Bills Digest No. , 2022–23

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023

Author

Go to a section


BILLS DIGEST No. 74, 2022–23
5 May 2023

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023

The Authors

Dr Evan Hamman and Scanlon Williams


Key points

  • The Bill amends Commonwealth statutes relating to national security and intelligence matters.
  • Most of the proposed changes are linked to recommendations from the 2019 Review of the Legal Framework of the National Intelligence Community (the Richardson Review).
  • Other proposed amendments in the Bill:
  • increase the membership of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) from 11 to 13
  • clarify the level of detail required in a Ministerial direction to the Australian Secret Intelligence Service (ASIS) under the Intelligence Services Act 2001.

Date introduced: 29 March 2023

House: House of Representatives

Portfolio: Attorney-General

Commencement: the day after Royal Assent



Purpose of the Bill

The purpose of the National Security Legislation Amendment (Comprehensive Review and Other Measures Bill 2023 (the Bill) is to amend Commonwealth legislation relating to national security and intelligence. Specifically, the Bill seeks to:

Structure of the Bill

The Bill has nine Parts, which are summarised in the table below. Parts 1 to 2 and 4 to 8 seek to implement recommendations from the Richardson Review. Parts 3 and 9 make further changes to national security legislation.

Table 1: Structure of the Bill

PartAmendsSummary of change/s
1—Powers and functions of the Attorney-General

Acts Interpretation Act 1901

Australian Security Intelligence Organisation Act 1979 (ASIO Act)

Law Officers Act 1964

Telecommunications (Interception and Access) Act 1979 (TIA Act)

Removes the ability of the Attorney-General to delegate powers under the ASIO Act (except financial assistance powers). Limits the ability of the Executive to confer the Attorney-General’s powers with respect to ASIO on another Minister.
2—Defences for certain national infrastructure related offencesCriminal Code Act 1995 (Criminal Code)Provides new defences for ASIO relating to interference with facilities, unauthorised modification of data and impairment of electronic communication.
3—Membership of the PJCISIntelligence Services ActIncreases the membership of PJCIS from 11 to 13 and specifies the composition of Senate and House members.
4—Spent convictionsCrimes Act 1914Allows ASIO to use, record and disclose spent conviction information.
5—Reporting by the Inspector-General of Intelligence and Security (IGIS)

Inspector-General of Intelligence and Security Act 1986 (IGIS Act)

Public Interest Disclosure Act 2013

Requires the Inspector-General of Intelligence and Security (IGIS) to report annually on public interest disclosures and complaints made to IGIS.
6—Investigations by the OmbudsmanOmbudsman Act 1976Removes the ability for the Ombudsman to investigate complaints concerning ASIS, the Australian Geospatial-Intelligence Organisation (AGO), the Australian Signals Directorate (ASD), the Office of National Intelligence (ONI) and the Defence Intelligence Organisation (DIO).
7—Exemptions from Freedom of Information (FOI) lawFreedom of Information Act 1982 (FOI Act)Removes freedom of information (FOI) exemptions for the AGO for documents related to the Australian Hydrographic Office (AHO).
8—Review under the archives law

Administrative Appeals Tribunal Act 1975 (AAT Act)

Archives Act 1983

FOI Act

Requires Administrative Appeals Tribunal (AAT) proceedings in relation to security records to be heard in the Security Division of the AAT. Narrows the circumstances in which IGIS is required to provide evidence to the AAT.
9—Other amendmentsIntelligence Services ActClarifies the level of detail required in a Ministerial direction to the ASIS.

Background

Broader Context of Reforms

National security and intelligence in Australia is currently administered by several different agencies under a range of Commonwealth legislation. Collectively, these agencies form part of the National Intelligence Community (NIC). NIC agencies collect, produce and analyse information in support of common missions that address priority requirements of the Australian Government.

