- Introduction
Conduct of the inquiry
1.1On 29 March 2023 the Minister for Home Affairs, the Hon Clare O’Neil MP, wrote to the Committee referring the Australian Security Intelligence Organisation Amendment Bill 2023 (the Bill) for inquiry and report.
1.2In her letter the Minister stated that:
The Bill contains a suite of amendments to:
- uplift and harden Australia’s highest-level of security clearance in response to the unprecedented threat from espionage and foreign interference, and
- drive shared initiatives and investments that improve interoperability and burden sharing as the Australian Government delivers critical national security capabilities.
The reforms will implement a consistent approach across the Australian Government to issuing, maintaining and revoking Australia’s highest-level of security clearances. This will reduce the risk of compromise of trusted insiders, maximise the utility derived from shared services in a fiscally constrained environment, improve the mobility and agility of our highest-cleared workforce and ensure the ongoing confidence of our most trusted allies.
1.3The Committee commenced its inquiry on 30 March 2023 and invited public submissions. Four submissions and two supplementary submissions were received, as follows:
1Australian Security Intelligence Organisation
1.1 Supplementary submission
2Department of Home Affairs
2.1 Supplementary submission
3Office of National Intelligence
4Inspector-General of Intelligence and Security.
1.4The Committee notes that it received no submissions from people or organisations outside of Government, and no evidence querying or opposing the proposals put forward in the Bill.
1.5On Wednesday 10 May 2023 the Committee held a public hearing with officials from the Department of Home Affairs and the Australian Security Intelligence Organisation (ASIO), as follows:
- Department of Home Affairs
- Mrs Nicole Spencer - First Assistant Secretary, Executive Coordination
- Mr Steve Webber - First Assistant Secretary, Disputes and Corporate Law
- Mr George Thomas- Senior Director, Strategic Planning & Coordination
- Australian Security Intelligence Organisation
- Mr Ewan Macmillan, Deputy Director-General, Vetting Service Delivery.
Report structure
1.6The report consists of this chapter and a chapter setting out the Committee’s comment.
Background to the Bill: reform of Australia’s security clearance system
1.7The Independent Intelligence Review (IIR) conducted for the Australian Government in 2017 reported that the length of time taken to complete Top Secret Positive Vetting (TS-PV) security clearances, the highest level of Australian Government clearances, was ‘exacerbating the intelligence community’s existing workforce challenges’, and assessed that it would be ‘prudent’ to increase ASIO’s involvement in the clearance process. The IIR recommended that if measures then being undertaken to speed up clearance times were not successful, alternative options for TS-PV clearances should be explored, including giving ASIO responsibility for these clearances for other agencies.
1.8Subsequent reviews, including audits by the Australian National Audit Office (ANAO) in 2018 and 2021, an independent review commissioned by the Department of Prime Minister and Cabinet in 2019, and the Report of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Richardson Review) in 2020, provided further examination of and comment on the need for reform of the Australian Government’s high-level security clearance arrangements.
1.9In November 2021, the Government updated its Protective Security Policy Framework (PSPF), announcing the replacement of the highest-level TS-PV clearance with a new ‘TOP SECRET-Privileged Access’ (TS-PA) clearance, which would be granted by relevant agencies, including ASIO, going forward.
1.10Should the present Bill be passed, ASIO will assume responsibility for granting TS-PA clearances not only for its own staff, but for a range of government departments and agencies, whose TS-PV clearances have to date been mostly facilitated by the Australian Government Security Vetting Agency (AGSVA) within the Department of Defence.
The Australian Security Intelligence Organisation Amendment Bill 2023
The need for the Bill
1.11ASIO submitted that:
The Bill would provide ASIO with a new security vetting and clearance related function; enable the freer exchange of information between ASIO and sponsors to manage and mitigate security risks; and introduce a new review framework to ensure accountability of ASIO decisions and assessments.
Without these reforms, ASIO would not be able to make security clearance decisions for clearances sponsored by other agencies. The continued application of Part IV of the ASIO Act to security vetting and clearance related communications would limit the ability of ASIO and sponsors to identify, manage and mitigate security threats. Further, review rights for ASIO security clearance decisions and assessments would remain fragmented and inconsistent across those affected by them.
