Purpose of the Bill
The main purpose of the Australian Security Intelligence Organisation Bill 2023 (the Bill) is to amend the Australian Security Intelligence Organisation Act 1979 and the Administrative Appeals Tribunal Act 1975 to:
- provide the Australian Security Intelligence Organisation (ASIO) with a new security vetting and clearance related function for both ASIO and non-ASIO personnel seeking to hold, or currently holding, a security clearance
- enable the exchange of information between ASIO and other agencies in relation to the ongoing suitability of a person to hold a security clearance and
- introduce a new review framework for reviewing ASIO security assessments and security clearance decisions.
The Bill will also amend the Office of National Intelligence Act 2018 to expand its current functions with respect to the highest level of Commonwealth security clearances and make minor amendments to the Inspector-General of Intelligence and Security Act 1986.
Background
Purpose of security clearances
Under the Australian Government’s Protective Security Policy Framework (PSPF), Australian Government employees and contractors require a security clearance to access classified resources, which can relate to Australia’s national security, economic and other interests.[1]
Security vetting involves the assessment of an individual’s suitability to hold a security clearance at a particular level. There are currently four levels of security clearances that allow personnel to access associated levels of classified resources, as set out at Table 1.
Table 1: Current security clearance levels
Clearance Level | Level of ongoing access permitted | Level of conditional access |
---|
Baseline | Classified resources up to and including PROTECTED | |
Negative Vetting Level 1 (NV1) | Classified resources up and including SECRET | NV1 security clearance holders can be provided with temporary access to TOP SECRET classified resources in certain circumstances. |
Negative Vetting Level 2 (NV2) | Classified resources up to and including TOP SECRET | An NV2 security clearance will be sufficient for most roles requiring intermittent access to TOP SECRET classified resources. |
Positive Vetting (PV) | Classified resources up to and including TOP SECRET, including some caveated information | PV clearances should only be sought where there is a demonstrated need to access extremely sensitive information, capabilities, operations and systems. Entities should first consider whether an NV2 clearance would meet the position’s requirement for a security clearance. |
Source: ‘Security clearances – Overview’, Department of Defence.
During a security clearance assessment, a clearance subject needs to establish confidence that they possess a sound and stable character, and that they are not unduly vulnerable to influence or coercion. The PSPF requires that any doubt regarding an individual’s suitability to hold a security clearance be resolved in the national interest.[2]
Current process for security vetting
Prior to September 2010, Australian Government entities managed their own security vetting for employees.[3] In October 2010, the Government established the Australian Government Security Vetting Agency (AGSVA) within the Department of Defence (Defence), to centrally administer personnel security clearances on behalf of Australian Government entities.
According to an Australian National Audit Office Report into AGSVA’s operations published in 2015, ‘most government entities must use AGSVA’s security vetting service for personnel that require a clearance’.[4] These agencies are referred to as ‘sponsoring agencies’. However, ASIO has stated there are currently five separate vetting agencies authorised to grant PV security clearances— AGSVA, ASIO, the Office for National Intelligence (ONI), the Australian Secret Intelligence Service (ASIS) and the Australian Federal Police (AFP).[5]
AGSVA charges government entities (other than Defence) on a fee-for-service basis for each clearance request.[6] Figure 1 sets out the current security vetting process undertaken by AGSVA.
Figure 1: Overview of AGSVA’s security clearance process
Source: Australian National Audit Office (ANAO), Central Administration of Security Vetting, Audit Report, 45, 2015–16, (Canberra: ANAO, 2015), para. 5.