This Bill is the second in a set of legislative measures which responds to the Richardson Review (see below). The first measures were introduced by the previous Government through the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2021 (the First Measures Act).[1]

Prior to the Richardson Review, there had been several independent reviews of the NIC, including:

The 2019 Richardson Review represented the first ‘wholesale review of the legislative framework’ underpinning NIC work.[3]

The Richardson Review

The Richardson Review’s focus on national intelligence legislation responded to a recommendation from the 2017 Independent Intelligence Review undertaken by Michael L’Estrange and Stephen Merchant.[4] Specifically, Recommendation 15 from the L’Estrange/Merchant Review proposed:

A comprehensive review of the Acts governing Australia’s intelligence community be undertaken to ensure agencies operate under a legislative framework which is clear, coherent and contains consistent protections for Australians. This review should be carried out by an eminent and suitably qualified individual or number of individuals, supported by a small team of security and intelligence law experts with operational knowledge of the workings of the intelligence community.[5]

The Richardson Review – delivered in late 2020 – contained a total of 203 recommendations reportedly to be implemented over several years. The goal of balancing individual rights against the need for national security was highlighted throughout the Review. Indeed, as the final report made clear:

The intelligence services and the agencies with intelligence functions that comprise the NIC occupy a special place in a democratic society. They operate, sometimes in secrecy, for the purpose of protecting Australia and its people, and to promote our national interests. The laws that govern these agencies, and their activities, must be based on sound and firm principles that balance privacy and individual liberties, and broader collective interests.[6]

The Terms of Reference for the Richardson Review focused on making improvements to Commonwealth legislation, in order to, amongst other things:

  • facilitate the general co-ordination and appropriate control and direction of each agency comprising the NIC in relation to the exercise of intelligence powers and functions, and of the NIC as a whole
  • support the effective co-operation, liaison and sharing of information between NIC agencies, and between NIC agencies and Commonwealth, state, territory, foreign government and other partners, for intelligence purposes
  • support the intelligence purposes, functions, administration and staffing (including recruiting) of each agency comprising the NIC
  • provide for accountability and oversight that is transparent and as consistent across the NIC agencies as is practicably feasible.[7]

Progress on Implementation

At the time of writing, 30 of the 203 recommendations from the Richardson Review have been implemented, 53 did not require implementation and 120 (including the 10 in this Bill) remain ‘in progress’.[8] The previous Government’s response to the Richardson Review agreed (or agreed in principle or in part) to all but four of the Review’s unclassified recommendations. The Bill specifically seeks to implement Recommendations 18, 19, 66, 136, 145, 167, 186, 188, 191 and 192 of the Richardson Review. These are discussed in greater detail in the 'Key Issues and Provisions' section of this Digest.

Committee consideration of the Bill

Parliamentary Joint Committee on Intelligence and Security (PJCIS)

The Bill has been referred to the PJCIS for inquiry and report. The Attorney-General requested that the Committee report by the end of April 2023, but at the time of writing, the report had not yet been published.

Details of the inquiry is available at the homepage for the inquiry. A public hearing was conducted by the Committee on 11 April 2023 in Canberra. The transcript of the hearing has been published online.

Senate Standing Committee for the Scrutiny of Bills

The Senate Standing Committee for the Scrutiny of Bills has not yet considered the Bill.

Position of major interest groups

Extension of defences and enhanced access to spent conviction information for ‘ASIO affiliates’

Dr Walker-Munro, appearing in a private capacity before the PJCIS, raised concerns with the scope of the proposed definition of ASIO officer in the Bill, which the Bill defines as meaning the ‘Director-General of Security’, an ‘ASIO employee’ or ‘ASIO affiliate’. All of these terms carry the same meaning as provided in the definitions for those terms under the ASIO Act.[9] Under the ASIO Act, ASIO affiliate’ is defined as ‘a person performing functions or services for [ASIO] in accordance with a contract, agreement or other arrangement …’.

The Bill would give ASIO officers (and, by extension, ASIO affiliates) greater access to spent conviction information as well as protection via new defences in the Criminal Code.