1.12The Department of Home Affairs stated that:
Centralising Australia’s highest-level clearance within ASIO leverages ASIO’s security intelligence functions, holdings and capabilities to allow for a holistic assessment of a person’s suitability to hold a TS-PA security clearance, having regard to the most current and accurate information about the security threats confronting Australia.
Overview of the Bill
1.13The Australian Security Intelligence Organisation Amendment Bill 2023 (the Bill) amends the Australian Security Intelligence Organisation Act 1979 (ASIO Act), the Office of National Intelligence Act 2018 (ONI Act), the Administrative Appeals Tribunal Act 1975 (AAT Act) and the Inspector-General of Intelligence and Security Act 1986 (IGIS Act). The Bill contains a suite of amendments designed to uplift and harden Australia’s highest-level of security clearance in response to the unprecedented threat from espionage and foreign interference confronting Australia.
1.14The Bill would introduce a new security vetting and security clearance framework into the ASIO Act. This framework would enable ASIO to become centrally responsible for the issuing, maintaining and revoking of Australia’s highest-level of security clearance, and the implementation of a consistent approach across the Australian Government.
1.15The Bill would also enable the operations of a Quality Assurance Office (QAO) in the Office of National Intelligence (ONI), responsible for independently assuring the quality, consistency and transferability of the TS-PA security clearances; and for working with clearance-sponsoring agencies to strengthen their capabilities to prevent and detect insider threats.
1.16Measures in the Bill include:
- a new function for ASIO under section 17 of the ASIO Act, and a new Part IVA in the Act, setting out new security vetting and security clearance related functions for ASIO, including:
- a new function for ASIO (new paragraph 17(1)(cb)) to undertake security vetting and security clearance related activities;
- enabling ASIO as the vetting authority to communicate with sponsoring agencies in respect of a person who has applied for, or holds, a security clearance, to enable a stronger and more effective partnership between ASIO and the sponsoring agencies to enhance their insider threat capability;
- providing for ASIO to furnish security clearance suitability assessments (SCSAs), which may be used by other authorised vetting agencies to inform their security clearance decisions. This replaces, but is largely similar to, the existing framework in Part IV of the ASIO Act whereby ASIO may provide security assessments to security vetting agencies to inform security clearance decisions by those agencies;
- a safeguard to ensure that other Commonwealth security vetting agencies can only make a security clearance decision on the basis of an ASIO (security clearance suitability assessment) SCSA;
- a statutory framework to provide internal and external merits review avenues for prejudicial security clearance decisions (i.e. a decision to deny or revoke a security clearance, or to impose or vary certain conditions on a security clearance) by ASIO; or a prejudicial SCSA (PSCSA) furnished to a security vetting agency; and
- a new function in the ONI Act for a QAO in ONI to independently assess the quality, consistency, and transferability of the highest-level of security clearances, and drive the uplift of the insider threat capability of agencies that sponsor these clearances. ASIO would also continue to be overseen by the Inspector-General of Intelligence and Security (IGIS), which reviews ASIO’s activities to ensure it acts legally and with propriety, complies with ministerial guidelines and directives and respects human rights.
- The Bill also amends the AAT Act to enable the new external merits review framework, and makes consequential amendments to the IGIS Act addressing a cross reference to reflect a change to the ASIO Act.
A new Part IVA in the ASIO Act: Security Vetting and security clearance related activities
1.18The main amendments contained in the Bill are inserted by Item 12 which would insert a number of proposed new sections which form a new Part IVA into the ASIO Act, entitled ‘Security vetting and security clearance related activities.’
1.19Proposed new section 82 would set out the purpose of Part IVA. Subsection 82(1) would provide that Part IVA is made for the purposes of ASIO’s new function of security vetting and security clearance related activities in paragraph 17(1)(cb).
1.20Subsection 82(2) would clarify that:
- ASIO’s performance of its paragraph 17(1)(cb) function is not limited by subsection 17(2) of the ASIO Act (which specifies limits on the Organisation carrying out or enforcing measures for security within an authority of the Commonwealth); and
- Paragraph 17(1)(cb) and Part IVA do not prevent any other authority of the Commonwealth from undertaking those activities.
