Bills Digest No. 20, 2021–22

Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020

Attorney General's

Author

Karen Elphick

Go to a section

Introductory Info Date introduced: 9 December 2020
House: House of Representatives
Portfolio: Attorney-General
Commencement: Sections 1–3 commence on Royal Assent. Schedule 1 commences on the day after Royal Assent. Commencement of other provisions is complex and is discussed in detail in the body of the Digest. See Table 1: Notes on commencement provision

The Bills Digest at a glance

Background

The Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (the Bill) is part of the Government response to two major reports:

  • the 2017 Independent Intelligence Review, which recommended expansion of the oversight jurisdiction of the Inspector‑General of Intelligence and Security (IGIS) to include the intelligence functions of the Australian Criminal Intelligence Commission (ACIC), the Australian Federal Police (AFP), Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Department of Home Affairs and
  • the 2019 Richardson Review, which recommended IGIS oversight jurisdiction only be expanded to the intelligence functions of ACIC and AUSTRAC.

Expanded oversight by IGIS of ACIC and AUSTRAC

The Bill makes amendments to the Inspector‑General of Intelligence and Security Act 1986 (the IGIS Act) to expand the powers of the IGIS to conduct oversight of the intelligence functions of the ACIC and AUSTRAC.

It should be noted that the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 provided IGIS, from 4 September 2021, with more limited oversight of ACIC (and the AFP), in relation to network activity warrants. The Bill will expand IGIS’s oversight of ACIC and introduce oversight of AUSTRAC.

Since the commencement of related legislation which was before Parliament at the time of its introduction, the following contingent parts of Schedule 2 will have no effect: Part 1 Division 1; Part 2 Division 1; and Part 3 Divisions 1–3. See Table 1 for details.

Independence of IGIS

The Bill restricts eligibility for appointment as Inspector-General of Intelligence and Security (Inspector-General) of IGIS. The head or deputy head of an intelligence agency within the Inspector-General’s jurisdiction cannot be appointed as the Inspector-General immediately following their service in an intelligence agency. No minimum time period is set between service as head or deputy head of an agency and eligibility for appointment as Inspector-General.

Repeal of preconditions requiring connection to Australia for IGIS inquiry

The Bill repeals a prohibition on the IGIS inquiring into a matter that occurred outside Australia unless approval is given by a responsible Minister or the Prime Minister.

The Bill also permits the IGIS to commence own-motion inquiries into complaints made by persons who are not Australian citizens or permanent residents.

Information sharing by integrity bodies and avoiding duplication of oversight

The Bill amends the IGIS Act to deal with relationships between the Office of the Inspector-General of Intelligence and Security (Office of the IGIS) and other agencies within the Australian Intelligence Community (AIC), information sharing, and avoiding duplication of oversight.

Expanded oversight by PJCIS of intelligence functions of AUSTRAC

The Bill also proposes amendments to the Intelligence Services Act 2001 (the IS Act) to expand Parliamentary Joint Committee on Intelligence and Security (PJCIS) oversight to the intelligence functions of AUSTRAC.

Several submitters to the Richardson Review recommended further expansion of the function of the PJCIS to include direct oversight of operational activities; however, Richardson recommended against such expansion.

Purpose and structure of the Bill

The purpose of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (the Bill) is to make amendments to the:

  • Inspector‑General of Intelligence and Security Act 1986 (the IGIS Act) and
  • Intelligence Services Act 2001 (the IS Act) and

to make consequential amendments to a large number of Commonwealth statutes.

Schedule 1—Amendments

Expand IGIS jurisdiction to ACIC and AUSTRAC

Part 1 of Schedule 1 of the Bill proposes amendments to the IGIS Act and the IS Act to:

  •  expand the Inspector‑General of Intelligence and Security’s (IGIS’s) jurisdiction to the intelligence functions of the ACIC and AUSTRAC (noting that the IGIS’s jurisdiction was recently expanded to oversight of ACIC functions or powers in relation to network activity warrants by Part 2 of Schedule 2 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021)[1]
  •  expand PJCIS oversight to the intelligence functions of AUSTRAC (items 134–149 of Schedule 1)
  •  clarify the position of consultants, secondees from Commonwealth, state or territory agencies and police forces and contractors
  •  implement measures to improve and streamline IGIS reporting procedures and
  •  improve clarity, modernise drafting expressions and remove redundant provisions.

Ensure IGIS officials have access to protected information

Part 2 of Schedule 1 proposes consequential amendments to 17 different Acts to ensure that information that is protected by secrecy offences under those Acts can be disclosed to IGIS officials performing duties or functions, or exercising powers, as IGIS officials.

Schedule 2—Contingent amendments

The purpose of the contingent amendments is to:

Three related Bills were before Parliament when this Bill was introduced and had provisions which interacted with the provisions proposed in this Bill. That situation made the drafting in this Bill complex because the technical instructions for achieving the intended legislation depend on whether this Bill or any of the related Acts commences first.

Accordingly, some of the important substantive provisions of the Bill, including the main expansion of the jurisdiction of the IGIS, are contingent amendments (that is, contingent of the timing of the passage and commencement of the three related Bills) and contained in Schedule 2.

Each of those Bills has now been enacted. The three related Bills were:

Parts of Schedule 2 that are redundant

The following parts of Schedule 2, because they will never commence, will have no effect: Part 1 Division 1; Part 2 Division 1; and Part 3 Divisions 1–3.

Table 1 below collates the effect of the commencement of the three related Acts.

Table 1: Notes on commencement
Provisions Commencement Notes

1.  Sections 1 to 3 and anything in this Act not elsewhere covered by this table

The day this Act receives the Royal Assent.

2.  Schedule 1, Part 1

The day after this Act receives the Royal Assent.

3.  Schedule 1, Part 2

Immediately after the commencement of the provisions covered by table item 2.

4.  Schedule 2, Part 1, Division 1

Immediately after the commencement of the provisions covered by table item 2.

However, the provisions do not commence at all if Part 4 of Schedule 1 to the Anti‑Money Laundering and Counter‑Terrorism Financing and Other Legislation Amendment Act 2020 commences before that time.

Part 4 of Schedule 1 to the AML CTF Amendment Act commenced on 17 June 2021. Therefore these provisions will never commence.

5.  Schedule 2, Part 1, Division 2

The later of:

(a) immediately after the commencement of the provisions covered by table item 2; and

(b) the commencement of Part 4 of Schedule 1 to the Anti‑Money Laundering and Counter‑Terrorism Financing and Other Legislation Amendment Act 2020.
However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur.

Paragraph (a) will clearly be later (given that Part 4 of Schedule 1 to the AML CTF Amendment Act commenced on 17 June 2021), so the Division will commence the day after the Bill receives Royal Assent, immediately after the commencement of Part 1 of Schedule 1 to the Bill.

6.  Schedule 2, Part 2, Division 1

Immediately after the commencement of the provisions covered by table item 2.

However, the provisions do not commence at all if Part 3 of Schedule 1 to the Australian Security Intelligence Organisation Amendment Act 2020 commences before that time.

Part 3 of Schedule 1 to the ASIO Amendment Act 2020 commenced on 7 September 2020. Therefore these provisions will never commence.

7.  Schedule 2, Part 2, Division 2

The later of:

(a) immediately after the commencement of the provisions covered by table item 2; and

(b) the commencement of Part 3 of Schedule 1 to the Australian Security Intelligence Organisation Amendment Act 2020.

However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur.

Paragraph (a) will clearly be later, (given that Part 3 of Schedule 1 to the ASIO Amendment Act 2020 commenced on 7 September 2020), so the Division will commence the day after the Bill receives Royal Assent, immediately after the commencement of Part 1 of Schedule 1 to the Bill.

8.  Schedule 2, Part 3, Division 1

Immediately after the commencement of the provisions covered by table item 2.

However, the provisions do not commence at all if Part 2 of Schedule 2 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2020 commences before that time.

Part 2 of Schedule 2 to the SLAID Act commenced on 4 September 2021. Therefore these provisions will never commence.

9.  Schedule 2, Part 3, Division 2

Immediately before the commencement of Part 2 of Schedule 2 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2020.

However, the provisions do not commence at all if that Part commences before the commencement of the provisions covered by table item 2.

Part 2 of Schedule 2 to the SLAID Act commenced on 4 September 2021. Therefore these provisions will never commence.

10.  Schedule 2, Part 3, Division 3

Immediately after the commencement of Part 2 of Schedule 2 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2020.

However, the provisions do not commence at all if that Part commences before the commencement of the provisions covered by table item 2.

Part 2 of Schedule 2 to the SLAID Act commenced on 4 September 2021. Therefore these provisions will never commence.

11.  Schedule 2, Part 3, Division 4

Immediately after the commencement of the provisions covered by table item 2.

However, the provisions do not commence at all if Part 2 of Schedule 2 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2020 does not commence before that time.

Part 2 of Schedule 2 to the SLAID Act commenced on 4 September 2021. Therefore this Division will commence the day after the Bill receives Royal Assent, immediately after the commencement of Part 1 of Schedule 1 to the Bill.

12.  Schedule 3

At the same time as the provisions covered by table item 2.

Schedule 3—Application and transitional provisions.

Schedule 3 contains application and transitional provisions. Among other provisions, where an IGIS inquiry is in response to a complaint, the amendments would apply to any complaints made after the Bill commences, and to complaints made before the Bill commences where the IGIS has not completed any preliminary inquiries (under section 14 of the IGIS Act) or where the IGIS has not decided whether to commence an inquiry.

Background—Oversight of the National Intelligence Community

The Australian Intelligence Community (AIC) comprises the six main intelligence agencies as illustrated in Figure 1 below.

Figure 1: The Australian Intelligence Community
Explainer: how the Australian intelligence community works 

Source: Office of National Intelligence (ONI), republished at J Blaxland, ‘Explainer: how the Australian intelligence community works’, The Conversation, 10 May 2018.

The National Intelligence Community (NIC) is a more recent concept developed in response to the findings of the 2017 Independent Intelligence Review (2017 IIR)[6] and comprises the six AIC agencies, as well as AUSTRAC, ACIC and the intelligence functions of the AFP, and the Department of Home Affairs (Home Affairs).[7] See Figure 2 below.

Figure 2: The National Intelligence Community
A diagram illustrating the agency's in the National Intelligence Community

Source: Office of National Intelligence (ONI), ‘The National Intelligence Community’, ONI website.

Oversight bodies

Australia’s intelligence oversight system consists of a number of specialised bodies independent of the Government and each other and the agencies they oversee. These are sometimes referred to as the integrity bodies:

  • the Office of the Inspector‑General of Intelligence and Security (IGIS)
  • the Independent National Security Legislation Monitor (INSLM)
  • the Independent Reviewer of Adverse Security Assessments (IRASA)
  • Commonwealth Ombudsman (Ombudsman)
  • Australian Commission for Law Enforcement Integrity (ACLEI)
  • Parliamentary committees (in particular, the PJCIS and the Parliamentary Joint Committee on Law Enforcement (PJCLE)).[8]

The role of the Inspector-General

The Office of the IGIS is an independent statutory agency which reviews the activities of the six agencies of the AIC. The functions of the Inspector-General are prescribed under sections 8, 9 and 9A of IGIS Act.[9]

The primary role of the Inspector-General is to assist Ministers in overseeing and reviewing the activities of Commonwealth intelligence agencies for:

  •  Legality: intelligence agencies operate within and comply with the legislation governing their activities, and with ministerial guidelines and directives
  •  Propriety: the use of powers by intelligence agencies is appropriate and acceptable in the circumstances
  •  Human rights: the activities of intelligence agencies are consistent with and respect human rights.[10]

The Office of the IGIS conducts its review and oversight of intelligence agencies through inspections, inquiries, and investigations into complaints.

Inspections of agencies activities and processes are designed to monitor agencies’ governance, compliance and control frameworks and to identify issues. Inquiries can be conducted into matters of concern, and the IGIS has strong independent investigative powers similar to those of a royal commission. These include the power to compel persons to answer questions and produce documents, to take sworn evidence, and to enter agency premises.

IGIS can also investigate complaints made by members of the public or intelligence agency staff, about the activities of intelligence agencies.[11]

The Office of the IGIS also liaises with other domestic accountability and integrity agencies, including: ACLEI, Australian Human Rights Commission (AHRC), Inspector-General of the Australian Defence Force, Office of the Australian Information Commissioner and Office of the Commonwealth Ombudsman.[12]

A former judge of the Federal Court of Australia, Dr Christopher Jessup, was the Acting Inspector-General from 18 January 2021 and was appointed to a five-year term commencing 8 February 2021.[13]

Prior to the 2017 IIR and the formation of the NIC, IGIS had no oversight role of agencies outside the AIC. Oversight coverage of the new NIC members (the AFP, ACIC, Home Affairs and AUSTRAC) prior to the 2017 IIR is shown in Table 2.

Table 2: Oversight of the AFP, ACIC, Home Affairs and AUSTRAC prior to 2017 IIR
Oversight of the AFP, ACIC, Home Affairs and AUSTRAC prior to 2017 IIR

Source: Richardson Review, Volume 3: Information, Technology, Powers and Oversight, op. cit., p. 259.

Background—Reviews and reform of intelligence legislation

The 2017 Independent Intelligence Review

The 2017 IIR recommended far-reaching changes to Australia’s intelligence bodies:

The reviewers made 23 recommendations relating to structural arrangements, capability and resourcing, legislation, and oversight. They also judged that looking ahead, the AIC construct would become increasingly artificial, and that a more useful frame of reference would be the National Intelligence Community (NIC) …

The 2017 Review also recommended that the jurisdiction of the two key oversight bodies for the intelligence community—the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and the Inspector-General of Intelligence and Security (IGIS)—be expanded …[15]

It was a key recommendation of the 2017 IIR that the IGIS oversight be expanded to include the ACIC, AFP, AUSTRAC and Home Affairs.[16] This would give IGIS oversight of all 10 agencies within the NIC, with oversight of the AFP, ACIC and Home Affairs limited to their intelligence functions (reflecting that the role of these agencies is not limited to intelligence gathering and IGIS should not be given oversight over their other activities).[17]

In preparation for the expansion of its role, the Office of the IGIS has been building its relationships with, and understanding of, the activities of ACIC, AFP, AUSTRAC and Home Affairs and during 2019–20 was developing interim inspection plans.[18] It has engaged with other accountability and integrity agencies on measures to ensure that future changes to oversight processes are complementary and avoid overlap wherever possible.

The Office of the IGIS has reported that agreement-in-principle has been reached and set out in a Statement of Cooperation. It plans to finalise the Statement of Cooperation following legislation to extend the oversight jurisdiction of the Inspector-General.[19]

Formation of the Department of Home Affairs

Although the creation of Home Affairs was not a recommendation of the 2017 IIR,[20] that machinery of government reform was framed as part of the response to the 2017 IIR by the then Prime Minister, Malcolm Turnbull. The announcement on 18 July 2017[21] of the creation of Home Affairs referred to, and shortly preceded the public release of, the 2017 IIR. Prime Minister Turnbull also announced at that time that the Government would strengthen the Attorney‑General’s oversight of the AIC and the agencies in the Home Affairs portfolio.[22]

There has been considerable public discussion of the overall impact of the machinery of government reforms and the functioning and oversight of the intelligence agencies.[23]

The 2019 Richardson Review

In June 2018, Dennis Richardson was appointed Reviewer to comprehensively examine the effectiveness of the legislative framework for the NIC and prepare findings and recommendations for any reforms. Richardson reported to the Attorney-General in December 2019. The four volumes of the unclassified version of the Comprehensive Review of the Legal Framework of the National Intelligence Community[24] (the Richardson Review) and the Commonwealth Government Response[25] (Government Response) were tabled in Parliament on 7 December 2020.

