Key points
- The Intelligence Services Legislation Amendment Bill 2023 (the Bill) will expand the oversight functions of the Inspector-General of Intelligence and Security (IGIS) and the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to include the Australian Criminal Intelligence Commission (ACIC), and the intelligence functions of the Australian Transaction Reports and Analysis Centre (AUSTRAC), the Australian Federal Police (AFP) and the Department of Home Affairs.
- The Bill will also:
- provide that the PJCIS may, at its own initiative, review proposed reforms to counter-terrorism and national security legislation, and all such expiring legislation
- make minor amendments to the operation of the PJCIS and
- amend clearance levels required by PJCIS staff.
- Unrelated to the other amendments in the Bill, Schedule 4 will exempt ‘defence officials’ and others from civil and criminal liability for certain (computer-related) conduct that is connected to an intended effect outside of Australia. These amendments do not appear to provide the same level of oversight/recourse which currently exists with respect to similar immunities provided to staff of certain intelligence agencies.
- The intent and substance of a number of amendments in this Bill have been the subject of previous inquiry, debate and comment through a number of channels, including but not limited to intelligence reviews (including the 2017 Independent Intelligence Review and the 2020 Comprehensive Review of the Legal Framework of the National Intelligence Community), PJCIS inquiries, and Bills put forward in current and previous parliaments. However, there are a number of elements in this Bill that have not had such scrutiny, and/or are worthy of further scrutiny by Parliament.
- The Bill was referred to the PJCIS on 25 July 2023, with submissions closing on 31 August 2023.
- At the time of writing, stakeholders have yet to comment on the Bill.
Introductory Info
Date introduced: 22 June 2023
House: House of Representatives
Portfolio: Attorney-General
Commencement: See table at pages 5–10
Purpose of the Bill
The purpose of the Intelligence
Services Legislation Amendment Bill 2023 (the Bill) is to amend a number of
Commonwealth Acts (see table below) to:
- expand
the jurisdiction of the Inspector-General of Intelligence and Security (IGIS)
and the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to
include oversight of the Australian Criminal Intelligence Commission (ACIC) and
the ‘intelligence functions’ of the Australian Federal Police (AFP), Australian
Transaction Reports and Analysis Centre (AUSTRAC) and Department of Home
Affairs (Home Affairs)
- make
a range of amendments concerning oversight activities of those agencies by the
IGIS and PJCIS, including those relating to:
- inquiries
and inspections
- complaints
management
- information
sharing and disclosure
- report
provision
- briefings
and
- interaction
between oversight bodies.
- make
minor amendments to the operation of the PJCIS and amend clearance levels
required by PJCIS staff
- provide
that the PJCIS can review and inquire into any proposed reforms to, or expiry,
lapsing or cessation of effect of, legislation relating to counter-terrorism or
national security, as it sees fit
- make
subsequent consequential amendments to other Commonwealth legislation related
to the expansion and enhancement of oversight of the NIC
- exempt
‘defence officials’ and others from civil and criminal liability for material
damage, material interference or material obstruction to a computer in
Australia which arises from certain (computer-related) conduct that is
connected to an intended effect outside of Australia.
Structure of the Bill and
Bills Digest
The Bill is divided into five Schedules with multiple
parts, as reflected in the below table. This Bills Digest focuses on the key
provisions in Parts 1 and 2 of Schedule 1, and Schedule 4, with further detail
on other provisions provided in the Explanatory
Memorandum (EM) to the Bill.
| Provisions |
Commencement |
Detail |
| Schedule 1, Part 1 – |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. (At the time of
writing, the Inspector-General
of Intelligence and Security and Other Legislation Amendment (Modernisation)
Bill 2022 has passed the House of Representatives and is before the
Senate.) |
Main amendments
Amends:
(EM, pp. 19-58) |
| Schedule 1, Part 2 |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. |
Consequential amendments commencing with the main
amendments
Amends:
(EM, pp. 59-142) |
| Schedule 1, Part 3 |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. |
Consequential amendments commencing after the National
Anti-Corruption Commission Act 2022 (NACC Act)
Amends:
(EM, p. 143) |
| Schedule 1, Part 4 |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. |
Consequential amendments commencing after the Public
Interest Disclosure Amendment (Review) Act 2023 (PID
Amendment Act)
Amends:
(EM, pp. 144-146) |
| Schedule 1, Part 5 |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. |
Consequential amendments commencing after the PID
Amendment Act and the National
Anti-Corruption Commission (Consequential and Transitional Provisions) Act
2022 (NACC (CTP) Act).
Amends:
(EM, pp. 147-148) |
| Schedule 2, Part 1 |
Immediately after the commencement of the provisions in
Schedule 1, Parts 1 and 2 of the Bill (see above). |
Consequential amendments if the NACC (CTP) Act
commences before the main amendments in Schedule 1
Amends:
- ABF
Act
- Crimes
Act
- Ombudsman
Act
(EM, pp. 149-150) |
| Schedule 2, Part 2 |
These provisions will not commence as the NACC (CTP)
Act has fully commenced. |
Consequential amendments if the main amendments in
Schedule 1 commence before the NACC (CTP) Act
Amends:
- ABF
Act
- Crimes
Act
- Ombudsman
Act
(EM, pp. 151- 152) |
| Schedule 2, Part 3 |
These provisions will not commence as the NACC (CTP)
Act has fully commenced. |
Consequential amendments commencing after the NACC
(CTP) Act commences if the main amendments in Schedule 1 commence first
Amends:
(EM, p. 153) |
| Schedule 2, Part 4 |
Immediately after the commencement of the provisions in
Schedule 1, Parts 1 and 2 of the Bill (see above). However, the provisions do
not commence at all if the National Security Legislation Amendment
(Comprehensive Review and Other Measures No. 2) Act 2023 (NSLAB (No.
2) Act) does not commence before that time. (At the time of writing, the National
Security Legislation Amendment (Comprehensive Review and Other Measures No.
2) Bill 2023 has passed the House of Representatives and is before the
Senate.) |
Consequential amendments if the National Security
Legislation Amendment (Comprehensive Review and Other
Measures No. 2) Act (NSLAB (No. 2) Act) commences before
the main amendments in Schedule 1
Amends:
(EM, p. 154) |
| Schedule 2, Part 5 |
Immediately after the commencement of the provisions in
Schedule 1, Parts 1 and 2 of the Bill (see above). However, the provisions do
not commence at all if the National Security Legislation Amendment
(Comprehensive Review and Other Measures No. 2) Act 2023 commences before
that time. |
Consequential amendments if the main amendments in
Schedule 1 commence before the NSLAB (No. 2) Act
Amends:
(EM, p. 155) |
| Schedule 2, Part 6 |
Immediately after the commencement of the National
Security Legislation Amendment (Comprehensive Review and Other Measures No.
2) Act 2023. However, the provisions do not commence at all if that Act
commences before Schedule 1, Parts 1 and 2 of the Bill. |
Consequential amendments commencing after the NSLAB
(No. 2) Act if the main amendments in Schedule 1 commence before the NSLAB
(No. 2) Act
Amends:
(EM, p. 156) |
| Schedule 3 |
Immediately after the commencement of the National
Security Legislation Amendment (Comprehensive Review and Other Measures No.