- Proposed section 82C sets out what ASIO may do for the purposes of its function referred to in paragraph 17(1)(cb). It places ASIO’s security vetting and security clearance activities on a statutory basis and extends ASIO’s existing ability to grant, deny and revoke clearances sponsored by ASIO to clearances sponsored by other agencies. ASIO may do any of the activities listed in subsection 82C(1) for the purposes of performing its new security vetting and security clearance related activities function.
- The Explanatory Memorandum makes clear the consensual nature of a person seeking a security clearance:
ASIO’s proposed new functions are predicated on the consent of the affected persons. The new functions would not confer upon ASIO special powers to collect information which would otherwise be unlawful without a warrant. Applications for a security clearance are voluntary. Following passage of the Bill, new clearance applicants would have the opportunity to familiarise themselves with the proposed Part IVA framework, including the scope of ASIO’s functions and powers, and their rights as current or prospective security clearance holders. ASIO must obtain consent to collect, use and disclose personal information (including sensitive information) for the purposes of assessing and reviewing, including [on] a persistent and frequent basis, eligibility and suitability for a security clearance. To ensure consent remains current, consent must be sought at the commencement of the application process, and on a regular basis thereafter.
If a clearance subject does not consent to security vetting, a security vetting process cannot be undertaken. If an existing clearance holder withdraws their consent, their clearance cannot be maintained and would ordinarily be revoked.
1.23Proposed paragraph 82C(1)(a) would provide that ASIO may undertake security vetting to assess a person’s suitability to hold a security clearance. The Explanatory Memorandum explains that the
purpose of the security vetting process is to determine whether an individual is suitable to hold a security clearance—that is, whether they possess and demonstrate an appropriate level of integrity. In the security context, integrity depends on a range of character traits that indicate the individual is able to protect Australian Government resources. These character traits are: honesty, trustworthiness, maturity, tolerance, resilience and loyalty.
And:
The assessment of a clearance subject needs to establish confidence that they possess a sound and stable character, and that they are not unduly vulnerable to influence or coercion. Any doubt regarding an individual’s suitability to hold a security clearance must be resolved in the national interest.
1.24Proposed paragraph 82C(1)(b) would provide that ASIO may make security clearance decisions. This function allows ASIO to grant, deny, suspend, revoke, and impose or vary conditions on, a security clearance.
1.25Proposed paragraph 82C(1)(c) would provide that ASIO may undertake ongoing security vetting and assessment of a person’s suitability to continue to hold a security clearance. This is critical to supporting the persistent, rather than point-in-time, validation of an individual’s suitability for a security clearance.
1.26Proposed paragraph 82C(1)(d) would provide that ASIO may furnish an SCSA in respect of a person. This function would be used by ASIO to furnish SCSAs to security vetting agencies, which those security vetting agencies could use to inform their security clearance decisions. Once furnished to a security vetting agency, SCSAs that are PSCSAs are externally reviewable in the Administrative Appeals Tribunal (AAT), subject to limited exceptions. ASIO may also furnish SCSAs to sponsors, employers or others but is under no obligation to do so. PSCSAs furnished to such entities are not subject to external merits review.
1.27Proposed paragraph 82C(1)(e) would provide that ASIO may communicate with a sponsoring agency for a security clearance in relation to the ongoing suitability of a person to hold a security clearance. The Explanatory Memorandum notes that
this function would enable the sharing of information relating to insider threats for Australia’s highest level of security clearance. This supports the insider threats program of individual sponsor agencies and the uplift of clearance sponsors’ knowledge and capability in relation to insider threat and clearance management processes.
1.28In relation to insider threats and information sharing the Department of Home Affairs stated that it
is essential to allow ASIO to cooperate more effectively with sponsors’ insider threat management teams enabling an integrated, single repository of information about security clearance holders, and supporting sponsors to proactively manage their clearance holders and risk.
An ongoing, rather than point-in-time, validation of an individual’s suitability for a security clearance through improved cooperation with sponsors’ insider threat management teams is critical in assisting sponsors enhance their insider threat capability.
