Details of FY21/22 Cybercrime reports

Waiting for an internal review by Australian Federal Police of their handling of this request.

Dear Australian Federal Police,

The website "https://www.cyber.gov.au/acsc/report" permits Australians to report cybercrime directly to you with a button labelled "Report a cybercrime to the police".
In addition to police, ACSC (run by defence, and immune to FoI requests) produces diminishingly useful annual reports from this data, and as of this week, refuses to release any additional information regarding Australian cyber crime to citizens like myself when (as I did) we ask.

Accordingly, as I've exhausted my other options, I request the details of cybercrime reports submitted to "Police" between and including July 2021 to June 2022 for the purposes of "analysing cybercrime data" with the aim of
preventing this criminal activity through political consultation (educating elected representatives to the losses being suffered by their constituants, and proposing effective legislation to curb losses to these crimes).

I note that the policy under which this data was collected ( https://www.cyber.gov.au/acsc/privacy ) permits disclosure of this data, and I'm willing to amend this FoI request as you deem necessary to help ease any disclosure concerns (e.g. make my request through my organisation with its own privacy policy).

I prefer as much detail as possible, but at a minimum I'm seeking at least enough to identify victim electorates, victim types, crime types, and as much information about losses as possible. Loss data is being withheld in ACSC reports this year, which is the cause of my concern and this request, since a former AFP cyber officer (Nigel Phair) projected losses to be in the order of $42bn ( https://www.unsw.adfa.edu.au/newsroom/ne... ), up from the reported $33bn in FY20/21. It is wholly within the interests of the Australian public to understand what our cyber losses are (nobody can effectively address the problem, when it's scale is being covered up), and to draw attention to the ACSC decision to stop reporting it, and refusal to disclose it when asked!

I respectfully request you keep in mind your public AFP policy when considering my request (from your website): "the objective that information held by government is a national resource to be managed for public purposes." and please work to help provide access to this information, instead of try your hardest to prevent it (I'm sorry I have to ask, but this is not my first FoI, and FoI culture in most other government departments has proven so-far to be one absolutely dedicated to refusing requests - I hope the AFP is not another!)

Yours faithfully,

C Drake

Dear Australian Federal Police,

This is a reminder that you appear to have overlooked my Freedom of Information request within the legal time limit. Please promptly confirm receipt of my request, and please commence processing it without further delay.

A copy of my request is below.:

Yours faithfully,

C Drake.

Dear Australian Federal Police,

The website "https://www.cyber.gov.au/acsc/report" permits Australians to report cybercrime directly to you with a button labelled "Report a cybercrime to the police".
In addition to police, ACSC (run by defence, and immune to FoI requests) produces diminishingly useful annual reports from this data, and as of this week, refuses to release any additional information regarding Australian cyber crime to citizens like myself when (as I did) we ask.

Accordingly, as I've exhausted my other options, I request the details of cybercrime reports submitted to "Police" between and including July 2021 to June 2022 for the purposes of "analysing cybercrime data" with the aim of preventing this criminal activity through political consultation (educating elected representatives to the losses being suffered by their constituents, and proposing effective legislation to curb losses to these crimes).

I note that the policy under which this data was collected ( https://www.cyber.gov.au/acsc/privacy ) permits disclosure of this data, and I'm willing to amend this FoI request as you deem necessary to help ease any disclosure concerns (e.g. make my request through my organisation with its own privacy policy).

I prefer as much detail as possible, but at a minimum I'm seeking at least enough to identify victim electorates, victim types, crime types, and as much information about losses as possible. Loss data is being withheld in ACSC reports this year, which is the cause of my concern and this request, since a former AFP cyber officer (Nigel Phair) projected losses to be in the order of $42bn ( https://www.unsw.adfa.edu.au/newsroom/ne... ), up from the reported $33bn in FY20/21. It is wholly within the interests of the Australian public to understand what our cyber losses are (nobody can effectively address the problem, when it's scale is being covered up), and to draw attention to the ACSC decision to stop reporting it, and refusal to disclose it when asked!

I respectfully request you keep in mind your public AFP policy when considering my request (from your website): "the objective that information held by government is a national resource to be managed for public purposes." and please work to help provide access to this information, instead of try your hardest to prevent it (I'm sorry I have to ask, but this is not my first FoI, and FoI culture in most other government departments has proven so-far to be one absolutely dedicated to refusing requests - I hope the AFP is not another!)

Yours faithfully,

C Drake

FOI, Australian Federal Police

OFFICIAL
Dear C Drake

I apologise for the delay in responding to your below email regarding Cybercrime reports.

The AFP does not possess all reports to Police for the 2012-2022 Financial Year. Report Cyber is operated by the Australian Cyber Security Centre with individual reports being referred to the relevant State and Territory law enforcement agencies. The AFP are not in possession of all Report Cyber data to assist in responding to this request.

The AFP could respond to the FOI detailing statistics of matters referred to the AFP by the Report Cyber system.

Based on the above, could you please advise how you would like to proceed? If a response is not provided by Friday, 16 December 2022, we will proceed to process your request on the basis of the statistics referred to the AFP.

Please contact this office if you have any questions.