2) Act 2023. However, the provisions do not commence at all if that Act
does not commence. |
Review of access to ACIC criminal intelligence
assessment records under the archives law
Amends:
(EM, pp. 157-158) |
| Schedule 4 |
The day after Royal Assent |
Liability for certain computer-related acts
Amends:
(EM, pp. 159-162) |
| Schedule 5 |
The later of 6 months after Royal Assent or commencement
of Schedule 1 of the Inspector-General of Intelligence and Security and
Other Legislation Amendment (Modernisation) Act 2022. However, if that
Act does not commence then this Part does not commence. |
Application and transitions provisions for Schedules
1 and 2
(EM, pp. 163-168) |
Background
Australia’s National
Intelligence Community
Australia’s National Intelligence
Community (NIC) is collectively made up of a number of agencies and
departments that operate under a range of Commonwealth legislation. The
Australian Intelligence Community (AIC) was initially comprised of six
agencies:
- Australian
Geospatial-Intelligence Organisation (AGO)
- Australian
Signals Directorate (ASD)
- Australian
Secret Intelligence Service (ASIS)
- Australian
Security Intelligence Organisation (ASIO)
- Defence
Intelligence Organisation (DIO) and
- Office
of National Intelligence (ONI).
As Australia’s security environment has become more
complex, four other agencies subsequently became part of Australia’s National
Intelligence Community (NIC):
- Australian
Criminal Intelligence Commission (ACIC)
- Australian
Federal Police (AFP)
- Australian
Transaction Reports and Analysis Centre (AUSTRAC) and
- Department
of Home Affairs (Home Affairs).
For further detail on the history of the AIC and NIC see
the Bills
Digest prepared in relation to the Intelligence
Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020
(the Integrity Measures Bill) (pages 11–12).
Accountability and oversight
bodies
Australia’s current accountability and oversight framework
for NIC consists
‘of a number of specialised bodies independent of the Government and each other
and the agencies they oversee’ (pp. 12–13). These include:
While the NIC has expanded, it has continued to operate
with the same ‘oversight and accountability framework’, which has not ‘been
reformed since the formation of the community’, as the Attorney-General noted
in his second
reading speech for this Bill.
Over the past six years, two separate intelligence reviews
have considered the suitability and effectiveness of the NIC’s accountability
and oversight arrangements, with both reaching separate and at times
contradictory conclusions about the functions and oversight jurisdictions of
the IGIS and the PJCIS. The current functions of the IGIS and PJCIS are
outlined below, followed by a brief summary of these reviews.
Inspector-General of
Intelligence and Security
The IGIS is an independent statutory agency that sits
within the portfolio of the Attorney-General. The Inspector-General is an
independent statutory officer who is appointed under the IGIS Act. The
current Inspector-General is Dr Christopher Jessup KC.
The IGIS has inquiry, inspection and investigation
functions, which it outlines
on its website as follows:
Inspections of agencies activities and processes are designed
to monitor agencies’ governance, compliance and control frameworks and to
identify issues. Inquiries can be conducted into matters of concern, and the
IGIS has strong independent investigative powers similar to those of a royal
commission. These include the power to compel persons to answer questions and
produce documents, to take sworn evidence, and to enter agency premises.
IGIS can also investigate complaints made by members of the
public or intelligence agency staff, about the activities of intelligence
agencies.
At present, the IGIS has oversight jurisdiction over six
intelligence agencies within the NIC: AGO, ASD, ASIO, ASIS, DIO and ONI.
Following the enactment of the Surveillance
Legislation Amendment (Identify and Disrupt) Act 2021, the IGIS also
has oversight of the use of network activity warrants by the ACIC and the AFP,
which are members of the NIC but not currently subject to IGIS oversight beyond
their use of the above-cited warrants.
The IGIS additionally has functions
and responsibilities ‘under the Public Interest Disclosure Act 2013
(PID Act) relating to disclosures about the intelligence agencies’:
… the Inspector-General has a specific role under the Freedom
of Information Act 1982 (FOI Act) and the Archives Act to provide evidence
on the damage that may be caused by the disclosure of certain material in
national security related matters. (p. 8)
According to the most recent 25 May 2023 Senate Estimates
testimony by the Inspector-General, the
IGIS had an Average Staffing Level (ASL) of around 44.94 and Full-Time
Equivalent (FTE) staffing of 36.69 at 31 March 2023 (p. 64), against a target ASL outlined in the
2021-22
annual report of 56 (p. 29). The Inspector General noted in his foreword to
the 2021-22 annual
report that resourcing was a
challenge:
More generally, although the Office had many new staff join
it over the year, the planned expansion to the Office’s full complement of
staff has not yet been reached for a number of reasons, including those related
to the necessary but lengthy security clearance process. The Office, like many
public sector agencies, continues to feel the challenges of recruiting and
retaining subject matter experts across a range of skillsets. These challenges
continue across ICT, information governance and HR within the corporate
streams, and other agency specific roles required in intelligence oversight.
(p. 3)
The annual
report also suggests that performance baselines in relation to the IGIS’s
inquiry, inspection and complaints functions remain in the process of being
established (pp. 19–21). Despite this, and the resource challenges identified
above, the annual report highlights
that during 2021-22:
The Office received 80 complaints during the year that fell
within the jurisdiction of the IGIS Act. In addition, the Office received 141
complaints about visa and citizenship matters which are reported separately.
The Office also considered more than 400 additional pieces of correspondence to
determine whether they fell within the Inspector-General’s jurisdiction. (p.
22)
In terms of disclosures received and investigated under
the PID Act, the annual report outlined
that in 2021-22:
- The Office received 9 disclosures directly, 5 of which it
allocated to itself, and 4 it allocated to other agencies.
- The Office received 1 disclosure indirectly when it was
allocated the disclosure by another agency.
The Office commenced two investigations under the PID Act
during 2021–22. At the end of the reporting period, one of the two
investigations was complete and the other was ongoing. (p. 24)
In the IGIS’s most recent Corporate
Plan, ‘the downstream impacts’ of policy and legislative processes were
noted:
We consider an important part of the policy and legislative
process to be the consideration of ‘downstream impacts’ on our oversight work
and our agency, which may also include, from time to time, discussions about
resourcing levels. For example, new powers or capabilities in intelligence
agencies require us to have a comparable technical capability to understand
these capabilities. Equally, an expansion in the quantum of activities of
agencies in the Inspector-General’s jurisdiction can also have an impact on our
work. These are important considerations to take into account to ensure that
the oversight ‘footprint’ continues to be proportionate to the work of the
agencies. (p. 6)
According to 25
May 2023 Senate Estimates testimony, the most recent staffing projections
for the IGIS are that it will grow to 59.5 for 2023-24, to 68.5 for 2024-25 and
79.5 in 2025-26 (p. 65).
Parliamentary Joint Committee
on Intelligence and Security
The PJCIS performs an important role overseeing and
reviewing Australia’s NIC and has three
key functions:
- providing oversight of Australian intelligence agencies by
reviewing their administration and expenditure;
- building bipartisan support for national security
legislation by reviewing national security bills introduced to Parliament; and
- ensuring national security legislation remains necessary,
proportionate and effective by conducting statutory reviews.
As the Committee’s webpage
explains ‘These functions are provided for in section 29 of the IS Act,
which details many of the Committee’s specific responsibilities, including’:
- reviewing the administration and expenditure of the
Australian Security Intelligence Organisation (ASIO), Australian Secret
Intelligence Service (ASIS), Australian Geospatial-Intelligence Organisation
(AGO), Defence Intelligence Organisation (DIO), Australian Signals Directorate
(ASD) and Office of National Intelligence (ONI), including their annual
financial statements;
- reviewing any matter in relation to ASIO, ASIS, AGO, DIO,
ASD or ONI referred to the Committee by the responsible Minister or by a
resolution of either House of the Parliament;
- monitoring, and reviewing the performance by the Australian
Federal Police (AFP) of its functions under Part 5.3 of the Criminal
Code (terrorism);
- monitoring and reviewing the performance by the AFP of its
functions under Division 3A of Part IAA of the Crimes Act 1914 (stop,
search and seizure powers), and the basis of the Minister’s declarations of
prescribed security zones under section 3UJ of that Act;
- conducting reviews of a range of specific provisions
in various Acts relating to national security; including terrorism,
telecommunications, citizenship and migration laws;
- reviewing privacy rules applicable to intelligence
agencies.
