Key points
- The Bill amends a number of Commonwealth Acts to implement the Government’s response to 12 outstanding recommendations of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review), as well as introducing a number of other measures identified as necessary in consultation with national security agencies.
- The Comprehensive Review was released publicly in 2020 and represented the first ‘wholesale review of the legislative framework’ underpinning the work of intelligence agencies. This is the third Bill which directly responds to the recommendations from the Comprehensive Review.
- According to the Explanatory Memorandum (p. 5), the measures in the Bill are aimed at supporting Australia’s national security agencies by strengthening identity protections for their employees, increasing operational flexibility and sharing of information, clarifying some authorities to provide greater certainty, and also promoting increased oversight of national security agencies by introducing additional safeguards to provide oversight of the Australian Security Intelligence Organisation’s (ASIO) work on security assessments and vetting, and limiting who can exercise certain powers.
- The most significant provisions in the Bill relate to changes to ASIO’s ability to provide information to Commonwealth and state authorities, changes to the ministerial authorisation framework for intelligence agencies under the Intelligence Services Act 2001 and greater secrecy requirements aimed at protecting intelligence officers.
- The Bill has been referred to the Parliamentary Joint Committee on Intelligence and Security, with submissions closing on 2 February 2023. At the time of publication, no submissions were published, and stakeholders do not appear to have commented on the Bill.
- The Senate Scrutiny of Bills Committee has raised concerns with elements of a proposed offence of making public the identity of ASIO employees or affiliates, which replaces an existing offence related to publication of such identities. The Parliamentary Joint Committee on Human Rights also reiterated its previous comments regarding the proportionality of limitations of certain human rights with respect to ministerial authorisations for intelligence activities.
Introductory Info
Date introduced: 30 November 2023
House: House of Representatives
Portfolio: Home Affairs
Commencement: See table at pages 5‑8.
Purpose of the Bill
The purpose of the National
Security Legislation Amendment (Comprehensive Review and Other Measures No. 3)
Bill 2023 (the Bill) is to amend a number of Commonwealth Acts to implement
the Government’s response to 12 outstanding recommendations of the Comprehensive
Review of the Legal Framework of the National Intelligence Community
(Comprehensive Review).
The Bill also includes
a number of measures which fall outside these recommendations and have been
‘identified as necessary’ in consultation with national security agencies (p.
5).
Structure
of the Bill and Bills Digest
The Bill is divided into four Schedules with multiple
parts, as reflected in the below table.
| Provisions |
Commencement |
Detail |
|
Schedule 1, Part 1
|
Division 1: The day after Royal Assent.
Division 2: Immediately after the commencement of
the provisions in Schedule 1, Part 1, Division 1 of the Bill (see above).
|
Amends the Australian
Security Intelligence Organisation Act 1979
(ASIO Act) to:
- extend
the definition of prescribed administrative action in Part IV of the ASIO
Act to decisions relating to parole, firearms licences and security guard
licences (gives effect to recommendation 193 of the Comprehensive
Review)
- enable
ASIO to communicate information to a Commonwealth agency, a state or an
authority of a state under subsections 18(3) or 19A(4) of the ASIO Act,
for the purposes of prescribed administrative action that is a decision
relating to firearms licences and security guard licences
- enable
new categories of ‘prescribed administrative action’ to be prescribed by the
regulations (gives effect to recommendation 194 of the Comprehensive
Review).
|
|
Schedule 1, Part 2
|
Divisions 1 and 2: The day after Royal Assent.
Divisions 3 and 4: At the same time as the
commencement of the provisions in Schedule 1, Part 1, Division 2 of the Bill
(see above).
|
Amends the ASIO Act to:
- provide
that a decision under the Foreign
Acquisitions and Takeovers Act 1975 does not constitute prescribed
administrative action (gives effect to recommendation 197 of the Comprehensive
Review)
- clarify
the application of the definitions in section 35 throughout Part IV of the ASIO
Act
- enable
ASIO to make a preliminary communication to Commonwealth agencies, states or
authorities of a state on an urgent and temporary basis, where the
information could be used for the purposes of certain prescribed
administrative action (gives effect to recommendation 198 of the Comprehensive
Review)
- enable
a Commonwealth agency to take certain prescribed administrative action as a
matter of urgency on the basis of a communication made by ASIO not amounting
to a security assessment, pending the furnishing of a security assessment.
|
|
Schedule 1, Part 3
|
The earlier of Proclamation or 6 months after Royal
Assent.
|
Amends the ASIO Act to:
- require
ASIO to notify the Inspector-General of Intelligence and Security where
certain security assessments are not furnished within 12 months (gives effect
in part to recommendation 199 of the Comprehensive Review) and
- require
the Director-General of ASIO to make a written protocol for dealing with
delayed security assessments.
|
|
Schedule 2, Part 1
|
The day after Royal Assent.
|
Amends the Intelligence
Services Act 2001 (IS Act) to:
- provide
that the Director-General of the Australian Secret Intelligence Service
(ASIS) and Director-General of the Australian Signals Directorate (ASD) can
authorise the use of a Commonwealth authority as the cover employer for staff
members of ASIS and ASD, or former staff members of ASIS and ASD, including
where the person became a staff member before the amendments commence or
requires cover employment for a period that occurred before the amendments
commence. The amendments will also provide an immunity from criminal
liability for persons who facilitate, or provide support in furtherance of
those cover arrangements. This gives effect to recommendation 70 of
the Comprehensive Review.
Amends the ASIO Act to:
- provide
that the Director-General of ASIO can authorise the use of an authority of
the Commonwealth as the cover employer for ASIO employees and affiliates, or
former ASIO employees and affiliates, including where the person became an
employee or affiliate before the amendments commence or requires cover
employment for a period that occurred before the amendments commence. This
gives effect to recommendation 71 of the Comprehensive Review.
|
|
Schedule 2, Part 2
|
The day after Royal Assent.
|
Amends the IS
Act to consolidate secrecy offences which are aimed at protecting the identity
of staff members of agencies that are regulated by the IS Act (namely ASIS,
ASD, the Australian Geospatial-Intelligence Organisation (AGO) and the Defence
Intelligence Organisation (DIO)). This gives effect to recommendation 143
of the Comprehensive Review.
|
|
Schedule 2, Part 3
|
The day after Royal Assent.