Kind regards

AFP 24826
Writing to you from Ngunnawal Country
SENIOR TEAM MEMBER
FOI & PRIVACY
CHIEF COUNSEL PORTFOLIO
www.afp.gov.au

-----Original Message-----
From: C Drake <[FOI #9548 email]>
Sent: Tuesday, 13 December 2022 7:16 AM
To: FOI <[email address]>
Subject: Re: Freedom of Information request - Details of FY21/22 Cybercrime reports

Dear Australian Federal Police,

This is a reminder that you appear to have overlooked my Freedom of Information request within the legal time limit. Please promptly confirm receipt of my request, and please commence processing it without further delay.

A copy of my request is below.:

Yours faithfully,

C Drake.

Dear Australian Federal Police,

The website "https://www.cyber.gov.au/acsc/report" permits Australians to report cybercrime directly to you with a button labelled "Report a cybercrime to the police".
In addition to police, ACSC (run by defence, and immune to FoI requests) produces diminishingly useful annual reports from this data, and as of this week, refuses to release any additional information regarding Australian cyber crime to citizens like myself when (as I did) we ask.

Accordingly, as I've exhausted my other options, I request the details of cybercrime reports submitted to "Police" between and including July 2021 to June 2022 for the purposes of "analysing cybercrime data" with the aim of preventing this criminal activity through political consultation (educating elected representatives to the losses being suffered by their constituents, and proposing effective legislation to curb losses to these crimes).

I note that the policy under which this data was collected ( https://www.cyber.gov.au/acsc/privacy ) permits disclosure of this data, and I'm willing to amend this FoI request as you deem necessary to help ease any disclosure concerns (e.g. make my request through my organisation with its own privacy policy).

I prefer as much detail as possible, but at a minimum I'm seeking at least enough to identify victim electorates, victim types, crime types, and as much information about losses as possible. Loss data is being withheld in ACSC reports this year, which is the cause of my concern and this request, since a former AFP cyber officer (Nigel Phair) projected losses to be in the order of $42bn ( https://www.unsw.adfa.edu.au/newsroom/ne... ), up from the reported $33bn in FY20/21. It is wholly within the interests of the Australian public to understand what our cyber losses are (nobody can effectively address the problem, when it's scale is being covered up), and to draw attention to the ACSC decision to stop reporting it, and refusal to disclose it when asked!

I respectfully request you keep in mind your public AFP policy when considering my request (from your website): "the objective that information held by government is a national resource to be managed for public purposes." and please work to help provide access to this information, instead of try your hardest to prevent it (I'm sorry I have to ask, but this is not my first FoI, and FoI culture in most other government departments has proven so-far to be one absolutely dedicated to refusing requests - I hope the AFP is not another!)

Yours faithfully,

C Drake

-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #9548 email]

This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/offi...

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------
**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

hide quoted sections

Hi,

Thanks for your informative reply. I note you wrote "2012-2022" which I assume is a typo? - I'm after the 21/22 financial year data only.

I'm confused by your line "he AFP does not possess all reports". What reports *do* you possess?, and over what timeframe?

You mentioned "statistics of matters" - could you let me know what kind of information is captured in these statics? e.g. if it's a database, what fields are available?

Do you know if those "statistics of matters" would be sufficient to accurately calculate reported loss values broken down by Australian electoral boundaries (or at least by postcode) ?

Assuming the above answer is "no":

The reporting system begins by clearly and specifically stating that it provides a receipt which is "proof that a report has been submitted to police". It also claims to be governed by a privacy policy, which reiterates the fact that the police are receiving this information, and sets out the purposes for which this collecting is being made, one being "analysing cybercrime data", which is the substance of this - my request.

Since the public who have submitted reports to your agency have been told, and rightfully expect, that police have collected this data as advertised, and they have consented to it being used for "analysing cybercrime data", please could you reach out to wherever those reports have ended up, and acquire them, for the purposes of fulfilling my request (and honoring your promise to all users who submitted reports on the website!). "Cybercrime is a key focus for the AFP" (as your website states) so I have no doubt that the ACSC will be happy to let you have this information, not least because they've already promised to all report receipt-holders that you will get it!

It's worth pointing out the purpose our "Freedom of Information" law (which you, but not the ACSC is subject to), because I'm drafting proposed new laws to better protect all Australians against cyber crimes, and the data captured in these crime reports is essential to my case: The FoI Act exists to facilitate and promote prompt public access to information, and clearly outlines that information held by you (part of our government) "is to be managed for public purposes, and is a national resource." and that FoI applicants have "right of access" to this information.

For what it's worth - I'm not "stupid" - it's reasonably clear "between the lines" here that, despite the promises, police are not in fact getting all these reports, so while I could say that I'll make identical requests to every state and territory police around Australia to obtain the complete list of reports - we both know that they, like you, won't have them either - so please try to honor the intent of the FoI act and help find me a way to produce my per-electorate report. I need "at least enough detail to identify victim electorates, victim types, crime types, and as much information about losses as possible", for the 2021-2022 Financial Year.

Yours sincerely,

C Drake

FOI, Australian Federal Police

OFFICIAL
Dear C Drake

I refer to your below email.

The purpose of the FOI Act is to seek documents, it is not a mechanism to obtain information through asking questions.

Based on your below email, the AFP will process your request on statistics of matters referred to the AFP by the Report Cyber system.