The Richardson Review’s examination of the legislative framework underpinning the NIC is the first since the Hope Royal Commissions examined the AIC in the 1970s and 1980s.[26]

The key portions of the Richardson Review relevant to the Bill are in Volume 3 of the Review:

  •  Chapter 40—Oversight and the National Intelligence Community, pages 236–271.
  •  Chapter 41—Oversight: Independent oversight bodies, pages 272–296.
  •  Chapter 42—Oversight: Parliamentary committees, pages 297–320.

The recommendations most relevant to intelligence oversight, and the government response to each of those are extracted at Appendix A.

Richardson noted that the 2017 IIR recommendation to expand IGIS oversight to include the intelligence functions of the ACIC, AFP, AUSTRAC and Home Affairs implied that the intelligence functions of all NIC agencies are equivalent and require the same oversight treatment.[28] Instead, Richardson proposed the expansion of the oversight functions of the IGIS only include the intelligence functions of ACIC and AUSTRAC:[29]

A ‘one size fits all’ approach is not appropriate.

The IGIS does not have oversight of any department of state. Also, the intelligence function in Home Affairs is not encapsulated in a semi-autonomous agency such as DIO. Rather, it is simply another division in a wider department. Home Affairs has existing and effective oversight mechanisms for a department of state. We question the value of adding more oversight.

The AFP is a law enforcement agency, not an intelligence agency. To the extent that the AFP engages in intelligence collection activities, it does so in support of its policing functions. Its intelligence function is integrated across the organisation rather than being a stand-alone unit. Extending the IGIS’ oversight to the AFP’s ‘intelligence functions’ would be challenging, to say the least, given the dispersed nature of that function across the organisation.

There is, however, a stronger case for IGIS oversight of the ACIC and AUSTRAC’s intelligence activities given their respective, central, criminal and financial intelligence functions. While both agencies are the subject of a range of oversight mechanisms, the specialised intelligence oversight of the IGIS would more readily add value and assurance in respect of those functions.[30]

A consolidated list of all the Richardson Review recommendations, marked up by policy subject area, is included at Appendix B. The Government Response indicates that the Government agrees with most of the recommendations, however:

  •  the Government response is NOT PUBLIC for recommendations 7, 9, 11, 40, 133–134, and 147–153 because the entire recommendation and response are CLASSIFIED
  •  the Government DISAGREED with recommendations 57, 73, 181, and 187
  •  the Government AGREED IN PART with recommendation 199 and
  •  the Government AGREED IN PRINCIPLE with recommendations 13, 20, 21, 89, 96, 99, 122, 195, and 196.b.[32]

Recent extensive changes to intelligence legislation

In response to national security threats and these two major reviews of intelligence agencies, the Government has introduced a large number of Bills relating to national security and intelligence agencies over the course of the last three Parliaments. The legislation is listed at Appendix C.

Surveillance Legislation Amendment (Identify and Disrupt) Act 2021

The SLAID Act was passed by both houses in late August 2021.[33] It is designed to modernise Australia’s law enforcement and intelligence legal framework to better equip the AFP and ACIC to deal with serious cyber-enabled crime, and particularly aims to address the challenges posed by increasing criminal use of the dark web and anonymising technologies.[34] The SLAID Act amended the:

  • Surveillance Devices Act 2004 (Cth) (SD Act) to create two new warrants—data disruption warrants and network activity warrants—which may be issued to law enforcement officers in the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) and
  • Crimes Act 1914 (Cth) to provide the framework for the new account takeover warrant, which may be issued to AFP and ACIC officers, and to provide that in granting or varying authorisation for controlled operations, an authorising officer does not need to be satisfied that illicit online content will be under the control of law enforcement at the end of the operation.

The SLAID Act also made consequential amendments to ten other Acts, including to the IGIS Act to provide the IGIS with oversight over the AFP and ACIC in respect of activities related to network activity warrants. Those provisions commenced on 4 September 2021.

Committee consideration

Parliamentary Joint Committee on Intelligence and Security

The Bill was referred to the PJCIS by the then Attorney-General, Christian Porter, on 10 December 2020.[35] The Attorney-General requested that the PJCIS report by a date that would allow Parliament to consider the Bill before the end of the Autumn 2021 sittings.[36] Submissions to that inquiry have closed; however, the PJCIS had not reported as at the date of this Digest.[37]

Senate Standing Committee for the Scrutiny of Bills

The Bill was considered by Senate Standing Committee for the Scrutiny of Bills (Scrutiny Committee) in Scrutiny Digest 2 of 2021.[38]

The Scrutiny Committee noted that the Bill would reverse the onus of proof[39] of an element of a criminal offence:

Currently, section 41 of the Intelligence Services Act 2001 provides that it is an offence to identify a person as being or having been an agent or staff member of ASIS (who is not the Director-General of ASIS or such other persons as the determined by the Director-General), or to publish information from which such a person's identity could be inferred or could reasonably lead to the identity of such a person being established.

Item 195 of Schedule 1 to the bill seeks to add proposed subsection 41(2) which would provide an exception (offence-specific defence) to this offence if the person identifies the person to an IGIS official, for the purpose of the IGIS official exercising a power or performing a function or duty as an IGIS official. The offence carries a maximum penalty of imprisonment for 10 years.[40]

The Scrutiny Committee noted that the explanatory materials do not address the issue and requested the Minister’s advice ‘as to why it is proposed to use offence-specific defences (which reverse the evidential burden of proof) in this instance’.[41] The Scrutiny Committee also noted that the Bill replaces or amends numerous other offence specific defences in other Commonwealth Acts.[42]

The Scrutiny Committee considered the Attorney-General’s response of 23 February 2021 in Scrutiny Digest 5 of 2021.[43]

The Attorney-General advised that a number of items identified by the Committee made technical updates to existing offence-specific defences and did not change or shift an existing evidential burden from the prosecution to the defendant.[44]

The Attorney-General further advised that other items identified by the Committee (listed in the footnote) would create new offence-specific defences to permit the disclosure of information to an IGIS official who is performing duties, functions or powers as an IGIS official.[45] The Attorney‑General advised that these defences impose an evidential burden on a defendant who wished to rely on the defence; however:[46]

  •  the information required to discharge the evidential burden in relation to these defences would be readily available to the defendant
  •  the prosecution’s ability to independently obtain the necessary information might be limited by secrecy offences under section 34 of the IGIS Act that prevent IGIS officials from disclosing 'any information' obtained in the course of their duties, functions or powers to any person and
  •  where the evidential burden has been discharged, it would then be a matter for the prosecution to disprove beyond reasonable doubt that the relevant defence is satisfied in order to establish the offence.[47]

The response of Attorney-General and subsequent comment of the Scrutiny Committee do not directly address proposed subsection 41(2) of the IS Act (Schedule 1, item 195); however, the comments appear to apply to that item.

The Scrutiny Committee requested that an addendum to the Explanatory Memorandum containing the key information provided by the Attorney-General be tabled in the Parliament as soon as practicable. The Committee made no further comment.[48]

As at 12 October 2021, an amended Explanatory Memorandum had not been tabled.

Policy position of non-government parties/independents

ALP

While the ALP does not appear to have taken a public position on the Bill, its response to the 2017 IIR provides some insight into its possible policy.

In February 2020, Senator McAllister introduced a private member’s Bill, Intelligence and Security Legislation Amendment (Implementing Independent Intelligence Review) Bill 2020, to strengthen the oversight arrangements for Australia’s intelligence and security agencies.[49] The Bill is intended to implement the oversight recommendations made by the Government’s 2017 IIR.[50] The ALP members of the Senate Finance and Public Administration Legislation Committee made their views known in a dissenting report on Senator McAllister’s Bill issued on 9 December 2020.[51]

If we want our agencies to be in the best possible position to face today’s challenges, they must be supported by modern and effective oversight bodies. This is because strong and effective oversight mechanisms do not stand in opposition to our national security arrangements – they are best understood as an essential part of them.

Intelligence oversight bodies have a unique role in democracies. Much of our nation’s intelligence work is necessarily secret – this means that the usual agents of democratic accountability such as civil society, the media and even parliament are less able to fulfil their usual functions.

Dedicated intelligence oversight bodies fill this gap. They are empowered to examine the legality and propriety of intelligence activities, even those that are otherwise necessarily kept secret. In doing so, they help build the culture of trust that is necessary for intelligence agencies to be able to operate effectively in a democracy.

This was recognised by the authors of the 2017 Independent Intelligence Review, who identified oversight as one of the four priority areas for reform in order to ‘further strengthen the state of trust between the intelligence agencies and the Australian community of which they are part’…

Four days before this Committee was due to report, the government released the unclassified version of another review – [the Richardson Review]…

Labor members observe that amendments to this bill in response to the Richardson Review’s findings and recommendations may be appropriate.

Labor members also note the evidence of the IGIS that further amendments may improve the operation of the Bill and better align it with the intentions of the Independent Intelligence Review.[52] 

Independent Senator Rex Patrick

Senator Patrick has been reported as expressing concern that the PJCIS does not have adequate oversight of the NIC, that Dennis Richardson was not sufficiently independent of the national security bureaucracy, and that Richardson’s recommendations did not provide an appropriate standard of democratic accountability.[53]

Senator Patrick indicated that he was unlikely to support expansions of the mandate and power of Australia’s intelligence agencies in the absence of a commitment to ‘real Parliamentary scrutiny and oversight over intelligence operations’.[54]

Position of major interest groups

Inspector General of Intelligence and Security

The Office of the IGIS prefaced its submission by noting that it was the established practice of the IGIS not to comment on the policy underlying the Bill; ‘In particular, IGIS does not offer a view on which agencies should be subject to IGIS oversight’.[55]

The Office of the IGIS noted it had been extensively consulted in the development of the Bill and notes the Bill’s development was influenced by both the 2017 IIR and the Richardson Review.[56] It also worked to ensure that the SLAID Act was consistent with the Bill.[57]

Further Office of the IGIS comments explaining the operation of the Bill are noted below under the heading ‘Key issues and provisions’.

Commonwealth Ombudsman

The Ombudsman welcomed the enhanced complaint transfer arrangements:

My Office has, and will continue to have, oversight of the non-intelligence functions of the ACIC and AUSTRAC under the Ombudsman Act 1976. Additionally, we have a specific inspection and reporting function in relation to the ACIC's legislative compliance when using covert or intrusive powers. It is therefore crucial the IGIS and my Office are able to share information and complaints.

My Office has a close working relationship with the IGIS. The Bill as drafted will support my Office to continue to work cooperatively with the IGIS, and to avoid duplication of oversight activities between our two offices.[58]

The Ombudsman advised the PJCIS inquiry into the Bill that his office was consulted in the development of the Bill and any comments it provided were appropriately addressed.[59]

The Law Council of Australia

In a submission to the PJCIS inquiry,[60] the Law Council supported the main provisions of the Bill including to:

  •  extend IGIS oversight to the ACIC and AUSTRAC
  •  extend PJCIS oversight to the intelligence functions of AUSTRAC and
  •  confer a range of information sharing powers.[61]

The Law Council recommended that four matters be given further consideration:

  •  whether the Bill should follow the 2017 IIR recommendation and extend IGIS oversight to the entire NIC
  •  whether the proposed definition of the intelligence functions of ACIC and AUSTRAC adequately covers the entire intelligence life-cycle from the collection of intelligence through to its retention or destruction
  •  whether other legislation governing the PJCIS and other integrity agencies should also be reviewed and modernised and
  •  the adequacy of the resourcing for IGIS and other Commonwealth integrity bodies.[62]

The Law Council’s views are discussed further below under the heading ‘Key issues and provisions’.

Academic commentary

Dr Kieran Hardy of the Griffith Criminology Institute at Griffith University and Professor George Williams of the Gilbert and Tobin Centre of Public Law at the University of NSW made a joint submission to the PJCIS review of the Bill.[63]

Hardy and Williams affirmed the necessity of robust and specialised oversight of intelligence functions to ensure agencies are acting appropriately and within their respective legislative frameworks.[64] They recommend the Bill be amended to expand IGIS oversight to the full NIC.[65]

Police Federation of Australia

The Police Federation of Australia supports the intent of the Bill to extend the IGIS jurisdiction to the intelligence functions of ACIC and AUSTRAC and to extend PJCIS oversight to the intelligence functions of AUSTRAC. It also considers that the current oversight arrangements for the AFP and Home Affairs are already sufficient.[66]

Financial implications

The Explanatory Memorandum states that the Office of the IGIS has already been allocated the necessary budget to support its expanded oversight responsibilities:

In the 2017–18 Portfolio Additional Estimates, and in the 2018–19 Budget, the IGIS was allocated $52.1 million over five years (2017­–18 to 2021–22) to support its expanded oversight responsibilities. The funding will enable the IGIS to sustain a full‑time staff of around 55. The funding also provided for capital expenses, including IT systems, the secure fit-out costs of new premises and commercial rent for new premises.[67]

The Richardson Review stated:

We note that the 2018-19 Budget allocated additional funds to the IGIS to enable it to sustain a larger full-time staff, following on from the IIR’s recommendations.

To be clear, we think that the IGIS should continue to be resourced to sustain a staff of around 50. The IGIS plays a very important role in the oversight of the AIC, and will add value to the oversight of the ACIC and AUSTRAC. The demands on the IGIS are growing, and its rigorous oversight can only continue to provide assurance if adequately resourced.[68]

The Law Council noted that ‘the IGIS has received additional funding over a four year period (from the 2017-18 Budget) to sustain a full time staff of around 55 persons’.[69] It also noted that the increase in funding of security agencies, and the resulting increase in the scale and pace of their activities will have a flow on effects for oversight of those activities. The Law Council recommended that the IGIS budget be increased as necessary.[70]

In a submission dated February 2021, the IGIS noted that its funding had been increased to meet the oversight recommendations of 2017 IIR and that it had been steadily growing in size and capacity since then.[71] The Bill does not propose to expand IGIS oversight functions as far as the 2017 IIR recommended.

Statement of Compatibility with Human Rights

As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 (Cth), the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act. The Government considers that the Bill is compatible.[72]

Parliamentary Joint Committee on Human Rights

The Parliamentary Joint Committee on Human Rights had no comment on the Bill.[73]

Key issues and provisions

Early consultation with IGIS and Ombudsman occurred

The Richardson Review recommended early consultation with oversight bodies for all amendments to intelligence legislation:

The IGIS and Ombudsman should be consulted as a matter of course in relation to all proposed amendments to intelligence legislation affecting matters within their jurisdiction to ensure that oversight issues can be addressed upfront. This requirement should be included in the Legislation Handbook.[74]

The Ombudsman[75] and IGIS[76] advised the PJCIS inquiry into the Bill that they were extensively consulted and their comments were appropriately addressed in the development of the Bill.

IGIS engaged closely with both portfolio departments throughout the drafting process including, among other things, by seconding an officer to the Department of the Prime Minister and Cabinet during 2017–18 and by providing extensive comments and suggestions on multiple iterations of the Bill.[77]

Independence of IGIS—eligibility for appointment

Item 9 of Schedule 1 inserts proposed subsection 6(3A) into the IGIS Act to provide that the head or deputy head of an agency which is subject to oversight by the IGIS cannot be appointed as Inspector-General immediately following their service in an intelligence agency; they must hold another position before they become eligible.