|
Amends the Administrative
Appeals Tribunal Act 1975 (AAT Act) and the Archives Act
1983 to make exempt records that identify ASIO or ASIS employees or
affiliates. This gives effect to recommendation 190 of the Comprehensive
Review.
|
|
Schedule 2, Part 4
|
The day after Royal Assent.
|
Amends the ASIO Act, and makes consequential
amendments to a number of other Commonwealth Acts, to:
- strengthen
the protection of identities of ASIO employees or ASIO affiliates, by
modernising and updating the publication offence under section 92 of the ASIO
Act
- create
a new offence relating to the disclosure of the identity of ASIO officers and
affiliates, to bring them into closer alignment with those afforded to ASIS
officers under the IS Act.
|
|
Schedule 3, Part 1
|
The day after Royal Assent.
|
Amends the IS Act to:
- adjust
the sequencing of the ministerial authorisation process to enable the
Minister for Foreign Affairs and the Minister for Defence to authorise ASIS,
ASD and AGO to undertake activities relating to an Australian person (who is
likely to be involved in activities likely to be a threat to security) and
then seek the Attorney-General’s agreement to the authorisation (which still
must be obtained, either orally or in writing, before the authorisation takes
effect). This gives effect to recommendation 2 of the Comprehensive
Review
- clarify
that the Minister for Foreign Affairs and the Minister for Defence can
authorise ASIS, ASD and AGO to undertake activities relating to an Australian
person who is likely to be involved in activities that present a risk to
their own safety, or are themselves involved in activities relating to a
contravention of a UN sanction enforcement law.
|
|
Schedule 3, Part 2
|
The day after Royal Assent.
|
Amend the ASIO Act and the Telecommunications
(Interception and Access) Act 1979 (TIA Act) to remove the
ability for a junior Minister to exercise a power under these Acts. This
gives effect to recommendation 17 of the Comprehensive Review.
|
|
Schedule 3, Part 3
|
The day after Royal Assent.
|
Amend the ASIO Act to permit only the
Director-General of ASIO to apply for an authority to conduct a special
intelligence operation on behalf of ASIO. This gives effect to recommendation
68 of the Comprehensive Review.
|
|
Schedule 4, Part 1
|
The day after Royal Assent.
|
Amend the ASIO Act to allow the Director-General
of ASIO to delegate their power or function to furnish non-prejudicial
security clearance suitability assessments to an ASIO employee or affiliate
irrespective of what position within ASIO the person holds.
|
|
Schedule 4, Part 2
|
At the same time as the commencement of the provisions
in Schedule 1, Part 3 of the Bill (see above).
|
Amend the ASIO Act to:
- require
ASIO to notify the Inspector-General of Intelligence and Security (IGIS)
where certain security clearance decisions and security clearance suitability
assessments are not made or furnished within 12 months (gives effect in part
to recommendation 199 of the Comprehensive Review)
- require
the Director-General of ASIO to make a written protocol for dealing with
delayed security clearance decisions and delayed security clearance
suitability assessments.
|
Background
Australia’s
National Intelligence Community
Australia’s National Intelligence
Community (NIC) is collectively made up of a number of agencies and
departments that operate under a range of Commonwealth legislation. The
Australian Intelligence Community (AIC) was initially comprised of six
agencies:
- Australian
Geospatial-Intelligence Organisation (AGO)
- Australian
Signals Directorate (ASD)
- Australian
Secret Intelligence Service (ASIS)
- Australian
Security Intelligence Organisation (ASIO)
- Defence
Intelligence Organisation (DIO) and
- Office
of National Intelligence (ONI).
The 2017 Independent
Intelligence Review led to the creation of the NIC, consisting of the six
members of the AIC, plus the following law enforcement agencies/department:
- Australian
Criminal Intelligence Commission (ACIC)
- Australian
Federal Police (AFP)
- Australian
Transaction Reports and Analysis Centre (AUSTRAC) and
- Department
of Home Affairs (Home Affairs).[1]
As noted in the
Comprehensive Review:
The NIC brings together within the one framework those
agencies that need to work closely together in the national interest. However,
the additional four are not intelligence agencies per se, having a range of law
enforcement, regulatory and policy responsibilities.[2]
The ability of NIC agencies to share information is
primarily guided by the core legislation under which each agency operates,
though is also regulated by information sharing provisions in other
Commonwealth legislation (for example, the Telecommunications
(Interception and Access) Act 1979).
Accountability
and oversight bodies
Australia’s current accountability and oversight framework
for the NIC consists ‘of a number of specialised bodies independent of the
Government and each other and the agencies they oversee’.[3]
These include:
While the NIC has expanded, it has continued to operate
with the same ‘oversight and accountability framework’, which has not ‘been
reformed since the formation of the community’, as the Attorney-General noted
in his second
reading speech for the Intelligence Services Legislation Amendment Bill 2023,
which is currently before the Parliament. That Bill addresses several key recommendations
from the 2017 Independent Intelligence Review and the 2020
Comprehensive Review of the Legal Framework of the National Intelligence
Community with respect to amending current oversight arrangements.
Recent
intelligence reviews
Independent reviews of Australia’s intelligence community
are undertaken every five to seven years, with the most recent review
undertaken in 2017. Detail on the 2017
Independent Intelligence Review, completed by Michael L’Estrange, Stephen Merchant
and Sir Iain Lobban is available in a Parliamentary Library Briefing Book
article on Intelligence
community reforms. Additional information can be found in the Bills
Digest for the Intelligence
Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020
and the PJCIS
report on that Bill and various submissions.
More recently, the 2023–24 Budget provided additional
resourcing to the Department of the Prime Minister and Cabinet to support the
next Independent Intelligence Review (p.
193), which is due in 2024 and will be undertaken
by Dr Heather Smith and Richard Maude. The Terms
of Reference for the 2024 Independent Intelligence Review were released in
August 2023, and outlined that the review would be completed in the first half
of 2024. The Review will consider:
-
The impact of the implementation of the recommendations of the 2017
Independent Intelligence Review and the 2019 Comprehensive Review, including
the benefits of the establishment of the Office of National Intelligence, the
expansion to create the NIC, and the effectiveness and outcomes of the Joint
Capability Fund;
-
How effectively the NIC serves, and is positioned to serve, national
interests and the needs of Government, including in response to the
recommendations of recent reviews relevant to defence and security, and the
evolving security environment;
-
The status, risks and potential mitigations of major investments in the
NIC since 2017;
-
Topics identified by the 2019 Comprehensive Review for consideration by
future reviews, and whether further legislative changes are needed;
-
Whether workforce decisions by the NIC at both the agency and community
levels reflect a sufficiently strategic response to current and future
workforce challenges, anticipate future capabilities of other states so we are
best positioned to counter threats, are in line with the Australian Public
Service commitments to diversity and inclusion and offer options if recruitment
targets cannot be met;
-
NIC preparedness in the event of regional crisis and conflict;
-
Whether the use of the classification system by the NIC achieves the
right balance between protecting sensitive information and providing decision
making advantages to policy makers and operators; and
-
Whether current oversight and evaluation mechanisms are effective and
consistent across the NIC.