The powers of the PJCIS are limited with respect to
reviewing certain activities of intelligence agencies, including their
intelligence gathering and assessment priorities, operational methods,
particular operations, aspects of their activities that do not affect
Australians, and individual complaints about their activities. The PJCIS is
also restricted from reviewing sensitive operational information and/or
operational methods used by the AFP and from reviewing particular
investigations or operations being undertaken or proposed by the AFP and those
that have already taken place. The PJCIS also undertakes reviews of legislation
and may refer a matter to the INSLM, however it is currently not authorised to
initiate its own inquiries, instead being required to request that the
responsible Minister refer a matter for it to review.
For further detail on function of the PJCIS and its
history see the webpage
of the Committee.
Recent intelligence reviews
This Bill incorporates recommendations from the 2017
Independent Intelligence Review and according to the Explanatory
Memorandum (p. 159), also the 2020
Comprehensive Review of the Legal Framework of the National Intelligence
Community. In the 2023–24
Budget, the Government provided additional resourcing to the Department of the
Prime Minister and Cabinet to support a number of priorities, including the
next Independent Intelligence Review (p. 193).
2017 Independent Intelligence
Review
The 2017 Independent
Intelligence Review concluded that there was ‘a compelling case for a
consistent oversight regime to apply to all the intelligence capabilities that
support national security, across the ten agencies of the NIC’ (p. 116).
It recommended expanding oversight roles of the IGIS and
PJCIS to include all ten agencies within the NIC, with oversight of the AFP,
Home Affairs and ACIC limited to their intelligence functions (Recommendation
21). The Independent Intelligence Review did not recommend the ACIC be defined
as an intelligence agency and moved solely under the oversight of the IGIS as
has been provided for in this Bill.
The Independent Intelligence Review also recommended that
the role of the PJCIS be expanded, including by enabling the PJCIS to request
the IGIS conduct an inquiry into the legality and propriety of particular
operational activities of NIC agencies, and to provide a report to the PJCIS,
Prime Minister and the responsible Minister (Recommendation 23).
Further detail on the Independent Intelligence Review is
available in a Parliamentary Library Briefing Book article on Intelligence community reforms. Additional information can be found in Bills
Digest for the Integrity
Measures Bill and the PJCIS
report on that Bill and various submissions.
2020 Comprehensive Review of
the Legal Framework of the National Intelligence Community
The Independent
Intelligence Review recommended that a ‘comprehensive review of the Acts
governing Australia’s intelligence community be undertaken to ensure agencies
operate under a legislative framework which is clear, coherent and contains
consistent protections for Australians’ (Recommendation 15).
The Comprehensive
Review (also known as the Richardson Review, after Dennis Richardson who
conducted the review) agreed with some but not all of the Independent
Intelligence Review recommendations. The Comprehensive
Review recommended against expanding IGIS oversight to the AFP and Home
Affairs (p. 56, vol 1). It did not definitively address the ACIC and AUSTRAC’s
status in relation to IGIS oversight but did note
there was ‘a stronger case for IGIS oversight of the ACIC and AUSTRAC’s
intelligence activities’ (p. 56, vol 1). The Comprehensive
Review also endorsed the Independent Intelligence Review’s recommendation
that ‘the PJCIS be able to request the IGIS to conduct an operational inquiry
and report to the PJCIS, Prime Minister and responsible minister’ (p. 55, vol
1).
A consolidated list of all the Comprehensive Review’s
recommendations, marked up by policy subject area, is included at Appendix B of
the Bills
Digest prepared in relation to the Integrity Measures Bill. Other Bills
Digests prepared for recent Bills which also responded to recommendations from
the Comprehensive Review provide further context, including:
Intelligence Oversight and
Other Legislation Amendment (Integrity Measures) Bill 2020
The previous Coalition Government introduced the Integrity
Measures Bill on 9 December 2020. The Bill proposed to respond to certain
recommendations of the Independent Intelligence Review and the Comprehensive
Review, including amending the IGIS Act to expand the powers of the IGIS
to conduct oversight of the intelligence functions of the ACIC and AUSTRAC. The
Bill also proposed amendments to the IS Act to expand PJCIS oversight to
the intelligence functions of AUSTRAC.
The Bill was referred to the PJCIS on 18 December 2020,
which undertook an extensive
inquiry into the Bill and tabled its report
on 9 February 2022. The PJCIS made five recommendations, including:
- that
the Bill and, to the extent necessary, other legislation be amended to expand
the oversight remit of the PJCIS and the IGIS to cover the intelligence
functions of the AFP (Recommendation 1) and
- that
the Bill be amended to provide the PJCIS with oversight of the ACIC (Recommendation
2).
The Bill was never debated and lapsed when Parliament was
dissolved on 11 April 2022.
Committee consideration
At the time of writing, the Bill has not been referred to
any committees for inquiry and report.
Senate Standing Committee for
the Scrutiny of Bills
At the time of writing, the Senate Standing Committee for
the Scrutiny of Bills had not yet considered the Bill.
Policy position of
non-government parties/independents
At the time
of writing, the Bill does not appear to have attracted public comment from
non-government parties and independents.
Position of major interest
groups
At the time of writing the Bill does not appear to have
attracted public comment from major interest groups.
As discussed in the background section, several of the key
amendments in this Bill relating to broadening the jurisdiction of the IGIS and
PJCIS has previously been the subject of comment and discussion through two
major intelligence reviews, subsequent government responses and a number of
previous Bills, at least one of which was the subject of a PJCIS
inquiry. A number of entities provided submissions to the PJCIS inquiry
including the IGIS, the Ombudsman, and the Law Council of Australia. Their
submissions and those of others are available at the PJCIS
inquiry page and discussed throughout the PJCIS’s
report on the Integrity Measures Bill. They are also summarised in the Bills
Digest to that Bill.
Financial implications
The Explanatory
Memorandum notes that $4.9 million ongoing and $12.2 over three years
beginning 2024-25 has been committed to support the expansion of jurisdiction
for the IGIS (p. 6). The expanded jurisdiction of the PJCIS will be supported
by $0.3 million ongoing and $1.3 million over four years commencing 2023-24,
which the Explanatory Memorandum notes was contained in the 2023-24 Budget (p.
6).
Statement of Compatibility
with Human Rights
As required under Part 3 of the Human Rights
(Parliamentary Scrutiny) Act 2011, the Government has assessed the
Bill’s compatibility with the human rights and freedoms recognised or declared
in the international instruments listed in section 3 of that Act.
The Government has stated that the Bill’s amendments would
engage the following human rights contained in the International
Covenant on Civil and Political Rights (ICCPR):
- the
right to humane treatment in detention under article 10(1)
- the
right to a fair trial and a fair hearing under article 14(1)
- the
prohibition on interference with privacy under article 17 and
- the
right to freedom of expression under article 19.
The Government considers that the Bill is compatible.[1]
Parliamentary Joint Committee
on Human Rights
At the time of writing, the Parliamentary Joint Committee
on Human Rights had not considered the Bill.