However, no minimum time period is set between their service as head or deputy head of an agency and eligibility for appointment as Inspector-General.[78] This reflects the comments made by Richardson, who did not wish to preclude a former intelligence or security agency officer from being appointed Inspector-General:

Prior employment in an agency subject to IGIS oversight should not exclude an otherwise ideal candidate from appointment. This may be the case, for example, where an individual demonstrates the requisite qualities, but was employed many years ago or for a short period. Precluding the appointment of persons with any prior employment in an agency overseen by the IGIS would unnecessarily tie the hands of government and may prevent an ideal candidate from being appointed to an important office.[79]

Expansion of IGIS oversight to ACIC and AUSTRAC

The Bill would have given effect to Richardson’s recommendation to expand IGIS jurisdiction to cover the intelligence functions of ACIC and AUSTRAC; however, some of the proposed changes for ACIC were instead made by items 51–70 of Part 2 of Schedule 2 to the SLAID Act and commenced on 4 September 2021.[80] However, the oversight of ACIC implemented by the SLAID Act is limited to functions connected to the newly introduced network activity warrants.[81] This will be expanded by the Bill, as discussed below under ‘Definition of intelligence function’.

The Bill does not propose expansion of IGIS oversight to cover the intelligence functions of Home Affairs.[82]

Definition of intelligence agency

The definition of intelligence agency in subsection 3(1) of the IGIS Act was recently replaced by item 54 of Part 2 of Schedule 2 to the SLAID Act. The definition currently reads:

intelligence agency means:

  1. ASIO, ASIS, AGO, DIO, ASD or ONI; or
  2. the following agencies that have an intelligence function:
    1. the Australian Federal Police;
    2. ACIC.

Item 161 of Schedule 2 of the Bill repeals that definition and substitutes a proposed definition of intelligence agency that includes AUSTRAC.[83]

intelligence agency means:

  1. ASIO, ASIS, AGO, DIO, ASD or ONI; or
  2. the following agencies that have an intelligence function:
    1. ACIC;
    2. the Australian Federal Police;
    3. AUSTRAC.

Note that the oversight remit of IGIS is limited by proposed subsections 8(3A) and 8(3B) to the intelligence functions of ACIC and AUSTRAC.

Definition of intelligence function

The definition of intelligence function in subsection 3(1) of the IGIS Act was recently inserted by item 55 of Part 2 of Schedule 2 to the SLAID Act. That amendment defined the intelligence functions of ACIC and the AFP and now reads:

intelligence function:

  1. for ACIC—means:
    1. the collection, correlation, analysis, production and dissemination of intelligence obtained by ACIC from the execution of a network activity warrant; or
    2. the performance of a function, or the exercise of a power, conferred on a law enforcement officer of ACIC by the network activity warrant provisions of the Surveillance Devices Act 2004; or
  2. for the Australian Federal Police—means:
    1. the collection, correlation, analysis, production and dissemination of intelligence obtained by the Australian Federal Police from the execution of a network activity warrant; or
    2. the performance of a function, or the exercise of a power, conferred on a law enforcement officer of the Australian Federal Police by the network activity warrant provisions of the Surveillance Devices Act 2004.

Item 162 of Schedule 2 repeals that definition and substitutes a proposed definition which expands the scope of the intelligence function for ACIC and incorporates a definition of the intelligence functions of AUSTRAC.

intelligence function:

  1. for ACIC—means:
    1. the collection, correlation, analysis, production and dissemination of intelligence by ACIC for the purpose of performing its functions under section 7A of the Australian Crime Commission Act 2002 (except in relation to Indigenous violence or child abuse within the meaning of that Act), including the performance of a function, or the exercise of a power, conferred on a law enforcement officer of ACIC by the network activity warrant provisions of the Surveillance Devices Act 2004; or
  2. for AUSTRAC—means:
    1. the collection, correlation, analysis, production and dissemination of intelligence by AUSTRAC for the purposes of the AUSTRAC CEO performing the CEO’s financial intelligence functions under the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006; or
    2. a function performed by AUSTRAC, the AUSTRAC CEO or any other official of AUSTRAC referred to in paragraph 209(4)(c) of that Act that is incidental to the CEO’s financial intelligence functions; or
  3. for the Australian Federal Police—means:
    1. the collection, correlation, analysis, production and dissemination of intelligence obtained by the Australian Federal Police from the execution of a network activity warrant under the Surveillance Devices Act 2004; or
    2. the performance of a function, or the exercise of a power, conferred on a law enforcement officer of the Australian Federal Police by the network activity warrant provisions of the Surveillance Devices Act 2004.

The Explanatory Memorandum states that the definition is derived from the definition of ‘agency with an intelligence role or function’ in section 4 of the ONI Act, with modifications to reflect IGIS’s role as an oversight body.[84]

The ONI Act definition limits ‘intelligence role or function’ to ‘national intelligence priorities, requirements or capabilities’. That limitation reflects ONI’s function to lead and coordinate NIC agency activities to achieve those national intelligence priorities, requirements or capabilities. The Explanatory Memorandum argues that IGIS’s oversight should not be limited to intelligence activities linked to particular purposes.[85]

The IGIS noted in its submission to the PJCIS Review:

… unlike the ONI Act, the Bill’s definition of intelligence function is not limited to intelligence ‘that relates, or may relate, to national intelligence priorities, requirements or capabilities’. This reflects the differences in the roles of ONI and IGIS, as it would not be appropriate for IGIS’s oversight to be limited to intelligence activities linked to particular purposes that are not set out in legislation.

Consistent with a recommendation of the Comprehensive Review, the Bill’s definition of intelligence function reflects a functional approach rather than a structural approach to IGIS’s oversight jurisdiction. That is, IGIS’s jurisdiction is defined by reference to ACIC’s and AUSTRAC’s functions, rather than by reference to a particular administrative structure (for example, a specific branch or division of each agency) which could change from time to time. The broad nature of the definition (the term ‘intelligence’ is undefined by the Bill) will ensure that IGIS has ‘flexibility to deliver substantive oversight when and where required, including as agencies’ activities, functions or powers evolve’ and will ensure that IGIS can ‘inquire into agencies’ activities regardless of who undertakes them, and cannot be undermined by administrative changes’.[86] [citations removed]

There is no need for intelligence function to incorporate the intelligence functions of the Department of Defence. The IGIS already oversees those parts of the Department of Defence which have distinct intelligence functions (AGO and DIO). They are distinct agencies and are separately listed.

Unlike the ONI Act definition, the proposed definition of intelligence function does not capture agencies that maintain, develop, or are developing, a capability that materially assists with the collection, correlation, analysis, production or dissemination of intelligence. According to the Explanatory Memorandum:

It is not relevant to the IGIS that an agency simply has or is preparing a capability—it is the exercise of that capability to collect, correlate, analyse, produce or disseminate intelligence that engages the IGIS’s oversight.[87]

Scope of IGIS inquiry functions for ACIC and AUSTRAC

The Government modelled proposed subsection 8(3A):

… on the existing and amended provisions in subsection 8(3) (as amended by item 18 of Schedule 1) that outline the IGIS’s functions in relation to ONI and DIO, but with amendments to reflect that the ACIC and AUSTRAC have functions outside their intelligence functions, and, in the case of the ACIC, a different governance structure.[88]

Item 56 of Schedule 2 of the SLAID Act inserted subsection 8(3A) which set out the inquiry functions of IGIS in relation to ACIC and the AFP. Items 163–165 of Schedule 2 propose amendments to subsection 8(3A) to add AUSTRAC to those provisions.[89]

If the amendments proposed in the Bill are enacted, subsection 8(3A) will provide that IGIS may, in relation to an intelligence function of ACIC, the AFP or AUSTRAC, inquire into:

  •  compliance with Commonwealth, state and territory laws (paragraph 8(3A)(d))
  •  compliance by that agency with directions or guidelines given to that agency by the responsible Minister (paragraph 8(3A)(e))
  •  the propriety of particular activities by the ACIC and AUSTRAC (paragraph 8(3A)(f))
  •  the effectiveness and appropriateness of the procedures relating to the legality or propriety of the activities of the agency (paragraph 8(3A)(g))
  •  a matter referred to the IGIS by the AHRC that relates to an act or practice of the agency which may be inconsistent with a human right, constitute discrimination, or be unlawful under Australian anti-discrimination legislation (paragraph 8(3A)(h))
  •  the ACIC’s compliance with directions, guidelines, policies or decisions made by the board of the ACIC or the Inter-Governmental Committee established under the Australian Crime Commission Act 2002 (ACC Act) (paragraph 8(3A)(i)).[90]

This amendment ensures that the IGIS’s jurisdiction in relation to AUSTRAC’s intelligence functions is analogous to its jurisdiction in relation to the ACIC and AFP’s intelligence functions.[91]

IGIS may commence inquiries into any of the matters in amended subsection 8(3A):

  •  in response to a request by the Attorney-General or relevant Minister (being the Minister responsible for the ACIC, the AFP or AUSTRAC) (paragraph 8(3A)(a))
  •  on IGIS’s own motion (paragraph 8(3A)(b)) or
  •  in response to a complaint made to IGIS by an Australian citizen or permanent resident (within the meaning of the IS Act (proposed paragraph 8(3A)(c)—see item 165 of Schedule 2)).

This is consistent with the way inquiries may be commenced in relation to agencies currently within IGIS’s jurisdiction (noting that there is a slightly different complaints jurisdiction in relation to ASIO). IGIS retains the ability to commence an own-motion inquiry into a matter which was the subject of a complaint from a non-citizen or non-permanent resident.[92]

Definition of permanent resident

The definition of permanent resident in subsection 3(1) of the IGIS Act currently refers to the now redundant term ‘illegal entrant’ under the Migration Act 1958.[93] Item 4 of Schedule 1 repeals that definition.

Items 16 and 18 of Schedule 1 amend subsections 8(2) and 8(3) of the IGIS Act to import the definition of permanent resident used in the IS Act.

Item 28 of Schedule 1 applies a slightly narrower definition of permanent resident to proposed subsection 8A(4), referring only to those permanent residents within the meaning of paragraph (a) of the definition of permanent resident in section 3 of the IS Act.

According to the Explanatory Memorandum:

The intention is also to apply a consistent meaning to a ‘permanent resident’ between ASIS, ASD, AGO, ONI, DIO and the intelligence functions of the ACIC and AUSTRAC in relation to the limitations on the IGIS’s intelligence agency inquiry functions and the Public Interest Disclosure Act 2013 (PID Act) deeming provisions in sections 8 and 8A.[94]

The proposed definitions also clarify that IGIS is able to receive complaints from both natural persons and bodies corporate, except where a natural person is specified.

Definition of responsible Minister

Different parts of Acts may be administered by different Ministers. Item 5 of Schedule 1 amends the definition of responsible Minister in subsection 3(1) of the IGIS Act to make clear that where a part of the Act refers to a specific Minister, then that Minister is the responsible Minister.

Exclusions from IGIS oversight

Exclusion of action taken by ACIC examiner

Subsection 8(3B) of the IGIS Act (which was inserted by item 56 of Schedule 2 to the SLAID Act) specifically excludes IGIS oversight of the actions taken by an ACIC examiner. The Government contends:

This is appropriate, as the IGIS has limited jurisdiction over matters that could be heard in a court or tribunal (sections 9AA and 11(3)-(4) of the IGIS Act). The conduct of ACIC examiners may be reviewed by the Ombudsman, the Law Enforcement Integrity Commissioner, and ultimately, a court of law. As such, it is not necessary for the IGIS to oversee these aspects of the ACIC’s activities.[95]

Exclusion of ACIC intelligence activity related to Indigenous violence or child abuse[96]

ACIC has intelligence functions related to serious violence or child abuse committed against an Indigenous person.[97] Paragraph (a) of the proposed definition of intelligence function at item 162 of Schedule 2 to the Bill excludes activity related to Indigenous violence or child abuse from IGIS oversight on the basis that IGIS is not the appropriate body to conduct oversight of those specific activities:

Oversight of these matters would require specialist subject-matter expertise, including cultural competencies that the IGIS could not be expected to possess, or to obtain readily. These functions are overseen by the Office of the Commonwealth Ombudsman (the Ombudsman).[98]

Exclusion of AUSTRAC’s regulatory activities

The Government’s intention, as set out in the Explanatory Memorandum,[99] is for intelligence function to cover AUSTRAC’s actions only in supporting the CEO to perform their functions under section 212 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), to the extent that they involve intelligence.

The Government does not intend the definition to cover the agency’s actions in supporting the CEO to perform their regulatory functions.[100]

The reference to “functions incidental” in the definition of intelligence function in relation to AUSTRAC is not intended to include AUSTRAC’s regulatory functions, such as the supervision of regulated businesses’ compliance with the AML/CTF Act.[101]

Employee grievances and employment-related complaints

Unlike IGIS jurisdiction over ASIO, ASIS, AGO and ASD,[102] the Bill does not provide IGIS with a function to inquire into ACIC’s or AUSTRAC’s procedures relating to the redress of employee grievances. IGIS noted this function was excluded to avoid:

the potential for arbitrary differences in grievance redress mechanisms available to staff of those agencies, depending on whether they were performing ‘intelligence’ or ‘non-intelligence’ functions.[103]

Currently, subsection 8(5) of the IGIS Act (as amended by items 57 and 58 of Schedule 2 to the SLAID Act) excludes complaints from employees of the AGO, DIO, ONI, ACIC and the AFP that are directly employment-related matters. Item 167 of Schedule 2 to the Bill will amend subsection 8(5) so that this exclusion will also cover AUSTRAC employees.  [104]

Expansion of IGIS capacity to investigate certain complaints re DIO and ONI

Item 18 of Schedule 1 repeals paragraphs 8(3)(a) and 8(3)(b) of the IGIS Act and substitutes expanded provisions. The overall intent is to make the provisions for DIO and ONI consistent with the approach to ASIO, ASIS, AGO and ASD in existing subsections 8(1) and 8(2).

The amendments do not reduce the power of IGIS; they reproduce existing powers and expand the power of IGIS to investigate certain complaints.

The Inspector-General can currently only commence inquiries into DIO or ONI at the request of the Attorney-General, the responsible Minister or on the Inspector-General’s own motion. Proposed subparagraph 8(3)(a) will also enable the Inspector-General to inquire into a complaint made by an Australian citizen or permanent resident (within the meaning of the IS Act) about a matter that relates to:

  •  the compliance by that agency with the laws of the Commonwealth and of the states and territories
  • the compliance by that agency with directions or guidelines given to that agency by the responsible Minister or
  • the propriety of particular activities of that agency.

Proposed subparagraph 8(3)(aa) is in similar terms to existing subparagraph 8(3)(a)(iii) and retains the IGIS’s ability to inquire into any matter that relates to the effectiveness and appropriateness of the procedures of that agency relating to the legality or propriety of the activities of that agency, at the request of the Attorney-General, the responsible Minister or on the Inspector-General’s own motion.[105]

Proposed subparagraph 8(3)(b) will enable the Inspector-General to inquire into a complaint made by an Australian citizen or permanent resident about an act or practice of DIO or ONI:

where that matter is referred to the Inspector-General by the AHRC. This is consistent with the approach taken with ASIO in subsection 8(1)(a)(v) and ASIS, AGO and ASD in subparagraph 8(2)(a)(iv).[106]

Inquiry into employment practices and employment-related complaints

The provisions for ONI staff to make employment related complaints will be amended to provide equal treatment between ONI staff and staff from other intelligence agencies who may bring complaints to the IGIS.[107]

Proposed subparagraph 8(3)(ba) permits IGIS inquiries into matters relating to the overarching procedures of agencies to respond to employment grievances. It is in similar terms to existing subparagraph 8(3)(b)(ii).[108]

Subsection 8(5) of the IGIS Act, as amended by item 167 of Schedule 2, excludes IGIS jurisdiction to inquire into complaints regarding promotion, termination, discipline, remuneration or any other matter relating to intelligence agencies’ employment of individuals in relation to AGO, DIO, ACIC, the AFP or AUSTRAC, or by an ONI employee who is employed under the Public Service Act 1999.

