Cellebrite’s Universal Forensic Extraction Device.
Services Australia has provided smartphone-hacking technology to the Department of Education and other unnamed agencies to assist them in investigating suspected instances of fraud.
The Centrelink-administrator told senate estimates that it shared Cellebrite with other agencies when investigating criminals suspected of defrauding multiple agencies’ schemes and subsidies.
“Often when people are committing these financial offences against the Commonwealth, they’re often not using a single payment so it can interact with other payments such as part of Education or the National Disability Insurance Agency,” Services Australia’s deputy CEO Chris Birner said on Wedensday.
On Thursday, the Department of Education added that it had only used Cellebrite three times since 2018.
“We do use Services Australia’s digital forensics for some of our higher-end fraud and investigations,” the Department’s first assistant secretary of the childcare division Tristan Reed said at estimates.
“An example would be [extracting] information from phones of suspected people committing child care subsidy fraud.
“That information can be used in a prosecution; it might provide evidence that child care wasn’t occurring or there was collusion between supposed parents and educators of fraudulent schemes claiming subsidy for care that wasn’t occurring.”
Services Australia took questions on notice from Greens senator Janet Rice about how many times Cellebrite had been used and which agencies had been given access to it.
When Rice asked if Services Australia’s use of Cellebrite was consistent with a joint statement Australia signed with the UK, US, and other countries in March on the need for stricter controls to counter the proliferation of commercial spyware, Birner rejected the premise of the question.
“That’s really a question for the Attorney-General’s department, but I don’t think we would characterise this tool, which is a legitimate investigation and law enforcement tool, as commercial spyware,” he said.
Birner said Cellebrite was only used to investigate “serious non-compliance” and not “general customer compliance.”
“What we mean by that [serious non-compliance] is an investigation that’s commencing as a criminal investigation,” he said.
“Sometimes they don’t meet the standards for us to then refer a brief of evidence to the Commonwealth Director of Public Prosecution (CDPP) for them to consider. And so that’s why we use the term serious non-compliance.”
Birner said that this was not the same as “general customer compliance issues,” which he said “look at eligibility about whether or not somebody’s on the right payment at the right time at the right rate given their particular circumstances.”
Rice asked what the “threshold” was required to commence a serious non-compliance investigation after citing the case of an NSW Centrelink user who told iTnews that her and her daughter and ex-partner’s password-protected devices were accessed to prove she had fraudulently received the carer’s payment on a single-rate for several years.
“The threshold would be it being an investigation, not an engagement with a customer over an overpayment,” Services Australia chief executive officer Rebecca Skinner said.
Rice noted that the suspect received a letter from the CDPP saying that fraud charges would not be laid four months after Services Australia took the woman’s devices, however, the agency continued to pursue the debt it alleged she owed.
The senator asked, “Once an investigation by Services Australia has ended, does Services Australia retain access to the data?”
“We’ll take that on notice because it does depend on what the particular evidence and the instances are,” Birner said.
When asked if “that data would then be used in other compliance activities,” Birner said he would take the question on notice but added he was “not… aware of” it.
Investigative journalist Anthony Lowenstein noted on Wednesday that 128 contracts between Cellebrite and Australian government agencies have been published on AusTender since 2011.
They include agencies such as the Australian Border Force, the Australian Tax Office and Sports Integrity Australia.