Dr Walker-Munro stated in his oral evidence before the Committee:

The [concern I have] is in relation to the extension to an ASIO affiliate, which is defined under the act to include, essentially, secondees and contractors that may have arrangements with ASIO. The Richardson review, as far as I'm aware, didn't warrant the extension of immunities from ASIO employees, who are the staff members of the agency, to anybody else. It is a very specific immunisation against a very wide range of potential civil and criminal immunities to which ASIO would have access.[10]

Similarly, in its submission to the PJCIS, the Office of the IGIS noted that the definition of ASIO officer was potentially quite broad, although in oral evidence before the Committee, Inspector-General, Dr Christopher Jessup, stopped short of saying it was a ‘matter of concern’.[11]

In a similar vein, the written submission to the PJCIS by the Law Council of Australia expressed its view that the definition of ASIO officer goes beyond the scope of the Richardson Review. In its submission to the PJCIS inquiry, the Law Council stated that it:

remains concerned that there is the potential for ‘ASIO Affiliate’ [within the definition of ASIO officer] to allow other officers of law enforcement agencies, such as the AFP, or other intelligence agencies with an offshore intelligence focus, such as ASIS, to rely on the defence. This is undesirable. It would carry the risk of undermining the differentiated warrant and issuing safeguards—for example, the issuing safeguards regulating access to telecommunications data and interceptions under the TIA Act. The Law Council’s long-standing position is that the vital distinction between foreign and security intelligence should be maintained.[12]

The Director-General of Security at ASIO, Mike Burgess, responded to these concerns at the public hearing convened by the PJCIS explaining that the application of the word ‘affiliate’ within the definition of ASIO officer was intended to be limited:

Obviously, ASIO is made up of our employees and individuals that are contracted by us or seconded inside our organisation. They are labelled 'ASIO affiliates', and therefore these defences would apply to them in the performance of ASIO's function. I would stress that—noting some papers submitted to the committee and other comments made—this would not allow someone who is seconded into our organisation to call upon these defences in the purpose of their own home organisation's function. They can only use them when they're authorised to do so inside of ASIO for ASIO's purpose.[13]

In reply to further questioning from the Committee, the Director-General gave the following response:

… officers from another organisation, say ASD or ASIS or the Australian Defence Force, would have to be seconded inside ASIO working for ASIO's purpose. They couldn't take that defence with them in the performance of their functions for ASD, ASIS or ADF. They would have to rely on their own defences and law that governs what they do in that capacity. When they're an affiliate of ASIO, they are working for ASIO and can only call upon these defences when they're doing our functions that are authorised internally.[14]

Furthermore, during the Committee hearing on the Bill, Dr Walker-Munro expressed additional concerns about ASIO’s proposed access to spent conviction information:

I think that ASIO should have access to that information for the purposes of discharging their functions under the act. The potential issue then becomes whether or not there is a flow-on effect that permits the sharing of that information with agencies that would not otherwise be permitted to access it, so other NIC agencies that would not necessarily be able to access that information gaining access to it essentially through an information share with ASIO. My concern on that side is that you've essentially got a way to circumvent the law in a way that perhaps the law didn't intend.[15]

On the same issue, the Director-General of Security at ASIO suggested ASIO’s access would not be unfettered:

If the concern was that an affiliate could then take it and use it back in his or her home agency, that wouldn't be allowed because they can only use it inside ASIO and there'd be restrictions on them under their home agency under the spent convictions law, so, no, I don't believe that's valid.[16]

In its submission to the Committee, ASIO argued that spent conviction information has the potential to ‘help inform ASIO’s understanding of security threats, including in relation to people who might also be the subject of a law enforcement investigation.’[17] The Attorney-General’s Department agreed, suggesting in its submission to the PJCIS that allowing ASIO to access spent conviction information will help ASIO to ‘better perform its security functions’.[18]

Removal of oversight by the Commonwealth Ombudsman

The Office of the Commonwealth Ombudsman supports the proposed changes to the Ombudsman Act 1976 (Richardson Review Recommendation 167). The changes in the Bill remove the ability for the Commonwealth Ombudsman to oversee the activities of ASIO, ASIS, AGO, ASD, ONI and DIO. During the PJCIS inquiry, Iain Anderson, Commonwealth Ombudsman stated:

