initially intended.
3.23
There was also one instance where it appeared that a law enforcement participant engaged in additional controlled conduct that was not included on the original authority, several hours before the urgent variation authorising that controlled conduct was granted. The Ombudsman considered that where there is a reasonable expectation that such conduct may occur, it is prudent to include potential activities on the authority or, where practicable, apply the urgent variation provisions.
Adequacy of controlled operations reports
3.24
Agencies are required to report to the Ombudsman and the Minister on the details of its controlled operations during the preceding six months. The adequacy of these reports is considered by the Ombudsman in its annual report. In the 2017–18 period, the Ombudsman identified five instances where information was incorrectly recorded. Despite these instances, it considered that the AFP has adequate processes in place to achieve compliance with reporting requirements.
Ombudsman's report—surveillance devices
3.25
Pursuant to section 55 of the Surveillance Devices Act 2004 (SD Act):
The Ombudsman must inspect the records of a law enforcement agency to determine the extent of compliance with this Act by the agency and law enforcement officers of the agency.
3.26
The AFP is one such law enforcement agency.
3.27
The Report to the Minister for Home Affairs on agencies' compliance with the Surveillance Devices Act 2004 for the period 1 January to 30 June 2018 was published in September 2018.
3.28
The September 2018 report states that the Ombudsman conducted an inspection in 27 February to 2 March 2018 to assess the AFP's records from 1 July to 31 December 2017. The inspection covered:
54 of the 413 surveillance device warrants issued to the AFP;
6 of the 25 retrieval warrants issued to the AFP;
4 of the 12 tracking device authorisations given by the AFP;
58 of the 388 destructions; and
8 of the 8 retentions during the inspection period.
3.29
Three issues were identified in the inspection, one of which was disclosed by the AFP:
(1)
one instance where surveillance devices continued to be used without lawful authority between the time when the warrant for the device expired and when a new warrant was issued. The AFP informed the Ombudsman of this breach and advised that they quarantined the information captured during this period. The AFP also noted that they had sought an extension in the week prior but no AAT member was available;
(2)
three instances where retrieval warrants were not revoked by the AFP, despite the respective devices being retrieved;
(3)
two instances (one identified by the Ombudsman and one disclosed by the AFP) where protected information was not destroyed in accordance with the Telecommunications (Interception and Access) 1979 (TIA Act).
3.30
The Ombudsman commended the AFP’s continued transparency in disclosing instances of non-compliance and did not make any recommendations for the AFP. The AFP expressed its commitment to ongoing education for staff on its obligations under the Act.
Ombudsman's report—stored communication and telecommunications data
3.31
Pursuant to s 186B of the Telecommunications (Interception and Access) Act 1979 (TIA Act), the Ombudsman is empowered to conduct inspections of specified law enforcement agencies that can access an individual's stored communication and/or telecommunications data when investigating certain offences. The AFP is one such agency.
3.32
The Report on the Commonwealth Ombudsman's monitoring of agency access to stored communication and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979 was published in March 2019.
3.33
Key outcomes from the inspections included that:
inspectors had difficulty in accessing records due to administrative obstacles;
the Ombudsman was concerned about a request for the inspection officers to undergo security vetting by AFP Personnel Security, as the Office of the Ombudsman is an independent statutory agency with legislative powers to inspect records;
there were a number of authorisations made by AFP officers without the necessary powers to make authorisations; and
there were 563 instances where authorisations were made by authorised officers, but then rejected by internal quality assurance processes, indicating that the authorised officers are not properly considering authorisation requests and do not have sufficient understanding of the TIA Act.
3.34
The Ombudsman made a recommendation that the AFP implements processes to ensure authorised officers have sufficient understanding of the rules and have regard to the required considerations prior to authorising access to telecommunications data under Chapter 4 of the Telecommunications (Interception and Access) Act 1979.
3.35
In response to the Ombudsman's findings, the AFP advised the Ombudsman that they have since:
reviewed its procedures to ensure all Ombudsman inspection officers have unimpeded access to records during future inspections; and
released an online mandatory training package for authorised officers in November 2017 and an additional training and reference tool to ensure decisions made by authorised officers are compliant.
3.36
The AFP further noted that the authorisations inspected during 2017–18 were made prior to the release of this training package and it expects there will be a significant reduction in compliance issues identified at our 2018–19 inspection as a result of the mandatory training.
Committee view
3.37
The committee notes the Ombudsman's findings and the AFP's transparency in disclosing non-compliance as well as its work to address issues identified. The committee is confident that the same diligence will be applied to the issues identified in the controlled operations report, while noting that some of these issues have been found to be present over a number of years, albeit decreasing in frequency. As part of its usual role, the committee will monitor this progress going forward.