However, subsections 8(6)–(7) of the IGIS Act, as amended by items 21–23 of Schedule 1, will permit the IGIS to inquire into certain complaints directly related to promotion, termination of appointment, discipline or remuneration or another employment matter made by an ASIO employee, an ASIS employee, an ONI Act employee or an ASD employee; but only if that matter cannot be reviewed by another appropriate body.

Complaints by ONI employees about security clearances

Proposed paragraph 8(3)(bb) will permit the IGIS to inquire into a complaint by an ONI employee about a decision relating to ‘security clearances (of the highest level)’:

The phrase “security clearances (of the highest level)” is intended capture the Top Secret (Positive Vetting) clearance, as it [is] known at the time of the Bill’s introduction, as well as any clearance of equivalent level (regardless of what that clearance is called, from time to time).

This provision is necessary as the majority of ONI employees are required to maintain a Top Secret (Positive Vetting) security clearance as a part of their employment, and the loss of that clearance generally results in the termination of that employee’s employment. ONI employees differ from employees in other intelligence agencies in that it is not possible in most cases to redeploy an ONI employee to another role where a lower clearance would suffice. This is different from, for example, an employee in a defence intelligence agency (DIO or AGO), where a person may be able to be employed in another role in the Department of Defence that does not require a high level security clearance if they are not able to obtain the requisite clearances.

This provision would ensure that, where an ONI employee’s security clearance is processed by an agency that does not have an appeals process to contest decisions, there would be an opportunity for an employee to request a review. This would ensure that an individual would not face the consequences of a loss of a Top Secret (Positive Vetting) clearance without having access to a review process. The IGIS’s jurisdiction in relation to security clearance complaints applies to all ONI staff, whether employed under the Public Service Act or under the ONI Act.[109]

Changes to procedures and eligibility to make complaints

Circumstances when inquiry or further inquiry by IGIS is not required

Item 68 of Schedule 2 of the SLAID Act inserted subsection 11(4A) which permits the IGIS to decide not to inquire into, or to inquire further into, a complaint if:

  •  the complaint has been made or could have been made to another relevant integrity body and
  •  that complaint could be more effectively or conveniently dealt with by that integrity body.

Definition of integrity body and Integrity Commissioner

Item 53 of Schedule 2 of the SLAID Act inserted definitions of integrity body and Integrity Commissioner in subsection 3(1) of the IGIS Act:

integrity body:

  1. means any of the following:
    1. the Ombudsman;
    2. the Australian Human Rights Commission;
    3. the Information Commissioner;
    4. the Integrity Commissioner;
    5. the Inspector‑General ADF; and
  2. for a complaint—has the meaning given by paragraph 11(4A)(a).

Integrity Commissioner has the meaning given by section 5 of the Law Enforcement Integrity Commissioner Act 2006.

Repeal of requirement that IGIS seek Ministerial approval to inquire into matters occurring outside Australia

Paragraph 9AA(a) of the IGIS Act is a statutory limit on the IGIS’s functions which prohibits the IGIS from inquiring into a matter relating to a Commonwealth agency that occurred outside Australia unless approval is given by a responsible Minister, the Attorney-General or the Prime Minister. Item 29 of Schedule 1 repeals paragraph 9AA(a) of the IGIS Act.

The Government’s view is that repeal is necessary and the IGIS should be able to oversee these matters as a matter of course:

The repeal of paragraph 9AA(a) is intended to reflect the reality that the contemporary movement of Australians abroad, and the large number of Australian laws with extraterritorial application, means that the activities of agencies that are undertaken wholly outside Australia are far more likely to have an impact on Australian persons (including members of the agencies themselves) and be subject to Australian laws than was the case at the commencement and over the first 10 years of operation of the IGIS Act. It is appropriate that these activities are subject to IGIS oversight, and that the IGIS should be able to oversee these matters as a matter of course, rather than having to seek permission.[110]

Repeal of precondition that a complainant be affected by the alleged violation of the law

The policy position adopted in the original IGIS Act was that the IGIS’s jurisdiction should be limited to reviewing, and providing assurance to Ministers about, the legality and propriety of actions undertaken in Australia, or affecting Australian citizens by ASIS, AGO and ASD; rather than performing a broader check on all aspects of these agencies operations.[111] Item 19 of Schedule 1 repeals subsection 8(4) of the IGIS Act which established that Australian nexus.

Current Government policy recognises the value of the role of the IGIS in reviewing all aspects of AIC agencies’ activities, without reference to distinctions or limitations of that kind.[112]

By repealing subsection 8(4) it is intended that the exercise of the IGIS’s functions under paragraph 8(2)(a) no longer require that nexus.

Despite this amendment, the IGIS would only be able to consider complaints about these matters where they were made by Australian citizens or permanent residents (as provided by section 8 of the IGIS Act). However, the IGIS would still be able to commence own-motion inquiries (or inquiries in response to a request from the Attorney-General or responsible Minister) into matters without an Australian nexus, thus ensuring that there is not a gap in oversight.[113]

Update of IGIS public interest disclosure functions

Items 27 and 28 of Schedule 1 amend section 8A of the IGIS Act, which outlines the IGIS’s public interest disclosure functions under the Public Interest Disclosure Act 2013 (PID Act). Where the IGIS receives information under the PID scheme, and some or all of the disclosed conduct occurred in an intelligence agency, the PID is to be treated in the same manner as a section 8 complaint about the propriety of particular activities of the intelligence agency.[114]

However, under existing subsection 8A(4), the discloser would not receive protection equivalent to an IGIS complainant if:

  •  the conduct related to ASIS, AGO or ASD, and the discloser is not an Australian citizen or permanent resident or
  •  the conduct related to DIO or ONI.

The Bill would update the IGIS’s PID functions to align with the proposed expansion of section 8 oversight. Item 28 of Schedule 1 repeals subsection 8A(4) and substitutes proposed subsection 8A(4) to instead provide that the discloser would not receive protection equivalent to an IGIS complainant if:

  •  the relevant intelligence agency is ASIS, ASD, AGO, DIO, ONI, ACIC, the AFP[115] or AUSTRAC, and
  •  the person who makes the disclosure is not a natural person who is an Australian citizen or permanent resident (within the meaning of the IS Act).[116]

Under the proposed provisions:

  •  PIDs relating to DIO and ONI are no longer automatically excluded
  •  amended subsection 8A(4) would extend to all the agencies subject to IGIS oversight (excluding ASIO, which is not included in this subsection because the IGIS’s complaint function in relation to ASIO is not limited to Australian citizens or permanent residents) and
  •  the definition of permanent resident is now taken from section 3 of the IS Act.[117]

Consequential amendments re disclosure of protected information to IGIS officials

Part 2 of Schedule 1 proposes to amend 17 different Acts to ensure that individuals cannot be prosecuted for disclosing protected information to an IGIS official for the purpose of the IGIS official performing their powers, functions or duties as an IGIS official.[118]

These consequential amendments are also intended to ensure that security of information provided to, or obtained by, the IGIS is maintained and that the IGIS should not provide a back channel for agencies to obtain information that they would not otherwise be entitled to access.[119]

The Scrutiny Committee noted the Bill replaces or amends numerous offence specific defences in the IS Act, AML/CTF Act, ASIO Act, Australian Human Rights Commission Act 1986, and Taxation Administration Act 1953. See Schedule 1: items 150, 152, 165-167, 185-193, 203 and Schedule 2: items 28, 32 and 52.[120]

Requirement to notify complainant

Section 12 of the IGIS Act requires the IGIS to notify a complainant in writing where the IGIS makes a decision not to inquire into, or inquire further into, a complaint in relation to an intelligence agency.

Item 40 of Schedule 1 repeals and replaces section 12 to require the IGIS to take reasonable steps to notify the person in writing of the decision. The amended requirement ‘reflects that it is not possible to notify a complainant in all circumstances, for example, where contact details are incorrect or outdated’.[121]

Clarification of IGIS inspection and information gathering powers

Subsection 9A(1) of the IGIS Act confers functions on the Inspector-General to conduct inspections of the agencies.

IGIS regularly conducts inspections to determine if each agency is acting in accordance with its statutory functions, and is complying with any guidance provided by the responsible Minister and with its own internal policies and procedures. Inspections enable IGIS to monitor the activities of agencies and to identify concerns before they develop into systemic problems that could require major remedial action. Agencies within IGIS’s existing jurisdiction provide IGIS staff with a high level of assistance and cooperation in support of inspections.[122]

Item 65 of Schedule 2 to the SLAID Act inserted subsection 9A(2), which provides that for the purpose of conducting an inspection of the ACIC or AFP, the IGIS has power to enter premises and inspect records, and imposes an obligation on the heads of those agencies to provide reasonable facilities and assistance. The Revised Explanatory Memorandum to the Bill for the SLAID Act explained why subsection 9A(2) was needed:

As the ACIC and the AFP are not presently subject to oversight by the IGIS, and as a result have no existing relationship or arrangements with the IGIS, these amendments are required to make clear what the IGIS is entitled to during inspections of the ACIC and the AFP as part of their oversight of network activity warrants.[123]

Item 171 of Schedule 2 repeals and replaces it with proposed subsection 9A(2) so that it will apply to all intelligence agencies subject to IGIS oversight.[124] The Office of the IGIS argues that this is appropriate ‘given the importance of the inspection function to the level of assurance that the Inspector-General is tasked to provide about the legality and propriety of agencies’ actions’.[125]

Proposed subsection 9A(2) provides that for the purposes of conducting an inspection of any of the intelligence agencies, the Inspector-General and staff of the Office of the IGIS:

  •  may, at all reasonable times, enter and remain in any premises (including any land or place)[126]
  •  are entitled to all reasonable facilities and assistance that the agency head is capable of providing
  •  are entitled to full and free access at all reasonable times to any information, documents or other property of the agency and
  •  may examine, make copies of or take extracts from any information or documents.

Information sharing by integrity bodies and avoiding duplication of oversight

Provisions relating to the IGIS’s relationships with other oversight bodies are co-located and updated in the Bill to reflect the increased scope of the IGIS oversight powers. Current Part IIIA of the IGIS Act was inserted by item 71 of Schedule 2 to the SLAID Act, to ensure that the IGIS could share information with, and transfer complaints to and from, other integrity bodies with co-responsibility for oversight of the ACIC and AFP, which were brought under the IGIS’s jurisdiction by that Act.[127]

This will be replaced by proposed Part IIIA, inserted into the IGIS Act by item 176 of Schedule 2, which is intended to provide mechanisms to:

  •  manage the duplication of oversight between the IGIS and other integrity bodies and
  •  facilitate information-sharing and complaints transfer between the Office of the IGIS and other integrity bodies.[128]

Avoiding duplication of oversight

Proposed Division 1 of Part IIIA relates to avoiding duplication of oversight by integrity bodies. Section 16 of the IGIS Act requires the IGIS to consider the Auditor-General and the Ombudsman’s functions before commencing an inquiry. Item 46 of Schedule 1 repeals section 16 which will no longer be necessary because proposed section 32AB recreates and extends the existing requirements.

Proposed section 32AB:

  •  requires the IGIS to have regard to the functions of other integrity bodies and the Auditor‑General to avoid duplication in oversight and
  •  allows the IGIS to consult integrity bodies or the Auditor-General in relation to a matter.[129]

Proposed section 32AB is not intended to require the IGIS to undertake formal consultation with each body before commencing any activity:

For example, in determining its overall priorities and annual inspection plans, the IGIS ought to consider other integrity bodies and their remits. By contrast, the IGIS is not required to consider the functions of each integrity body before commencing a discrete preliminary inquiry (under section 14 of the IGIS Act). This is because, in many cases, some activity by the IGIS is required to determine whether they are authorised to, and should, inquire into an action. As such, it will often not be possible to determine whether or not a matter falls within the functions of another integrity body until after a preliminary inquiry has been undertaken, and requiring consultation ahead of every instance would be administratively burdensome.[130]

Facilitating information sharing by other integrity bodies

Proposed Division 2 of Part IIIA facilitates information sharing by integrity bodies by:

  •  providing certain protections to people who voluntarily provide, or make available, information or documents to the Office of the IGIS for the purposes of the IGIS performing its functions (proposed section 32AC).[131] Those protections are:
    • immunity from prosecution under Commonwealth law for providing the information or documents
    • a use immunity to prevent documents and information being used in evidence in proceedings against the person providing them
    • legal professional privilege may be asserted even where documents are provided voluntarily
  • subject to certain exceptions for providing false or misleading information, obstruction or the commission of specified offences
  •  consolidating and expanding the protection of Commonwealth documents or information with security classifications, formerly contained in section 20 (proposed section 32AD)[132] and
  •  providing an exception to the prohibition on secondary use of personal information in Australian Privacy Principle 2.6 for AUSTRAC (proposed section 32AE).[133]

Facilitating transfer of complaints

Proposed Division 3 of Part IIIA establishes arrangements for the IGIS to transfer complaints and information to other integrity bodies, as well as to receive complaints transferred to it. The IGIS and other integrity bodies have some concurrent jurisdiction in oversight over the ACIC and AUSTRAC.[134]

Proposed section 32AF will allow the IGIS to share information or documents with other integrity bodies.

It is intended that the provision would reduce the potential for duplication of individual oversight activities by integrity bodies through the sharing of information and cooperation. For example, if the IGIS were to share information with another integrity body it may enable that integrity body to satisfy itself that there are no further issues arising in respect of its specific statutory functions that would require it to undertake separate oversight activity in relation to that matter. For example, in relation to AUSTRAC where both the IGIS and Ombudsman could have jurisdiction over a matter, allowing the IGIS to share contextual information with the Ombudsman could assist that body to determine that the IGIS is the appropriate oversight agency. Sharing information to avoid duplication reduces administrative burdens on both overseen agencies and integrity bodies.

The provision would also support cooperation and coordination across integrity bodies, by allowing the IGIS to share information about its investigative processes and methodologies, as well as trends the IGIS has identified through its oversight.[135]

Note that section 34 of the IGIS Act provides that the IGIS may only disclose information in the performance of legislated functions, powers or duties. Improper disclosure of information by an IGIS official is a criminal offence, punishable by two years’ imprisonment, a fine of 50 penalty units ($11,100), or both.[136]

Proposed section 32AG will facilitate the Office of the IGIS transferring all, or part, of a complaint to another integrity body where the IGIS decides not to investigate a complaint on the basis that it could be more effectively or conveniently dealt with by another integrity body (see subsection 11(4A)).[137]

Currently, the IGIS does not have any capacity to transfer complaints to other integrity bodies. This creates additional administration for both integrity bodies and complainants where complaints must be re-made to the appropriate integrity body. The complaints transfer scheme is intended to assist complainants, by removing the need for them to re‑submit their complaints to [an]other integrity body. Complaints-transfer provisions are common within the legislation of integrity bodies (including the AHRC Act, Privacy Act, Ombudsman Act and Defence Act), and support cooperation between integrity bodies.[138]

Proposed section 32AH will facilitate the transfer of a complaint from another integrity body to the IGIS by deeming the complaint to have been made to the IGIS under the IGIS Act.