Kind regards

AFP 24826
Writing to you from Ngunnawal Country
SENIOR TEAM MEMBER
FOI & PRIVACY
CHIEF COUNSEL PORTFOLIO
www.afp.gov.au

-----Original Message-----
From: C Drake <[FOI #9548 email]>
Sent: Tuesday, 13 December 2022 12:10 PM
To: FOI <[email address]>
Subject: RE: Freedom of Information request - Details of FY21/22 Cybercrime reports [SEC=OFFICIAL]

Hi,

Thanks for your informative reply. I note you wrote "2012-2022" which I assume is a typo? - I'm after the 21/22 financial year data only.

I'm confused by your line "he AFP does not possess all reports". What reports *do* you possess?, and over what timeframe?

You mentioned "statistics of matters" - could you let me know what kind of information is captured in these statics? e.g. if it's a database, what fields are available?

Do you know if those "statistics of matters" would be sufficient to accurately calculate reported loss values broken down by Australian electoral boundaries (or at least by postcode) ?

Assuming the above answer is "no":

The reporting system begins by clearly and specifically stating that it provides a receipt which is "proof that a report has been submitted to police". It also claims to be governed by a privacy policy, which reiterates the fact that the police are receiving this information, and sets out the purposes for which this collecting is being made, one being "analysing cybercrime data", which is the substance of this - my request.

Since the public who have submitted reports to your agency have been told, and rightfully expect, that police have collected this data as advertised, and they have consented to it being used for "analysing cybercrime data", please could you reach out to wherever those reports have ended up, and acquire them, for the purposes of fulfilling my request (and honoring your promise to all users who submitted reports on the website!). "Cybercrime is a key focus for the AFP" (as your website states) so I have no doubt that the ACSC will be happy to let you have this information, not least because they've already promised to all report receipt-holders that you will get it!

It's worth pointing out the purpose our "Freedom of Information" law (which you, but not the ACSC is subject to), because I'm drafting proposed new laws to better protect all Australians against cyber crimes, and the data captured in these crime reports is essential to my case: The FoI Act exists to facilitate and promote prompt public access to information, and clearly outlines that information held by you (part of our government) "is to be managed for public purposes, and is a national resource." and that FoI applicants have "right of access" to this information.

For what it's worth - I'm not "stupid" - it's reasonably clear "between the lines" here that, despite the promises, police are not in fact getting all these reports, so while I could say that I'll make identical requests to every state and territory police around Australia to obtain the complete list of reports - we both know that they, like you, won't have them either - so please try to honor the intent of the FoI act and help find me a way to produce my per-electorate report. I need "at least enough detail to identify victim electorates, victim types, crime types, and as much information about losses as possible", for the 2021-2022 Financial Year.

Yours sincerely,

C Drake

-----Original Message-----

OFFICIAL
Dear C Drake

I apologise for the delay in responding to your below email regarding Cybercrime reports.

The AFP does not possess all reports to Police for the 2012-2022 Financial Year. Report Cyber is operated by the Australian Cyber Security Centre with individual reports being referred to the relevant State and Territory law enforcement agencies. The AFP are not in possession of all Report Cyber data to assist in responding to this request.

The AFP could respond to the FOI detailing statistics of matters referred to the AFP by the Report Cyber system.

Based on the above, could you please advise how you would like to proceed? If a response is not provided by Friday, 16 December 2022, we will proceed to process your request on the basis of the statistics referred to the AFP.

Please contact this office if you have any questions.

Kind regards

AFP 24826
Writing to you from Ngunnawal Country
SENIOR TEAM MEMBER
FOI & PRIVACY
CHIEF COUNSEL PORTFOLIO
www.afp.gov.au

-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #9548 email]

This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/offi...

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------
**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

hide quoted sections

FOI, Australian Federal Police

OFFICIAL

Dear Mr Drake

 

We refer to your request dated 10 November 2022, seeking access to
documents under the Freedom of Information Act 1982 (the Act) as follows:

 

              “Statistics of matters referred to the AFP by the Report
Cyber system in regards to financial losses for the 2021-2022 financial
year.”

 

Timeframe

 

Your request was received by the Australian Federal Police (AFP) on 10
November 2022, and the 30 day statutory period for processing your request
commenced from that date. The due date for your request was 10 December
2022.

 

I apologise for the delay in providing a decision to you regarding your
request, however your request is being processed as a priority.

 

Information irrelevant to the scope of your request

 

The AFP, in its management of FOI requests, excludes the following
information on the basis that is irrelevant to the scope of a request:

 

·       duplicate documents, including duplicate emails (the AFP will only
provide emails where they form a final email chain and the
authors/recipients are contained within the final email); and

·       information that is publicly available, for example, newspaper
articles, online publications including information available on the AFP
Information Publication Scheme and the AFP disclosure log.

 

Should you have any further questions at this time, please do not hesitate
to contact our office.

 

Kind regards

 

 

AFP 24826

Writing to you from Ngunnawal Country 

SENIOR TEAM MEMBER

FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

www.afp.gov.au

 

 

 

 

-----Original Message-----
From: FOI <[email address]>
Sent: Sunday, 15 January 2023 4:36 PM
To: C Drake <[FOI #9548 email]>
Cc: FOI <[email address]>
Subject: RE: Freedom of Information request - Details of FY21/22
Cybercrime reports [SEC=OFFICIAL] [AFP-L.FID79340]

 

OFFICIAL

Dear C Drake

 

I refer to your below email.