What we've said in our submission is that we really don't do anything with respect to these six agencies. ASIO has been carved out under our regulations for a very long time. For the other five, if we do receive complaints about those agencies, we either pass them on to the IGIS or tell the complainants that they need to themselves go to the IGIS. So we don't exercise functions with respect to these six AIC agencies. We welcome the fact that the bill takes the position that we and the IGIS have arrived at and makes it very clear in the face of the legislation.[19]

The Law Council of Australia also supported the proposed amendments to the Ombudsman Act.[20]

Financial implications

According to the Explanatory Memorandum, the Bill has nil financial impacts.[21]

Statement of Compatibility with Human Rights

As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011, the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act. The Government considers that the Bill is compatible.[22]

Parliamentary Joint Committee on Human Rights

At the time of writing, the Parliamentary Joint Committee on Human Rights had not commented on the Bill.

Key issues and provisions

Implementation of the Richardson Review

The Bill seeks to implement ten recommendations from the Richardson Review. Each recommendation is dealt with in turn below.

Recommendation 18

Recommendation 18 of the Review was that the Law Officers Act should be amended to remove the ability for the Attorney-General to delegate their power to issue warrants under the ASIO Act to the Solicitor General, the Secretary of the Attorney-General’s Department or any other Commonwealth officer. Recommendation 18 also argued that the warrant prohibitions under the TIA Act should remain unchanged.[23]

The Richardson Review considered that in light of the principles of ‘ministerial responsibility and accountability and the powers contained in the ASIO Act’, there are ‘no circumstances in which the Attorney-General should be allowed to delegate [their] responsibilities for issuing ASIO warrants to an unelected official’.[24]

Currently, the Attorney-General has the power to issue ASIO with various types of warrants, such as search warrants, computer access warrants and surveillance device warrants, under the ASIO Act. In general terms, section 17 of the Law Officers Act allows the Attorney-General to delegate ‘any or all’ of their powers and functions under Commonwealth laws to the Solicitor-General or the Secretary of the Attorney-General’s Department, except for the powers and functions conferred on the Attorney-General under the TIA Act.

Item 3 in Part 1 of the Bill amends the Law Officers Act by repealing and replacing subsection 17(6) to prevent the Attorney-General from delegating their powers under both the ASIO Act and the TIA Act.

Recommendation 19

Recommendation 19 of the Review was to the effect that the Attorney-General’s powers in respect of ASIO should only be conferrable on another minister through legislative amendment and not by way of Executive action, other than in circumstances where the Prime Minister is satisfied that exceptional circumstances exist.

The Richardson Review considered that because ‘the Attorney-General has a special role in respect of ASIO warrants’ the conferral of that role ‘should not be so readily achievable’.[25]

Items 2 and 4 in Part 1 of the Bill seek to implement Recommendation 19 in relation to substituted reference orders by inserting proposed section 5B into the ASIO Act and proposed section 6V into the TIA Act respectively.

Under section 19B of the Acts Interpretation Act 1901 (the AIA), the Governor-General may, in certain circumstances, make a substituted reference order. A substituted reference order is an order under which a reference in an Act to one authority (such as a Minister) is taken to be a reference to a different authority (such as a different Minister). See, for example, the Acts Interpretation Amendment Substituted Reference Order 2022.

The proposed amendments to the ASIO Act and the TIA Act provide that, unless the Prime Minister is satisfied that ‘exceptional circumstances’ exist, the Governor-General must not make a substituted reference order in relation to the provisions concerning the Attorney-General within the ASIO Act and the TIA Act, respectively. Item 1 in Part 1 of the Bill inserts a note to subsection 19B(2) of the AIA that highlights the restrictions imposed on the making of substituted reference orders by the provisions inserted into the ASIO Act and the TIA Act by items 2 and 4

Recommendation 66

Subsection 474.6(7) of the Criminal Code provides that a person is not criminally responsible for an offence under subsection 474.6(5) (use/operation of an apparatus/device that hinders a carriage service) where the person is a law enforcement, intelligence or security officer acting in good faith in the course of their duties and the conduct is reasonable in all the circumstances for the purpose of that duty.