1.29Proposed paragraph 82C(1)(f) would provide that ASIO may assume responsibility for a security clearance that has been granted to a person by another security vetting agency. This places on a statutory footing ASIO’s ability to assume responsibility for a security clearance issued by another agency.
1.30Proposed paragraph 82C(1)(g) would provide that ASIO may do anything incidental to the things mentioned in paragraphs 82C(1)(a)-(f). This is to ensure ASIO has statutory authority to engage in activities necessary for the exercise of those functions that is not expressly listed in those paragraphs.
1.31Proposed paragraph 82C(2)(a) clarifies that, where ASIO has assumed responsibility for a security clearance from another security vetting agency, that clearance is, from that time, taken to have been granted by ASIO.
1.32Proposed paragraph 82C(2)(b) would provide that Part IVA applies in relation to a security clearance decision made after that time in respect of a clearance for which ASIO has assumed responsibility. This would provide certainty of the time at which Part IVA, including the merits review framework, would apply to such clearances.
1.33A note would be inserted under subsection 82C(2) providing that internal and AAT review under Part IVA, do not apply to a security clearance decision made by a security vetting agency in respect of a security clearance before the Organisation assumes responsibility for the clearance. This makes it clear that the review rights under Part IVA apply to security clearance decisions made by ASIO under Part IVA, not security clearance decisions made by other agencies.
1.34Proposed subsection 82C(3) would make clear that nothing in the ASIO Act limits ASIO’s ability to impose or vary conditions on a security clearance:
- where the person is not required to agree to the condition, or the variation of the condition, in order for the security clearance to be granted or continued;
- where the sponsoring agency for the security clearance, or the employer of the person, must agree to the condition, or the variation of the condition, in order for the security clearance to be granted to the person or continued in respect of the person.
- Proposed paragraph 82H(1)(c) and subsection 83E(3) would provide that the imposition or variation of a condition on a security clearance is only reviewable if the affected person must agree to the condition for the clearance to be granted, or for the clearance to not be revoked.
- Notwithstanding this, subsection 82C(3) makes clear that ASIO’s ability to impose or vary conditions are not limited to these circumstances. ASIO may also impose conditions, or requirements that could be perceived as conditions, upon a clearance in circumstances where the clearance holder’s consent is not required. This could include, for example, a requirement to seek prior approval before travelling overseas, or a requirement to report on any material change in circumstances that could affect a person’s suitability to hold a security clearance. These sorts of conditions are a routine part of holding a security clearance, and therefore do not reach the threshold of being reviewable under Part IVA.
Merits review Framework
1.37The Department of Home Affairs referred to the merits review framework introduced by the Bill as ‘robust’ and stated that it
would ensure fair treatment of all persons affected by decisions, improved quality and consistency of decisions and enhanced openness and accountability of decisions made by government.
Division 3 – Review of certain security clearance decisions and prejudicial security clearance suitability assessments
1.38Division 3 of Part IVA would provide a policy framework for internal merits review of ASIO security clearance decisions, and external merits review in the AAT of security clearance decisions and PSCSAs made or furnished by ASIO.
Subdivision A – Internal review of certain security clearance decisions
1.39Proposed Subdivision A of Division 3 sets out the framework for internal review of security clearance decisions by a person appointed by ASIO. The internal review framework is modelled on Part VI of the Freedom of Information Act 1982 and is intended to provide legislative certainty on the process for internal review by ASIO of reviewable security clearance decisions.
1.40Internal merits review would be done in alignment with Administrative Review Council best practice with a decision to vary, revoke or change the decision being made by an alternate decision-maker. As a matter of practice the delegate would normally be at the same classification or higher than the original decision-maker. The EM states that given the operational nature of this requirement, whether the alternate decision-maker is more senior or not may be determined on a case-by-case basis.
1.41Proposed subsection 82(H)(3) would provide that decisions are not internally reviewable if the person is engaged or proposed to be engaged outside Australia for duties outside Australia, and is not an Australian citizen or resident.
Subdivision B – Review by the Administrative Appeals Tribunal of certain security clearance decisions and security clearance suitability assessments
1.42Proposed Subdivision B of Division 3 of Part IVA of the Bill sets out the framework for external review of both security clearance decisions and PSCSAs by the AAT.