This will ensure that the complainant does not need to re‑submit the original complaint to the IGIS, and that the IGIS has a legal basis to handle transferred complaints. It also ensures that the complainant is protected under the IGIS Act for any disclosure of information.[139]

The Office of the IGIS noted in its submission to the PJCIS that the decision of whether or not to transfer a complaint to another integrity body remains at the discretion of IGIS.[140]

IS Act Amendments—Limited expansion of the jurisdiction of PJCIS

Items 134-149 of Schedule 1 amend the IS Act to expand PJCIS oversight to AUSTRAC.

Proposed definition of intelligence function for AUSTRAC

Item 136 of Schedule 1 inserts a proposed definition of intelligence function in section 3 of the IS Act:

intelligence function means the collection, correlation, analysis, production and dissemination of intelligence by AUSTRAC for the purpose of performing its functions.

The oversight jurisdiction of AUSTRAC proposed for the PJCIS is broader than that proposed for the IGIS (discussed above):

… the PJCIS’s function is not focused on specific operations, and in fact, the PJCIS is explicitly prevented from considering operational information or methods by the amendments to section 29(3) (inserted by items 138-140 of Schedule 1). The PJCIS are also prevented from considering any non-intelligence functions performed by AUSTRAC (item 141 of Schedule 1).[141]

Proposed functions of PJCIS in relation to AUSTRAC

The functions of the PJCIS in overseeing the AIC are specified in subsection 29(1) of the IS Act.

Item 137 of Schedule 1 inserts proposed paragraphs 29(1)(bad), (bae) and (baf) creating functions for the PJCIS in relation to AUSTRAC. The Government intends that the PJCIS’s oversight for AUSTRAC is similar to the PJCLE’s oversight in relation to the AFP and ACIC[142] and to the PJCIS oversight of the AFP in relation to its functions under Part 5.3 (Terrorism) of the Criminal Code.[143]

  • Proposed paragraph 29(1)(bad) permits the PJCIS to monitor and review the performance of AUSTRAC’s intelligence functions
  • Proposed paragraph 29(1)(bae) permits the PJCIS to report to both Houses of the Parliament, as the PJCIS sees fit, on any matter that relates to AUSTRAC’s intelligence functions. This is consistent with the PJCIS’s reporting powers in relation to the AFP, contained in paragraph 29(1)(bab)[144]
  • Proposed paragraph 29(1)(baf) permits the PJCIS to inquire into the performance of AUSTRAC’s intelligence functions, under paragraphs 29(1)(bad) or 29(1)(bae), where either House of the Parliament have referred a question to the PJCIS. If the PJCIS inquires into such a matter, the PJCIS may report to the referring House of Parliament. This mirrors the PJCIS’s oversight of the AFP under paragraph 29(1)(bac).[145]

Express limitations on functions of PJCIS

Subsection 29(3) of the IS Act provides express limitations on the functions of the PJCIS. Items 138-140 of Schedule 1 will extend those existing limitations to AUSTRAC:

Item 138 would amend paragraph 29(3)(g) to preclude the PJCIS from conducting inquiries into individual complaints about the activities of AUSTRAC, consistent with current PJCIS oversight of agencies within its remit.

Item 139 would amend paragraph 29(3)(j) to preclude the PJCIS from reviewing sensitive operational information or operational methods available to AUSTRAC (including AUSTRAC information), consistent with current PJCIS oversight of agencies within its remit, particularly the treatment of operational information by the AFP.

Item 140 would amend paragraph 29(3)(k) to preclude the PJCIS from reviewing particular operations or investigations that have been, are being or are proposed to be undertaken by AUSTRAC, consistent with current PJCIS oversight of agencies within its remit, particularly the treatment of operations and investigations by the AFP.[146]

Stakeholder comments to Richardson Review on PJCIS oversight

Chapter 42 of the Richardson Review discusses in detail the oversight of the NIC by Parliamentary committees and compares oversight regimes in other countries.

Richardson summarised a number of comments from stakeholders, including:

Dr Anthony Bergin and Kate Grayson submitted that the PJCIS should be permitted to ‘generate their own-motion inquiries including into operations as long as they are deemed not to be injurious to national security by the Prime Minister or the appropriate Minister’. The Human Rights Law Centre submitted that the PJCIS’ ‘scope of review should be broadened to operational matters, either generally or to allow it to receive, review and assess reports from the Inspector-General of Intelligence and Security’.

Professor George Williams AO and Dr Keiran Hardy recommended that ‘the powers of the PJCIS be expanded to allow for parliamentary oversight of [Australian Intelligence Community] policy and operations’. Australian Lawyers for Human Rights also supported ‘the expansion of powers of the PJCIS to initiate its own reviews into operational matters’.

The Hon Michael Kirby AC CMG and Bret Walker SC submitted: As to the subject matter of the Committee’s remit, we think there is merit in expressing it in such general terms, so comprehensive of unknown future possibilities, that no-one will be able to say that these agencies have some field of operations that is immune from Parliamentary scrutiny.

Senator Rex Patrick submitted that PJCIS scrutiny should extend to ‘the full range of intelligence and national security agency activities.’ Senator Patrick’s submission enclosed a copy of the Intelligence Services Amendment (Enhanced Parliamentary Oversight of Intelligence Agencies) Bill 2018, a Bill sponsored by Senator Patrick and before the Senate as at December 2019…

AGD submitted that ‘any consideration given to expanding the mandate of the PJCIS or another Parliamentary Committee should support primary oversight of operational matters remaining with bodies such as the IGIS and Ombudsman.…

The IGIS submitted that whether the PJCIS should have direct operational oversight or otherwise expanded oversight are ‘principally policy matters’ but observed that although it is implicit in recommendation 23(a)[147] that the IGIS would not be obliged to conduct the requested inquiry, this should be made explicit in any reform. The IGIS submitted that proposals allowing for anyone other than the Prime Minister to require the IGIS to inquire into a matter would be a significant compromise to the IGIS’ independence, which ‘is critical to the capacity of the Office to perform its functions and satisfy the objects of the IGIS Act.’

The IGIS also noted the distinct and complementary roles of executive and parliamentary oversight and submitted that if recommendation 23(a) was adopted, ‘consideration could be given to the right of the Committee to receive any report produced as a result of its request.’ The IGIS submitted that to the extent that its inspection and inquiry reports relate to agencies’ administration and expenditure, there may be merit in the IGIS having an explicit discretion to provide these reports—or a summary of these reports—to the PJCIS (with operational information redacted). An alternative approach might be for the legislation to provide the minister with an explicit discretion to give a copy of the report to the PJCIS.[148]

The Law Council of Australia also supported increased oversight responsibilities for the PJCIS.[149] However, Richardson commented that Parliament’s oversight of intelligence agencies through the PJCIS must be considered in the broader context of other oversight arrangements in Australia, particularly IGIS’s role.[150]

The 2017 IIR pointed to the ‘combination of government, parliamentary and independent oversight of intelligence agencies’ that was created in the aftermath of the Hope Royal Commissions and said that these oversight arrangements, which still exist today, ‘represent a carefully constructed architecture’.

Changes to this architecture must be carefully considered so as not to upset the balance or create unnecessary and unproductive duplication. The 2017 IIR concluded that ‘it is appropriate and effective for the primary oversight of the legality and propriety of operations conducted by intelligence agencies to be carried out by the IGIS Office’. The 2017 IIR found that PJCIS oversight of operations would duplicate existing reporting and resourcing requirements and could lead to simultaneous inquiries on the same issue.[151]

The Richardson Review concluded that operational oversight is currently effectively provided by IGIS and agreed with the 2017 IIR’s view that ‘there is significant practical benefit in having the required expertise located in a single body, backed by appropriate powers and independence.’[152]

Richardson therefore recommended against any expansion of the functions of the PJCIS to include direct oversight of operational activities, whether past or current.[153]

Appendix A: Richardson Review recommendations relevant to intelligence oversight and Government response

Recommendation 15: DIO’s mandate should be made publicly available.

Agreed.[154]

Recommendation 16: The intelligence functions of Home Affairs should not be specified in legislation.

Agreed.[155]

Recommendation 59: The IS Act appropriately provides for ministerial oversight and visibility of activities to achieve a direct effect undertaken directly by ASIS and ASD.

Agreed.[156]

Recommendation 138: The collection, retention and use of reference information by AUSTRAC, Home Affairs and the AFP should continue to be regulated by the Privacy Act and specific statutory frameworks.

Agreed.[157]

Recommendation 167: ASIS, AGO, ASD, ONI and DIO should be excluded from the Commonwealth Ombudsman’s jurisdiction.

Agreed. The Ombudsman currently does not exercise its jurisdiction over these agencies by convention. This recommendation is merely intended to formalise this position. This recommendation does not alter the jurisdiction of the Defence Force Ombudsman, a role the Commonwealth Ombudsman carries out over the employment and other administrative complaints of ADF members, including ADF members working for intelligence agencies.[158]

Recommendation 168: The IGIS should not have oversight of the Department of Home Affairs or the AFP as recommended in the 2017 IIR.

Agreed. The Government agrees that the IGIS should not have oversight of the intelligence functions of the Department of Home Affairs or the AFP. The intelligence functions of the Department of Home Affairs and the AFP are subject to existing and effective oversight mechanisms given the scope and nature of these functions. Neither the Review, nor the 2017 IIR, identified a gap in the existing oversight of the Department of Home Affairs or the AFP that justified including these bodies in the jurisdiction of the IGIS.

Consistent with Recommendation 21 of the 2017 IIR, the Government will extend the jurisdiction of the IGIS to include the intelligence functions of the ACIC and AUSTRAC. The Review noted that while the ACIC and AUSTRAC are already ‘the subject of a range of oversight mechanisms, the specialised intelligence oversight of the IGIS would more readily add value and assurance’ in respect of the intelligence functions of the ACIC and AUSTRAC.[159]

Recommendation 169: Legislation establishing oversight responsibilities for the NIC should take a functional approach. Oversight should follow intelligence function, regardless of the structures used to support performance of the function.

Agreed.[160]

Recommendation 171: The Attorney-General should issue publicly available guidelines for embedding oversight into NIC legislation. The guidelines should include the following principles:

171.a Legislation should clearly state oversight bodies’ jurisdiction.

171.b Any duplication in oversight jurisdiction should be minimised where possible, while recognising that the elimination of all overlap would also give rise to unintended gaps.

171.c Laws and guidelines governing NIC agencies should be clear, precise and unambiguous in their terms and in their interaction with each other.

171.d Legislation should allow oversight bodies to exercise discretion in managing their oversight functions and responsibilities.

171.e NIC oversight legislation should avoid overly prescriptive and detailed inspection or reporting requirements.

171.f Oversight bodies should be able to access all relevant information from intelligence agencies and appropriately share information between themselves.

171.g Careful consideration should be given to dissemination of reports by an oversight body.

171.h NIC agencies should be required to actively provide information to an oversight body about the use of extraordinary powers.

171.i Legislation (or guidelines, as appropriate) should be clear about record-keeping obligations and facilitate meaningful oversight.

171.j Oversight bodies should have a role in supporting the continuous improvement of agencies’ legislative compliance by sharing their expertise on compliance best practice, and regularly reviewing agencies’ guidance materials.

Agreed.[161]

Recommendation 172: The Inspector-General of Intelligence and Security Act should be amended to preclude the appointment to the Office of the IGIS of a person whose immediate prior role was as head or deputy head of an agency within the IGIS’ oversight remit.

Agreed. The IGIS has a unique role as the primary body with responsibility for intelligence oversight. Accordingly, this additional safeguard on IGIS's independence (and perceived independence) is appropriate.[162]

Recommendation 173: An independent panel should be established to provide technical expertise and assistance to the IGIS.

Agreed.[163]

Recommendation 174: The Inspector-General of Intelligence and Security Act should be amended to give the IGIS an inquiry function for employment-related grievances of staff employed under the Office of National Intelligence Act.

Agreed.[164]

Recommendation 175: Agencies should seek legal advice through in-house counsel or the Australian Government Solicitor, in a manner consistent with the Legal Services Directions.

Agreed. Although important, consultation with the IGIS is not a substitute for such legal advice. The IGIS’ statutory functions include overseeing the compliance of the intelligence agencies with the law, and the propriety of their activities. The role of the IGIS can rightly include early engagement with agencies, particularly where there are novel issues or agencies are using a power for the first time. It is also vital that agencies continue to proactively report on potential issues to the IGIS.[165]

Recommendation 176: The Australian Government Solicitor should centrally and electronically store all classified legal advices provided to National Intelligence Community agencies.

Agreed.[166]

Recommendation 177: The Independent National Security Legislation Monitor Act should be amended to provide that the INSLM may prepare and give to the Attorney-General a report on any matter relating to the performance of the INSLM’s functions at any time. The Attorney-General should be required to table an (unclassified) copy of the report in each House of the Parliament within a reasonable time of receiving the report.

Agreed.[167]

Recommendation 178: As a matter of good practice, the Government should provide a publicly available response to the INSLM’s recommendations within 12 months of the INSLM’s report being tabled in Parliament.

Agreed. The Government notes that where the recommendations of INSLM reports raise complex legal and policy questions, it may take more than 12 months for the Government to formally respond to those reports. The Government will continue to endeavour to advise Parliament as soon as practicable of its responses to future INSLM recommendations.[168]

Recommendation 179: The Independent Reviewer of Adverse Security Assessments should continue as a standing arrangement.

Agreed.[169]

Recommendation 180: The remit of the Parliamentary Joint Committee on Intelligence and Security should not be expanded to include direct oversight of operational activities, whether past or current.

Agreed.[170]

Recommendation 181:

181.a The IIR recommendation to enable the PJCIS to request the IGIS to conduct an inquiry into the legality and propriety of particular operational activities, and report to the PJCIS, Prime Minister and responsible minister, should be implemented.

181.b Changes to enable the PJCIS to make such a request should make it clear that the PJCIS can only request, not oblige, the IGIS to conduct an inquiry.

181.c The amendments should also maintain the current restriction that prevents the PJCIS from requiring a person or body to disclose operationally sensitive information or information that would or might prejudice Australia’s national security or the conduct of Australia’s foreign relations.

Disagreed. Even if the IGIS is not obliged to conduct an inquiry, the remit of the PJCIS should not be expanded to include oversight of agencies’ operational activities by requesting the IGIS to inquire into and report on particular operations.

It remains appropriate for ministers to primarily oversee operations and be accountable to Parliament. The Government considers that the IGIS has extensive powers to oversee and inquire into the legality and propriety of NIC operations. The IGIS already publishes unclassified versions of reports and appears before the PJCIS on non-operational matters.

The PJCIS may also request the IGIS to brief the Committee, although the Committee cannot require the IGIS to disclose operationally sensitive information, under the IS Act. These existing arrangements appropriately balance accountability with the need to protect sensitive operations and capabilities, and further oversight by the PJCIS is not necessary.[171]

Recommendation 182: Existing restrictions that apply to information disclosure by the PJCIS should continue to apply in respect of the Inspector-General of Intelligence and Security’s reports or briefings to the PJCIS on its inquiries.

Agreed.[172]

Appendix B: All Richardson Review recommendations marked up by policy subject area

The table below analyses the Richardson Review recommendations by policy subject area. An attempt has been made to highlight the areas potentially of interest to major interest groups; however, the policy subject areas inevitably overlap, and the attribution is not precise.