ASIO performs an integral role in processing NV1, NV2 and PV clearances, which require an ASIO security assessment as part of the minimum personnel checks (both for AGSVA and other agencies).[7] In making the assessment, ASIO reviews any intelligence it may hold, as well as considering known security risk factors.[8]
According to the 2015 ANAO Report:
AGSVA routinely provides ASIO with information collected during the course of the vetting assessment process to inform the ASIO security assessment. However, there has been a history of disagreement between AGSVA and ASIO about aspects of the process, such as when ASIO should commence the security assessment, and the amount and quality of information provided by AGSVA to ASIO.[9]
The ANAO Report further noted that in early 2015, AGSVA and ASIO agreed that ASIO would commence its security assessment of individuals following the completion of AGSVA’s vetting assessment:
This agreement means that ASIO has access to all the information collected during the vetting assessment process, and resolved one of the areas of disagreement between the two organisations. However, as at March 2015, a formal Protocol covering the full scope of AGSVA and ASIO interactions remained the subject of ongoing negotiations between AGSVA and ASIO. The finalisation of the formal arrangement would help clarify mutual expectations and responsibilities, and contribute to both organisations fulfilling their role in the management of security vetting.[10]
Individuals granted a security clearance are also subject to ongoing review to ensure they are still suitable to maintain a clearance:
A security clearance represents an assessment of risk factors based on information provided by the clearance subject at the time of assessment. As a clearance holder’s risk profile may change over time, ongoing review of a clearance holder’s eligibility and suitability is required. Clearance maintenance is a responsibility shared by the clearance holder, the sponsoring entity and AGSVA. Clearance holders, sponsor entities or third parties may report relevant changes in personal circumstances to AGSVA. AGSVA responds to changes of circumstance, and conducts periodic reviews of security clearances and reviews for cause.[11]
Concerns about the current security vetting process
Since the move to AGSVA in 2010, there have been continued concerns raised about the efficiency of the current security vetting process, with the ANAO concluding in 2015:
Overall, the performance of the centralised vetting system established in October 2010 has been mixed, and key Australian Government expectations relating to improved efficiency and cost savings have not been realised. AGSVA was not ready to effectively provide whole-of-government vetting services in 2010 due to inadequate implementation planning, risk management and resourcing. While Defence has made progress since 2012 in its implementation of centralised vetting—by strengthening the management of vetting work, documenting its vetting procedures and applying additional human resources—AGSVA continues to fall well short of fully meeting its vetting responsibilities in a timely manner, and anticipated savings have been eroded.[12]
The 2017 Independent Intelligence Review conducted by the Department of the Prime Minister and Cabinet noted:
… the impact AGSVA’s processing times for PV clearances were having on the intelligence community workforce. It recommended the situation be reviewed again in early 2018, to allow time for the remediation program to have effect, and that alternative options, such as shifting responsibility for PV clearances to ASIO or allowing non-exempt intelligence agencies to conduct their own PV clearances, should be considered if processing times still exceeded six months.[13]
In 2018, following an audit assessing the effectiveness of the Australian Government’s personnel security arrangements for mitigating insider threats, the ANAO reported that ‘AGSVA’s security vetting services do not effectively mitigate the Government’s exposure to insider threats’.[14] In particular, the ANAO noted the following concerns about the current process:
AGSVA collects and analyses information regarding personnel security risks, but does not communicate risk information to entities outside the Department of Defence or use clearance maintenance requirements to minimise risk. Since the previous ANAO audit, AGSVA’s average timeframe for completing Positive Vetting (PV) clearances has increased significantly. AGSVA has a program in place to remediate its PV timeframes, and it has established a comprehensive internal quality framework. AGSVA plans to realise many process improvements through procuring a new information and communications technology (ICT) system, which is expected to be fully operational in 2023.[15]
It was reported in March 2023 that Defence was facing ’a massive backlog‘ for vetting new employees, as a result of ‘a new IT system designed to improve vetting, known as MyClearance, which has been beset by difficulties since being introduced at the end of November 2022’.[16] The MyClearance system was also reported to be incompatible with the systems used by ASIO.[17]
AGSVA’s median processing time for positive vetting clearance is currently 180 business days from the point at which AGSVA receives a fully completed vetting pack, including supporting documentation, from the clearance subject.[18] However, it has been reported that currently security clearance wait times are ‘stretching well beyond a year’.[19]