Comprehensive
Review
The unclassified report of the 2020
Comprehensive Review of the Legal Framework of the National Intelligence
Community, (Comprehensive Review) was released publicly in December 2020
and represented the first ‘wholesale review of the legislative framework’
underpinning NIC work.[4]
The Comprehensive Review’s focus on national intelligence
legislation responded to recommendation 15 from the 2017 Independent
Intelligence Review which stated:
A comprehensive review of the Acts governing Australia’s
intelligence community be undertaken to ensure agencies operate under a
legislative framework which is clear, coherent and contains consistent
protections for Australians. This review should be carried out by an eminent
and suitably qualified individual or number of individuals, supported by a
small team of security and intelligence law experts with operational knowledge
of the workings of the intelligence community.[5]
The Terms of Reference for the Comprehensive Review
focused on making improvements to Commonwealth legislation, in order to,
amongst other things:
- facilitate
the general co-ordination and appropriate control and direction of each agency
comprising the NIC in relation to the exercise of intelligence powers and
functions, and of the NIC as a whole
- support
the effective co-operation, liaison and sharing of information between NIC
agencies, and between NIC agencies and Commonwealth, state, territory, foreign
government and other partners, for intelligence purposes
- support
the intelligence purposes, functions, administration and staffing (including
recruiting) of each agency comprising the NIC
- provide
for accountability and oversight that is transparent and as consistent across
the NIC agencies as is practicably feasible.[6]
The Comprehensive Review noted that the legislative
framework within which NIC agencies operate is complex, in some cases unnecessarily
so, and made a number of recommendations ‘designed to alleviate unnecessary
complexity’.[7]
However, the Review also stated that ‘in other areas, it is necessary for the
legislative framework to be complex, given it is designed to strike a balance
between individual rights and collective security’:
Too often during the Review, proposals to ‘clarify’ or
‘streamline’ legislation amounted to no more than a bid to extend powers or
functions. Government should be sceptical of calls for legislative clarity—very
often such claims do not withstand even modest inquiry.[8]
A range of Bills have previously responded to the
Comprehensive Review’s 203 recommendations. In addition to information
contained in the Bills Digests for the Intelligence
Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020
and the Intelligence
Services Legislation Amendment Bill 2023, further context can be found in
Bills Digests listed below for earlier Bills specifically addressing the
Comprehensive Review’s recommendations:
While there does not appear to be a formal record of which
recommendations have been implemented, in April 2023 the Government stated that
as of January 2023, 30 of the 203 recommendations from the Richardson Review had
been implemented, 53 did not require implementation and 120 (including the 10
in the National
Security Legislation Amendment (Comprehensive Review and Other Measures No. 2)
Bill 2023 which has now been enacted) remained ‘in progress’.[9]
Committee
consideration
Parliamentary
Joint Committee on Intelligence and Security
On 7 December 2023, the Bill was referred to the PJCIS for
inquiry and report. Details of the inquiry are at Review
of the National Security Legislation Amendment (Comprehensive Review and Other
Measures No. 3) Bill 2023.
Senate
Standing Committee for the Scrutiny of Bills
The Committee considered the Bill in its Scrutiny Digest 1
of 2024 and made substantial comments in relation to the reversal of the burden
of proof with respect to proposed subsection 92(2) of the ASIO Act,
at item 39 of Schedule 2 (this is discussed in more detail in the
‘Key issues and provisions’ section of this Bills Digest).[10]
Policy
position of non-government parties/independents
At the time of writing, the Bill does not appear to have
attracted public comment from non‑government parties and independents.
Position of
major interest groups
At the time of writing, the Bill does not appear to have
attracted public comment from major interest groups.
Financial
implications
The Government advises that the Bill
has nil
financial impacts (p. 4).
Statement
of Compatibility with Human Rights
As required under Part 3 of the Human Rights
(Parliamentary Scrutiny) Act 2011, the Government has assessed the Bill’s
compatibility with the human rights and freedoms recognised or declared in the
international instruments listed in section 3 of that Act. The Government
considers that the Bill is compatible.[11]
Parliamentary
Joint Committee on Human Rights
With respect to the changes to secrecy offences in
Schedule 2, the Parliamentary Joint Committee on Human Rights (PJCHR) noted
that these amendments engage and limit the right to freedom of expression,
however:
…noting the proposed amendments do not expand the scope of
existing secrecy offences and the government’s recent agreement to implement
the recommendations of the Attorney-General’s Department’s Review of Secrecy
Provisions Final Report, the committee makes no comment on these proposed
amendments at this stage.[12]
The PJCHR also noted the changes in Schedule 3 and reiterated
its previous comments regarding the human rights compatibility of ministerial
authorisations for intelligence activities. [13]
The PJCHR has previously stated that these measures may engage and limit the
rights to privacy, equality and non-discrimination and life. While these rights
may be subject to permissible limitations if they are shown to be reasonable,
necessary, and proportionate, the PJCHR has previously raised questions about
the proportionality of limitations with respect to ministerial authorisations
for intelligence activities.[14]
Key issues
and provisions
Schedule 1
of the Bill – ASIO security assessments
Part IV of the ASIO Act authorises ASIO to conduct security
assessments. As explained in the Comprehensive Review, a security assessment is
essentially:
- an
external written communication
- furnished
by ASIO
- to
a state or Commonwealth government body
- in
relation to a person (including a body corporate)
- which
contains a recommendation, opinion or advice on:
- whether
it would be consistent with the requirements of security for prescribed
administrative action to be taken, or
- whether
the requirements of security make it necessary or desirable for prescribed
administrative action to be taken in respect of a person.[15]
There are three kinds of security assessments:
- non-prejudicial
assessments—which are not prejudicial to a person’s interests
- qualified
assessments—which contain information that is, or could be, prejudicial to a
person’s interests, but do not make a recommendation that certain action be
taken in relation to that person which, if implemented, would be prejudicial to
the person’s interests and
- adverse
assessments—which contain information that is, or could be, prejudicial to a
person’s interests, and make a recommendation that certain action be taken in
relation to that person which, if implemented, would be prejudicial to the
person’s interests.[16]
Qualified and adverse security assessments are known as
‘prejudicial’ security assessments and generally attract rights of notice and
review through the Administrative Appeals Tribunal (AAT).[17]
While one of ASIO’s core functions is to communicate intelligence
for purposes relevant to security to appropriate persons,[18]
the ASIO Act prohibits:
- a
Commonwealth agency from taking prescribed administrative action on the basis
of any communication made by ASIO in relation to a person which does not amount
to a security assessment and
- ASIO
from making any communication to a state, which it knows is intended or likely
to be used by that state in considering prescribed administrative action
against a person, except in the form of a security assessment.[19]
However, a Commonwealth agency may take temporary action
on the basis of such a communication from ASIO if it is necessary for the
requirements of security pending ASIO’s assessment.[20]
The ASIO Act does not define ‘temporary action’ for the purposes of
making such a communication.