Key issues and provisions
The below section summarises some of the key provisions of
the Bill, with a focus on the provisions in Parts 1 and 2 of Schedule 1, and
Schedule 4.
Due to time constraints, not all key provisions may have
been identified or discussed in detail. The Parliamentary Library has also not
been able to revisit and incorporate previous inquiries, reports, government
responses, PJCIS inquiry reports and stakeholder submissions relevant to this
Bill and earlier Bills in which the same or similar recommendations, provisions
and issues have been raised. Given the scope, extent, significance and
contested nature of reforms across the national security and intelligence
ecosystem in Australia in recent times, further scrutiny of certain provisions
within this Bill would be worthwhile.
Expansion of the role of the
IGIS
Greater oversight of
intelligence agencies
Key provisions – IGIS Act
Item 3 of the Bill will amend the current
definition of intelligence agency contained in subsection 3(1) of the IGIS
Act to define the ACIC as an intelligence agency and expand the IGIS’s
jurisdiction to include the ‘intelligence functions’ of AUSTRAC, AFP and Home
Affairs.
Item 4 of the Bill will repeal the existing
definition of intelligence function and item 6 of the Bill
will insert proposed section 3A to define the meaning of intelligence
function with respect to the AFP, AUSTRAC, and Home Affairs. Notably, intelligence
function with respect to Home Affairs is defined by reference to
regulations made by the Minister (who must first seek agreement from the
Minister responsible for Home Affairs before making any regulations). The
Explanatory Memorandum provides that this is necessary as:
Many of Home Affairs’ intelligence functions are not
legislated and cannot be directly linked to specific legislated functions,
instead being provided for in the Administrative Arrangement Order. This means
that Home Affairs’ intelligence functions may change, including to add new
intelligence functions, quickly and with potential frequency. (p. 25)
This reflects Recommendation 16 of the Comprehensive
Review which stated that the intelligence functions of Home Affairs should
not be specified in legislation.
The Bill also provides for expanded jurisdiction with
respect to the functions performed by the AFP (as discussed in the background
section the IGIS currently has oversight of the use of network activity
warrants by the ACIC and the AFP).
Items 7-16 of Schedule 1 will amend section 8 of
the IGIS Act, which provides for the inquiry functions of the IGIS with
respect to intelligence agencies. The most significant amendments appear to be
the introduction of proposed subsection 8(4) which sets out the expanded
list of functions with respect to the ACIC. This includes inquiring at the
request of the Attorney-General or the responsible Minister, on the IGIS’s own
motion, or in response to a complaint made to the IGIS, into any matter that
relates to:
- the
compliance by the ACIC with the laws of the Commonwealth and of states and
territories or compliance with the directions or guidelines given by the
responsible Minister, or the propriety of particular activities
- the
effectiveness and appropriateness of ACIC procedures relating to the legality
or propriety of ACIC’s activities
- an
act or practice of the ACIC that: is or may be inconsistent with or contrary to
any human right, that constitutes or may constitute discrimination, that is or
may be unlawful under the Age Discrimination Act 2004, the Disability
Discrimination Act 1992, the Racial Discrimination Act 1975 or the Sex
Discrimination Act 1984
- the
ACIC’s compliance with directions or guidelines given by, or policies or other
decisions made by, the board of the ACIC or the Inter-Governmental Committee
established under the ACC Act.
Proposed subsection 8(4) will also allow the IGIS to
inquire into the procedures of the ACIC relating to redress of grievances of
employees at either the request of the Attorney-General, or the Minister or on
the IGIS’s own motion (though not in response to a complaint made to the IGIS).
The Bill will also amend section 8 to clarify the scope of
the IGIS’s functions with respect to the AFP, AUSTRAC and Home Affairs.
Items 21 and 26 of Schedule 1 make changes to the
IGIS’s inspection and inquiry functions where a warrant has been issued by a
specified intelligence agency under its legislation (currently this only
applies to ASIO). As the ACIC has the power to detain persons under its Act,
the Bill will expand the IGIS’s power to also enter any place where a person is
being detained under the relevant provisions of the ACC Act for the
purpose of carrying out the IGIS’s inspection and inquiry functions.
The ACIC’s coercive powers, similar
to a Royal Commission, are used in special operations and special
investigations to obtain information where the Board of the ACIC determines
that it is in the public interest to do so. These coercive powers are exercised
by independent statutory officers, known as ‘Examiners’, with Division 2 of
Part II of the ACC Act setting out the process for conducting
examinations. Examiners are authorised to compel people to give evidence for
the purposes of special ACIC operations or investigations.
Item 34 inserts proposed section 32AFA which
provides for additional requirements relating to the sharing of ACIC
examination material (as defined in section 4B of the ACC Act) by the
IGIS. Specifically, before examination material is shared by the IGIS (except
to an IGIS official), the IGIS must consider and consult with the CEO of the
ACIC as to whether that sharing:
- might
prejudice a person’s safety
- would
reasonably be expected to prejudice the fair trial of the examinee for the
examination material if the examinee has been charged with a related offence or
a charge for a related offence is imminent or
- might
prejudice the effectiveness of a special ACC operation or special ACC
investigation.
The information can be shared by the IGIS irrespective of
the views of the ACIC CEO, provided consultation has occurred and the listed
matters have been considered. The recipient of the information will need to
comply with the relevant restrictions regarding its use and disclosure as set
out in the ACIC Act.
Comments
Whether various agencies within the NIC should be the
subject of oversight by IGIS, and the extent of this oversight, has been the
subject of multiple intelligence and committee reviews and various Bills, as
the background section of this Bills Digest has highlighted.
The provisions in this Bill go beyond the recommendation
of the 2017
Independent Intelligence Review, which did not recommend the ACIC be
overseen by the IGIS in its entirety, instead only its intelligence function,
which placed the ACIC in the same category as the AFP and Home Affairs (however
it did recommend that the IGIS’s oversight of AUSTRAC not be restricted to its
intelligence functions) (Recommendation 21). The 2020
Comprehensive Intelligence Review recommended against expanding IGIS
oversight to the AFP and Home Affairs and did not explicitly address the ACIC
and AUSTRAC’s status in relation to IGIS oversight (p. 56, v1). It did suggest
that the ACIC ‘remain subject to the FOI Act in its entirety (p. 58,
v1). The Explanatory
Memorandum for the Integrity Measures Bill outlined a number of reasons why
the ACIC was not listed as an intelligence agency in its entirety (pp. 4-5),
which were also discussed in the Bills
Digest.
The Explanatory Memorandum for the current Bill does not
address the issues raised in the Explanatory
Memorandum to the Integrity Measures Bill, which the Bills
Digest noted included issues arising from ACIC functions related to serious
violence or child abuse committed against an Indigenous person ‘on the basis
that the IGIS is not the appropriate body to conduct oversight of those
specific activities’ (p. 28). These functions are currently overseen by the
Office of the Commonwealth Ombudsman. The Explanatory
Memorandum for the Integrity Measures Bill noted ‘Oversight of these
matters would require specialist subject-matter expertise, including cultural
competencies that the IGIS could not be expected to possess, or to obtain
readily (p. 92).
Another reason cited in the Explanatory
Memorandum for the Integrity Measures Bill related to ACIC examiners being
already subject to review by a range of other bodies including the Ombudsman,
the Law Enforcement Integrity Commissioner (now the NACC) and ultimately, a
court of law, with the argument being that it was therefore ‘not necessary for
the IGIS to oversee these aspects of the ACIC’s activities’ (p. 95).