Recommendation 66 of the Review proposed that the defence in subsection 474.6(7) of the Criminal Code should be extended to ASIO so that it applies to all offences in section 474.6. The defence should only be available where ASIO officers are acting in the course of their duties and where their conduct is reasonable in the circumstances for the purpose of performing those duties.[26]

The Richardson Review notes that the current method employed by ASIO to identify the location of cellular transmitters is used, despite being ‘inefficient’, due to concerns that using other methods would risk liability for offences in Part 10.6 and Part 10.7 of the Criminal Code.[27]

Items 6, 8 and 9 in Part 2 of the Bill insert proposed subsections 474.6(4A), 477.2(2) and 477.3(2) into the Criminal Code to provide that ASIO officers acting in good faith in the course of their duties who have behaved reasonably in all the circumstances would not be criminally responsible for the following offences:[28]

  • subsection 474.6(1) (tampering with a carrier facility)
  • subsection 474.6(3) (tampering with a carrier facility that hinders a carriage service)
  • subsection 477.2(1) (modifying computer data without authorisation)
  • subsection 477.3(1) (impairing computer-based electronic communication without authorisation).

The provisions inserted by items 6, 8 and 9 are framed as defences to the above offences. This means that a defendant in a trial of these offences bears an evidential burden and would be required to adduce or point to evidence suggesting a reasonable possibility that their conduct was undertaken in good faith in the course of their duties as an ASIO officer and was reasonable in the circumstances. The prosecution would then be required to discharge its legal burden to negate the existence of the defence beyond reasonable doubt.[29]

Items 5 and 7 in Part 2 of the Bill insert the definition of ASIO officer into section 473.1 and subsection 476.1(1) of the Criminal Code. As discussed previously, the Bill defines ASIO officer as meaning the ‘Director-General of Security’, an ‘ASIO employee’ or ‘ASIO affiliate’. This definition will apply to all references to ASIO officers in Parts 10.6 (telecommunications services) and Part 10.7 (computer offences) of the Criminal Code. A supplementary submission by ASIO to the PJCIS inquiry into the Bill clarified that ‘[i]n practice, this [the term ‘ASIO affiliate’] could include persons such as secondees, contractors, consultants or human sources’.

Although the Richardson Review refers to ASIO officers it does not appear that the Review defined this term explicitly. Therefore, it is not clear whether the scope of coverage of the proposed defences exceeds that which was recommended by the Richardson Review, especially through the inclusion of the term ‘ASIO affiliates’ in the definition, which is, according to a submission to the PJCIS by the Inspector General of Intelligence and Security, ‘potentially quite broad’.

The proposed extension of these defences to ASIO and its ‘affiliates’ was discussed during the PJCIS hearing (see the discussion under the heading ‘Position of major interest groups’ above).

Recommendation 136

Recommendation 136 of the Richardson Review proposed that Part VIIC of the Crimes Act 1914 be amended to allow ASIO to use, record and disclose spent conviction information for the performance of its functions.[30]

Spent convictions are those criminal convictions which may no longer be disclosed on a person’s record because a period of time has elapsed (for example, 10 years) where no further reoffending has occurred.[31] There are some exceptions to the ‘automatic spending of convictions’. For example, some sexual assault offences may never be spent and are thus always disclosable. Each state and territory (as well as the Commonwealth) has its own spent convictions legislation (or ‘scheme’) that defines a spent conviction and sets out the exemptions that apply.

Division 3 of Part VIIC of that Crimes Act provides that a person who has a spent conviction under a Commonwealth law is not required to disclose charges or a conviction in relation to that matter. A number of exclusions to this general position are provided in Division 6 of Part VIIC of the Crimes Act.