 

The purpose of the FOI Act is to seek documents, it is not a mechanism to
obtain information through asking questions.

 

Based on your below email, the AFP will process your request on statistics
of matters referred to the AFP by the Report Cyber system.

 

Kind regards

 

 

 

AFP 24826

Writing to you from Ngunnawal Country 

SENIOR TEAM MEMBER

FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

[1]www.afp.gov.au

 

 

 

 

-----Original Message-----

From: C Drake <[2][FOI #9548 email]>

Sent: Tuesday, 13 December 2022 12:10 PM

To: FOI <[3][email address]>

Subject: RE: Freedom of Information request - Details of FY21/22
Cybercrime reports [SEC=OFFICIAL]

 

Hi,

 

Thanks for your informative reply.  I note you wrote "2012-2022" which I
assume is a typo? - I'm after the 21/22 financial year data only.

 

I'm confused by your line "he AFP does not possess all reports".  What
reports *do* you possess?, and over what timeframe?

 

You mentioned "statistics of matters" - could you let me know what kind of
information is captured in these statics?  e.g. if it's a database, what
fields are available?

 

Do you know if those "statistics of matters" would be sufficient to
accurately calculate reported loss values broken down by Australian
electoral boundaries (or at least by postcode) ?

 

Assuming the above answer is "no":

 

The reporting system begins by clearly and specifically stating that it
provides a receipt which is "proof that a report has been submitted to
police".  It also claims to be governed by a privacy policy, which
reiterates the fact that the police are receiving this information, and
sets out the purposes for which this collecting is being made, one being
"analysing cybercrime data", which is the substance of this - my request.

 

Since the public who have submitted reports to your agency have been told,
and rightfully expect, that police have collected this data as advertised,
and they have consented to it being used for "analysing cybercrime data",
please could you reach out to wherever those reports have ended up, and
acquire them, for the purposes of fulfilling my request (and honoring your
promise to all users who submitted reports on the website!).  "Cybercrime
is a key focus for the AFP" (as your website states) so I have no doubt
that the ACSC will be happy to let you have this information, not least
because they've already promised to all report receipt-holders that you
will get it!

 

It's worth pointing out the purpose our "Freedom of Information" law
(which you, but not the ACSC is subject to), because I'm drafting proposed
new laws to better protect all Australians against cyber crimes, and the
data captured in these crime reports is essential to my case: The FoI Act
exists to facilitate and promote prompt public access to information, and
clearly outlines that information held by you (part of our government) "is
to be managed for public purposes, and is a national resource." and that
FoI applicants have "right of access" to this information.

 

For what it's worth - I'm not "stupid" - it's reasonably clear "between
the lines" here that, despite the promises, police are not in fact getting
all these reports, so while I could say that I'll make identical requests
to every state and territory police around Australia to obtain the
complete list of reports - we both know that they, like you, won't have
them either - so please try to honor the intent of the FoI act and help
find me a way to produce my per-electorate report.  I need "at least
enough detail to identify victim electorates, victim types, crime types,
and as much information about losses as possible", for the 2021-2022
Financial Year.

 

Yours sincerely,

 

C Drake

 

-----Original Message-----

 

OFFICIAL

Dear C Drake

 

I apologise for the delay in responding to your below email regarding
Cybercrime reports.

 

The AFP does not possess all reports to Police for the 2012-2022 Financial
Year. Report Cyber is operated by the Australian Cyber Security Centre
with individual reports being referred to the relevant State and Territory
law enforcement agencies. The AFP are not in possession of all Report
Cyber data to assist in responding to this request.

 

The AFP could respond to the FOI detailing statistics of matters referred
to the AFP by the Report Cyber system.

 

Based on the above, could you please advise how you would like to proceed?
If a response is not provided by Friday, 16 December 2022, we will proceed
to process your request on the basis of the statistics referred to the
AFP.

 

Please contact this office if you have any questions.

 

Kind regards

 

 

 

AFP 24826

Writing to you from Ngunnawal Country

SENIOR TEAM MEMBER

FOI & PRIVACY

CHIEF COUNSEL PORTFOLIO

[4]www.afp.gov.au

 

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[5][FOI #9548 email]

 

This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:

[6]https://www.righttoknow.org.au/help/offi...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

-------------------------------------------------------------------

**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

References

Visible links
1. http://www.afp.gov.au/
2. mailto:[FOI #9548 email]
3. mailto:[email address]
4. http://www.afp.gov.au/
5. mailto:[FOI #9548 email]
6. https://www.righttoknow.org.au/help/offi...

hide quoted sections

Dear Mr/Ms AFP 24826,

Your comments about our FoI act are incorrect. I recommend you review the "Objects" section of the act itself, which can be found here: https://www.legislation.gov.au/Details/C...

In particular, the FoI grants me the right to access any government information of any kind, not just documents, over all departments the act applies to, which includes yours. Please see the extensive definition of what "document" includes in the act above to ensure you understand the scope of my rights to access your departments' information. To summarize the definition of the act - it says "document includes: any of, or any part of, any record of information"

I stated my purpose for requesting access in my original request - again - see the act itself, Part I section 3.2(a) and 3.2(b).