The PJCIS report
into the Integrity Measures Bill supported the IGIS overseeing only the
intelligence function of the ACIC (p. 32). The Labor position statement
outlined as Additional
Comments by Labor Members in the PJCIS report did not advocate for the IGIS
to oversee the ACIC in its entirely.
The current Bill sees a change in position wherein the
ACIC in its entirety will fall under IGIS jurisdiction. While additional
funding does appear to have been allocated to the IGIS, without knowledge of
the extent of consultation about this Bill, it is not clear if the funding was
intended to/can cover developing the competencies and specialist subject matter
expertise required to oversight the additional ACIC functions in addition to
increasing staffing levels and capabilities in line with expanded oversight
responsibilities more generally. The implications of the IGIS having full
oversight of the ACIC (including resourcing) has not been previously
scrutinised as it has not been raised by either intelligence review and
therefore may require further consideration.
Key provisions – other Acts
Items 86–89 of Schedule 1 amend the PCJLE Act
to no longer require the Commonwealth Ombudsman to provide a briefing to the
PCJLE about the involvement of the ACIC in controlled operations under Part IAB
of the Crimes Act, and instead require the IGIS to brief the PCJLE on
such activities.
According to the Explanatory Memorandum (p. 5), Part 2 of
Schedule 1 of the Bill proposes to amend a number of Commonwealth Acts to:
- make
consequential amendments to ensure that information that is protected by
secrecy offences under relevant legislation can be disclosed to IGIS officials
performing duties or functions, or exercising powers, as IGIS officials. These
amendments would allow for the transfer of complaints regarding AUSTRAC and
Home Affairs between the IGIS and other integrity bodies to facilitate
effective consideration of those complaints by the appropriate body
- make
consequential amendments to address overlapping jurisdiction between the IGIS
and relevant oversight bodies.
This Bills Digest has not examined these provisions
in-depth, though does draw attention to the proposed amendments to the ACC
Act relating to the presence of an IGIS during an ACIC examination.
Division 2 of Part II of the ACC Act sets out the
process for an ACIC examiner to conduct an examination for the purposes of a
special ACIC operation/investigation. As noted on the ACIC website:
Examinations are held in private. Witnesses may claim
protection so the answers, documents or things they provide are not admissible
in evidence against them in a criminal proceeding to impose a penalty, except
in limited circumstances.
Item 113 will amend subsection 25A(4) to provide
that the IGIS may be present during an examination by ACIC examiners. However, item
114 will insert proposed subsections 114(4A)–(4C) which would allow
an ACIC examiner to exclude an IGIS official from an ACIC examination if the
examiner considered that the IGIS official’s attendance would be reasonably
likely to prejudice:
- the
life or safety of a person or
- the
effectiveness of the examination.
In exercising this discretion, the ACIC examiner must
either notify the IGIS in writing beforehand or notify them orally during the
examination and in writing as soon as practicable after the examination. They
must also provide the IGIS official with an audio-visual recording of the
examination as soon as practicable afterwards.
Comments
The prevention of an oversight official attending in both
contexts provided for in the Bill raise human rights and oversight concerns.
The need for an IGIS official to be excluded from an
examination is not adequately outlined in the Explanatory Memorandum or in the
Government’s Statement of Compatibility with Human Rights (see EM, pp. 7-8). It
is not clear how the presence of an IGIS official could put the life or safety
of a person at risk, and conversely if the life or safety of an ACIC examiner,
the person detained for the purposes of the examination or any other persons in
attendance is at risk, there are questions to be had about progressing an
examination under these circumstances. The follow-on provisions relating to
providing the IGIS with a recording of the examination after the exclusion of
its official also suggest there is an intent that the examination could, and
will most likely, continue.
The Explanatory Memorandum also makes mention of
‘operational reasons’ which are not defined (p. 70). With respect to an IGIS
official’s presence impacting on the effectiveness of an examination, the
Explanatory Memorandum offers no explanation as to how this might take place.
The provision might be regarded as taking the position that effectiveness
trumps oversight.
It is noted that the ASIO Act provides for far more
rigorous oversight including clarifying that an IGIS official may be present at
the questioning or apprehension of a person under Division 3 of Part III of the
ASIO Act (which provides for ASIO’s compulsory questioning powers) where
the IGIS official is exercising a power or performing a function or duty of the
IGIS (section 34JB). Given that the ACIC is being defined as an intelligence
agency in its entirety and not as a dual hatted agency with intelligence and
non-intelligence functions, the absence of similar oversight provisions, such
as those that apply to ASIO with respect to its questioning, is worthy of
further scrutiny by the committee.
Changes to the type of
complaints IGIS must inquire into
Key provisions
Subsection 11(1) of the IGIS Act currently sets out
when the IGIS must inquire into action taken by an intelligence agency that is
the subject of a complaint. Item 22 of Schedule 1 inserts proposed
paragraph 11(1)(aa) which provides that the requirement to conduct an
inquiry into a complaint only applies where the Inspector-General is satisfied
that the action to which the complaint relates is the kind of action that is
reasonably likely to be taken by an intelligence agency. Item 23 inserts
a note at the end of subsection 11(1) intended to clarify that ‘action’ (as
used in paragraph 11(1)(aa)) includes the making of a decision or
recommendation, and the failure or refusal to take any action or to make a
decision or recommendation.
As noted in the Explanatory Memorandum:
This does not require the Inspector-General to be satisfied
that the action has actually been taken by an intelligence agency, only that
there is a reasonable likelihood that the intelligence agency could or would
undertake that activity. This could include both actions within an intelligence
agency’s functions and actions that exceed those functions. This amendment is
necessary to clarify the IGIS’s complaint handling functions in circumstances
where activity alleged in a complaint is considered to be implausible or
otherwise not credible. (p. 32)
Comments
The most recent IGIS 2021-22
annual report contains a footnoted mention of the ‘high level of resources
required to receive, consider and respond to all complaints and correspondence,
whether or not they fell within IGIS’s jurisdiction’ (p. 103). In that period
431 reports were identified as not falling within the jurisdiction of the IGIS
Act or PID Act, with another 80 determined to fall within the
jurisdiction of the IGIS Act (p. 103). The report also outlines the
IGIS’s current complaint handling processes, as also depicted in the below
infographic (pp. 102-104).
On the basis of the above complaints process chart, the
provisions set out in the Bill may not be necessary, particularly given that
paragraph 11(2)(c) of the IGIS Act already applies:
When inquiry or further
inquiry into complaints is not required
(2) Where a complaint is made to the Inspector‑General
in respect of action taken by an intelligence agency, the Inspector‑General
may decide not to inquire into the action or, if the Inspector‑General
has commenced to inquire into the action, decide not to inquire into the action
further if the Inspector‑General is satisfied that:
(a) the complainant became
aware of the action more than 12 months before the complaint was made;
(b) the complaint is
frivolous or vexatious or was not made in good faith; or
(c) having regard to all
the circumstances of the case, an inquiry, or further inquiry, into the action
is not warranted.
Proposed paragraph 11(1)(aa) does not outline how
‘action of a kind reasonably likely to have been taken by an intelligence
agency’ would be determined or assessed. Nor is this detailed in the
Explanatory Memorandum. Assuming a reasonable likelihood that an intelligence
agency could or would, or could not or would not, undertake an activity or
action without at least a precursory inquiry, is potentially fraught, with the
provision as it stands possibly opening up a gap in oversight coverage. For
example, it could allow for a complaint to be dismissed outright because a view
was initially formed about plausibility, when further investigation may reveal
that the action may or may not have occurred. Given the role deception
(lawfully when compliant) plays in intelligence activities, and that there
already exists grounds under paragraph 11(2)(c) for the IGIS to not further
inquire into a complaint, this provision could benefit from further review.