ASIO has also noted that the ability of different agencies to authorise PV clearance has ‘resulted in different applications of policy and standards aligned to individual missions and requirements rather than a consistent and coordinated approach to PV security vetting’, which has resulted in delays in transferring clearances across agencies.[20] It has also been reported that ‘the level of pressure mounting on Australia’s vetting organisations is clearly reaching unsustainable levels’ with concerns raised about the ability of the current processes to cope with the number of clearances needed to support the AUKUS Nuclear-Powered Submarine Pathway.[21]
Changes to the positive security vetting process
According to ASIO, ‘on 1 July 2020 a multi-agency Future Positive Vetting Capability Taskforce was established to modernise whole-of-government vetting standards to enable increased consistency, heightened assurance and transferability of Australia’s highest-cleared workforce’.[22]
In November 2021, the Attorney-General’s Department (AGD) announced that changes had been made to the PSPF policy to give effect to the TOP SECRET-Privileged Access Standard (TS-PA) and enable authorised vetting agencies to issue TS-PA clearances.[23] According to AGD, ‘the TOP SECRET-Privileged Access clearances will eventually replace the existing Positive Vetting clearances after a phased transition’.[24] As part of these changes, the Quality Assurance Office (QAO) was established within ONI ‘to independently assess the quality, consistency, and transferability of the TOP SECRET-Privileged Access (TS-PA) security clearances’.[25]
In her second reading speech on the Bill, the Minister for Home Affairs (the Minister), Claire O’Neil, stated that TS-PA Standard ‘establishes stronger mandatory minimum security clearance requirements reflecting contemporary psychological and insider threat research’.[26]
Committee consideration
Parliamentary Joint Committee on Intelligence and Security
On 29 March 2023, the Minister wrote to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) referring the Bill for the Committee’s review.[27]
Mr Peter Khalil MP, Chair of the PJCIS, stated:
Reviewing important national security legislation that, through the high-level access security clearances provide, will affect Australia’s National Security architecture is a key part of the Parliamentary oversight work of the PJCIS. The review will provide assurance that these changes provide a security framework that will last well into the future.[28]
Information about the inquiry, including submissions received by stakeholders, can be accessed via the PJCIS’s website.
Senate Standing Committee for the Scrutiny of Bills
The Committee has not reported on the Bill at the time of writing.
Policy position of non-government parties/independents
It appears that there has been no public comment about the position of non-government parties or independents.
Position of major interest groups
At the time of writing, there does not appear to be any stakeholder commentary about the Bill.
Financial implications
The Explanatory Memorandum states that ‘No financial impact is expected during the initial operation phase of the National TS-PA Capability to 30 June 2025’ and that ‘Future financial impacts would be a matter for the Government.’[29]
Statement of Compatibility with Human Rights
As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011, the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act.[30]
The Government advises that the Bill engages the following human rights:
The Government considers that the Bill is compatible because any limitations on human rights are reasonable, necessary and proportionate to achieve the Bill’s objectives.
Parliamentary Joint Committee on Human Rights
The Parliamentary Joint Committee on Human Rights (PJCHR) has not reported on the Bill at the time of writing.
Key issues and provisions
New clearance function for ASIO and changes to information sharing arrangements
The most significant amendments in the Bill relate to changes to the Australian Security Intelligence Organisation Act 1979 (ASIO Act) to provide for the new security vetting and clearance function for ASIO.
As discussed above, under Part IV of the ASIO Act, ASIO may currently contribute to the security clearance vetting process conducted by AGSVA and other agencies by conducting security assessments and may make security clearance decisions for its own staff. However, ASIO’s current functions (as set out in section 17) do not extend to making security clearance decisions in relation to security clearances sponsored by other agencies.
Item 7 of the Bill will insert proposed paragraph 17(1)(cb) which will expand ASIO’s functions to include ‘to undertake security vetting and security clearance related activities in accordance with Part IVA’.
Item 12 of the Bill will insert proposed Part IVA containing the key provisions which will give effect to ASIO’s new security vetting and clearance activities. For example, proposed subsection 82C(1) provides that the Director-General of ASIO or their delegate may do any of the following:
- undertake security vetting to assess a person’s suitability to hold a security clearance
- make security clearance decisions[31]
- undertake ongoing security vetting and assessment of a person’s suitability to continue to hold a security clearance that has been granted, or is taken under proposed paragraph 82C(2)(a) to have been granted, by ASIO
- furnish a security clearance suitability assessment in respect of a person
- communicate with a sponsoring agency for a security clearance in relation to the ongoing suitability of a person to hold the security clearance
- assume responsibility for a security clearance that has been granted to a person by another security vetting agency
- do anything incidental to a thing mentioned above.