Common examples of actions that amount to ‘prescribed
administrative action’ include decisions to:
Key
provisions
Changes to
prescribed administrative action
The key provisions in Schedule 1 of the Bill
respond to several of the recommendations of the Comprehensive Review and amend
the ASIO Act to make changes to what constitutes a prescribed
administrative action. These include:
- recommendation
193, relating to extending the definition of prescribed administrative
action to include decisions relating to parole, firearms licences and security
guard licences (see proposed paragraphs 35(1)(g) and (h), at item 1 of Schedule 1)[22]
- recommendation
194, about enabling new categories of ‘prescribed administrative action’ to
be prescribed by the regulations (see proposed paragraphs 35(1)(i) and
proposed section 36AA, at items 6 and 7 of Schedule 1)[23]
and
- recommendation
197, about excluding decisions under the Foreign
Acquisitions and Takeovers Act 1975 from the definition of ‘prescribed
administrative action’ (see proposed subsection 35(1A), at item 11
of Schedule 1).[24]
With respect to the new power to make regulations to allow
new categories of ‘prescribed administrative action’, an action may only be
prescribed where it has the potential to affect an individual’s liberty or
livelihood and matters relating to security would be a primary consideration in
deciding to take that action. This reflects the views put forward in the
Comprehensive Review on which types of ASIO communications should be subject to
the notification and review rights in Part IV of the ASIO Act.[25]
The PJCIS must review any regulations as soon as possible
after they are they are made and provide a report to each House before the end
of the relevant disallowance period (see proposed subsection
36AA(2), at item 7 of Schedule 1). Proposed subsections
36AA(3) and (4) extend the applicable disallowance period for the
regulations, depending on when the PJCIS provides its report under proposed
subsection 36AA(2). According to the Explanatory
Memorandum, this will ensure that each House of Parliament has at least a
week from when the report is tabled in that House to consider the regulations
in light of the Committee’s comments and recommendations (p. 22).
Temporary
actions by Commonwealth agencies
Currently a Commonwealth agency may take action of a
temporary nature on the basis of a preliminary communication by ASIO (that is,
a communication which is not provided in the form of a security assessment) to
prevent:
- access
by a person to any information or place, access to which is controlled or
limited on security grounds or
- a
person from performing an activity in relation to, or involving, a thing (other
than information or a place), if the person's ability to perform that activity
is controlled or limited on security grounds
if the Commonwealth agency is satisfied that the
requirements of security make it necessary to take that action as a matter of
urgency, pending the furnishing of an assessment by ASIO.[26]
The ASIO Act is silent on what would constitute
action of a temporary nature and there do not appear to be any grounds of
recourse where a person has suffered harm as a result of a temporary action
(though a person could make a complaint to the IGIS).
The provisions in Division 4 of Part 2 of Schedule 1 would
amend the ASIO Act to provide that a Commonwealth agency may take action:
- that
is of a temporary nature and is of a kind referred to in paragraphs (g) and (h)
of the definition of prescribed administrative action in subsection 35(1) (being
decisions relating to parole, firearms licences and licences to work as a
security guard)
- that
is of a temporary nature and is prescribed administrative action of a kind referred
to in paragraph (i) of the definition of prescribed administrative action in
subsection 35(1) and has been prescribed in the regulations (the new classes of
prescribed administrative action discussed above)
if on the basis of a preliminary communication by ASIO,
the Commonwealth agency is satisfied the requirements of security make it
necessary to take action as a matter of urgency, pending the furnishing of a
security assessment.
Preliminary
communication to states
The provisions in Division 3 of Part 2 of Schedule 1 of
the Bill will also amend the ASIO Act to make changes to how ASIO can
communicate information to relevant parties. Currently Part IV of the ASIO
Act treats the communication of security advice by ASIO in urgent
circumstances differently depending on whether that advice is being
communicated to a Commonwealth agency, or a state or territory agency.
Recommendation 198 of the Comprehensive Review outlined
that amendments to the ASIO Act were required to ensure that ASIO could
communicate information to a state or territory agency in an urgent manner where
the requirements of security make it necessary to take action of a temporary
nature pending the furnishing of a security assessment.[27]
Proposed subsections 40(1A) and (1B), at item 18 of Schedule 1
will allow ASIO to make a preliminary communication (that is, a communication
which is not provided in the form of a security assessment), whether directly,
or indirectly through a Commonwealth agency, to a state or an authority of a state
for the purpose of enabling that state or authority to take certain temporary action,
where it would be necessary as a matter of urgency to take that action.
Recommendation 198 also outlined that as provided
for when communicating information to a Commonwealth agency, a security
assessment must be subsequently furnished by ASIO to the state or territory
agency to which it has provided, directly or indirectly, the preliminary
information. This is reflected in the proposed amendments. However, no time
limit is imposed with respect to when the security assessment must be provided,
although the Explanatory
Memorandum states a security assessment should be done ‘as soon as
reasonably practicable (p. 25).