As the motivation for this provision is not explicitly
stated in the Explanatory Memorandum (or the degree to which it was developed
in consultation with the IGIS) it is difficult to determine the purpose for its
inclusion. Complaint numbers do not appear to be high enough to warrant this
approach, nor raised in a manner in the most recent Annual Report to suggest
they are burdensome to this extent.
Expansion of the role of the
PJCIS
The expansion of the powers and jurisdiction of the PJCIS
has been the subject of disagreement between the various reviews, as
outlined by the PJCIS:
The Committee notes the conflicting positions of the
Independent Intelligence Review (IIR) and Comprehensive Review of the Legal
Framework of the National Intelligence Community (Richardson Review) in
relation to the role of the Parliamentary Joint Committee on Intelligence and
Security (PJCIS). The IIR recommended that the oversight role of the PJCIS be
expanded to all agencies which make up the National Intelligence Community
(NIC). The Richardson Review did not make recommendations to expand the oversight
role of the PJCIS to further intelligence agencies, however commented that
there was a strong case for Inspector-General of Intelligence and Security
(IGIS) oversight of the ACIC and AUSTRAC intelligence functions. (p. 31)
While well covered in some contexts, owing to the
introduction of broader jurisdictional coverage for both IGIS and the PJCIS
than either review covered or anticipated, this too is worthy of additional
scrutiny alongside that already carried out as part of inquiries into previous
Bills.
Broader oversight of the ACIC,
AFP, AUSTRAC and Home Affairs
Key provisions
The Bill will expand the role of the PJCIS to include
broader oversight of the ACIC, AFP, AUSTRAC and Home Affairs by amending
section 29 of the IS Act, which sets out the functions of the PJCIS, to
reflect its expanded jurisdiction in relation to these agencies.
The key amendments are:
- Item
50 will repeal and replace paragraph 29(1)(a) to include the ACIC as an
intelligence agency whose administration, expenditure and annual financial
statements the PJCIS can review and provide that the AFP, AUSTRAC and Home
Affairs (in relation to their intelligence functions), can similarly be
reviewed.
- Item
51 will amend paragraph 29(1)(b) to allow the PJCIS to review any matter in
relation to ACIC referred to it by the responsible Minister, the
Attorney-General or by a resolution of either House of the Parliament.
- Item
53 will insert proposed paragraphs 29(1)(bad) and (bae) which will
allow the PJCIS to monitor and review the performance by, or to report to both
Houses of Parliament on any matter relating to, the intelligence functions of
the AFP, AUSTRAC and Home Affairs where a referral has been made by either the
responsible Minister, the Attorney-General or by a resolution of either House
of Parliament.
- Items
55 and 56 amend subsection 29(2), which allows the PJCIS, by resolution, to
request the responsible Minister or the Attorney-General refer a matter related
to the activities of listed agencies to the PJCIS. The amendments include the
ACIC, AFP, AUSTRAC and Home Affairs on the list of agencies.
Items 58–64 of the Bill will amend subsection 29(3)
which provides clarity on what matters the PJCIS cannot inquire into. With
respect to the ACIC, the PJCIS will not be able to:
- review
the intelligence gathering and assessment priorities of ACIC, consistent with
the same restriction applying to other intelligence agencies under PJCIS
oversight (item 58)
- review
the sources of information, other operational assistance or operational methods
available to ACIC consistent with the same restriction applying to other
intelligence agencies under PJCIS oversight (item 59)
- review
special ACC operations, or special ACC investigations (within the meaning of
the ACC Act) that have been, are being, or are proposed to be undertaken
by the ACIC (item 60)
- review
an aspect of the activities of the ACIC that does not affect an Australian
person (item 61), consistent with the same restriction applying to other
intelligence agencies under PJCIS oversight
- conduct
inquiries into individual complaints about the activities of the ACIC (item
62).
The Bill will also prevent the PJCIS from conducting
inquiries into individual complaints about the activities of the AUSTRAC and
Home Affairs (item 62), consistent with the same restriction applying to
the AFP, and expand the current restrictions relating to PJCIS reviews of AFP
operations activities to include AUSTRAC and Home Affairs (items 63 and 64).
Items 65–67 amend section 30 of the IS Act
to expand the list of persons whom the PJCIS can requests briefings from.
Currently section 30 only allows the PCJIS to request briefings from the
relevant heads of ASIO, ASIS, AGO, DIO, ASD, ONI, IGIS, AFP, and Home Affairs.
The amendments will expand this list to include the heads of AUSTRAC, ACIC, the
INSLM, and any agency head of an agency whose functions relate to a matter
being considered by the PJCIS under section 29 of the IS Act. The Bill
will also clarify that this list does not limit the ability of the PJCIS to
request briefings from persons not listed.
The Bill will also amend Schedule 1 of the IS Act
to clarify the PJCIS’s role with respect to its expanded oversight of the ACIC,
AUSTRAC, AFP and Home Affairs. The most significant amendments relate to the
definition of operationally sensitive information (items 70–72)
and greater restrictions on the disclosure of information in a PJCIS report (items
76–77).
Broader oversight of
counter-terrorism or national security legislation
Item 52 will insert proposed paragraph 29(1)(ba)
to provide that the PJCIS can review and inquire into any proposed reforms to,
or expiry, lapsing or cessation of effect of, legislation relating to
counter-terrorism or national security, as it sees fit.
Ability to request the IGIS to
undertake an inquiry
Item 17 of Schedule 1 inserts proposed section
8AA into the IGIS Act which provides that the inquiry functions the
IGIS may perform at the request of the Attorney-General or the responsible
Minister relating to the legality or propriety of particular activities of
intelligence agencies (as set out in section 8) can also be performed following
a request by the PJCIS under proposed subsection 29(2A) of the IS Act.
Proposed subsection 29(2A) of the IS Act (at
item 57 of Schedule 1) provides that the PJCIS may, by resolution,
request the IGIS to inquire into a matter, whether or not the functions of the
PJCIS include reviewing the matter, if this matter:
- relates
to the legality and propriety (however described) of the operational activities
of an agency (which the PJCIS is prevented from reviewing under subsection
29(3) of the IS Act)
- is
within the functions of the IGIS mentioned in section 8AA of the IGIS Act
and
- does
not relate to an individual complaint about the activities of the agency.
In requesting that the IGIS review a matter the PJCIS must
provide a copy of the request to the Minister responsible for the agency to
which the request relates.
Item 30 inserts proposed section 22A into
the IGIS Act which sets out the requirements in relation to the IGIS’s
response to the PJCIS following completion of its inquiry. As noted in the
Explanatory Memorandum (page 35), while the PJCIS may request the IGIS inquire
into a matter, the IGIS has discretion in deciding whether to conduct any such
inquiries. If the IGIS decides not to inquire into a matter, the IGIS is not
required to provide a response to the PJCIS.
The IGIS must take reasonable steps to provide a written
response to the PJCIS in relation to its inquiry, unless the IGIS is satisfied
on reasonable grounds that doing so would prejudice security, the defence of
Australia or Australia’s relations with other countries.