A security clearance suitability assessment (SCSA) is defined as meaning a statement in writing that:
- is furnished by the ASIO; and
- is about a person’s suitability to hold a security clearance (with or without conditions imposed in respect of the security clearance) that has been, or may be, granted by another security vetting agency; and
- expressly states it is a SCSA.[32]
Where a SCSA contains information that would or could be prejudicial to a security clearance decision with respect to a person it is referred to as a prejudicial security clearance suitability assessment (PSCSA).[33]
Proposed section 82E would prevent Commonwealth security vetting agencies from making a security clearance decision based on information received from ASIO unless that information constitutes a SCSA. However, this would not prevent an agency from temporarily making a decision to suspend, revoke a suspension, or impose or vary conditions on the person’s security clearance pending the provision of the SCSA from ASIO where it is a matter of urgency. This provision would also not prevent ASIO from communicating information to other agencies about a security clearance holder or prevent agencies from taking action on the basis of that information, provided it does not amount to a security clearance decision. Similarly, proposed section 82F restricts the circumstances where ASIO can communicate information to a state (or territory) security vetting agency.
Proposed section 36A, inserted by item 10 of the Bill, would also disapply the operation of Part IV of the ASIO Act (except for section 81), to the extent it relates to the exercise or performance of a power or function under Part IVA. Part IV of the ASIO Act currently prohibits Commonwealth agencies from taking permanent prescribed administrative action on the basis of ASIO advice, unless that advice is a security assessment (section 39 of the ASIO Act). To avoid doubt, proposed section 36A specifically provides that a SCSA furnished by ASIO in performing its functions under proposed paragraph 17(1)(cb) is not a security assessment for the purposes of Part IV. According to ASIO, the current prohibition in Part IV ‘impedes ASIO’s ability to share clearance suitability information with sponsors early, and often’, leading to risks accumulating.[34] In extreme cases, this may ‘result in a clearance subject being found no longer suitable only after a significant risk has materialised’.[35]
Note that ASIO also has broad powers under existing Part IV to conduct security assessments in other circumstances (for example, relating to the issuing of visas or passports) which will not be impacted by the provisions in the Bill.
New review framework for ASIO assessments and decisions
Other significant amendments in proposed Part IVA relate to the new framework for reviewing SCSAs and security clearance decisions.
Under the current Commonwealth security clearance framework, ‘there are no statutory rights to seek internal or external merits review of security clearance decisions made by authorised vetting agencies’.[36]
As explained by ASIO in its submission to the PJCIS:
There are limited rights in Part IV of the ASIO Act for certain persons to seek review of adverse or qualified security assessments that may be used by vetting agencies to inform their security clearance decisions, but these do not apply to staff members of ASIO, ASIS, ONI, the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO) or the Defence Intelligence Organisation (DIO).[37]
Proposed Part IVA, Division 3 will introduce a new internal review, independent review and external merits review framework for security clearance subjects the subject of:
- a prejudicial security clearance decision (that is a decision to deny, revoke or impose/vary conditions on a security clearance) or
- a PSCSA (that is an assessment that contains information or advice about a person that would or could be prejudicial to a security clearance decision).[38]
Internal merits review
Proposed Subdivision A of Division 3 of Part IVA provides for an internal merits review framework that would enable review of prejudicial ASIO security clearance decisions by an alternate delegate within ASIO. However, this framework does not apply to a decision about a non-citizen or a person not normally resident in Australia and who is seeking the clearance for work offshore.[39]
ASIO would be required to notify a person and the sponsoring agency where a prejudicial security clearance decision has been made with respect to them, as well as notifying of the internal reviewer’s decision and reasons for the decision.[40] The internal delegate may affirm, vary or set aside the original decision (and if the decision is set aside the delegate may make another decision relating to the person’s security clearance).[41]
External merits review
With respect to external merits review of a decision, Division 3 of Part IVA of the Bill provides for two different pathways:
- where the person is an existing clearance holder or Commonwealth employee the Administrative Appeals Tribunal (AAT)[42] will review the decision (proposed Subdivision B)
- where the person is a new applicant, an independent reviewer appointed by the Attorney-General will review the decision (proposed Subdivision C).