I do understand that the Cyber website appears to be actively misleading victims by making aparently false claims and providing fake receipts as "proof" that the information I seek has been reported to your department, when in reality, they are not reporting all this to your department. Since these claims have been made along with the evidence claiming that your department has received these reports (labelled as "proof") being supplied to victims who filed reports, I rightfully expect that your department actually reach out and get these reports which should have been submitted to you, for (at least!) the purposes of fulfilling my request and honoring your abundant website promises that "Police" (you) are getting these reports.

Please phone me on 0487 543210 if you need my help in any way to make this easier for you.

Please note that I always seek internal review of all FoI refusals I get, and I always escalate all the way to OAIC as well as Department heads and ministers. I never ask for anything I believe is unreasonable or exempt, so it's always unreasonable to deny my requests.

Yours sincerely,

C Drake

FOI, Australian Federal Police

OFFICIAL
Dear C Drake

I have been liaising internally with relevant members in regards to your request.

A member has offered to give you a call to discuss the scope of your request. If you are agreeable to this, could you please provide your best contact number to forward on to the member.

Kind regards

AFP 24826
Writing to you from Ngunnawal Country
SENIOR TEAM MEMBER
FOI & PRIVACY
CHIEF COUNSEL PORTFOLIO
www.afp.gov.au

-----Original Message-----
From: C Drake <[FOI #9548 email]>
Sent: Friday, 20 January 2023 3:28 PM
To: FOI <[email address]>
Subject: Re: FOI Request LEX 1201 - Acknowledgement of Request [SEC=OFFICIAL] [AFP-L.FID79340]

Dear Mr/Ms AFP 24826,

Your comments about our FoI act are incorrect. I recommend you review the "Objects" section of the act itself, which can be found here: https://www.legislation.gov.au/Details/C...

In particular, the FoI grants me the right to access any government information of any kind, not just documents, over all departments the act applies to, which includes yours. Please see the extensive definition of what "document" includes in the act above to ensure you understand the scope of my rights to access your departments' information. To summarize the definition of the act - it says "document includes: any of, or any part of, any record of information"

I stated my purpose for requesting access in my original request - again - see the act itself, Part I section 3.2(a) and 3.2(b).

I do understand that the Cyber website appears to be actively misleading victims by making aparently false claims and providing fake receipts as "proof" that the information I seek has been reported to your department, when in reality, they are not reporting all this to your department. Since these claims have been made along with the evidence claiming that your department has received these reports (labelled as "proof") being supplied to victims who filed reports, I rightfully expect that your department actually reach out and get these reports which should have been submitted to you, for (at least!) the purposes of fulfilling my request and honoring your abundant website promises that "Police" (you) are getting these reports.

Please phone me on 0487 543210 if you need my help in any way to make this easier for you.

Please note that I always seek internal review of all FoI refusals I get, and I always escalate all the way to OAIC as well as Department heads and ministers. I never ask for anything I believe is unreasonable or exempt, so it's always unreasonable to deny my requests.

Yours sincerely,

C Drake

-----Original Message-----

OFFICIAL

Dear Mr Drake

 

We refer to your request dated 10 November 2022, seeking access to

documents under the Freedom of Information Act 1982 (the Act) as follows:

 

              “Statistics of matters referred to the AFP by the Report

Cyber system in regards to financial losses for the 2021-2022 financial

year.”

 

Timeframe

 

Your request was received by the Australian Federal Police (AFP) on 10

November 2022, and the 30 day statutory period for processing your request

commenced from that date. The due date for your request was 10 December

2022.

 

I apologise for the delay in providing a decision to you regarding your

request, however your request is being processed as a priority.

 

Information irrelevant to the scope of your request

 

The AFP, in its management of FOI requests, excludes the following

information on the basis that is irrelevant to the scope of a request:

 

·       duplicate documents, including duplicate emails (the AFP will only

provide emails where they form a final email chain and the

authors/recipients are contained within the final email); and

·       information that is publicly available, for example, newspaper

articles, online publications including information available on the AFP

Information Publication Scheme and the AFP disclosure log.

 

Should you have any further questions at this time, please do not hesitate

to contact our office.

 

Kind regards

 

 

AFP 24826

Writing to you from Ngunnawal Country 

SENIOR TEAM MEMBER

FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

www.afp.gov.au

 

 

 

 

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[FOI #9548 email]

This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:

https://www.righttoknow.org.au/help/offi...

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------
**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

hide quoted sections

This message has been hidden. contains personal info Please contact us if you have any questions.

FOI, Australian Federal Police

3 Attachments

OFFICIAL

Dear C Drake

 

Please find attached correspondence in relation to your FOI request, LEX
1201.

 

Kind regards

AFP 24826

Writing to you from Ngunnawal Country 
FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

[1]www.afp.gov.au
[2]Australian Federal Police

 

 

 

From: FOI <[email address]>
Sent: Wednesday, 18 January 2023 7:28 PM
To: C Drake <[FOI #9548 email]>
Cc: FOI <[email address]>
Subject: FOI Request LEX 1201 - Acknowledgement of Request [SEC=OFFICIAL]
[AFP-L.FID79340]

 

OFFICIAL

Dear Mr Drake

 

We refer to your request dated 10 November 2022, seeking access to
documents under the Freedom of Information Act 1982 (the Act) as follows:

 

              “Statistics of matters referred to the AFP by the Report
Cyber system in regards to financial losses for the 2021-2022 financial
year.”

