Two police forces have mishandled surveillance powers or ignored warrant applications, including in a case where a journalist and their source were tapped without an appropriate warrant.
Northern Territory Police accessed data relating to a journalist and their source on four occasions without a request or authorisation of a journalist information warrant, the Commonwealth ombudsman's covert electronic surveillance review found.
Police said the usual authorising officer was on leave and their replacement didn't consider a warrant.
The unit accessing the data failed to update its procedures in response to the ombudsman's 2022/23 inspection.
NT Police also failed to sufficiently complete a compliance framework, including putting in place an operating procedure and supporting training, to manage powers under surveillance laws.
The ombudsman found it had made the same finding for the past five years that there wasn't a standard operating procedure or training material for officers to appropriately understand their legal obligations, according to its 2023/24 report.
"Staff rely on a limited number of experienced staff for guidance and there is no continuity of support for staff and consistency in the advice being provided," the report said.
There was also a repeated failure to record and report authorisations for telecommunications data to the minister, which resulted in inaccurate numbers being provided.
Victoria Police officers applying to access telecommunications data didn't record sufficient information about their requests to decision-makers and failed to prove they considered privacy.
Officers both asking for and approving requests "are not exercising due diligence in ensuring applications and authorisations ... contain factually correct information", the ombudsman found.
The Queensland Police Service didn't adequately record their considerations when officers authorised access to historic telecommunications data, the ombudsman found repeatedly.
The state's police force also repeatedly failed to assess and mitigate the risk of unauthorised disclosures to outside agencies.
Tasmania Police failed to demonstrate it complied with legal obligations regarding electronic surveillance and incorrectly reported the number of authorisations to the Commonwealth attorney-general due to counting errors.
Law enforcement can secretly tap a person's data and direct a provider to hand over information but agencies must comply with reporting requirements and oversight mechanisms.
Common problems for the 22 agencies using the power included insufficient records being kept documenting the use of surveillance powers and the reason why and a lack of training, the ombudsman found.
There was also a failure to destroy stored communications data that weren't required, in a timely manner.