Article 26 of the ICCPR provides that all persons are equal before the law and are entitled without any discrimination to the protection of the law. It is also considered to be one of the key components of the rule of law.
While noting that the different treatment provided to existing clearance holders/Commonwealth employees versus new employees engages the right to equality and non-discrimination, the Government argues that this limitation is necessary, reasonable and proportionate to achieve the objective of protecting Australia’s national security.[43]
The Department of Home Affairs (DHA) has stated that:
This is a narrow carve out of a small class of individuals that will have access to independent review rather than external merits review in the AAT, and will primarily relate to TS-PA security clearances given ASIO’s role as the National TS-PA Authority.[44]
ASIO argues that this distinction is necessary to prevent hostile foreign powers and their proxies (FPPs) from attempting to ‘game the system’ and ‘infiltrate Australian Government agencies’ by applying for security clearances.[45] In particular, ASIO states that this distinction:
… recognises that the threat of espionage and foreign interference is higher for new applicants who have not yet participated in security awareness training and who have only a rudimentary understanding of security obligations, and who are therefore less able to manage the threats posed by hostile FPPs or who are more susceptible to being duped or exploited by an FPP. New applicants also bring a lower level of assurance as they do not have existing track records as Commonwealth employees.[46]
However, a key aspect of whether a limitation on a right can be justified is whether the limitation is proportionate to the objective being sought. As noted by the PJCHR, ‘even if the objective is of sufficient importance and the measures in question are rationally connected to the objective, the limitation may still not be justified because of the severity of its impact on individuals or groups’.[47]
With respect to judicial review, the Explanatory Memorandum provides:
All security clearance applicants would continue to have rights to seek judicial review of a security clearance decision made or a SCSA furnished by ASIO, in the Federal Court of Australia under section 39B of the Judiciary Act 1903, or the High Court of Australia under section 75(v) of the Constitution.[48]
The Explanatory Memorandum also states that ‘ASIO would continue to be overseen by the Inspector-General of Intelligence and Security (IGIS), which reviews ASIO’s activities to ensure it acts legally and with propriety, complies with ministerial guidelines and directives and respects human rights’.[49] However, as noted by IGIS in its submission to the PJCIS, ‘IGIS is not a merits review body, nor does it make binding decisions’.[50]
Process for existing clearance holders/Commonwealth employees
Proposed Subdivision B of Division 3 of Part IVA amends the ASIO Act to provide for an external merits review framework that would apply in respect of security clearance decisions that continue to be prejudicial after internal merits review and in respect of decisions relating to a PSCSA (except decisions about a non-citizen or a person not normally resident in Australia and who is seeking the clearance for work offshore). However, as noted above, this framework will only apply to decisions relating to existing security clearance holders and Commonwealth employees.[51]
Reviews will be conducted by the Security Division of the AAT.