To give effect to Recommendation 136, item 14 in Part 4 of the Bill inserts proposed section 85ZZJA into Division 6 of Part VIIC of the Crimes Act to provide that Division 3 of Part VIIC of that Act does not apply to ASIO or an ASIO officer in relation to disclosure, recording, filing or use of information for the purpose of the performance ASIO’s functions or the exercise of ASIO’s powers. Proposed subsection 85ZZJA(2) replicates the definition of ASIO officer that would be inserted into the Criminal Code under Part 2 of the Bill. Some concerns have been raised in relation to the level of access to spent conviction information that may be available to ASIO affiliates as a result of the proposed change,[32] although the Information Commissioner supported the changes.[33]

Recommendation 145

Recommendation 145 of the Richardson Review proposed that the IGIS should be required to report annually on public interest disclosures received by, and complaints about similar conduct made to, the IGIS.[34]

To give effect to the recommendation, item 15 in Part 5 of the Bill inserts proposed subsections 35(2AB) and 35(2AC) into the IGIS Act requiring the IGIS to include information in its annual report about complaints made under Division 2 of Part 2 of the IGIS Act and disclosures of information under the Public Interest Disclosure Act 2013 (the PID Act). Furthermore, the Bill inserts proposed subsection 35(2AD) into the IGIS Act to provide that the head of an intelligence agency must give the IGIS information and assistance as reasonably required in relation to responses to complaints under the IGIS Act and disclosures under the PID Act.

Recommendation 167

Recommendation 167 of the Richardson Review states that ASIS, AGO, ASD, ONI and DIO should be excluded from the Commonwealth Ombudsman’s jurisdiction.[35]

The Commonwealth Ombudsman was established by the Ombudsman Act, to, amongst other things, undertake complaint investigations into Commonwealth agencies.[36] Its jurisdiction currently extends to all NIC agencies (except ASIO).[37] By convention, however, it has not exercised jurisdiction over NIC agencies other than Home Affairs, the AFP, AUSTRAC and the ACIC.[38]

The proposed change is to formalise this approach by excluding ASIS, AGO, ASD, ONI and DIO from the Ombudsman’s jurisdiction. Item 19 in Part 6 of the Bill inserts proposed paragraph 5(2)(e) into the Ombudsman Act to specifically prohibit the Commonwealth Ombudsman from investigating the actions of ASIO, ASIS, AGO, ASD, DIO and ONI.

The Commonwealth Ombudsman was supportive of the changes (see the discussion under the heading ‘Position of major interest groups’ above). IGIS will retain responsibility for overseeing and reviewing the activities of intelligence agencies, including for legality and propriety and for consistency with human rights.

Recommendation 186

Recommendation 186 of the Richardson Review recommended the FOI Act should be amended to remove the AGO exemption in respect of its non-intelligence function.[39]

The AGO currently enjoys an exemption from the FOI Act under existing subparagraph 7(2A)(a)(v). According to the Richardson Review:

… following the transfer of the functions of the Australian Hydrographic Office from the Royal Australian Navy to AGO, concerns were raised during parliamentary debate about the fact that non-intelligence hydrographic documents would be exempt from release under the FOI Act.[40]

Item 20 in Part 7 of the Bill repeals and replaces subparagraph 7(2A)(a)(v) of the FOI Act to allow FOI requests for documents originating with, or received from, the AHO.[41]

Recommendation 188

Recommendation 188 of the Richardson Review recommended that consistent protections should be afforded to Suspicious Matter Reports and Suspicious Transaction Reports to AUSTRAC under the FOI Act.[42]

Section 7 of the FOI Act provides that certain persons and bodies are exempt from the operation of that Act, either in full or in relation to the kinds of documents specified. Entities that are entirely exempt from the FOI Act are set out in Part I of Schedule 2 to the Act. AUSTRAC is not listed in that Part. Entities that are exempt from the FOI Act in relation to particular documents are listed in Part II of Schedule 2 to the Act. That Part currently provides that AUSTRAC is exempt from the FOI Act in relation to documents concerning:

In addition, section 38 of the FOI Act provides that a document is exempt from disclosure if its disclosure is prohibited under a provision that is specified in Schedule 3 to the Act. No provisions in the Financial Transaction Reports Act or the AML-CTF Act are so specified.