Notification of delayed
security assessments
The provisions in Part 3 of Schedule 1 of the Bill will
amend the ASIO Act to require that ASIO notify the IGIS when there have
been delays of more than 12 months to finalise a security assessment. These
provisions partly address recommendation 199 of the Comprehensive Review, which
stated:
The Australian Security Intelligence Organisation Act should
be amended to require ASIO to notify the IGIS in every instance where it has
taken more than 12 months to finalise a security assessment, and subject to the
requirements of security, notify the individual in writing of their ability to
make a written complaint under the Inspector-General of Intelligence and
Security Act. If the requirements of security do not permit notification of the
individual, IGIS must be notified of this fact.[28]
The Review outlined that having a reporting requirement to
the IGIS, and a notification to the affected individual, balanced ‘the need to
allow ASIO to carefully consider complex cases in the interests of security
with the right of the individual to have that assessment finalised in a timely
manner’.[29]
The Review further noted that ‘[g]iven such a high proportion of these complex
cases ultimately result in non-prejudicial assessments, it is particularly
important that the individuals the subject of the assessments understand the
options available to facilitate their conclusion’.[30]
The previous Government’s response to the Comprehensive
Review did not agree with the recommendation that ASIO notify the individual of
their ability to make a complaint to the IGIS:
IGIS will be given greater visibility of lengthy security
assessments and will be able to consider the reasons for, and reasonableness
of, the delay in finalising them through the requirement for ASIO to notify the
IGIS. This approach avoids any risk of individuals and their associates gaining
an understanding of the precise prioritisation of ASIO’s categories of security
assessments, which may allow those people to modify their behaviour and
activities to obscure matters of security interest. The Review’s recommendation
that ASIO notify individuals of their ability to make a complaint to the IGIS
was intended to ensure that individuals were aware of this right. As such, the
Government considers that the most appropriate solution is for individuals to
be better alerted to that right, for example through changes to relevant
application forms or guidance material.[31]
Part 2 of Schedule 4 of the Bill makes similar amendments
with respect to delayed security clearance decisions and security clearance
suitability assessments.
The provisions also set out authorisation requirements,
providing that an ASIO employee or affiliate at a rank equivalent to or higher
than SES can be authorised by the Director-General of Security, in writing, to
authorise ASIO to ‘make a preliminary communication to a state or an authority
of a state’ if they are ‘satisfied the requirements of security make it
necessary as a matter of urgency for the state or authority to take’ urgent
temporary action’ (proposed subsection 40(4), at item 21 of Schedule
1).
Key issues
Exceptions
to communications relating to security guard licences and firearms licences
Items 3 and 4 of Schedule 1 of the Bill create exceptions
to the restrictions in subsections 39(1) and 40(2) of the ASIO Act which
prevent Commonwealth agencies:
- from
taking, refusing to take or refraining from taking prescribed administrative
action on the basis of communications by ASIO that does not amount to a
security assessment and
- from
furnishing information, recommendations, opinions or advice (except in the form
of a security assessment) to states or authorities of a state where ASIO knows
the state or authority intends or is likely to use the recommendation, opinion
or advice in considering prescribed administrative action
with respect to communications relating to security guard
licences and firearms licences.
These exceptions will allow ASIO to communicate information
to authorities of the Commonwealth or state that ASIO has received in the
course of ASIO performing its functions where the information relates to the
commission or intended commission of a serious crime, communications in the
national interest or for the purposes of co-operating with or assisting another
body in the performance of that body’s functions. It is unclear whether this is
in line with the intention of recommendation 193 of the Comprehensive Review,
particularly given the proposed provisions in the Bill which expand the ability
of ASIO to make preliminary communications to Commonwealth and state agencies.
Expansion of
the ability of a Commonwealth Agency to take temporary actions
While providing for the need for a high level of
authorisation for the communication of preliminary information, the ASIO Act
does not set out any requirements for mandatory record keeping or reporting to
IGIS or for detailing in an annual report the number of such urgent communications
made to state and/or Commonwealth authorities per year, and whether security
assessments were subsequently provided and the time frame in which they were completed.
Instead, the use of such provisions is reviewed by the IGIS as part of its
inspection and compliance monitoring functions.[32]
The ASIO Act also does not identify avenues for recourse
for any person adversely affected by a temporary action or actions undertaken by
a Commonwealth entity because of an ASIO communication that was incorrect
and/or based on judgements that were wrong.[33]
The broad scope of ‘temporary actions’ within the provision (not only in terms
of current prescribed administrative action but also in the future as a result
of regulation-making power) means that it is possible that a person could be
adversely affected as a result of a communication that was based on incorrect
information or judgements, and have few if any review or appeal rights.
Compliance
with Australia’s trade and investment treaties
The Bill will exempt ASIO’s security assessments prepared
for the purpose of advising the Foreign
Investment Review Board on whether an investment is in Australia’s national
interest from the notification and review requirements in Part IV of the
ASIO Act. While this implements recommendation 197 of the Comprehensive
Review, in making the recommendation Dennis Richardson noted it would ‘need to
be tested against the detail of each of Australia’s trade and investment
treaties’.[34]
While Australia’s more modern trade and investment
agreements exclude its foreign investment policy from investment law
claims brought by foreign investors (and in some cases foreign states), some of
the older treaties do not offer the same level of protection.[35]
Schedule 2
of the Bill – Protecting identities of employees within the NIC
Key
provisions and issues
Cover
arrangements for ASIS, ASIO and ASD officers
Provisions in the IS Act and ASIO Act make
it an offence to identify a person (including a person identifying themself) as
a current or former ASIS or ASIO employee or affiliate or to make public
information from which their identity could reasonably be inferred.[36]
As noted in the Comprehensive Review, these provisions are necessary to protect
the identity of ASIS and ASIO officers from hostile foreign intelligence
services.[37]
To avoid breaching these provisions, ASIS and ASIO
officers use a cover employer (usually a Commonwealth department) in a wide
range of personal situations where the person’s employer needs to be provided,
including for banking and insurance purposes.[38]
Concerns were raised by ASIS as part of its submission to the Comprehensive
Review that such arrangements may be in breach of relevant provisions in the Criminal
Code which prevent a person from falsely representing themselves as a
Commonwealth officer in a particular capacity. While the Review did not agree
with these concerns, it supported greater clarity on this issue and therefore
recommended that the relevant legislation be amended to allow ASIS and ASIO
officers to use cover identities as authorised by the Director-General of the
relevant agency (recommendations 70 and 71).[39]
Part 1 of Schedule 2 of the Bill will amend the IS Act
and ASIO Act to give effect to these recommendations. However, the
proposed amendments will also allow the Director-General of the Australian
Signals Directorate (ASD) to authorise the use of a Commonwealth authority as
the cover employer for staff members of ASD, which was not specifically
recommended as part of the Comprehensive Review. While the Comprehensive Review
considered the merits of introducing a specific secrecy offence prohibiting the
disclosure of information identifying an ASD employee, it recommended that such
an offence was not required at this time.[40]
This was due to there being ‘no risk to the life or safety of informants and
sources (which provides strong justification for these offences for ASIO and
ASIS) in the case of ASD due to the different nature of its work’.[41]
Exemption
from the Archives Act
The Archives Act creates an access regime under
which members of the public (either by request or through public release) can
access Commonwealth records after a certain period, which applies to all NIC
agencies. There are broad exemptions that apply with respect to the release of
information, which include information or a matter that:
- could
cause damage to the defence, security or international relations of the
Commonwealth
- was
communicated in confidence from a foreign entity and that entity confirms its
ongoing confidentiality (which would be reasonable to maintain)
- would
constitute a breach of confidence
- would
or could reasonably be expected to prejudice the conduct of an investigation,
reveal a confidential source or endanger the physical safety of any person
- would
or could reasonably be expected to prejudice the fair trial of a person, affect
enforcement of law or protection of public safety and
- would
involve the unreasonable disclosure of information relating to the personal
affairs of any person.[42]
The National Archives of Australia (NAA) is responsible
for deciding on the release of records requested under the Archives Act.
