Password-crackers and metadata used to check Centrelink users' relationship status

By

When suspected of falsely claiming single payments.

Services Australia is using telecommunications metadata and password-bypassing software to investigate welfare recipients suspected of claiming single payments while in relationships.

Password-crackers and metadata used to check Centrelink users' relationship status

The Centrelink administrator told the Attorney General’s Department (ADG) that metadata is used to detect “people who receive payments as a single person while in a marriage-like relationship,” according to documents obtained by iTnews

Submissions to AGD in 2015 and again in 2022 [pdf], obtained through a freedom of information request, list types of fraud the agency uses welfare recipients’ telecommunications metadata to detect. 

A Services Australia spokesperson told iTnews that both telecommunications metadata and password-bypassing technology from Israeli vendor Cellebrite are only used when fraudulent claims trigger criminal investigations.

This contrasts with the more common non-compliance investigations, which prevent and recover debts resulting from over-payments, such as the notorious robodebt scheme. 

However, the spokesperson would not say how much money a person needs to be suspected of being overpaid before a non-compliance investigation is tipped into a criminal investigation, making it hard to estimate the extent to which the technologies are used to determine relationship-status. 

Moreover, welfare recipients told iTnews, while Services Australia has said that Cellebrite is only used for criminal investigations, data may be extracted from their devices before charges have been laid; and Services Australia may continue to pursue the debt as a non-compliance investigation even if the suspect is not prosecuted. 

A NSW mother said that although she was never charged with welfare fraud, Services Australia has pursued $80,000 she was alleged to have been overpaid after data was extracted from her, her daughter's, and her ex-partner’s phones and computers. 

Cracking devices with Cellebrite

Julie had been receiving carer payments for her 17-year-old autistic son since 2014.

Her home was raided in November 2017; her and her ex-partner and daughter's phones and computers were seized by six Services Australia employees, accompanied by NSW and Australian Federal Police (AFP) officers.

“They said I had been paid on the single rate while in a couple,” Julie said. 

Although their devices were passcode-protected, “they [Services Australia] went through all our WhatsApp and Facebook messages. And they actually talked, during their investigation, about what was said in them,” she added.

“It just made me feel like I was a nobody, and I had no rights.”

Julie said her relationship ended in 2012 when her partner moved to Singapore for work. In 2014 he moved back to Australia and would often live under the same roof in a different bedroom when he wasn’t doing contract work interstate.

Julie’s ex couldn’t afford a second property and their autistic son was stressed when he wasn’t around, she said.

Julie received a letter from the Commonwealth Director of Public Prosecutions (CDPP) four months after the raid saying that fraud charges would not be laid.

However, after using Cellebrite to extract the data while Services Australia was considering pressing charges, the agency continued to pursue Julie’s alleged debt as a non-compliance process. 

“So now all the money that I received from them, I'm now having to pay it back in installments,” Julie said.  

Metadata and relationship-status 

It is not clear what types of metadata are used to glean if welfare recipients are single, however criteria listed on Services Australia’s website for “how we assess if you’re a couple” includes: “financial aspects of your relationship, the nature of your household, social aspects of your relationship, [and] if you have a sexual relationship.”

The Services Australia spokesperson told iTnews that "the key metadata we request enables us to identify records linked to telephone numbers or IP addresses to support criminal investigations.”

The spokesperson did not answer whether it includes geolocation data on a device’s connection to the internet or the sender-recipient records of a user's communications.

Services Australia was cut off from directly asking telcos for metadata in late 2015, after having had the power since 2009.

It now makes requests for metadata, "where required", through the Australian Federal Police.

Services Australia has asked the government at least twice to have its powers back.

According to the FoI, Services Australia requested AGD declare it an 'enforcement agency' under Section 176A of the Telecommunications (Interception and Access) Act (TIA) in 2015 and made the same request seven years later during a current review of electronic surveillance laws.

Along with 61 other agencies who made similar requests to the AGD, Services Australia was knocked back. The agencies that requested authorised access to the data range from WA Fisheries to the Victorian branch of the RSPCA.

In response to its 2015 application, AGD suggested “joint investigations arrangements with a criminal law-enforcement agency” as an “alternative means of accessing historical telecommunications data.” The welfare provider took the advice.

Since Services Australia started accessing telecommunications metadata indirectly through the AFP, it is unclear how many investigations involved fraud claims based on relationship-status. 

According to its most recent annual reports, in 2021–22 Services Australia conducted 709 criminal investigations, 988 administrative investigations and made 203 referrals to the CDPP.

Services Australia's 2022 application to have metadata access powers reinstated was ultimately withdrawn.

Social security recipients advocacy group the Australian Unemployed Workers’ Union (AUWU) said using metadata to determine relationship status was “government overreach.”

AUWU vice president Jez Heywood told iTnews, “of most concern is that the government is using this metadata to enforce the wildly unfair and discriminatory partner income test.”

“This absurd, punitive requirement removes peoples’ independence, which in the case of victims of domestic violence, actually endangers lives. Once again, a system that is supposed to help does exactly the opposite.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Starlink's rise draws more ACCC attention

Starlink's rise draws more ACCC attention

NSW gov to upgrade 5000 RFS vehicles with Starlink

NSW gov to upgrade 5000 RFS vehicles with Starlink

Optus breach allegedly enabled by access control coding error

Optus breach allegedly enabled by access control coding error

TPG Telecom confirms more fibre sale talks with Vocus

TPG Telecom confirms more fibre sale talks with Vocus

Log In

  |  Forgot your password?