Where an affected person applies to the AAT for external merits review of a prejudicial security clearance decision made by ASIO, the Director-General or their delegate must:
- prepare a statement of grounds for the security clearance decision which must contain all information relied on by ASIO in making the decision and
- provide the affected person with a copy of the statement of grounds as soon as practicable.[52]
Where the statement of grounds relates to a decision in respect of the Commonwealth’s highest level of security clearance, the Director-General or their delegate must withhold certain types of information that would be prejudicial to security or contrary to the public interest.[53] The Minister may also issue a certificate certifying that disclosure of the statement of grounds to the affected person would be prejudicial to the interests of security and must therefore not be disclosed.[54]
Where ASIO makes a PSCSA, it must also prepare a statement of grounds containing all the information it has relied on in making the PSCSA unless the Director-General or their delegate is of the opinion the information would be prejudicial to security.[55] However, if ASIO furnishes a PSCSA to another security vetting agency, the security vetting agency is required to provide notice of the assessment and a copy of the assessment (including the statement of grounds) to the affected person within 14 days.[56]
With respect to PSCSAs, the Minister may issue a non-disclosure certificate where the Minister is satisfied:
- withholding notice of the PSCSA with respect to the affected person is essential to the security of the nation, or
- disclosing the statement of grounds to the affected person would be prejudicial to the interests of security.[57]
However, the Minister must consider whether to revoke a certificate 12 months after the certificate to withhold notice is given and every 12 months after the Minister last considered whether to revoke it.[58]
DHA has explained why an affected person will be provided earlier access to a statement of grounds with respect to a PSCSA but not a prejudicial security clearance decision:
The reason why the subject of a prejudicial security clearance decision will only receive a statement of grounds after they make an application to the AAT for external review as opposed to when the reviewable security clearance decision is because, unlike PSCSAs, an affected person of a prejudicial security clearance decision will get access to internal merits review and a statement of reasons to assist them understand the decision that was made and enable them to determine whether to pursue external merits review. Contrary, individuals the subject of a PSCSA do not have access to internal merits review so it is appropriate they are provided the statement of grounds earlier to assist them in making an informed decision as to whether to pursue external review.[59]
The Minister may also, in exceptional circumstances, limit a person’s access to have a security clearance decision or SCSA reviewed by the AAT where the Minister believes it would be prejudicial to security through the issuing of a conclusive certificate.[60] DHA has provided some context on the background to this exception in its submission to the PJCIS:
The high threshold of “exceptional circumstance” is appropriate and provides a mechanism for the Minister, subject to their discretion and advice from ASIO, to address prejudice to security in scenarios where the foreign intelligence threat is extreme, or where the circumstances involved are so serious that it would not be in Australia’s national interests to undertake external merits review. For example, this could include scenarios where ASIO discovers through its sophisticated capabilities that a person or organisation is seeking to probe into or collect information on ASIOs security clearance framework, or its capabilities more generally.[61]
Division 2 of Part 1, Schedule 1 of the Bill will amend the Administrative Appeals Tribunal Act 1975 (AAT Act) to provide for this new pathway for review. The amendments provide for specific procedures the AAT/ASIO must follow in conducting merits review of a security clearance decision or SCSA, including:
- the Director-General or their delegate must present all relevant information to the AAT[62]
- the proceedings are to be in private, with the AAT to determine which people may be present (with specific limitations on when the applicant/person representing the applicant may be present)[63] and
- the AAT must first hear evidence from ASIO before hearing evidence from the applicant (where the applicant desires to give evidence).[64]
The Minister may certify that certain evidence proposed to be introduced by ASIO should not be disclosed to the applicant or their representative where the evidence would prejudice the security or defence of Australia.[65] Where the Minister has consented to the applicant’s representative being present when such evidence is adduced, it is an offence (with a maximum penalty of two years imprisonment) if the applicant’s representative then discloses the evidence to the applicant (or any other person).[66]
Furthermore, the Director-General may also present to the AAT:
- a copy of any standard (or part of any standard) certified in writing by the Director-General as a standard relating to the Commonwealth’s highest level of security clearance that was used to make the security clearance decision or SCSA or
- a copy of any standard (or part of any standard) certified in writing by the Director-General as the current standard relating to the Commonwealth’s highest level of security clearance.[67]
Where the Director-General has presented any of the above documents to the AAT, the AAT must do all things necessary to ensure the documents are not disclosed to an applicant, their representative or any person other than an AAT member for the purposes of the proceeding, or the Director-General or a representative of the Director-General.[68] The AAT has a similar obligations with respect to sensitive information certified by the Director-General as being information that would be contrary to the public interest.[69] However, the AAT may disclose this information where the information has already been lawfully disclosed to the applicant or is disclosed to the applicant with the consent of the Director-General.[70]
In reviewing a security clearance decision, the AAT will only have the power to affirm a decision or remit the decision back to ASIO for reconsideration (though the AAT may also make findings that are binding upon ASIO).[71] As explained by DHA:
The AAT can make findings that are binding if, in the AAT’s opinion, the information relied upon in making the original decision was incorrect, was incorrectly represented or could not reasonably be relevant to the requirements of security. Commonwealth agencies, States or authorities of a State must treat the findings of the AAT with regard to an SCSA or security clearance decision, to the extent that they do not confirm a security clearance decision or SCSA, as superseding the original decision or assessment. ASIO cannot make any further decisions or assessments in respect of an affected person that are not in accordance with the AAT’s findings, except on the basis of matters occurring after the review or where evidence was not available at the time of the review.[72]
Process for new applicants
Proposed Subdivision C of Division 3 of Part IVA (which item 12 inserts into the ASIO Act), also provides for an external merits review framework that would apply in respect of security clearance decisions that continue to be prejudicial after internal merits review (except decisions about a non-citizen or a person not normally resident in Australia and who is to be employed offshore). This framework will apply to anyone who does not hold an existing security clearance or who is not a Commonwealth employee.