Legend

# Broad recommendations
* NIC oversight
^ Issue of warrants and use of powers
Recommendations re the IS Act
π Recommendations re a new electronic surveillance Act and use of AI
¤ Immunities
» Freedom of information, privacy and archives
Ʃ Secrecy offences and public interest disclosures
Vol. No. Recommendation
1 (166) 1 # NIC agencies should ensure that their induction and ongoing training addresses the history, background and principles that underpin their legal frameworks and of the balance in legislation sought by government and the Parliament.
1 (194) 2 ^ The sequencing of steps required in the IS Act’s ministerial authorisation process should be adjusted to enable the responsible minister to authorise an IS Act agency to produce intelligence on an Australian person and then seek the Attorney-General’s agreement to that authorisation. The authorisation would not take effect until the Attorney-General has given agreement.
1 (199) 3 # The legislation governing the activities of ASIO, ASIS, ASD and AGO should continue to distinguish between foreign intelligence and security intelligence.
1 (223) 4 # There should continue to be a distinction between AIC agency activities that take place onshore and those that take place offshore.
1 (242) 5 ^ The ASIO Act and TIA Act should be amended to enable the Director-General of Security, on a request from the Foreign Minister or Defence Minister, to seek a warrant from the Attorney-General for the collection of foreign intelligence on an Australian person who is acting for, or on behalf of, a foreign power.
1 (244) 6 # The legislation that applies to ASIO, ASD, ASIS and AGO should continue to distinguish between Australians and non-Australians.
1 (252) 7   CLASSIFIED
1 (253) 8 # ONI should develop guiding principles on open source information collection, in consultation with DIO, Home Affairs, and the IGIS.
1 (254) 9   CLASSIFIED
1 (255) 10 ^ DIO and Home Affairs should not be included in the assumed identity regime in the Crimes Act for the purposes of open source information collection.
1 (255) 11   CLASSIFIED
1 (257) 12 » The ONI Act should be amended so that the privacy rules apply only to analytical products of the Open Source Centre.
1 (294) 13 # AGO should be established as a statutory authority before acquisition of a sovereign geospatial intelligence space capability, with the timing to be revisited as part of future independent intelligence reviews.
1 (295) 14 # DIO should remain a semi-autonomous organisation within the Department of Defence.
1 (298) 15 * DIO’s mandate should be made publicly available.
1 (301) 16 * The intelligence functions of Home Affairs should not be specified in legislation.
1 (314) 17 ^ The ASIO Act and any new electronic surveillance framework (incorporating existing authorities under the TIA Act, the SD Act and relevant parts of the ASIO Act) should provide that powers vested in the Attorney-General in respect of ASIO may only be exercised by the Attorney-General and not by a junior minister. As with section 3A of the IS Act, references to the Attorney-General should continue to include a person acting as the Attorney-General.
1 (314) 18 ^ The Law Officers Act should be amended to remove the ability for the Attorney-General to delegate his or her power to issue warrants under the ASIO Act to the Solicitor General, Secretary of the Attorney-General’s Department or any other officer of the Commonwealth. The current prohibition in respect of warrants issued under the TIA Act should remain in respect of the new electronic surveillance framework.
1 (315) 19 ^ The Attorney-General’s powers in respect of ASIO should not be able to be conferred on another minister through an action of the Executive. Legislative amendment should be required. The ability for the Governor General in Council to make a substituted reference order in respect of the Attorney-General’s role in exceptional cases should be retained, but only used in exceptional circumstances, such as where there is no Attorney-General.
1 (317) 20 ^ The ASIO Act and TIA Act (and the new electronic surveillance framework) should permit the Director-General of Security to approach the Prime Minister to issue a warrant, where the Attorney-General advises the Director-General of an actual or apparent conflict of interest, or where the Director-General is satisfied that the Attorney-General has an actual or apparent conflict of interest.
1 (318) 21 The IS Act should be amended to permit an agency head to approach another IS Act minister to issue an authorisation, where the responsible minister advises the agency head of an actual or apparent conflict of interest, or where the relevant agency head is satisfied that the authorising minister has an actual or apparent conflict of interest.
1 (329) 22 # Legislative amendments in respect of ONI’s budget authority are not required.
1 (335) 23 # The Department of Home Affairs does not require cooperation provisions in legislation.
1 (341) 24 # Section 13 of the ONI Act does not require amendment. The legislative requirement for the Director-General to approve cooperation arrangements with an authority of another country is appropriate.
1 (350) 25 ^ The ASIO Act should be amended to include a ministerial authorisation framework for ASIO’s offshore intelligence collection activities in respect of Australian persons, where those activities would require ASIO to seek a warrant inside Australia. The Attorney-General’s authorisation should be required irrespective of whether ASIO’s activities are undertaken in partnership with foreign partners or with other Australian Intelligence Community agencies. If, when ASIO seeks a warrant from the Attorney-General to conduct activities in respect of an Australian person inside Australia, it is reasonably foreseeable that the person will move offshore during the period of the warrant, and the warranted conduct can continue offshore, ASIO should inform the Attorney-General of this and seek his or her authorisation to continue the conduct offshore. The Director-General of Security (and only the Director-General) should be permitted to:
  • make an oral application to the Attorney-General where he or she believes on reasonable grounds that the delay in making a written application for ministerial authorisation of ASIO’s offshore activities would likely defeat the purpose of obtaining the authorisation, and
  • internally authorise activities (orally or in writing) where it is not possible to make an oral application to the Attorney-General.
Where an activity is authorised internally by the Director-General:
  • the Director-General should be required to notify the Attorney-General in writing as soon as possible, and no later than 48 hours, after the internal authorisation is issued, and
the Director-General should be required to notify the IGIS as soon as possible, but no later than three days, after the internal authorisation is issued.
1 (356) 26 ^ DFAT should be informed before any NIC agency (other than ASIS) conducts covert human intelligence activity in another country without the agreement of the host authorities. DFAT is responsible for determining whether the Foreign Minister should be advised of the activity.
1 (356) 27 # Processes for managing foreign relations risks, including determining the agencies subject to these processes, should be considered each time there is an Independent Intelligence Review.
1 (373) 28 # The Commonwealth should not develop a common legislative framework in the form of a single Act governing all or some NIC agencies.
2 (48) 29 # NIC legislation should not be amended to include standalone proportionality tests as part of the threshold for the authorisation of intrusive powers.
2 (61) 30 # Ministers should continue to authorise ASIO and IS Act agency activities. These authorisations should not also be subject to judicial or other independent authorisation.
2 (64) 31 ^ All ASIO warrants and special intelligence operation authorisations should be reviewed by the Attorney-General’s Department, noting the need for appropriate security clearances and relevant briefings.
2 (65) 32 ^ In circumstances of extreme urgency ASIO should provide warrants or authorisations to the Attorney-General without review by the Attorney- General’s Department. In such situations, ASIO should advise the Attorney-General that the warrant or authorisation has not been reviewed by the Department, and subsequently present the warrant or authorisation to the Department for review.
2 (66) 33 Existing consultation processes for ministerial authorisations under the IS Act are robust and support an appropriate level of assurance. These processes should continue.
2 (88) 34 ^ The duration of search warrants in the ASIO Act should be kept at 90 days.
2 (89) 35 ^ The duration of inspection of postal articles and inspection of delivery service articles warrants in the ASIO Act should be kept at six months.
2 (93) 36 ^ ASIO should be required to keep accurate records of all individuals involved in the execution of a warrant. The requirement for ASIO to specify who may exercise authority under a warrant in section 24 of the ASIO Act should be retained.
2 (94) 37 ^ The ASIO Act should be amended to make it clear that the permissible scope of classes under section 24 includes changes to, or expansion of, the class which occur after the authorisation is initially made.
2 (96) 38 ^ ASIO should continue to seek foreign intelligence collection warrants from the Attorney-General for activities within Australia that require a warrant, on the advice of the Foreign Minister or Defence Minister.
2 (98) 39 ^ The maximum duration of foreign intelligence collection warrants in the ASIO Act should remain at six months for all powers except search warrants, which should remain at 90 days, except in the limited circumstances, and subject to the additional safeguards, described in our classified report.
2 (99) 40   CLASSIFIED
2 (105) 41 The IS Act should be amended to provide that an agency is ‘producing intelligence’ on an Australian person or a class of Australian persons only if:
  • the agency undertakes a covert and intrusive activity, or a series of covert and intrusive activities, or
  • the agency expressly or impliedly requests a body, authority, organisation or group to undertake a covert and intrusive activity, or a series of covert and intrusive activities to obtain that intelligence.
2 (108) 42 The IS Act should continue to provide that an IS Act agency can only undertake activities for the specific purpose of producing intelligence on an Australian in relation to a serious crime where the minister is satisfied that person is, or is likely to be, involved in committing a serious crime by: moving money, goods or people; using or transferring intellectual property; or transmitting data or signals by means of guided and/or unguided electromagnetic energy.
2 (118) 43 ^ The ASIO Act and the new electronic surveillance Act should not allow warrants to be issued in respect of a class of persons, subject to the recommendations about groups and foreign organisations in relation to electronic surveillance powers (see Chapter 28).
2 (119) 44 A broad intelligence warrant should not be introduced to allow IS Act agencies to collect intelligence in accordance with their functions inside Australia.
2 (124) 45 The 2017 Independent Intelligence Review recommendation, that IS Act agencies be able to obtain ministerial authorisation in respect of a class of Australian persons where the class is defined by reference to involvement with a terrorist organisation proscribed for the purposes of the Criminal Code, should be implemented (Recommendation 16(a)). This should include the following requirements:
  • the responsible minister may only issue the authorisation after obtaining the agreement of the Attorney-General
  • the authorisation must not exceed six months
  • IS Act agencies must maintain a current list of all individuals on whom it sought to produce intelligence under the class authorisation with reasons why the agency believed the individual to be part of the class
  • this list should be provided to ASIO for visibility and to coordinate counter terrorism activities, and be available for inspection and review by the IGIS, who may provide advice to the agency head and responsible minister, and
  • agencies must report to the responsible minister within six months of the original authorisation providing details on activities undertaken and attaching the current list of individuals that fall within the class.
2 (127) 46 ^ The 2017 IIR recommendation to allow AGO and ASD, like ASIS, to obtain a ministerial authorisation in relation to a class of Australians in respect of activities performed when assisting the Australian Defence Force should be implemented (Recommendation 16(b)).
2 (128) 47 The IS Act should not be amended to allow ministers to issue a class ministerial authorisation in any circumstance the minister considers appropriate.
2 (143) 48 ^ The ASIO Act should be amended to, and the new electronic surveillance Act should, provide for the issuing of ASIO warrants in emergencies as follows: The Attorney-General must issue ASIO warrants in writing wherever possible. The Attorney-General may orally authorise a warrant, on application from the Director-General of Security, if he or she believes on reasonable grounds that the delay in making a written application would likely defeat the purpose of obtaining the warrant. The threshold for issuing the warrant should remain as for the Attorney-General’s consideration of a written application. The Director-General of Security may authorise activities in writing where it is not possible to make an oral application to the Attorney-General. This must be limited to circumstances where the Attorney-General is unavailable, or where making an oral application would pose an unacceptable risk to operational security. The threshold for the Director-General issuing the warrant should remain as for the Attorney-General’s consideration of a written application. The Director General of Security may only orally authorise an emergency warrant where it is not possible to make an oral application to the Attorney-General (as defined above), and where delay in authorising the application in writing would defeat the purpose of obtaining the warrant. The threshold for the Director-General issuing the warrant should remain as for the Attorney-General issuing a warrant.
2 (144) 49 ^ Where a warrant is authorised orally:
  • the Director-General must ensure that a written record of the warrant is made as soon as possible, but no later than 48 hours, after the authorisation is issued
  • the Director-General should provide a copy of the record to the IGIS as soon as possible, but no later than three days, after the authorisation is issued, and
  • the IGIS should be required to provide a report to the Attorney- General on whether the Director-General complied with the legislative requirements in giving the authorisation.
2 (145) 50 ^ The power to issue emergency warrants should be vested only in the Director-General of Security, or any person acting in that position, and should not be able to be delegated to any other ASIO officer.
2 (146) 51 ^ The Director-General of Security should be required to submit a written warrant application to the Attorney-General as soon as possible, but no later than 48 hours, after the authorisation is issued. On receipt of the written application, the Attorney-General must decide whether to:
  • endorse the authorisation, and issue a regular warrant authorising ongoing activities
  • endorse the authorisation, but decline to issue a regular warrant authorising ongoing activities and direct that activities cease, or
  • invalidate the authorisation, and direct that any material obtained under that authorisation be quarantined from further use (other than for limited purposes relating to oversight, or any investigation or proceeding relating to the activities).
2 (148) 52 The emergency authorisation provisions in the IS Act do not require amendment, beyond implementing amendments to address situations where it is reasonable to believe that an Australian person consents to the production of intelligence by the IS Act agency on that person, as recommended by the 2017 Independent Intelligence Review.
2 (154) 53 For the purposes of section 9 of the IS Act, the Minister should continue to obtain the Attorney-General’s agreement before authorising activities with respect to Australians involved in threats to security.
2 (154) 54 Section 13B of the IS Act should continue to require ASIO to notify ASIS that it requires ASIS’s assistance to undertake activities to support ASIO in the performance of its functions.
2 (156) 55 The IS Act should not be amended to allow ASIO to request ASIS to produce ‘foundational intelligence’ on a person suspected to be an Australian person using methods that would require a warrant if undertaken in Australia.
2 (159) 56 ¤ The immunities in section 14 of the IS Act should not be extended.
2 (164) 57 Section 13B of the IS Act should not be extended to apply to ASIS’s onshore activities.
2 (164) 58 Current arrangements under section 13B of the IS Act should not be extended to ASD and AGO.
2 (172) 59 * The IS Act appropriately provides for ministerial oversight and visibility of activities to achieve a direct effect undertaken directly by ASIS and ASD.
2 (173) 60 IS Act agencies should advise their minister, when seeking a producing intelligence ministerial authorisation to cooperate with the ADF or ASIS, that intelligence provided by it may be used to achieve a direct effect.
2 (174) 61 IS Act agencies should advise the responsible minister, when seeking a producing intelligence authorisation on an Australian, of the likelihood that a foreign partner may use the reporting produced to achieve a direct effect. If, during the course of the authorisation period, the agency becomes aware that a foreign partner is using the information to achieve a direct effect, the agency should notify the minister.
2 (175) 62 ^ ASIO should be required to seek authorisation from the Attorney-General for unilateral activities undertaken offshore, and when communicating intelligence to a foreign partner, where it is reasonably foreseeable that undertaking the activities will result in:
  • the death of, or serious harm to, the Australian person
  • the Australian person being detained, arrested, charged with or convicted of an offence punishable by the death penalty, or
  • the Australian person being subject to torture or other cruel, inhuman or degrading treatment or punishment.
2 (177) 63 # Ministerial directions or guidelines providing guidance on the meaning of the term ‘direct effect’ should be issued to each of ASIS, ASD, AGO and ASIO.
2 (185) 64 ¤ ASIO should not have a broad immunity from criminal liability for its activities.
2 (188) 65 ^ The Attorney-General, when issuing a warrant under the ASIO Act, should be empowered to specify particular things ASIO can do that are necessary and proportionate to achieve the purpose of the warrant.
2 (192) 66 ^ The defence in subsection 474.6(7) of the Criminal Code should be extended for ASIO so that it applies to all offences in section 474.6 (Interference with facilities). The defence should only be available where ASIO officers are acting in the course of their duties, and where that conduct is reasonable in the circumstances for the purpose of performing those duties.