If an applicant is dissatisfied with the decision, they can seek internal
review followed by a review by the AAT. The NAA holds many ASIO records on the
investigation and surveillance of people, groups and organisations.[43]
The Comprehensive Review considered the existing
exemptions under the Archives Act, including whether there should be a
class exemption under the Act for documents that reveal the identities of ASIS
and ASIO staff members or agents and other sensitive material relating to
intelligence agencies. While some submitters argued for a class exemption for
intelligence documents more broadly, the Review did not support this and
instead recommended that only the identities of ASIO and ASIS staff members and
agents should be protected from disclosure under the Archives Act
(recommendation 190).[44]
The provisions contained in Schedule 3 of Part 2 of the Bill amend the AAT
Act and the Archives Act to give effect to this recommendation.
In making this recommendation, the Comprehensive Review
noted that the ‘Parliament has recognised that the identities of ASIS and ASIO
officers are protected, to the point of creating an offence for disclosure’ and
‘archival exemption of ASIO and ASIS identities would be consistent with that
policy intent and ensure it is given full effect’.[45]
Protecting
the identity of ASIO employees and ASIO affiliates
As discussed above, section 92 of the ASIO Act
currently prohibits the publication of information about an ASIO employee or ASIO
affiliate except where the Minister or the Director-General of ASIO has
consented to its publication. Currently section 92 outlines certain methods of
publication which do not include more modern means of communication, such as
social media.
Item 39 of Schedule 2 of the Bill will repeal and
replace section 92 to modernise the publication offence by removing reference
to specific types of publication in favour of a blanket inclusion of all
publication methods. As stated in the Explanatory Memorandum:
The existing designation of specific methods of publication
rather than a blanket inclusion of all methods resulted in a potential gap in
the legislation whereby methods of publication not specifically mentioned may
not be considered as an offence. (p. 14)
These amendments follow the inadvertent publication of the
name of an ASIO officer by Annastacia Palaszczuk’s office as part of the routine
online release of the then Premier’s diaries in 2019, which was then shared
online and on other social media.[46]
Proposed subsections 92(2) and 92(3) introduce two exceptions
with respect to the new offence in proposed subsection 92(1) which will
allow a person to make public information about the identity of ASIO
employees/affiliates where:
- the
Minister or the Director-General has consented, in writing, to the information
being made public (proposed subsection 92(2)) or
- the
information relates to a person who is a former employee/affiliate, that person
has consented to, caused or authorised the publication of the information and
that person is not the person causing or permitting the information to be made
public (proposed subsection 92(3)).
The Senate Scrutiny of Bills Committee raised concerns in
relation to the reversal of the evidential burden of proof with respect to proposed
subsection 92(2):
The committee notes that while written consent provided by
the Minister or the Director-General, to making identifying information public,
may only be made in exceptional circumstances, it is not clear to the committee
why the evidential burden has been reversed in relation to this exception. It
is not apparent to the committee that the Minister or the Director-General’s
written consent would be a matter peculiarly within the defendant’s knowledge
as the Minister or the Director-General would also have knowledge of such
consent and would also be able to provide it as evidence if required. Further,
it is not clear to the committee that obtaining or disproving such information
would be significantly more costly or difficult for the prosecution.
The committee also notes that under existing subsection 92(1)
of the ASIO Act, disproving the existence of written consent of the Minister or
Director-General is an element of the offence of making information public that
can identify an ASIO employee, former ASIO employee or ASIO affiliate. It is
unclear to the committee why, in modernising the wording of the offence, it was
necessary to create an additional defence, when previously it was sufficient
for the matter to exist as an element of the offence.[47]
The Committee has sought the Minister’s advice on this
matter.[48]
The creation of the exception, instead of the current approach of having
consent by the Minister/Director-General as an element of the offence, may also
make it more challenging when dealing with a disclosure relating to the
identity of a former ASIO officer whose identity has previously been disclosed
as it may not be clear whether consent was provided. This may have implications
for academics or journalists.
Proposed section 92 removes the exception that
currently applies with respect to broadcasting or reporting of Parliamentary
proceedings. It also clarifies the existing exception in subsection 92(1B) for
publication of information relating to former ASIO employees or affiliates who
have consented to the publication, or caused or permitted the information to be
made public. Proposed subsection 92(3) clarifies that this exception
does not apply if the person making the information public, or causing or
permitting the information to be made public, is the former ASIO employee or
affiliate. The Explanatory Memorandum explains the reasoning behind this
change:
This change would ensure that former ASIO employees or
affiliates cannot unilaterally publicly ‘self-declare’ their ASIO affiliation.
When the existing subsection 92(1B) exception was first conceived, a
self-declaration would not necessarily have an impact on other officers or
affiliates around them. Modern technology, however, has meant this is no longer
the case, and it is now necessary to clarify the operation of this exception.