 

Timeframe

 

Your request was received by the Australian Federal Police (AFP) on 10
November 2022, and the 30 day statutory period for processing your request
commenced from that date. The due date for your request was 10 December
2022.

 

I apologise for the delay in providing a decision to you regarding your
request, however your request is being processed as a priority.

 

Information irrelevant to the scope of your request

 

The AFP, in its management of FOI requests, excludes the following
information on the basis that is irrelevant to the scope of a request:

 

·       duplicate documents, including duplicate emails (the AFP will only
provide emails where they form a final email chain and the
authors/recipients are contained within the final email); and

·       information that is publicly available, for example, newspaper
articles, online publications including information available on the AFP
Information Publication Scheme and the AFP disclosure log.

 

Should you have any further questions at this time, please do not hesitate
to contact our office.

 

Kind regards

 

 

AFP 24826

Writing to you from Ngunnawal Country 

SENIOR TEAM MEMBER

FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

[3]www.afp.gov.au

 

 

 

 

 

 

-----Original Message-----
From: FOI <[4][email address]>
Sent: Sunday, 15 January 2023 4:36 PM
To: C Drake <[5][FOI #9548 email]>
Cc: FOI <[6][email address]>
Subject: RE: Freedom of Information request - Details of FY21/22
Cybercrime reports [SEC=OFFICIAL] [AFP-L.FID79340]

 

OFFICIAL

Dear C Drake

 

I refer to your below email.

 

The purpose of the FOI Act is to seek documents, it is not a mechanism to
obtain information through asking questions.

 

Based on your below email, the AFP will process your request on statistics
of matters referred to the AFP by the Report Cyber system.

 

Kind regards

 

 

 

AFP 24826

Writing to you from Ngunnawal Country 

SENIOR TEAM MEMBER

FOI & PRIVACY 

CHIEF COUNSEL PORTFOLIO

[7]www.afp.gov.au

 

 

 

 

-----Original Message-----

From: C Drake <[8][FOI #9548 email]>

Sent: Tuesday, 13 December 2022 12:10 PM

To: FOI <[9][email address]>

Subject: RE: Freedom of Information request - Details of FY21/22
Cybercrime reports [SEC=OFFICIAL]

 

Hi,

 

Thanks for your informative reply.  I note you wrote "2012-2022" which I
assume is a typo? - I'm after the 21/22 financial year data only.

 

I'm confused by your line "he AFP does not possess all reports".  What
reports *do* you possess?, and over what timeframe?

 

You mentioned "statistics of matters" - could you let me know what kind of
information is captured in these statics?  e.g. if it's a database, what
fields are available?

 

Do you know if those "statistics of matters" would be sufficient to
accurately calculate reported loss values broken down by Australian
electoral boundaries (or at least by postcode) ?

 

Assuming the above answer is "no":

 

The reporting system begins by clearly and specifically stating that it
provides a receipt which is "proof that a report has been submitted to
police".  It also claims to be governed by a privacy policy, which
reiterates the fact that the police are receiving this information, and
sets out the purposes for which this collecting is being made, one being
"analysing cybercrime data", which is the substance of this - my request.

 

Since the public who have submitted reports to your agency have been told,
and rightfully expect, that police have collected this data as advertised,
and they have consented to it being used for "analysing cybercrime data",
please could you reach out to wherever those reports have ended up, and
acquire them, for the purposes of fulfilling my request (and honoring your
promise to all users who submitted reports on the website!).  "Cybercrime
is a key focus for the AFP" (as your website states) so I have no doubt
that the ACSC will be happy to let you have this information, not least
because they've already promised to all report receipt-holders that you
will get it!

 

It's worth pointing out the purpose our "Freedom of Information" law
(which you, but not the ACSC is subject to), because I'm drafting proposed
new laws to better protect all Australians against cyber crimes, and the
data captured in these crime reports is essential to my case: The FoI Act
exists to facilitate and promote prompt public access to information, and
clearly outlines that information held by you (part of our government) "is
to be managed for public purposes, and is a national resource." and that
FoI applicants have "right of access" to this information.

 

For what it's worth - I'm not "stupid" - it's reasonably clear "between
the lines" here that, despite the promises, police are not in fact getting
all these reports, so while I could say that I'll make identical requests
to every state and territory police around Australia to obtain the
complete list of reports - we both know that they, like you, won't have
them either - so please try to honor the intent of the FoI act and help
find me a way to produce my per-electorate report.  I need "at least
enough detail to identify victim electorates, victim types, crime types,
and as much information about losses as possible", for the 2021-2022
Financial Year.

 

Yours sincerely,

 

C Drake

 

-----Original Message-----

 

OFFICIAL

Dear C Drake

 

I apologise for the delay in responding to your below email regarding
Cybercrime reports.

 

The AFP does not possess all reports to Police for the 2012-2022 Financial
Year. Report Cyber is operated by the Australian Cyber Security Centre
with individual reports being referred to the relevant State and Territory
law enforcement agencies. The AFP are not in possession of all Report
Cyber data to assist in responding to this request.

 

The AFP could respond to the FOI detailing statistics of matters referred
to the AFP by the Report Cyber system.

