How a shock jock got pranksters fired using metadata
For the past few months, as the Australian government attempts to make the case for forcing telecommunications companies to retain all customer data for two years, law-enforcement agencies have provided a whole number of anecdotal cases in which metadata -- the call records, IP addresses, and other similar communication information -- has been used to avert or solve a number of serious crimes and prevent terrorism.
It has tended to rely on anecdotal cases because, by and large, the police both federally and in each state have been unable to quantify exactly how many times metadata has been used to solve or prevent a crime.
But it is not in those instances that people are concerned about law-enforcement agencies having vast, warrantless, access to this data. It is the potential for access to that data, which is done without any judicial oversight, to be used for purposes other than the investigation of the most serious of crimes.
While I was studying journalism, I was also working at Media Monitors, now called iSentia. The company did much of what its former name implied: We were hired to listen to radio stations or watch TV news, and keep track of what was being reported.
This was a fairly mind-numbing job, but could be quite an infuriating task if you happened to be stuck listening to one of the more obnoxious talkback hosts. The monitors began emailing each other with the worst of the worst of what was being said. This eventually progressed to a few of the monitors -- although not myself -- setting up fake Hotmail (yes, Hotmail) accounts and prank emailing a few of the shock jocks who were saying pretty awful things on the radio.
Probably not the best workplace behaviour, but not totally unheard of in the world of talkback radio.
It was an otherwise fairly uneventful day in September 2008 when the New South Wales Police rocked up to the Redfern offices of Media Monitors.
There was a bit of confusion before two of my colleagues were called into the manager's office to speak to the officers, and were then escorted out of the office with the police.
It wasn't until a little while later that we found out the shock jock in question -- 2GB's Chris Smith -- had contacted the police to track down the source of the emails.
A 2008 Fairfax report on the incident highlights that Smith got directly in contact with NSW Police Commissioner Andrew Scipione to have the IP addresses traced back to the Media Monitors offices.
"I spoke to the police commissioner about these threats," he told his listeners. "I thank Andrew Scipione for appointing an experienced team of investigators who tracked back the origins of the emails, the server, the IP signature, and also the workplace."
The result was that the two employees involved were fired from Media Monitors. One of the pair was successful in an unfair dismissal claim against the company.
I asked NSW Police this week about the investigation, but was told that the police would not comment on operational activities.
Whether or not the tone of the emails constituted a direct threat, it is questionable whether access to such data should be available without judicial oversight. Would the NSW Police have devoted such resources to a case had it not involved the host of a high-profile AM radio station that had a direct line to the NSW Police commissioner?
Would the police have been able to make the case to a judge that these emails constituted more than pranks and were an actual threat?
Internal authorisation is all that is required under the current law, and the proposed mandatory data-retention legislation, and it allowed NSW Police to obtain data such as the IP address details associated with the emails without any external oversight.
The law-enforcement agencies have made the case that requiring warrants for data-retention legislation would place a burden on law-enforcement agencies, and would grind investigations to a halt. The statistics released in the last financial year show that it is a routine tool for investigation, being used more than 500,000 times.
But perhaps if law-enforcement agencies have to prove to a higher authority why they need to access metadata, it will stop metadata access from being the default first stop for even the most minor of investigations, like someone pranking a shock jock.