2 (195) 67 # The ONI-led National Intelligence Community Legislation Forum should be informed of all upcoming criminal law Bills to ensure consultation with all NIC agencies occurs at the policy and drafting stages, before a Bill is introduced to Parliament.
2 (214) 68 ^ Applications to the Attorney-General for a special intelligence operation authorisation should only be made by the Director-General of Security.
2 (218) 69 ^ A special intelligence operation authority obtained under the ASIO Act should continue to describe the nature of the conduct in which identified persons are authorised to engage.
2 (221) 70 The IS Act should be amended to provide that the Director General of ASIS can authorise the use of a Commonwealth department or agency as the cover employer for ASIS officers.
2 (221) 71 ^ The ASIO Act should be amended to provide that the Director-General of Security can authorise the use of a Commonwealth department or agency as the cover employer for ASIO employees and affiliates.
2 (225) 72 ¤ The Criminal Code should be amended to give Australian Defence Force members immunity under Part 10.7 for computer-related acts done outside Australia in the course of properly declared operations under legally approved rules of engagement.
2 (226) 73 ¤ The Criminal Code should not be amended to give Australian Defence Force members immunity for telecommunications offences in Part 10.6.
2 (227) 74 ¤ The current immunity in section 476.5 of the Criminal Code for ASIS, ASD and AGO should be extended to apply where a staff member or agent reasonably believes the relevant conduct is likely to take place outside Australia, whether or not it in fact takes place outside Australia. This should also apply to the Australian Defence Force, if it is included within the immunity in section 476.5.
2 (268) 75 # The SD Act, TIA Act and those parts of the ASIO Act governing the use of computer access and surveillance devices powers should be repealed and replaced with a new Act.
2 (273) 76 ^ Agencies should continue to be required to obtain separate warrants to authorise covert access to communications, computer access or the use of a listening or optical surveillance device under a new Act. The Act should not introduce a ‘single warrant’ capable of authorising all electronic surveillance powers.
2 (277) 77 π As part of the development of a new electronic surveillance Act, AUSTRAC should be able to access telecommunications data in its own right under arrangements consistent with other Commonwealth, state and territory law enforcement agencies presently authorised to access telecommunications data.
2 (279) 78 π As part of the development of a new electronic surveillance Act, corrective services authorities should be granted the power to access telecommunications data, if the relevant state or territory government considers it to be necessary.
2 (281) 79 π As part of the development of a new electronic surveillance Act:
  • electronic surveillance powers should be vested in the Australian Border Force, not the Department of Home Affairs, and
  • the Australian Border Force should also be granted the power to use tracking devices under warrant and authorisation, for the purpose of serious criminal investigations.
2 (285) 80 π Electronic surveillance should only be authorised where it is necessary for, and proportionate to, the purposes of an investigation.
2 (288) 81 π Electronic surveillance should be directed at persons who are under investigation, subject to limited exceptions in relation to third parties, groups, unidentified persons and foreign intelligence. To the extent that person-based, third party and group warrants are not adequate to address all cases, an object or premises-based warrant should be retained.
2 (292) 82 π Electronic surveillance warrants should be available in respect of a person who is not under investigation (a third party), where the issuing authority is satisfied that, in addition to the test for an ordinary warrant, obtaining information under a warrant in respect of the subject of the investigation would be impractical or ineffective.
2 (293) 83 π Electronic surveillance warrants should be available in respect of a group where the issuing authority is satisfied that:
  • the group has engaged in, or is reasonably suspected of having engaged in, or being engaged in, or being likely to engage in common activities, that would justify the issue of an electronic surveillance warrant, and
  • obtaining warrants in respect of the individual members of the group would be impractical or ineffective.
2 (294) 84 π Electronic surveillance warrants should continue to be available in respect of a person who cannot be identified at the time of the warrant application.
2 (295) 85 π Foreign intelligence warrants with respect to foreign organisations should be retained in the new electronic surveillance Act.
2 (299) 86 π The Attorney-General should be permitted to issue warrants authorising ASIO to intercept telecommunications, access stored communications, access computers, and use optical and listening devices under a new Act, if satisfied that:
  • a person is engaged in, or is reasonably suspected of being engaged in or of being likely to engage in, activities relevant to security, and
  • the exercise of powers under the warrant in respect of the person is likely to substantially assist ASIO in obtaining intelligence in respect of a matter that is important in relation to security.
2 (310) 87 π An issuing authority should be permitted to issue warrants authorising a law enforcement agency to intercept telecommunications, access stored communications, access computers, and use optical and listening devices under a new Act, if he or she is satisfied that:
  • a person has committed, or is reasonably suspected of committing or of being likely to commit, an offence that is punishable by a maximum penalty of at least five years’ imprisonment, and
  • the exercise of powers under the warrant in respect of the person is likely to substantially assist the agency in the investigation of the offence.
2 (312) 88 π Electronic surveillance powers should be available to the ACIC for the purposes of special investigations, as well as for evidentiary investigations carried out under the authority of a special operation.
2 (315) 89 π Under a new electronic surveillance Act, offences should only be included as exceptions to the five year threshold for surveillance if they are punishable by at least three years’ imprisonment and the use of electronic surveillance powers is necessary in order to effectively investigate the offences.
2 (316) 90 π Under a new electronic surveillance Act, surveillance device powers should continue to be available for the purposes of integrity operations.
2 (316) 91 π Agencies should continue to be permitted to obtain warrants to use electronic surveillance powers to monitor persons subject to control orders, for mutual assistance purposes, to assist with an order for the recovery of a child, and other similar purposes currently contained in the TIA Act and the SD Act.
2 (317) 92 π The use of tracking devices should be regulated separately from other electronic surveillance powers in a new electronic surveillance Act.
2 (318) 93 π Under a new Act, ASIO’s tracking device warrants should be subject to the same test as ASIO’s other electronic surveillance warrants.
2 (320) 94 π A new electronic surveillance Act should allow an issuing authority to authorise a law enforcement agency to use a tracking device if satisfied that:
  • a person has committed, or is reasonably suspected of committing or of being likely to commit an offence that is punishable by a maximum penalty of at least three years’ imprisonment, and
  • the use of a tracking device under the warrant in respect of the person is likely to assist the agency in the investigation of the offence.
2 (322) 95 π ASIO and law enforcement agencies should be permitted to internally authorise the use of a tracking device, where:
  • the installation and use of the device will not involve entry onto premises or interference with the interior of a vehicle without permission, and
  • the use of a tracking device would otherwise meet the threshold for a warrant—that is, in the case of law enforcement agencies the device will be used for the purposes of the investigation of an offence punishable by a maximum penalty of at least three years’ imprisonment, and in the case of ASIO the device will be used in respect of a matter that is important in relation to security.
2 (325) 96 π Future reviews should re-evaluate the legal framework for tracking a person by accessing location data from carriers once the 5G network roll-out is substantially complete, to determine whether access to network data has become functionally equivalent to using a tracking device.
2 (328) 97 π A new electronic surveillance Act should accommodate the issuing of warrants to law enforcement agencies in emergencies as follows.
  • An issuing authority must issue law enforcement warrants in writing wherever possible.
  • An issuing authority may orally authorise a warrant, on application from an agency, if he or she believes on reasonable grounds that the delay in making a written application would likely defeat the purpose of obtaining the warrant. The threshold for issuing the warrant should remain the same as for the issuing authority’s consideration of a written application.
2 (329) 98 π The relevant minister should continue to report on law enforcement agencies’ use of time-sensitive warrants in his or her annual report.
2 (329) 99 π Where a law enforcement warrant is authorised orally, the head of the agency should be required to make a written record and provide a copy to the Ombudsman as soon as possible. The Ombudsman should be required to provide a report to the Attorney-General on whether the agency head complied with the legislative requirements in giving the authorisation.
2 (329) 100 π The law enforcement agency should be required to submit a written warrant application to an issuing authority as soon as possible. On receipt of the written application, the issuing authority must decide whether to issue a warrant, decline to issue a warrant, or decline to issue a warrant and invalidate the authorisation.
2 (331) 101 π A new electronic surveillance Act should enable law enforcement agencies to use electronic surveillance powers, without a requirement to obtain a warrant, to:
  •    prevent or lessen imminent threats to life, or of serious harm or damage to property
  •    locate and investigate suspected kidnappings
  •    locate missing persons, and
  •    recover a child subject to a child recovery order,
where an officer reasonably suspects that the circumstances are so urgent as to require the immediate use of the power, and that it is not practicable in the circumstances to apply for a warrant.
2 (332) 102 π A new electronic surveillance Act should continue to permit ASIO and law enforcement agencies to use optical and listening devices, without obtaining a warrant, in limited circumstances in the performance of their duties, where:
  • in the case of an optical surveillance device—the installation and use does not involve unauthorised entry onto premises or interference with a vehicle or thing, and
  • in the case of a listening device—the device is used to record a conversation to which an officer or agent is party, or could be reasonably expected to overhear.
2 (337) 103 π A new electronic surveillance Act should require ASIO and law enforcement agencies to specify, in writing, the people or class of people who may exercise the authority of a warrant, and to keep accurate records of all individuals involved in the execution of a warrant.
2 (342) 104 π As part of a new electronic surveillance Act, the Attorney-General or issuing authority should have the discretion to approve an agency to vary minor, specified aspects of a warrant while it is in force, if he or she is satisfied that it is necessary to do so. Agencies should not have the authority to vary warrants beyond such minor variations.
2 (342) 105 π When agencies make minor modifications to warrants, they should be required to:
  • apply the same statutory test when deciding whether to vary a warrant as the issuing authority applied at the time the warrant was issued
  • make any variations in writing, other than in urgent cases which should follow a similar procedure to time-sensitive authorisations, and
  • list and explain all variations when seeking a renewal of the warrant, or reporting to the Attorney-General.
2 (347) 106 π The development and testing framework that is presently contained in Part 2-4 of the TIA Act should be extended to enable the Attorney-General to authorise the testing and development of electronic surveillance and cyber capabilities, as part of a new electronic surveillance Act.
2 (348) 107 π The development and testing framework should be extended, as part of a new Act, to enable the Attorney-General to authorise the use of electronic surveillance and cyber capabilities for the purposes of:
  • training personnel on technologies and capabilities, and
  • maintaining, improving, repairing and evaluating the performance of technologies and capabilities.
2 (351) 108 π The development and testing authorisation framework should permit the Attorney-General to authorise the retention of information obtained under another testing authorisation, or a separate warrant, authorisation or power, as well as non compliant information, as part of a new Act.
2 (371) 109 π The core definitions in a new electronic surveillance Act should:
  • provide clarity to agencies, oversight bodies and the public about the scope of agencies’ powers
  • ensure that there are no gaps in the types of information that agencies may intercept, access or obtain under warrants and authorisations, and
  • be capable of applying to new technologies over time.
2 (378) 110 π A new electronic surveillance Act should not require carriers, carriage service providers or other regulated companies to develop and maintain ‘attribute based’ interception capabilities. These companies should continue to be required to develop and maintain the capability to intercept communications sent and received by specified services and devices.
2 (379) 111 π Under a new electronic surveillance Act, the Attorney-General should be given the power to require a company to develop and maintain a specified attribute-based interception capability. If such a capability has been developed, agencies should be able to obtain attribute-based interception warrants in cases where it will be practicable for the warrant to be executed.
2 (380) 112 π As part of a new electronic surveillance Act, ASIO and law enforcement agencies should be permitted to use their own attribute-based interception capabilities, in conjunction with service providers, under warrant.
2 (382) 113 π As part of a new electronic surveillance Act, law enforcement agencies should continue to be able to request an issuing authority to impose a condition or restriction on a warrant, requiring that specified communications that are unlikely to be relevant to the matter under investigation not be intercepted, or be promptly destroyed once they are delivered to the agency.
2 (383) 114 π Interception warrants issued under a new electronic surveillance Act should be capable of authorising the interception of communications by reference to one or more services or devices that the person (or group) who is the subject of the warrant uses, or is likely to use.
2 (386) 115 π Law enforcement agencies should only be permitted to use deployable interception capabilities, beyond the circumstances presently provided for in the TIA Act, under the following conditions:
  • where the agency has certified, in consultation with service providers, that the use of its capabilities will not interfere with the operation of the telecommunications network, and
  • subject to the development of arrangements for agencies to compensate a service provider, should the use of their capabilities cause damage to, or seriously disrupt, the telecommunications network.
2 (391) 116 π A new electronic surveillance Act should retain specific secrecy offences for the use and disclosure of, and other dealings with, information obtained by, and relating to, electronic surveillance.
2 (393) 117 π A new electronic surveillance Act should continue to prohibit the use and disclosure of, and other dealings with, information obtained as a result of unlawful surveillance activities.
2 (395) 118 π Secrecy offences in a new electronic surveillance Act should apply to a defined category of ‘entrusted persons’, who have obtained information in an official capacity, or under an agreement or arrangement with an agency. The offences applying to ‘entrusted persons’ should not require that the disclosure or other conduct cause, or be likely or intended to cause, harm to an essential public interest.
2 (397) 119 π Secrecy offences in a new electronic surveillance Act should continue to apply to ‘outsiders’. However, the ‘outsider’ offences should differentiate between information obtained by electronic surveillance and information related to, or otherwise connected with, electronic surveillance—the latter of which should require that the disclosure or other conduct cause, or be likely or intended to cause, harm to an essential public interest.
2 (400) 120 π Existing use and disclosure provisions in the SD Act and the TIA Act should be replaced with simple, principles-based rules that maintain strict limitations on the use and disclosure of information obtained by electronic surveillance.
2 (403) 121 π A new electronic surveillance Act should permit the use and disclosure of, and other dealings with, surveillance information for the purpose for which the information was originally and lawfully obtained.
2 (411) 122 π A new electronic surveillance Act should permit agencies to use, disclose and otherwise deal with surveillance information for a defined range of secondary purposes, including:
  • the performance of functions by ASIO, ASIS, ASD, AGO, ACIC, IGIS and the Commonwealth Ombudsman
  • the investigating or prosecuting of a criminal offence punishable by a maximum penalty of at least three years’ imprisonment
  • crime-related proceedings, such as bail, parole, proceeds of crime, control order, preventative detention order or continuing detention order proceedings
  • purposes relating to corruption or serious misconduct by public officials
  • the provision of mutual legal assistance to a foreign country under the Mutual Assistance in Criminal Matters Act 1987, and
  • the prevention or lessening of a serious risk to individual life, health or safety, or substantial damage to property.
2 (412) 123 π A new electronic surveillance Act should continue to permit the use and disclosure of, and other dealings with, surveillance information for a defined range of miscellaneous purposes that fall outside the scope of the recommended primary and secondary purpose provisions.