1.43Unless the exception at subsection 83(3) applies, an affected person would have a right to seek external merits review in the AAT in the following circumstances:
- (a) if the internal reviewer appointed by ASIO under paragraph 82L(1) makes a security clearance decision in respect of a person who, immediately before the time the internal reviewer made the decision, held a security clearance or was a Commonwealth employee, to deny, revoke, or impose or vary certain conditions upon a security clearance; and
- (b) the person is the subject of a PSCSA furnished by ASIO.
- As with internal review, AAT review is not available to a person who is engaged or proposed to be engaged outside Australia for duties outside Australia, and is not an Australian citizen or resident (subsection 83(3)).
- The Department of Home Affairs commented on the AAT’s review powers as follows:
The AAT can make findings that are binding if, in the AAT’s opinion, the information relied upon in making the original decision was incorrect, was incorrectly represented or could not reasonably be relevant to the requirements of security. Commonwealth agencies, States or authorities of a State must treat the findings of the AAT with regard to an SCSA or security clearance decision, to the extent that they do not confirm a security clearance decision or SCSA, as superseding the original decision or assessment. ASIO cannot make any further decisions or assessments in respect of an affected person that are not in accordance with the AAT’s findings, except on the basis of matters occurring after the review or where evidence was not available at the time of the review.
1.46The IGIS noted that matters that could be, or are being, heard by the AAT concerning an ASIO security clearance decision or security suitability assessment will be outside the IGIS’s remit.
The IGIS will continue to be able to receive complaints about the activities of ASIO in relation to ASIO’s new functions proposed under the Bill. However, paragraph 9AAI of the IGIS Act prohibits the IGIS from inquiring into a matter that is, or could be, subject of a review by the Security Division of the AAT, unless the matter is referred to the IGIS under subsection 65(1A) of the ASIO Act. In other words, matters that could be, or are being, heard by the AAT concerning an ASIO security clearance decision or security suitability assessment will be outside the IGIS's remit. Where the person concerned does not already hold a security clearance and is not a Commonwealth employee, because there would then be no availability of a review in the AAT this exclusion would not apply to the internal review mechanism proposed in the Bill, and, as such, the IGIS would be able to inquire into complaints about ASIO's activities. For completeness, I note that the IGIS is not a merits review body, nor does it make binding decisions.
Subdivision C – Review by an independent reviewer
1.47Proposed Subdivision C of Part IVA of the Bill would provide for review of decisions made by an internal reviewer under proposed section 82L(3) of the Bill in respect of persons that are not eligible for external review through the AAT because they do not hold a security clearance at any level or are not Commonwealth employees.
1.48Proposed subsection 83EA(1) would provide that, for the purposes of Division 3, each of the following security clearance decisions by an internal reviewer, on behalf of the organisation, is an independently reviewable decision:
- an internal reviewer affirmed an internally reviewable decision under paragraph 82L(3)(a);
- an internal reviewer varied an internally reviewable decision under paragraph 82L(3)(a);
- an internal reviewer denied or revoked a security clearance, or imposed or varied conditions upon a security clearance, where the person is required to agree to the imposition of that condition to be granted, or retain, the security clearance under paragraph 82L(3)(b).
- The Department of Home Affairs noted that:
There is no current equivalent framework in Part IV of the ASIO Act. The Bill will introduce for the first time, an independent review mechanism for security clearance decisions in the ASIO Act.
1.50In relation to independent reviews the IGIS advised that:
Where there has been an independent review, a copy of the independent reviewer's decision must be provided to the IGIS and the Director-General of Security. The Director-General is also required to provide the IGIS with written notice of their decision made in light of the independent reviewer's opinion. As such, the IGIS will be kept abreast of any decisions made by ASIO concerning the independent reviewer's opinion.
Amendments to the ONI Act: quality assurance and insider threats
1.51Items 45-48 propose amendments to the ONI Act which would provide ONI with a new function to provide quality assurance, reporting and advice in relation to the highest level of security clearances issued by the Commonwealth, and to assist Commonwealth authorities that sponsor those clearances to establish and maintain those authorities’ capability to prevent and detect insider threats.