 

Based on the above, could you please advise how you would like to proceed?
If a response is not provided by Friday, 16 December 2022, we will proceed
to process your request on the basis of the statistics referred to the
AFP.

 

Please contact this office if you have any questions.

 

Kind regards

 

 

 

AFP 24826

Writing to you from Ngunnawal Country

SENIOR TEAM MEMBER

FOI & PRIVACY

CHIEF COUNSEL PORTFOLIO

[10]www.afp.gov.au

 

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[11][FOI #9548 email]

 

This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:

[12]https://www.righttoknow.org.au/help/offi...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

-------------------------------------------------------------------

**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

References

Visible links
1. http://www.afp.gov.au/
2. http://www.afp.gov.au/
3. http://www.afp.gov.au/
4. mailto:[email address]
5. mailto:[FOI #9548 email]
6. mailto:[email address]
7. http://www.afp.gov.au/
8. mailto:[FOI #9548 email]
9. mailto:[email address]
10. http://www.afp.gov.au/
11. mailto:[FOI #9548 email]
12. https://www.righttoknow.org.au/help/offi...

hide quoted sections

Hi Matt,

I'm obviously disappointed that you found a reason to prevent me getting any information at all, (plus never phoned me, after asking for my number!) especially as you already know that the ACSC themselves also refused.

I know it's embarrassing how extreme this crime is, and how little any police (or government or anyone) in Australia are doing about it (every year, 76,000 crimes but only 7 prosecutions on average!), but coving up the extent of these losses by denying us access to our own report statistics is clearly just *exacerbating* the problem.

I'm finding it crushingly difficult to get ANYONE to care or do anything effective whatsoever about cyber crime in Australia, and your response simply continues to confirm this problem. In fact - it's a direct slap-in-the-face to every victim who wasted their time filling in a report, which clearly and specifically told them that their report would be used precisely for the purpose I requested this data - but in reality, you're literally trying as hard as you can to prevent anyone solving this problem.

Would you please get me as much data as you can. I'm happy to receive it OUTSIDE of the FoI system if that make it easier (you have my phone number, plus I have defence security clearance, and it's not classified material anyhow). Keep in mind that a written *contractual commitment* has been made to every one of those 76,000 victims that their data would be used for the purpose I'm requesting it. If you're wondering about the outcome - my draft bill, which I'm needing statistics for MP electorates to gather their support, is here: http://chrisdrake.com/for_gai/Social_Res...

Thanks in advance if you can find any way to help me and all those victims. Fun fact - this year, our losses to cybercrime are going to exceed out entire countries defence budget. It's up to you to decide how proud you want to be of that: part of the cause of that loss, or finding ways to work with activists like myself to actually curb it.

Yours sincerely,

C Drake

FOI, Australian Federal Police

OFFICIAL
 
Dear C Drake
 
Thank you for your email.
 
I apologise for the overlap in our correspondence in regards to contacting
you to discuss the scope of your request.
 
We have explored the possibility of releasing this information to you
administratively, and spoken to both AFP Cyber Command and the Australian
Signals Directorate. Ultimately, it is ASD’s information, and the AFP will
not administratively release another agency’s information.
 
Kind regards
 
Matt
 
 
 
-----Original Message-----
From: C Drake <[1][FOI #9548 email]>
Sent: Wednesday, 1 March 2023 9:37 AM
To: FOI <[2][email address]>
Subject: Re: FOI Request LEX 1201 - Notice of Decision [SEC=OFFICIAL]
[AFP-L.FID79340]
 
Hi Matt,
 
 
 
I'm obviously disappointed that you found a reason to prevent me getting
any information at all, (plus never phoned me, after asking for my
number!) especially as you already know that the ACSC themselves also
refused.
 
 
 
I know it's embarrassing how extreme this crime is, and how little any
police (or government or anyone) in Australia are doing about it (every
year, 76,000 crimes but only 7 prosecutions on average!), but coving up
the extent of these losses by denying us access to our own report
statistics is clearly just *exacerbating* the problem.
 
 
 
I'm finding it crushingly difficult to get ANYONE to care or do anything
effective whatsoever about cyber crime in Australia, and your response
simply continues to confirm this problem.  In fact - it's a direct
slap-in-the-face to every victim who wasted their time filling in a
report, which clearly and specifically told them that their report would
be used precisely for the purpose I requested this data - but in reality,
you're literally trying as hard as you can to prevent anyone solving this
problem.
 
 
 
Would you please get me as much data as you can.  I'm happy to receive it
OUTSIDE of the FoI system if that make it easier (you have my phone
number, plus I have defence security clearance, and it's not classified
material anyhow). Keep in mind that a written *contractual commitment* has
been made to every one of those 76,000 victims that their data would be
used for the purpose I'm requesting it.    If you're wondering about the
outcome - my draft bill, which I'm needing statistics for MP electorates
to gather their support, is here:
[3]http://chrisdrake.com/for_gai/Social_Res...
 
 
 
Thanks in advance if you can find any way to help me and all those
victims.  Fun fact - this year, our losses to cybercrime are going to
exceed out entire countries defence budget.  It's up to you to decide how
proud you want to be of that: part of the cause of that loss, or finding
ways to work with activists like myself to actually curb it.
 
 
 
Yours sincerely,
 
 
 
C Drake
 
 
 
-----Original Message-----
 
 
 
OFFICIAL
 
 
 
Dear C Drake
 
 
 
 
 
 
 
Please find attached correspondence in relation to your FOI request, LEX
 
1201.
 