Accordingly, AUSTRAC documents are afforded variable levels of protection under the FOI Act. For example, there are currently exemptions for Suspicious Matter Reports which are submitted by entities if they suspect a customer or transaction is linked to a crime.[43] This does not necessarily extend to those documents under the control of another entity. During the Richardson Review:

AUSTRAC submitted that there are inconsistencies in the exemptions available to it in the FOI Act. It noted that the FOI Act does not protect Suspicious Matter Reports, Suspicious Transaction Reports and any document concerning these reports when they are held by agencies other than AUSTRAC. It also noted that the FOI Act (section 38) does not consistently exempt documents from release, even where they are prohibited from release under other legislation.[44]

Item 22 in Part 7 of the Bill inserts proposed subsection 7(2G) into the FOI Act to provide a specific exemption for certain documents (for example, Suspicious Matter Reports) that have originated with, or have been received from, AUSTRAC.

Recommendation 191

Recommendation 191 of the Richardson Review submitted that all security matters arising under the Archives Act should be heard in the Security Division of the Administrative Appeals Tribunal (AAT).[45]

According to the Richardson Review:

The AAT’s treatment of national security information differs depending on whether the record under consideration is a record of ASIO or another agency (even where the record contains the same information and is sourced from the same agency). When the AAT is reviewing a decision made under the Archives Act, in respect of access to a record, records identified as ASIO records are considered by the Security Division of the AAT whereas records from other intelligence agencies are considered by the General Division of the AAT.[46]

Recommendation 191 addresses that inconsistency.

Item 25 in Part 8 of the Bill inserts a definition of exempt security record into subsection 3(1) of the AAT Act. The definition refers to a record of ASIO or a record that is claimed to be an exempt record under the Archives Act for the reason that it contains information or a matter referred to in paragraph 33(1)(a) or (b) of that Act—that is, information or matter that could reasonably be expected to cause damage to the security, defence or international relations of the Commonwealth or that was communicated in confidence by or on behalf of a foreign government or international organisation and remains confidential.

Item 26 in Part 8 amends paragraph 17B(2)(b) of the AAT Act to require all proceedings in relation to an exempt security record be heard in the Security Division of the AAT. The amendment ensures that proceedings concerning exempt records of the Archives Act are heard in the Security Division of the AAT which also includes records which did not originate with NIC agencies.[47]

Recommendation 192

Recommendation 192 of the Richardson Review proposed that the FOI Act and the Archives Act should be amended so that IGIS is only required to provide evidence that addresses the damage that would, or could reasonably be expected to, arise from the release of material where the matter involves one or more of the agencies that the IGIS oversees.[48]

During the Review, the IGIS raised concerns with mandatory requirements for the IGIS to personally provide evidence or advice in Information Commission external reviews of FOI decisions, AAT proceedings concerning FOI decisions, and AAT proceedings concerning decisions under the Archives Act.[49]

Item 32 repeals and replaces subsection 50A(1) of the Archives Act. The amendment limits the circumstances in which the IGIS is required to appear and give evidence before the AAT to instances where:

  • the National Archives has made a decision under review by the AAT in respect to access to a record, and
  • the record is claimed to be an ‘exempt record’ pursuant to paragraphs 33(1)(a) or (b), and
  • the record relates directly or indirectly to the functions, duties or powers of an NIC agency, and
  • the record is not a record of the IGIS.

The amendment is intended to reduce the administrative burden on the IGIS by narrowing the circumstances in which they are required to appear before the AAT.[50]

Items 33 and 34 in Part 8 of the Bill also address Recommendation 192. They amend the FOI Act by repealing and replacing section 55ZA and subsection 60A(1) respectively in an effort to reduce the administrative burden on the IGIS by narrowing the circumstances in which they are required to appear before the AAT and the Information Commissioner, so that this is only required when the matter involves a record claimed to be exempt on national security grounds that relates to the functions, duties or powers of an NIC agency.

