ACT Policing and the Australian Federal Police (AFP) have suspended the use of a widely employed surveillance tool, despite previously stating that adoption of the Auror software was consistent with privacy obligations.
As reported in Crikey, Freedom of Information documents revealed more than 100 AFP staff – including within ACT Policing – had used the information in Auror without a completed Privacy Impact Assessment.
Auror describes itself as a “retail crime intelligence platform” that collects information about customers, such as CCTV footage and licence plate numbers, and then allows retailers to share that data between themselves and police if they suspect shoplifters have targeted their stores.
It’s reportedly used in more than 40 per cent of Australian retailers, including Woolworths and Bunnings.
“Emails released to Crikey in an FOI request show that AFP staff were quick to take full advantage of the trove of data available through Auror long before the agency’s higher-ups became aware of its use, carried out privacy and security reviews or formally partnered with the company,” the publication reported.
“A 31 October 2022 Auror email said there were 118 AFP employees with active accounts, ‘most’ from the AFP’s ACT policing teams, according to a police staff member. ”
ACT Policing Chief Police Officer (CPO) Neil Gaughan was asked about Auror’s use in the Territory during budget estimates hearings on Wednesday (19 July).
He said the agency had suspended its use as of 15 July, but felt it had been used appropriately up to that point.
“I’m of the view that the way we’re utilising it, there’s no issue,” CPO Gaughan said.
“But as an abundance of caution we’re going to stop using it until such time as the Privacy Impact Assessment is concluded, it’s well underway.”
He clarified police did not ingest any footage or data from ACT Government CCTV, and neither did Auror.
“So the only CCTV or still footage that goes into the platform … is from retailers, there’s no other ingestion of information,” CPO Gaughan said.
Police Minister Mick Gentleman was also asked whether any assessments had been done into the technology as part of the integration of the software.
“It is something I’ll need to check on in regard to the safety of personal information from ACT cameras,” he said.
“The Auror system, of course, is used quite widely across the ACT by retailers.”
The AFP declined to comment further.
Region also confirmed the ACT Government does not use the software in any capacity.
The software’s use had previously been questioned during federal Senate estimates in May.
Greens Senator David Shoebridge had asked CPO Gaughan whether a Privacy Impact Assessment had been undertaken by the AFP before its use.
“The answer to your question is no, but we treat it the same way we treat the ingestion of CCTV capabilities from the ACT Government, including the trams, fixed cameras in the territory, buses and fixed vans, and also the same way that we treat the ingestion of CCTV capability and evidence from the general community,” CPO Gaughan responded.
“I will say, however, that all ACT Policing officers adhere to the relevant privacy and information-sharing legislation and protocols when dealing with personal information.”
CPO Gaughan said at that time the advice he had was that the software was consistent with the AFP’s privacy obligations, but he would take the question on notice.
“But I will say it is used to identify people who have engaged in criminal activity. It is used as a tool for us to actually prosecute people that engage in recidivist offending,” he said.
“This technology is used by most police forces on the east coast and also by the New Zealand police force.”