 
 
 
 
 
 
Kind regards
 
 
 
AFP 24826
 
 
 
Writing to you from Ngunnawal Country 
 
FOI & PRIVACY 
 
 
 
CHIEF COUNSEL PORTFOLIO
 
 
 
[1][4]www.afp.gov.au
 
[2]Australian Federal Police
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
From: FOI <[email address]>
 
Sent: Wednesday, 18 January 2023 7:28 PM
 
To: C Drake <[FOI #9548 email]>
 
Cc: FOI <[email address]>
 
Subject: FOI Request LEX 1201 - Acknowledgement of Request [SEC=OFFICIAL]
 
[AFP-L.FID79340]
 
 
 
 
 
 
 
OFFICIAL
 
 
 
Dear Mr Drake
 
 
 
 
 
 
 
We refer to your request dated 10 November 2022, seeking access to
 
documents under the Freedom of Information Act 1982 (the Act) as follows:
 
 
 
 
 
 
 
              “Statistics of matters referred to the AFP by the Report
 
Cyber system in regards to financial losses for the 2021-2022 financial
 
year.”
 
 
 
 
 
 
 
Timeframe
 
 
 
 
 
 
 
Your request was received by the Australian Federal Police (AFP) on 10
 
November 2022, and the 30 day statutory period for processing your request
 
commenced from that date. The due date for your request was 10 December
 
2022.
 
 
 
 
 
 
 
I apologise for the delay in providing a decision to you regarding your
 
request, however your request is being processed as a priority.
 
 
 
 
 
 
 
Information irrelevant to the scope of your request
 
 
 
 
 
 
 
The AFP, in its management of FOI requests, excludes the following
 
information on the basis that is irrelevant to the scope of a request:
 
 
 
 
 
 
 
·       duplicate documents, including duplicate emails (the AFP will only
 
provide emails where they form a final email chain and the
 
authors/recipients are contained within the final email); and
 
 
 
·       information that is publicly available, for example, newspaper
 
articles, online publications including information available on the AFP
 
Information Publication Scheme and the AFP disclosure log.
 
 
 
 
 
 
 
Should you have any further questions at this time, please do not hesitate
 
to contact our office.
 
 
 
 
 
 
 
Kind regards
 
 
 
 
 
 
 
 
 
 
 
AFP 24826
 
 
 
Writing to you from Ngunnawal Country 
 
 
 
SENIOR TEAM MEMBER
 
 
 
FOI & PRIVACY 
 
 
 
CHIEF COUNSEL PORTFOLIO
 
 
 
[3][5]www.afp.gov.au
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-------------------------------------------------------------------
 
Please use this email address for all replies to this request:
 
[6][FOI #9548 email]
 
 
 
This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:
 
[7]https://www.righttoknow.org.au/help/offi...
 
 
 
Please note that in some cases publication of requests and responses will
be delayed.
 
 
 
If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.
 
 
 
-------------------------------------------------------------------
 
 

**********************************************************************
WARNING

This email message and any attached files may contain information
that is confidential and subject of legal privilege intended only for
use by the individual or entity to whom they are addressed. If you
are not the intended recipient or the person responsible for
delivering the message to the intended recipient be advised that you
have received this message in error and that any use, copying,
circulation, forwarding, printing or publication of this message or
attached files is strictly forbidden, as is the disclosure of the
information contained therein. If you have received this message in
error, please notify the sender immediately and delete it from your
inbox.

AFP Web site: http://www.afp.gov.au
**********************************************************************

References

Visible links
1. mailto:[FOI #9548 email]
2. mailto:[email address]
3. http://chrisdrake.com/for_gai/Social_Res...
4. http://www.afp.gov.au/
5. http://www.afp.gov.au/
6. mailto:[FOI #9548 email]
7. https://www.righttoknow.org.au/help/offi...

hide quoted sections

Hi Matt,

I've not heard from AFP or ASD - what was the outcome of trying to get me some information?

Could you use the fact that the information is NOT "another agency's information", because the information itself came from and belongs to the public who provided it, and they (we) provided that information into a website which clearly and specifically said that this information was being submitted to you (police, not to defence)?

Just because it passed through the hands of someone else on its way to you, doesn't make it their information of course!

I also am becoming *seriously* concerned about the stonewalling that is going on here? The hundreds of thousands of crime victims who took their time to provide their information to "police", did so on the understanding that the information they provided would be used for the purposes disclosed on the website they typed it in to: which is EXACTLY the purpose I'm requesting it for now.

In case you're not aware about the significance of my request: the scale of this loss to the Australian public is about $42bn annually, and at the rate it's increasing (15% YoY) it's going to EXCEED our entire defence budget in the next 12 months. Next time your kids, parents, friends, or colleagues get taken in by fake facebook ads, ripped off by fake ebay listings, hit with crypto or investment scams, infected by banking malware, pay counterfeit invoices, or any of the thousands of other ways that $42bn floods out of our economy: please be reminded of now - this request of mine - needing the raw information about the per-electorate impact of these crimes to convince the politicians in a position to solve this problem, to take the action they need to cure it

I look forward to any kind of help you can provide!

Yours sincerely,
C Drake
Phone: 0487 543210