Before giving a response to the PJCIS, the IGIS and the
head/s of the intelligence agency/agencies to which the inquiry related must
agree that the terms of the proposed response would not prejudice:
- security,
the defence of Australia or Australia’s relations with other countries
- law
enforcement operations, including methodologies and investigative techniques
- confidential
commercial information held by AUSTRAC
- operationally
sensitive information (within the meaning of Schedule 1 of the IS Act).
In addition to the above requirement, before providing the
PJCIS with the response, the IGIS must consult the head(s) of the intelligence
agency/agencies to which the inquiry referred on whether the terms of the
proposed response would prejudice the privacy of individuals or the fair trial
of a person or the impartial adjudication of a matter. Although the IGIS has a
duty to consult on this matter, it has discretion as to whether or not to
adjust the proposed response in relation to concerns raised on these issues by
the agency head. The IGIS may also consult the head of any other intelligence
agency on the terms of the proposed response.
The IGIS must give a copy of the response provided to the
PJCIS to the responsible Minister and may give a copy of the response that this
provided to the PJCIS to either or both the Prime Minister and the
Attorney-General if the IGIS considers it appropriate to do so.
If as a result of a PJCIS request, the IGIS completes an
inquiry in respect of the operational activities of an intelligence agency or
intelligence agencies, and does not provide a response to the PJCIS, the IGIS
must notify the PJCIS of the reason why the response was not provided.
Requirement for agencies to
brief the PJCIS
Item 85 of Schedule 1 inserts proposed section
18A into the ONI Act which requires the Director-General of ONI
to brief the PJCIS at least once each calendar year.
According to the Explanatory Memorandum (p. 57):
- the
briefing requirement may be satisfied by any briefings provided by the
Director-General of ONI to the PJCIS, including those provided in compliance
with requirements under other legislation
- the
Director-General may delegate this function to a person who holds, or performs
the duties of, an SES equivalent position within ONI.
Enacting such a requirement was a recommendation of the 2017
Independent Intelligence Review (Recommendation 23) and it ‘is intended to
ensure the PJCIS has the context necessary to support its oversight work’ (EM,
p. 57).
Item 44 also inserts proposed section 32C
into the IGIS Act which requires the IGIS to brief the PJCIS at least
once each calendar year.
Changes to the staffing and
operation of the PJCIS
Key provisions
The Bill also proposes to make changes to the operation of
the PJCIS, including allowing the PJCIS to meet virtually, provided it follows
advice from relevant agency heads as to the required security arrangements for
virtual meetings where classified information may be discussed (items 78–79);
and changes to the processes in relation to sub-committees, including
appointments (items 81-84).
The most significant amendments relate to the downgrading
of security clearance requirements for PJCIS staff members. Currently clause 21
of Schedule 1 of the IS Act provides that each member of the staff of
the PJCIS must be cleared for security purposes to the same level and at the
same frequency as staff members of ASIS. Item 80 amends this clause to
provides that staff of the PJCIS must be cleared for security purposes at least
at a level and frequency:
- appropriate
for access to information and systems at the classification that the staff
member requires, in accordance with government policy in relation to protective
security and
- acceptable
to all of the agency heads.
The Explanatory Memorandum sets out the Government’s
justification for this change:
This amendment is intended to reflect practical implications
of the change in the PJCIS’s work over time, including the increase in public
hearings. Much of the work of the staff of the PJCIS does not require a high
level of security clearance. Obtaining high level security clearances is a
lengthy process and one which may entail significant intrusions on the privacy
of the person obtaining the clearance. PJCIS staff should only need to hold
security clearances that are commensurate with the classification and
sensitivity of the information and matters they observe. (p. 56).
Comments
The downgrading of security clearance requirements has the
potential to affect the quality and scope of the PJCIS coverage at a time in
which its responsibilities are expanding.
Exclusion of liability for
certain computer related acts
History of these provisions
The Criminal Code contains a range of criminal
offences for unlawfully accessing or interfering with a telecommunications
system or accessing data in a computer without authorisation. Division 476 of
the Criminal Code currently provides immunity to ASIS, AGO and ASD
officials for certain computer-related acts (section 476.6).
The history of these provisions is set out in the Explanatory
Memorandum to the National
Security Legislation Amendment (Comprehensive Review and Other Measures No. 1)
Bill 2021:
Section 476.5 of the Criminal Code was introduced by
the Cybercrime Act 2001. As originally introduced, subsection 476.5(1)
provided immunity from civil and criminal liability for the staff members and
agents of ASIS and ASD (then Defence Signals Directorate (DSD)) whose
computer-related activities done outside Australia, in the proper
performance of their functions, were intended and required by Government. The
Intelligence Services Legislation Amendment Act 2005 extended the immunity to
apply to the then Defence Imagery and Geospatial Organisation (now the AGO).
(p. 79)
The Comprehensive
Review recommended, in Recommendation 74, that immunity for certain
computer offences for ASIS, AGO and ASD be extended to apply where a staff
member or agent of the relevant agency acted on a reasonable belief that the
computer-related activities occurred outside Australia, even if that activity
occurred inside Australia (p. 227, vol. 2). This was intended
to help manage the challenges of identifying the geographic location of
computers (p. 10).
The Security
Legislation Amendment (Critical Infrastructure) Act 2021 amended
section 476.5 so that it only
applies to ASIS and AGO, with ASD covered by subsection 476.6(1):
…which provides wider immunity for conduct engaged in inside
or outside Australia by staff members and agents of ASD, on the reasonable
belief that it is likely to cause a computer-related act, event, circumstance
or result to take place outside Australia, whether or not it in fact takes
place outside Australia. [p. 29]
The National Security
Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2022
(NSLAB-1 Act) then repealed section 476.5 and amended 476.6(1) to extend
the broader immunity in that section to ASIS and AGO. The Government stated
that these amendments:
… bring the immunities for staff members and agents of ASIS
and AGO to that of staff members and agents of ASD in respect of computer
offences. These amendments are required as it is not always possible to
determine with certainty the geographic location of computer-related activity.
Criminal liability should not apply when a staff member or agent of ASIS, AGO
or ASD acts in the genuine belief that the activity is outside Australia. These
amendments will protect staff from criminal liability only where they have
acted in good faith in the proper performance of the agency’s (ASIS, AGO, ASD)
functions. (p. 80)
In commenting on these amendments, the Law Council of
Australia noted:
… while the Law Council did not categorically oppose the
extension of the immunity to the relevant computer-related acts [by ASD]
occurring within Australia, it raised questions about its necessity, in
particular as to why an immunity was needed in preference to placing reliance
on the defence of mistake of fact in relation to the geographical location of a
computer (with respect to the potential exposure of agency staff members to
prosecution for computer-related offences).
The Law Council also raised questions about the broader
implications of the expanded immunity. This included whether it should
encompass an immunity from civil liability, or be limited to criminal
liability. (Noting that the expansion of the immunity to acts done inside
Australia will increase the prospect of causing significant loss or damage to
Australian persons. It will extinguish the rights of affected Australians to
obtain a legal remedy in respect of that loss or damage.)
The Law Council also queried whether aspects of the technical
drafting of the immunity provision may be unintentionally broad, in that they
might potentially operate to confer immunity for any telecommunications
interception or access to telecommunications data, which may occur as part of
the technical process of gaining access to data that is held in, or is
accessible from, in a computer. (pp. 50–51)
Key provisions in the Bill
Item 4 of Schedule 4 to the Bill will insert proposed
section 476.7 into Division 476 of the Criminal Code, which will
also provide immunity to certain defence officials for certain computer-related
acts.