1.52This new function would enable a new Quality Assurance Office (QAO) within ONI to independently assess the quality, consistency, and transferability of the highest-level of security clearances, and drive the uplift of the insider threat capability of agencies that sponsor these clearances.
1.53ONI’s submission explained the QAO as follows:
The QAO is a new function for ONI and part of the National TS-PA Capability that was established on 1 December 2021. The role of the QAO is being designed to align with the TS-PA Standard, the central policy that was issued under the Protective Security Policy Framework (PSPF) on 30 November 2021.
Over time the assurance provided by the work of the QAO will strengthen and deliver a consistent TS-PA security clearance process, addressing the clearance transfer barriers currently experienced by the National Intelligence Community (NIC) and broader government.
Audit & Compliance: The QAO’s audit and compliance capability once fully operational will provide confidence that the granting of TS-PA security clearances and related activities are conducted in accordance with the TS-PA Standard. Audit and compliance activities will be applied across all areas and activities contained within the TS-PA Standard and will be conducted by teams of subject matter experts. This includes vetting, psychology, TS-PA practitioner requirements, TS-PA sponsor requirements (including insider threat programs) and TS-PA contract management.
Insider Threat: The QAO will drive the uplift of the mandatory insider threat capability across government agencies that sponsor TS-PA security clearances. Insider threat programs are designed to enable sponsoring entities to identify and manage insider risk in a holistic and coordinated way. The QAO will ensure the continued development of these programs in line with identified threats and established best practice, including through the provision of training, education and advice.
1.54The IGIS commented on the QAO as follows:
The IGIS will oversee the activities of the QAO in accordance with his usual practices, including undertaking inspections or inquiries into ONI's activities. Under the proposed Modernisation Bill 2022, which is currently before the Parliament, the IGIS will also be able to inquire into complaints about ONI's actions, including the activities of the QAO.
Delegation of powers
1.55Item 4 of Schedule 1 of the Bill would insert new subsections 16(1B) and (1C) into the ASIO Act, relating to delegation by the Director-General of ASIO. New subsection 16(1B) provides that the Director-General may, by writing, delegate any or all of the Director-General’s powers and functions under Part IVA to an ASIO employee or affiliate. This is subject to subsection 16(1C), which provides that powers to make a security clearance decision (under paragraph 82C(1)(b)), or furnish an SCSA (under paragraph 82C(1)(d)), are only delegable to an ASIO employee or affiliate who holds a position in ASIO equivalent to or higher than Executive Level 1.
1.56Several provisions within Part IVA place further limits on delegation, providing that certain functions can only be undertaken by persons within ASIO authorised by the Director-General who hold positions equivalent to Senior Executive Service level or higher.
1.57It follows from this that powers and functions provided for within Part IVA which are not limited by proposed subsection 16(1C), or by specified provisions in Part IVA, are delegable to any ASIO employee or affiliate.
1.58Section 4 of the ASIO Act defines ‘ASIO affiliate’ as ‘a person performing functions or services for the Organisation in accordance with a contract, agreement or other arrangement’, other than the Director-General or an ASIO employee.
1.59The Committee raised a concern, arising from its Review of the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023 and discussed in the report of that review, that a ‘human source’ or any other person assisting ASIO via an informal ‘other arrangement’ rather than a formal contract, is captured by the term ‘ASIO affiliate’. In relation to this Bill the Committee was concerned that the broad delegation powers could—in strict legal terms—allow a human source or agent to perform functions as part of TS-PA security clearance processes.
1.60When this concern was put to him, Mr Ewan Macmillan, ASIO’s Deputy Director-General, Vetting Service Delivery, stated that ‘human sources or agents would not be involved in the undertaking of security vetting’.
Other issues arising from the public hearing
1.61A number of other issues relating to the Bill were discussed at the public hearing held with the Department of Home Affairs and ASIO on 10 May 2023. The Department of Home Affairs and ASIO also provided further information in supplementary submissions to the inquiry.