Instead of the review being conducted by the AAT, it will be conducted by an independent reviewer appointed by the Attorney-General. The Bill does not provide for a specific set of qualifications that the independent reviewer must possess but rather that the Attorney-General must be satisfied that they have the appropriate skills and qualifications to perform the role and hold the highest level of security clearance.[73] The independent reviewer cannot be a current or former ASIO employee or affiliate.[74]
The independent reviewer must consider whether the relevant decision was reasonably open to have been made and provide a report to the Director-General of ASIO who must then decide what action to take, including whether to issue a new security clearance decision.[75] The independent reviewer must also provide a copy of this opinion to the Inspector-General of Intelligence and Security.[76]
The Bill does not stipulate criteria that the independent reviewer must consider when deciding whether or not to conduct a review. DHA states that this is ‘in order to provide them with complete discretion in determining the merit in undertaking a review on a case-by-case basis’ and ‘will allow an independent reviewer to consider a wide range of factors when determining whether to undertake a review’.[77]
Reference of certain matters to the AAT by the Attorney-General
Proposed section 83F will introduce a new safeguard whereby the Attorney-General can, if they are satisfied that it is desirable to do so by reason of special circumstances:
- require the AAT to inquire into and report to the Attorney-General and the Minister on any question concerning the furnishing of a SCSA or the making of a security clearance decision by ASIO or
- to review such an assessment or such a decision along with any information or matter on which it is based.
DHA notes that ‘this mechanism allows the Attorney-General to seek independent advice regarding the appropriateness of an ASIO security clearance decision or SCSA that would not otherwise be subject to external merits review in the AAT where special circumstances are considered to exist.’[78]
New function for ONI
ONI’s functions currently include leading the National Intelligence Community, carrying out evaluations, preparing assessments and reports and otherwise providing advice to the Prime Minister on matters relating to the National Intelligence Community.
Item 46 of the Bill will amend the Office of National Intelligence Act 2018 (ONI Act) to expand its current functions to include:
- providing quality assurance, reporting and advice to support the consistency and transferability of the highest level of security clearances issued by the Commonwealth and
- assisting the Commonwealth authorities that sponsor those security clearances to establish and maintain those authorities’ capability to prevent and detect insider threats.[79]
The Bill would ensure that certain existing limitations in the ONI Act do not preclude ONI from undertaking these new functions and that Commonwealth authorities are not precluded from providing ONI with information, documents or things that relate to these functions.[80]
According to ONI, the purpose of these amendments is:
… to enable the Quality Assurance Office (QAO) in ONI to independently assess the quality, consistency, and transferability of the TOP SECRET-Privileged Access (TS-PA) security clearances, and drive the uplift of the insider threat capability of government agencies that sponsor these clearances.[81]
As with the amendments to the ASIO Act and AAT Act, the amendments to the ONI Act refer to the ‘highest level of security clearances issued by the Commonwealth’. According to ONI, this to ‘futureproof the ONI Act in the event the nomenclature of TS-PA security clearances are changed in future’.[82]