Changes to the PJCIS

One of the other proposed changes in the Bill – unrelated to the Richardson Review – are the proposed amendments to the composition of the PJCIS under the Intelligence Services Act. In oral evidence to the PJCIS from the Attorney-General’s Department (AGD) it was stated:

[These amendments] came about as a recommendation from government, via [the Attorney-General ’s] office, as a measure to enhance the flexibility [of the PJCIS], to reduce the constraints on its composition but also to allow an additional two people, which might assist when covering leave or other absences.[51]

AGD confirmed that ‘flexibility was the main intent’ of the proposed PJCIS changes, and that the inclusion of two additional members provided the Committee with greater resourcing.[52]

The PJCIS is established by section 28 of the Intelligence Services Act. It is intended to provide a level of Parliamentary oversight of the NIC. The precursors to the PJCIS were the Parliamentary Joint Committee on ASIO (1988–2001) and the Parliamentary Joint Committee on ASIO, ASIS and DSD (2002–2005).

According to subsection 28(1) of the Intelligence Services Act, the PJCIS is established after commencement of the first session of each Parliament. Its functions are set out in section 29 of that Act and include, amongst other things, to review the administration and expenditure of NIC agencies, although it cannot, by law, review the intelligence gathering priorities of ASIO, ASIS, AGO, DIO, ASD or ONI.[53]

The PJCIS currently comprises eleven members in total, five of whom must be Senators and six of whom must be members of the House of Representatives.[54] The majority of the Committee’s members must be Government members.[55]

Part 3 of the Bill proposes to amend the composition of the PJCIS, including increasing the number of members from eleven to thirteen.[56] Table 2 below shows the change in composition of the PJCIS and its predecessors from 1988 to today.

Table 2: Composition of PJCIS and its predecessors from 1988 to today

CommitteeYears ActiveEstablishing LegislationComposition
Parliamentary Joint Committee on ASIO1988-2001ASIO ActSeven members total, comprised of three Senators and four members of the House of Representatives.
Parliamentary Joint Committee on ASIO, ASIS and DSD 2002-2005Intelligence Services Act Seven members total comprised of three Senators and four members of the House of Representatives.
PJCIS2005-presentIntelligence Services Act

2005–2011

Nine members total comprised of four Senators and five members of the House of Representatives.

2011–present

Eleven members total, comprised of five Senators and six members of the House of Representatives.[57]

Ministerial Directions to ASIS under the Intelligence Services Act 2001

In addition to the implementation of ten recommendations from the Richardson Review, and the change in composition of the PJCIS, the Bill seeks to amend the Intelligence Services Act to clarify the level of detail required in a Ministerial Direction to ASIS.

Under paragraph 6(1)(e) of the Intelligence Services Act, one of the functions of ASIS is to ‘undertake such other activities as the responsible Minister directs relating to the capabilities, intentions or activities of people or organisations outside Australia.’

Item 36 in Part 9 of the Bill repeals and replaces paragraph 6(1)(e) in an effort to provide ‘certainty regarding the level of detail required to describe the directed activities in a Ministerial Direction’.[58] It provides that activities directed by the Minister may be of a general or specific nature and may include classes of activities. Item 37 inserts proposed subsections 6(1A) and 6(1B) into the Intelligence Services Act to allow the Minister to specify a purpose or purposes for which activities (or classes of activities) of ASIS may be carried out.

Conclusion

The Bill makes what appear to be relatively minor and technical amendments to the Commonwealth’s legislative framework for gathering and utilising information related to national security. It is the second in a suite of measures seeking to respond to the Richardson Review of 2019. The previous Government agreed to all ten of the recommendations which this Bill seeks to implement. In the hearing before the PJCIS on this Bill, relatively few concerns were raised about the changes, although there was discussion about the new defences afforded to ASIO and its ‘affiliates’ as well as an ASIO officer’s ability to access and control spent convictions information.