Definition of a trusted insider
1.62Responding to a query regarding the definition of ‘trusted insider’ the Department of Home Affairs noted the following text from the ASIO document Countering the insider threat:
Insiders are current or former employees or contractors who have legitimate or indirect access to [a] workplace’s people, information, techniques, activities, technology, assets or facilities. Insiders may conduct activities that could harm [a] workplace, be detrimental to Australia’s national security, undermine Australia’s sovereignty and prosperity, or even pose a threat to life.
1.63The Department noted that this definition was consistent with guidance on insiders provided in Policy 13 of the Commonwealth’s Protective Security Policy Framework, which describes them as
employees, contractors and others with access to Australian Government resources who may betray the trust placed in them by unwittingly or maliciously compromising security.
1.64With regard to insider threats more broadly, at the Committee’s request ASIO provided the Committee with more detail, including a hypothetical case study, regarding its role in sharing information and collaborating with sponsoring agencies to identify and mitigate potential insider and other threats.
Statutory thresholds in the Bill
1.65The Committee noted that there were a variety of different thresholds relating to decision or actions proposed by the Bill, particularly in relation to national security or public interest limitations on providing information to security clearance applicants. The Department of Home Affairs explained that the thresholds were different by design, recognising ‘the impact a prejudicial security clearance outcome can have on an individual and their need to access information to understand that outcome’, balanced against the requirements of national security.
1.66The Department stated that ‘the specifics of the statutory threshold applied in each circumstance reflects a necessary and proportionate approach, having regard to both the requirements of security, and the impact on the applicant’. In relation to security clearance suitability assessments the Department explained the need for different thresholds which is set out in full as follows:
Consistent with the equivalent provision in section 38 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act), section 83A(4)(a) sets out that it must be ‘essential to the security of the nation’ for the Minister to issue a certificate to withhold notice of a prejudicial security clearance suitability assessment from an applicant—this has the effect of preventing a person from seeking merits review. The threshold is high in recognition of the potentially adverse impact this may have. While the certificate may be subsequently revoked (s 83A(6)), in the interim the assessment may have had a significant and prejudicial impact on the affected person’s livelihood and reputation.
By contrast, section 83A(4)(b) sets out that it must be ‘prejudicial to the interests of security’ for the Minister for Home Affairs to withhold from an affected person all, or part, of the statement of grounds for a prejudicial security clearance suitability assessment The ability of the Minister to withhold information that would be prejudicial to security allows the protection of the classified information included in such assessments, where security concerns would arise should the information be disclosed to the affected person.
A different ‘contrary to the public interest’ threshold applies to the ability to withhold information from a statement of grounds relating to a security clearance decision for which ASIO is responsible (paragraph 83C(5)(b)). These public interest grounds include that disclosure of the information would prejudice security, the defence of the Commonwealth or the conduct of the Commonwealth’s international affairs; it would reveal information disclosed to ASIO in confidence; or it would form the basis of a claim not to disclose the information in judicial proceedings. This broader threshold applies because in those circumstances, a statement of grounds in relation to a security vetting process may contain a broader range of information that needs to be protected—not just information the disclosure of which would be prejudicial to security. For example, a statement of grounds for a security clearance decision may contain information the disclosure of which could prejudice an ongoing law enforcement investigation. For the same reason, section 83C includes provisions requiring the protection of a standard relating to the Commonwealth’s highest level of security clearance (paragraph 83C(5)(a)), and information that could reveal the methodology underlying a psychological assessment (paragraph 83C(5)(c)). Notably, while such information would not be given to the affected person, all information must still be given to the Administrative Appeals Tribunal (AAT) ensuring the AAT has access to all information in its review, regardless of whether it was given to the affected person.
Section 83F and Security Division of the Administrative Appeals Tribunal
1.67Proposed section 83F would introduce a new safeguard whereby the Attorney-General can, if they are satisfied that it is desirable to do so by reason of special circumstances:
- require the AAT to inquire into and report to the Attorney-General and the Minister on any question concerning the furnishing of a SCSA or the making of a security clearance decision by ASIO; or
- review such an assessment or such a decision along with any information or matter on which it is based.
- The Department of Home Affairs advised that referrals under s 83F were expected to be relatively uncommon, and would occur in in circumstances where the affected individual cannot apply for AAT review themselves.