2 (414) 124 π A new electronic surveillance Act should enable agencies to disclose surveillance information to any person or authority, provided the disclosure is for a permitted purpose.
2 (421) 125 π A new electronic surveillance Act should require ASIO to destroy records of information obtained by electronic surveillance, as soon as reasonably practicable after the information is no longer required for the performance of its functions or exercise of its powers, and to ensure such information is rendered inaccessible pending its destruction.
2 (426) 126 π A new electronic surveillance Act should require law enforcement agencies to destroy records of information obtained by electronic surveillance and ensure the information is inaccessible pending destruction, as soon as reasonably practicable after:
  • the agency is satisfied that the records are not required for a specified purpose (being a purpose for which the information may be used and disclosed), or
  • five years unless the agency positively certifies the records are required for a specified purpose.
2 (428) 127 » A new electronic surveillance Act should require Commonwealth, state and territory agencies (other than ASIO, IS Act agencies and law enforcement agencies) to destroy records of information obtained by electronic surveillance consistent with the destruction requirement for law enforcement agencies recommended above. IS Act agencies should be subject to destruction requirements consistent with their privacy rules.
2 (431) 128 π ASIO conduct under a new electronic surveillance Act should continue to be overseen by the IGIS.
2 (433) 129 π The Commonwealth Ombudsman should have oversight responsibility for the use of Commonwealth electronic surveillance powers by all agencies other than ASIO.
2 (433) 130 π The existing ability of the Commonwealth Ombudsman to exchange information with state and territory counterparts should be maintained.
2 (435) 131 π The Ombudsman should oversee the compliance of all agencies (other than ASIO) with a new electronic surveillance Act, including state and territory agencies.
2 (442) 132 π Under a new electronic surveillance Act, the Ombudsman’s reporting requirements should be harmonised, including so that all reports are tabled by the Minister in full, except where information has been redacted in order to avoid prejudice to security, the defence of Australia, Australia’s relations with other countries, law enforcement operations, the privacy of individuals or to avoid danger to a person’s safety.
2 (443) 133   CLASSIFIED
2 (444) 134   CLASSIFIED
3 (48) 135 » A common legislative framework for NIC information sharing, either in the form of a single Act that regulates information sharing or a new Act that facilitates information sharing, should not be adopted.
3 (51) 136 » Exclusions in the spent convictions scheme in Part VIIC of the Crimes Act should be expanded to enable ASIO to use, record and disclose spent conviction information for the performance of its functions.
3 (71) 137 » NIC agencies do not require new powers or authorities to collect or obtain reference information.
3 (76) 138 » The collection, retention and use of reference information by AUSTRAC, Home Affairs and the AFP should continue to be regulated by the Privacy Act and specific statutory frameworks.
3 (83) 139 » The ASIO Guidelines and the Privacy Rules for ASIS, ASD, AGO, ONI, DIO and the ACIC should be amended to deal with the collection, retention, use and disclosure of reference information concerning Australian persons.
3 (85) 140 » The ASIO Guidelines and the Privacy Rules for ASIS, ASD, AGO, ONI, DIO and the ACIC should require each agency to regularly review its holdings of reference information, and to destroy information unless it is necessary and proportionate to continue retaining it. Any such requirement should reflect each agency’s functions and activities, including the ACIC’s statutory function of holding national policing information on behalf of Commonwealth, state and territory law enforcement agencies.
3 (87) 141 » Future Independent Intelligence Reviews should reconsider whether statutory controls on the collection, retention or use of reference data are required.
3 (111) 142 Ʃ Specific secrecy offences are not required to protect the identities of ASD officers or members of the ADF Special Operations Command.
3 (117) 143 Ʃ The secrecy offences in sections 39-40M of the IS Act should be consolidated. The scope of the offences should not be expanded.
3 (128) 144 Ʃ Current mechanisms for public interest disclosures of information obtained by, or relating to, NIC agencies remain appropriate. Neither the specific secrecy offences applying to NIC agencies, nor the general secrecy offences in the Criminal Code, should be amended to include an exception or defence for disclosures made in the public interest.
3 (131) 145 Ʃ The IGIS should be subject to a legislative requirement to report annually on public interest disclosures received by, and complaints about similar conduct made to, the IGIS.
3 (135) 146 Ʃ Specific secrecy offences applying to agencies within the IGIS’ jurisdiction should contain exceptions to permit disclosures of information to, and by, IGIS officials.
3 (152) 147   CLASSIFIED
3 (159) 148   CLASSIFIED
3 (161) 149   CLASSIFIED
3 (165) 150   CLASSIFIED
3 (165) 151   CLASSIFIED
3 (166) 152   CLASSIFIED
3 (168) 153   CLASSIFIED
3 (190) 154 π ONI should coordinate NIC agencies’ development of governance and ethical frameworks for the use of artificial intelligence capabilities for intelligence purposes.
3 (194) 155 π The requirement to have human involvement in significant or adverse decisions made by automated capabilities or artificial intelligence should be maintained. Similar controls should be included when new artificial intelligence capabilities are developed and implemented.
3 (201) 156 π Where a NIC agency relies on an artificial intelligence capability to contribute to the production of intelligence that is subsequently relied on to make a decision (by that agency or another government entity), the NIC agency should be able to explain how it produced that intelligence— including how the artificial intelligence capability contributed to that intelligence.
3 (201) 157 π Artificial intelligence capabilities, and their outputs, should not be protected from examination in legal proceedings merely because of the involvement of artificial intelligence.
3 (206) 158 π Future Independent Intelligence Reviews should consider the use of artificial intelligence for intelligence purposes.
3 (206) 159 π The PJCIS should receive a briefing from agencies on the development of their artificial intelligence-based intelligence capabilities at least once per year.
3 (215) 160 π ASIO already lawfully engages in threat reduction and disruption activities and there is no need for it to have a statutory threat reduction or disruption function.
3 (218) 161 ASD’s cybercrime function under section 7(1)(c) of the IS Act should not be extended to apply onshore.
3 (221) 162 π The AFP, with ASD’s assistance, should develop high end capability to fight cybercrime and fully utilise its existing powers to disrupt online offending.
3 (228) 163 ^ The ACC Act should not be amended to introduce a covert or delayed notification search warrant power for the ACIC.
3 (231) 164 ^ The ACC Act should not be amended to allow the conduct of coercive examinations offshore.
3 (233) 165 ¤ The ACC Act should not be amended to include a civil immunity for private sector bodies that have provided information to the ACIC voluntarily or on request.
3 (235) 166 ^ The ACIC’s notice to produce powers under the ACC Act should not be amended to allow it to compel the ongoing disclosure of information over a particular time period.
3 (244) 167 * ASIS, AGO, ASD, ONI and DIO should be excluded from the Commonwealth Ombudsman’s jurisdiction.
3 (262) 168 * The IGIS should not have oversight of the Department of Home Affairs or the AFP as recommended in the 2017 IIR.
3 (263) 169 * Legislation establishing oversight responsibilities for the NIC should take a functional approach. Oversight should follow intelligence function, regardless of the structures used to support performance of the function.
3 (267) 170 * The IGIS and Ombudsman should be consulted as a matter of course in relation to all proposed amendments to intelligence legislation affecting matters within their jurisdiction to ensure that oversight issues can be addressed upfront. This requirement should be included in the Legislation Handbook.
3 (271) 171 * The Attorney-General should issue publicly available guidelines for embedding oversight into NIC legislation. The guidelines should include the following principles:
  • Legislation should clearly state oversight bodies’ jurisdiction.
  • Any duplication in oversight jurisdiction should be minimised where possible, while recognising that the elimination of all overlap would also give rise to unintended gaps.
  • Laws and guidelines governing NIC agencies should be clear, precise and unambiguous in their terms and in their interaction with each other.
  • Legislation should allow oversight bodies to exercise discretion in managing their oversight functions and responsibilities.
  • NIC oversight legislation should avoid overly prescriptive and detailed inspection or reporting requirements.
  • Oversight bodies should be able to access all relevant information from intelligence agencies and appropriately share information between themselves.
  • Careful consideration should be given to dissemination of reports by an oversight body.
  • NIC agencies should be required to actively provide information to an oversight body about the use of extraordinary powers.
  • Legislation (or guidelines, as appropriate) should be clear about record keeping obligations and facilitate meaningful oversight.
  • Oversight bodies should have a role in supporting the continuous improvement of agencies’ legislative compliance by sharing their expertise on compliance best practice, and regularly reviewing agencies’ guidance materials.
3 (278) 172 * The IGIS Act should be amended to preclude the appointment to the Office of the IGIS of a person whose immediate prior role was as head or deputy head of an agency within the IGIS’ oversight remit.
3 (281) 173 * An independent panel should be established to provide technical expertise and assistance to the IGIS.
3 (285) 174 * The IGIS Act should be amended to give the IGIS an inquiry function for employment related grievances of staff employed under the ONI Act.
3 (289) 175 * Agencies should seek legal advice through in-house counsel or the Australian Government Solicitor, in a manner consistent with the Legal Services Directions.
3 (290) 176 * The Australian Government Solicitor should centrally and electronically store all classified legal advices provided to NIC agencies.
3 (292) 177 * The INSLM Act should be amended to provide that the INSLM may prepare and give to the Attorney-General a report on any matter relating to the performance of the INSLM’s functions at any time. The Attorney-General should be required to table an (unclassified) copy of the report in each House of the Parliament within a reasonable time of receiving the report.
3 (294) 178 * As a matter of good practice, the Government should provide a publicly available response to the INSLM’s recommendations within 12 months of the INSLM’s report being tabled in Parliament.
3 (296) 179 * The Independent Reviewer of Adverse Security Assessments should continue as a standing arrangement.
3 (311) 180 * The remit of the Parliamentary Joint Committee on Intelligence and Security should not be expanded to include direct oversight of operational activities, whether past or current.
3 (314) 181 * The IIR recommendation to enable the PJCIS to request the IGIS to conduct an inquiry into the legality and propriety of particular operational activities, and report to the PJCIS, Prime Minister and responsible minister, should be implemented. Changes to enable the PJCIS to make such a request should make it clear that the PJCIS can only request, not oblige, the IGIS to conduct an inquiry. The amendments should also maintain the current restriction that prevents the PJCIS from requiring a person or body to disclose operationally sensitive information or information that would or might prejudice Australia’s national security or the conduct of Australia’s foreign relations.
3 (315) 182 * Existing restrictions that apply to information disclosure by the PJCIS should continue to apply in respect of the IGIS’s reports or briefings to the PJCIS on its inquiries.
3 (320) 183 » The IS Act should be amended so that the PJCIS is only limited to not reviewing agency compliance with agency privacy rules, leaving scope for it to review the rules as made.
4 (35) 184 » ASIS, ASIO, ASD, DIO and ONI should continue to be exempt from the operation of the Freedom of Information Act 1982 (FOI Act).
4 (37) 185 » The Department Home Affairs, including its Intelligence Division, should remain subject to the FOI Act.
4 (39) 186 » The FOI Act should be amended to remove AGO’s exemption in respect of its non-intelligence function.
4 (42) 187 » The ACIC should remain subject to the FOI Act.
4 (44) 188 » In respect of AUSTRAC, consistent protections should be afforded to Suspicious Matter Reports and Suspicious Transaction Reports under the FOI Act.
4 (52) 189 » ASIO, ASIS, ASD, AGO, DIO and ACIC should be required, by legislation, to have legally-binding privacy guidelines or rules. These rules should be made public (except to the extent that those rules contain classified information).
4 (55) 190 » The identities of ASIO and ASIS staff members and agents should be protected from disclosure under the Archives Act 1983.
4 (57) 191 » All security matters arising under the Archives Act should be heard in the Security Division of the Administrative Appeals Tribunal.
4 (61) 192 » The FOI Act and Archives Act should be amended so that the IGIS is only required to provide evidence that addresses the damage that would, or could reasonably be expected to, arise from the release of material where the matter involves one or more of the agencies that the IGIS oversees.
4 (73) 193 ^ The definition of ‘prescribed administrative action’ in the ASIO Act should be amended to include the exercise of powers or functions in relation to parole, security guard licences and firearms licences.
4 (74) 194 ^ A regulation making power should be inserted into the definition of ‘prescribed administrative action’ in the ASIO Act. The regulation making power should allow regulations to add an action to the definition of ‘prescribed administrative action’ where that action has potential to affect an individual’s liberty or livelihood. Matters relating to security would be a key consideration in taking that action. Regulations made under the regulation making power should be reviewed by the PJCIS before the end of the applicable disallowance period in each Chamber prior to coming into effect.
4 (76) 195 ^ A decision to suspend or revoke an ASIS staff member’s security clearance should fall within the definition of ‘prescribed administrative action’ in the ASIO Act. A decision to suspend access to information or places which are controlled or limited on security grounds while a decision to revoke or suspend a clearance is reviewed should not fall within the definition of ‘prescribed administrative action’ in the ASIO Act. A decision to deny access to information or places which are controlled or limited on security grounds once a decision to revoke a security clearance is confirmed should not fall within the definition of ‘prescribed administrative action’ in the ASIO Act.
4 (79) 196 » ASIO’s passage of vetting information on former ASIO staff and unsuccessful ASIO applicants should not be exempted from the operation of Part IV. ASIO’s passage of third party information or unassessed lead information to a Commonwealth or state agency for the purposes of prescribed administrative action should not be exempted from the operation of Part IV.
4 (79) 197 » ASIO security assessments prepared for the purpose of informing the Foreign Investment Review Board should be exempted from the operation of Part IV of the ASIO Act.
4 (82) 198 » The ASIO Act should be amended to allow ASIO to make a preliminary communication directly to a state or territory agency where the requirements of security make it necessary, as a matter of urgency, to take action of a temporary nature pending the furnishing of a security assessment.
4 (86) 199 * The ASIO Act should be amended to require ASIO to notify the IGIS in every instance where it has taken more than 12 months to finalise a security assessment, and subject to the requirements of security, notify the individual in writing of their ability to make a written complaint under the IGIS Act. If the requirements of security do not permit notification of the individual, IGIS must be notified of this fact.
4 (89) 200 ^ A person the subject of an ACIC assessment that may be acted on by the recipient in a decision that affects the employment or liberty of the person should be notified of that assessment and given the opportunity to seek review.
4 (89) 201 ^ DIO assessments should not be subject to rights of notification and review similar to those in Part IV of the ASIO Act.
4 (114) 202 » The National Security Information (Criminal and Civil Proceedings) Act should be amended to include a rebuttable presumption to protect the identity of ASIO and ASIS staff member and agents. The presumption should preserve the court’s discretion and ensure that the respondent is given notice of the fact that the rebuttable presumption is engaged in a particular case.
4 (116) 203 Ʃ The offences in Part 5 of the National Security Information (Criminal and Civil Proceedings) Act should be reviewed and redrafted to include a tiered range of offences with penalties commensurate to the fault elements specified.

Source: D Richardson, Comprehensive Review of the Legal Framework of the National Intelligence Community (Richardson Review), Commonwealth of Australia, Canberra, 7 December 2019: Volume 1: Recommendations and Executive Summary; Foundations and Principles; Control, Coordination and Cooperation, pp. 60–85.

Appendix C: Recent intelligence and national security legislation

Intelligence legislation passed during 46th Parliament

Intelligence legislation passed during this 46th Parliament (Prime Minister Scott Morrison) as at 30 September 2021:

Government Bills before Parliament as at 30 September 2021:

Several private member Bills have also been introduced this session:

Government Bills passed in the 44th and 45th Parliaments

The Government Bills listed below were passed in the 44th (Prime Minister Tony Abbott and Prime Minister Malcolm Turnbull) and 45th Parliaments (Prime Minister Malcolm Turnbull and Prime Minister Scott Morrison). The Acts listed relate to:

  • introducing or expanding counter-terrorism or national security-related powers
  • introducing or expanding terrorism or national security-related offences
  • protecting critical infrastructure or
  • the functions and powers of the six agencies comprising the AIC.

The effect of the Acts is discussed in National security legislation in the 44th and 45th Parliaments: a quick guide.[173]