If a former ASIO employee or affiliate were to publicly
self-declare their association with ASIO, other ASIO employees or affiliates
around them who are digitally linked to them, whether through social media or
other digital means, can be discovered. Public self-declarations are not only
the business of the former ASIO employees or affiliates, and it is necessary to
clarify the operation of the exception so that it is clear it cannot be relied
upon by former ASIO employees or affiliates. Former ASIO employees or
affiliates will still, however, be able to seek the permission of the Minister
or Director-General to publicly declare their affiliation with ASIO. (p. 47)
In 2012, it was reported that ‘a survey by Fairfax Media
has discovered more than 200 former and present intelligence officers who have
disclosed their classified employment in profiles on LinkedIn, other
professional networking sites and social media including Facebook and Twitter’.[49]
Item 39 of Schedule 2 of the Bill will also amend
the ASIO Act to introduce proposed section 92A. Proposed subsection
92A(1) provides that a person commits an offence if they either disclose,
or engage in conduct that results in the disclosure of, information that
identifies or could reasonably lead to establishing the identity of, a current
or former ASIO employee or ASIO affiliate, or such an identity could be
reasonably inferred from the information. Proposed paragraph
92A(1)(c) provides that a person only commits the offence if they intend
to, or the know the disclosure will, endanger the health or safety of a person,
or intend to, or know that the disclosure will, prejudice the effective
performance of the functions or duties, or the effective exercise of the powers
of ASIO. The maximum penalty for breaching proposed section 92A is
imprisonment for 10 years and a prosecution may only be commenced by, or with
the consent, of the Attorney-General.
According to the Explanatory Memorandum (p. 48), the
introduction of this offence brings protections for ASIO officers closer to
those afforded to ASIS officers under section 41 of the IS Act.
However, section 41 of the IS Act does not include the additional
elements of the offence specified in proposed paragraph 92A(1)(c).
According to the Explanatory Memorandum (p. 48), ‘this is appropriate given the
differing operating contexts of ASIO and ASIS employees and affiliates’. However,
the reference to prejudicing the ‘effective performance of ASIO’s functions and
duties, or the effective exercise of ASIO’s powers’ in proposed paragraph
92A(1)(c) may be construed widely and arguably some forms of public
interest journalism or academic publication may be captured by the new offence.
It is also not clear whether a disclosure relating to the identity of a former
ASIO officer whose identity has previously been disclosed with the written
consent of the Attorney-General/Director-General would be captured by proposed
subsection 92A where the disclosure may be argued as endangering the health
or safety of a person, or prejudicing the effective performance of the
functions or duties, or the effective exercise of the powers of ASIO.
The creation of this new offence was also not recommended
as part of the Comprehensive Review, which examined the current secrecy offences,[50]
with the Explanatory Memorandum stating it is necessary ‘in light of the
deteriorating security environment’ (p. 48). However, given the Comprehensive
Review was finalised in December 2019 it is unclear how much has changed to
warrant stronger protections for ASIO officers.
The Explanatory Memorandum also states that proposed
sections 92 and 92A ‘have been developed with reference to the principles
for framing secrecy offences agreed
to by the Government to implement the Commonwealth
Government’s Review of Secrecy Provisions Final Report’ (p. 46). The Final
Report was released by the Government on 21 November 2023 and proposes 11
recommendations to guide future work to:
- reduce
the number of secrecy provisions
- support
a consistent approach to the framing of secrecy provisions
- maintain
essential protections for Commonwealth information
- respond
to stakeholder concerns about the impact of secrecy provisions on press
freedom.[51]
Schedule 3
of the Bill – Authorisations for intelligence activities
Changes to
the ministerial authorisation framework
Australia’s foreign intelligence agencies (ASIS, AGO and
ASD) may, in certain circumstances, collect intelligence on Australians if they
obtain a ministerial authorisation from the responsible minister.
Section 8 of the IS Act provides that the
responsible Minister (the Foreign Minister for ASIS, and the Defence Minister
for AGO or ASD) must issue a written direction, that amongst other things, must
require the relevant agency to obtain an authorisation before undertaking
activities for the specific purpose of producing intelligence on, or that will,
or are likely to, have a direct effect on, an Australian person. The IS Act
does not clarify what is meant by ‘direct effect’ and the Comprehensive Review
noted that ‘submissions to the Review demonstrated differing interpretations
across agencies about what constitutes a direct effect or a direct effect
activity’.[52]
Section 9 of the IS Act provides that, before the
responsible Minister may give an authorisation, the Minister must be satisfied
of a number of matters, including that the Australian person (or class of
persons) is, or is likely to be, involved in one or more of the following
activities:
- activities
that present a significant risk to a person’s safety
- acting
for, or on behalf of, a foreign power
- activities
that are, or are likely to be, a threat to security
- activities
that pose a risk, or are likely to pose a risk, to the operational security of
ASIS
- activities
related to the proliferation of weapons of mass destruction or the movement of
goods listed from time to time in the Defence
and Strategic Goods List (within the meaning of regulation 13E of the Customs
(Prohibited Exports) Regulations 1958)
- activities
related to a contravention, or an alleged contravention, by a person of a UN
sanction enforcement law
- committing
a serious crime by moving money, goods or people
- committing
a serious crime by using or transferring intellectual property or
- committing
a serious crime by transmitting data or signals by means of guided and/or
unguided electromagnetic energy.[53]
Pursuant to paragraph 9(1A)(b), before the Minister may
give an authorisation in relation to a person who is, or is likely to be
involved in activities that are, or are likely to be, a threat to security,
they must first obtain the agreement of the Attorney-General. As stated in the
Comprehensive Review:
The Attorney-General’s agreement under the IS Act is not, of
itself, a ministerial authorisation. Only a responsible minister can
authorise—and be accountable for—an IS Act agency’s activities. However, the
Attorney-General’s agreement is an essential precondition before the
responsible minister can give an authorisation where the subject of the
authorisation is engaged, or likely to be engaged, in activities that are or
are likely to be a threat to security.[54]
The Attorney-General’s agreement must also be sought prior
to the Minister giving authorisation for an activity, or a series of
activities, in relation to a class of Australian persons who are, or are likely
to be involved with a listed terrorist organisation.[55]
Sections 9A, 9B, 9C and 9D of the IS Act prescribe
the arrangements in the case of emergency, including where the Minister or
Attorney-General are unavailable to make the authorisation or there is an
imminent risk to the safety of an Australian person.