- The Committee was interested to know why proposed section 83F does not expressly state that matters raised must be dealt with in the security division of the AAT. The Department advised that:
Subsection 83F(6) provides [that] the constitution and procedure of the AAT for proceedings under section 83F must be as determined by the President. This is consistent with section 65(2) of Part IV of the ASIO Act, which provides an equivalent power for the Attorney-General to section 83F in the context of security assessments. No provisions of the ASIO Act refer to the Security Division of the AAT.
Whether a proceeding is heard in the Security Division of the AAT is generally governed by the Administrative Appeals Tribunal Act 1975 (AAT Act). However, as with section 65(2), section 83F(6) operates as a specific exception to the standard Security Division provisions in the AAT Act. This is clarified in Item 16 of the Bill, which amends section 19E(1) of the AAT Act to ensure the AAT Act exception that applies to section 65(2) also applies to proposed new section 83F.
Given that section 83F is a final safeguard allowing direct referrals by the Attorney-General, it is appropriate that the President of the AAT has the discretion to establish the constitution and procedures of the AAT to account for the specific circumstances of such hearings. However, ASIO would expect this would still involve strict protections governing the use and disclosure of security classified or other sensitive information.
Independent Reviewer
1.70The Committee raised a number of issues in relation to the independent review pathway including:
- whether existing clearance holders or Commonwealth employees should also have access to independent review;
- whether allowing the independent reviewer to determine whether or not to review a case could cause a conflict of interest; and
- why the Bill does not specifically prohibit the independent reviewer from providing information to any unauthorised person (other than the applicant).
- In relation to existing security holders having access to independent review the Department of Home Affairs stated that:
Existing security clearance holders and Commonwealth employees are not provided with a pathway to an independent reviewer because the security risks are not considered as high. Instead, these individuals have access to an external merits review process in the AAT, in which they could actively participate, that would result in findings that are binding on ASIO.
1.72In relation to concerns around a potential conflict of interest on the part of the independent reviewer the Department of Home Affairs stated that:
In respect of whether potential conflict of interest could arise when the independent reviewer is required to determine whether to review a matter or not— the Bill enables the independent reviewer to decide whether to review a decision (proposed section 83EB(3)). The lack of a specific threshold in this provision was a deliberate approach to maximise the independent reviewer’s ability to account for all factors they consider relevant in making such a decision, and to ensure the independent reviewer has flexibility to manage their caseload.
It is not expected that the independent reviewer’s remuneration arrangements will materially affect a decision of whether to review a security clearance decision. The terms of engagement would govern the Independent Reviewer’s conduct and include a framework for managing conflicts of interest. The terms of engagement would also govern termination. In the event of a breach of the terms of engagement, including any real or apparent interests that could improperly influence the Independent Reviewer’s conduct, which have not been managed in accordance with the conflict of interest framework, the engagement could be terminated.
In relation to why the Bill requires the independent reviewer to do all things necessary to ensure that any information provided to them is not disclosed to the affected person, but is silent in respect to the independent reviewer not providing information to any other unauthorised person, the Department of Home Affairs stated that
the Bill provides at section 83EC(5)(a) that the Independent Reviewer must comply with any reasonable directions of the Director-General of Security in relation to the protection or handling of information provided to the Independent Reviewer under section 83EC. Therefore, the Director-General can, on a case by case basis, determine how information should be protected or handled under the Bill.
Conclusive certificates
1.73Proposed section 83E of the Bill enables the Minister, in exceptional circumstances, to issue a conclusive certificate in relation to a security clearance decision or SCSA, preventing review of the decision or assessment in the AAT, where it would be prejudicial to security to change or review the decision of assessment.
1.74The Committee sought an example of exceptional circumstances that would enable the Minister for Home Affairs to issue such as conclusive certificate. ASIO stated that:
The 'exceptional circumstances' threshold ensures that this power will be used sparingly in respect of decisions or matters raising grave concerns about the decision or assessment prejudicing security. An example of such exceptional circumstances would be if ASIO had identified that foreign powers or their proxies were seeking to use a merits review process to identify sensitive information, methods or capabilities, including potentially the identities of ASIO officers involved in any proceedings, for example, by putting an agent of a foreign intelligence service through the clearance process.