Proposed section 476.7 is drafted in similar terms
to section 476.6. Proposed subsection 476.7(1) provides for civil and
criminal immunity where a defence official has engaged in conduct
inside or outside Australia and the conduct:
- is
engaged in on the reasonable belief that it is likely to cause a
computer-related act, event, circumstance or result to take place outside
Australia (whether or not it in fact takes place outside Australia) and
- is
engaged in in the proper performance of authorised ADF activities.
Proposed subsection 476.7(2) provides for civil and
criminal immunity where a person has engaged in conduct inside or
outside Australia and the conduct:
- is
preparatory to, in support of, or otherwise directly connected with, authorised
ADF activities outside of Australia
- taken
together with a computer-related act, event, circumstance or result that took
place, or was intended to take place, outside Australia, could amount to an
offence, but in the absence of that computer-related act, event, circumstance
or result, would not amount to an offence
- is
engaged in in the proper performance of authorised ADF activities.
Proposed subsection 476.7(8) defines an authorised
ADF activity to mean an activity, or class of activities, that is
authorised by the Chief of the ADF and connected with the defence or security
of Australia. It also defines a defence official to mean:
- a
member of the ADF
- a
defence civilian within the meaning of the Defence Force
Discipline Act 1982
- an
employee of the Defence Department, including a consultant, contractor or
person on secondment
- any
other person included in a class of person specified in a legislative
instrument made by either the Secretary of the Defence Department or the Chief
of the ADF (proposed subsection 476.7(9)) or their delegates (proposed
subsections 476.7(10) and (11)).
Proposed subsection 476.7(3) provides that this
immunity for preparatory and supporting activities does not undermine the
warrant frameworks under the ASIO Act and TIA Act by authorising
persons to commit acts in Australia that would otherwise be unlawful without
obtaining a warrant.
Proposed subsections 476.7(6) and (7) require a
person to provide written notification to the Chief of the ADF and, if a person
is not under their command, the Secretary of the Defence Department, if a
person engages in conduct that causes material damage, material interference or
material obstruction to a computer. The Explanatory Memorandum provides that
written notification is important ‘given the possible significance the conduct
may have on Australian persons or businesses if computers within Australia are
impacted in a way that causes material damage, material interference or
material obstruction’ (p. 161).
Comments
In its submission to the Comprehensive Review, the Defence
Department expressed ‘concerns about the extent of the ADF’s legislative
authorities and immunities to collect and possess intelligence, and provided
examples where ADF activities conducted outside situations of armed conflict
could raise questions of criminal liability under Commonwealth law’,
particularly under the telecommunications offences in Part 10.6 and the
computer offences in Part 10.7 of the Criminal Code (pp. 221–222, vol.
2 ). As well as the immunity provisions in the Criminal Code,
section 14 of the IS Act provides broad general immunities for agencies
governed by that Act (currently ASIS, AGO or ADG). Defence submitted ‘that the
development of its own cyber capabilities has bought into focus the need for
legislative immunities for ADF activities, other than where it would be working
cooperatively with an IS Act agency and therefore attracting the
immunity available under section 14 of the IS Act’ (p. 223, vol. 2).
These arguments were accepted by Mr Richardson in his recommendations.
The Explanatory Memorandum for the Bill states that the
amendments in Schedule 4 address Recommendation 72 of the Comprehensive Review
(p. 159), which provided:
The Criminal Code should be amended to give Australian
Defence Force members immunity under Part 10.7 for computer-related acts
done outside Australia in the course of properly declared operations under
legally approved rules of engagement. (p. 225, vol. 2) [emphasis added]
Recommendation 72 does not appear to cover immunity for
damage to computers inside Australia, or for computer-related acts undertaken
inside Australia with an intended effect outside of Australia. It appears that
the amendment in Schedule 4 contains a mix of what was recommended in Recommendation
72 and also Recommendation 74 which provided:
The current immunity in section 476.5 of the Criminal Code
for ASIS, ASD and AGO should be extended to apply where a staff member or agent
reasonably believes the relevant conduct is likely to take place outside
Australia, whether or not it in fact takes place outside Australia. This
should also apply to the Australian Defence Force, if it is included
within the immunity in section 476.5. (p. 227, vol. 2) [emphasis added]
While the Comprehensive Review supported the inclusion of
these provisions, it does not appear to have considered the distinction between
the oversight arrangements for ASIS, AGO and ASD (which are overseen by the
IGIS) and the ADF (which does not fall within the remit of the IGIS).
Further, subsection 476.6(8) of the Criminal Code
requires the head of ASIS, AGO and ASD to provide notice to the IGIS when one
of its officials engages in conduct which would attract immunity and causes
material damage, material interference or material obstruction to a computer.
This oversight was emphasised
by the Government in arguing that the amendments contained in the NSLAB-1
Act were proportionate given they ‘indirectly create a risk that a person’s
right to protection against arbitrary and unlawful interferences with privacy
under Article 17 of the ICCPR may be violated’ and engage the right to
an effective remedy in Article 2(3) of the ICCPR (pp. 35–36). The
Government also noted that the IGIS has the power to recommend a person receive
compensation and that arrangements exist which would allow for a person to
receive compensation:
Should the IGIS choose to conduct an inquiry into the actions
of an intelligence agency, it has strong coercive powers, similar to those of a
royal commission, including powers to compel the production of information and
documents, enter premises occupied or used by a Commonwealth agency, issue
notices to persons to appear before the IGIS to answer questions relevant to
the inquiry, and to administer an oath or affirmation when taking such
evidence. At the conclusion of the inquiry, paragraph 22(2)(b) of the IGIS Act
requires the IGIS to recommend to the responsible Minister that the person
receive compensation, if the IGIS is satisfied that the person has been
adversely affected by action taken by a Commonwealth agency and should receive
compensation.
The Scheme for Compensation for Detriment caused by Defective
Administration provides a mechanism for non-corporate Commonwealth entities to
compensate persons who have experienced detriment as a result of the entity’s
defective actions or inaction.
Section 65 of the Public Governance, Performance and
Accountability Act 2013 allows the making of discretionary ‘act of grace’
payments if the decision-maker considers there are special circumstances and
the making of the payment is appropriate. [p. 13]
While the Bill will require a person to give notice of
similar conduct to the Chief of the ADF/Secretary of the Defence Department,
there is no requirement for anyone to notify the IGIS or any other oversight
body. The PJCIS also does not have oversight of the ADF/Defence Department. The
Explanatory Memorandum to the Bill is silent as to whether other compensation
arrangements would apply with respect to damages caused by a defence official
and the Statement of Compatibility with Human Rights is silent as to the impact
of these provisions on a person’s right to an effective remedy under Article
2(3) of the ICCPR. The Explanatory Memorandum does note the potential
for damage to Australian people or computers could be significant, and as such
this amendment raises a number of questions for further scrutiny.
The Explanatory Memorandum is also extremely short on
detail as to why this provision is necessary, what it relates to, and why there
is a need for ‘defence official’ to be defined in part by legislative
instrument given the scope of persons included in the proposed definition is
already very broad. Given such a broad delegation of power has not been
required with respect to staff of ASIS, ASD, or AGO, it is unclear why it is
needed or who the Government intends to be specified as a ‘defence official’.
Concluding comments
While the intent and substance of a number of amendments
in this Bill have been the subject of previous inquiry, debate and comment
through a number of channels, including but not limited to intelligence reviews
(and Government responses), PJCIS inquiries, and Bills put forward in current
and previous parliaments, there are a number of elements to this Bill that have
not had such scrutiny, and/or are worthy of further scrutiny by Parliament,
particularly given the contested history of reform in this space and the
importance of accountability and oversight.