Changes to
the sequencing of ministerial authorisations
The provisions in Part 1 of Schedule 3 to the Bill amend
the IS Act to enable a Minister to give an authorisation to ASIS, AGO or
ASD to undertake certain activities in respect of Australian persons, in
circumstances where Australian persons are, or are likely to be, involved in
activities that are, or are likely to be, a threat to security or, involved
with a listed terrorist organisation, without first obtaining the agreement of
the Attorney-General. This will still need to be obtained, however proposed
subsections 9(1AAC) and (1AAD) will amend the IS Act to
provide that the agreement of the Attorney-General can be provided before or
after the authorisation of the Minister.
This reflects recommendation 2 of the Comprehensive Review
which stated:
The sequencing of steps required in the Intelligence Services
Act’s ministerial authorisation process should be adjusted to enable the
responsible minister to authorise an Intelligence Services Act agency to
produce intelligence on an Australian person and then seek the
Attorney-General’s agreement to that authorisation. The authorisation would not
take effect until the Attorney-General has given agreement.[56]
The Comprehensive Review stated that it had received
evidence that ‘the agreement of the Attorney-General remains an absolutely
critical check and balance when it comes to the activities of [IS Act] agencies
in respect of Australians’.[57]
However, the Review did not agree ‘that the Attorney-General’s role in the IS
Act’s ministerial authorisation regime is an additional “check and balance” or
protection for Australians from the IS Act agencies’ covert or intrusive powers’.[58]
The Review took the view that the Attorney-General’s role is not intended to be
a procedural safeguard but rather ‘is designed to provide visibility of
proposed operational activities that relate to a threat to security to the
minister charged with authorising warranted intelligence collection for
security purposes by ASIO’ (this is discussed further below).[59]
The Comprehensive Review noted that the 2017 Intelligence
Review had also recommended changing the sequencing to remove the requirement
that the Attorney-General’s agreement be sought prior to the relevant
Minister’s authorisation, arguing that this may also reduce the time required
to process authorisations as the Attorney-General would be able to consider the
submission at the same time as the relevant Minister.[60]
Expansion of
circumstances where intelligence activities can be authorised
Item 1 of Schedule 3 will also repeal and replace
subsection 9(1A) of the IS Act to clarify the circumstances when a
Minister may authorise intelligence activities involving Australians. The
amendments will clarify the current list of circumstances in subsection 9(1A)
to explicitly include where Australian persons are involved in activities that
present a significant risk to their own safety (not just another person’s safety)
or where Australian persons are involved in activities relating to the
contravention, or alleged contravention of a United Nations (UN) sanction
enforcement law.[61]
The Explanatory Memorandum states that these amendments
are intended to clarify that the current provisions in subsection 9(1A) include
the above circumstances but does not provide any explanation for the need for
this clarification or guidance on the types of scenarios they are intended to
capture (pp. 52–53). The human rights implications of these proposed amendments
are also not discussed in the Statement of Compatibility. As discussed above,
these amendments would give intelligence agencies a broad remit to undertake intelligence
activities on a person who is involved in activities that present a significant
risk to their own safety and may include individuals who are undertaking public
interest journalism in another country or undertaking academic research.
Changes to ministerial
arrangements with respect to ASIO
ASIO can intercept telecommunications under warrants
issued by the Attorney-General pursuant to the TIA Act. Warrants for the
exercise of other intrusive powers, including searches, computer access and
surveillance devices, can be issued pursuant to the provisions of the ASIO
Act.
As noted in the Comprehensive Review, ‘ever since
legislation has provided for powers for ASIO, the Attorney-General has been
responsible for issuing warrants to ASIO’:
This approach was first reflected in the Telephonic
Communications (Interception) Act 1960 (Cth) and recently reaffirmed in the
Home Affairs and Integrity Agencies Legislation Amendment Act 2018 (Cth)
which, among other things, amended the ASIO Act and Telecommunications
(Interception and Access) Act 1979 (Cth) to retain the Attorney-General’s
role in relation to warrants and related functions, following the move of ASIO
to the Home Affairs portfolio. In contrast, the ASIO Act, as originally
introduced in 1979, referred to the minister issuing ASIO warrants, and did not
entrench a particular role for the Attorney-General—this was unnecessary given
that the Attorney-General was, until May 2018, the minister responsible for
ASIO and administration of the ASIO Act. [footnotes omitted][62]
The Comprehensive Review noted that the current
arrangements provided for in the Acts
Interpretation Act 1901 mean that references to the Attorney-General in
the ASIO Act and TIA Act also include the acting Attorney-General
or a junior portfolio minister.[63]
The Comprehensive Review stated that it ‘is not aware of
any instance in which a junior minister has issued an ASIO warrant’.[64]
However, the Review did not support the current arrangements:
The issuing of an ASIO warrant by a junior minister would
represent a fundamental departure from the principles underpinning the
ministerial warrant framework. Delegation of the Attorney-General’s power to
issue ASIO warrants would effectively ‘bypass’ the First Law Officer, and would
risk damage to public confidence in the level of control over ASIO’s activities
and, ultimately, the legitimacy of the control framework.[65]
The Review made a number of recommendations to limit the
ability of junior ministers to issues warrants, including recommendation 17:
The Australian Security Intelligence Organisation Act and any
new electronic surveillance framework (incorporating existing authorities under
the Telecommunications (Interception and Access) Act, the Surveillance Devices
Act and relevant parts of the Australian Security Intelligence Organisation
Act) should provide that powers vested in the Attorney-General in respect of
ASIO may only be exercised by the Attorney-General and not by a junior
minister. As with section 3A of the Intelligence Services Act, references to
the Attorney-General should continue to include a person acting as the
Attorney-General.[66]
The provisions in Part 2 of Schedule 3 of the Bill amend
the ASIO Act and TIA Act to provide that a reference to the
Attorney-General in either of these Acts refers only to the Minister with that
title or a person acting as the Attorney-General.
These amendments are in addition to amendments made by the
National
Security Legislation Amendment (Comprehensive Review and Other Measures No. 2)
Act 2023, which implemented recommendations 18 and 19 of the
Comprehensive Review to further limit the delegation of the Attorney-General’s
powers with respect to ASIO warrants.
Concluding comments
One of the terms of reference for the 2024 Independent
Intelligence Review is to examine the impact of the recommendations arising
from the 2017 Independent Intelligence Review and the 2019 Comprehensive Review.
However, the piece-meal approach taken by governments in implementing
recommendations from the Comprehensive Review has made it challenging to
identify the overall status of these reforms and what remains to be
implemented. This is made more challenging due to each of three main
implementing Bills also including amendments that do not directly respond to
recommendations from the Comprehensive Review.