Parliamentary Joint Committee on the Australian Security Intelligence Organisation

Review of the Australian Security Intelligence Organization Legislation Amendment Bill 1999
Submissions

Submission No. 9 - Attorney-General's Department

REVIEW BY THE PARLIAMENTARY JOINT COMMITTEE ON THE AUSTRALIAN SECURITY INTELLIGENCE ORGANIZATION

SUBMISSION BY ATTORNEY-GENERAL'S DEPARTMENT

Background

The Australian Security Intelligence Organization (ASIO), Australia's security service, was established under a Charter signed on 16 March 1949 by the Prime Minister, Mr Ben Chiefly. Since 1956 ASIO has operated under its own statute. Currently the Organization operates under the Australian Security Intelligence Act 1979 (ASIO Act).

2. The full ambit of ASIO's authorised functions is set out in subsection 17(1) of the ASIO Act. Speaking generally, those functions require ASIO to obtain intelligence relevant to security and, within Australia, foreign intelligence as well as to communicate such intelligence to Commonwealth and State authorities in accordance with the ASIO Act. 'Security' and 'foreign intelligence' are both defined in the ASIO Act; the former term meaning the protection of the Commonwealth and the States from six specified activities that are harmful to national security (eg. espionage, politically motivated violence and acts of foreign interference), and to fulfil Australia's obligations to other countries in relation to those activities. ASIO's primary purpose is to fulfil a defensive need of Australian governments and the community that is not otherwise met.

3. Inevitably ASIO will face significant difficulties in collecting relevant intelligence. It is to be expected that persons and organisations of interest to ASIO will often go to considerable lengths to conceal their activities. Frequently information relevant to ASIO's functions will be heavily protected as well as hidden. Parliament has accepted that ASIO, like other investigative agencies, needs appropriate special powers in order to obtain information in such circumstances.

4. Most of the special powers conferred on ASIO are set out in Division 2 of Part III of the ASIO Act and include the powers to search premises, use listening devices and inspect postal articles under a warrant issued by the Attorney-General. The most significant other power available to ASIO is the ability to intercept telecommunications under ministerial warrant (see Part III of the Telecommunications (Interception) Act 1979).

5. ASIO, however, is not a police force. It has no powers to detain or arrest people and the Organization may not enforce measures to prevent the activities with which it is concerned (subsection 17(2)).

6. Given the nature of its functions, the scope of the powers entrusted to ASIO will always require careful balancing of public policy. On the one hand there is a clear public interest in ASIO being adequately and appropriately equipped to safeguard Australia against threats to security as defined in the Act. Equally, however, the activities of ASIO or other authorities should not threaten individual rights and liberties.

7. Consideration should also be given to the part ASIO plays in international cooperation. ASIO, through its extensive overseas liaison network, ensures both that Australian agencies have access to relevant information from cooperating foreign agencies and that the Commonwealth Government is able to carry out its obligations under international law to other nations. ASIO cannot carry out this role if it is unable to maintain a level of efficiency consistent with the pace of technological change.

Origins of proposed amendments

8. The present ASIO Act resulted from the recommendations of a 1977 Royal Commission into Security while the last major amendments in 1986 followed a second Royal Commission inquiry into all of Australia's security and intelligence agencies and included progress made in implementing the recommendations of the earlier report. Both reports lead to significant changes to ASIO's functions and to arrangements for ministerial and parliamentary oversight of ASIO.

9. The changes contained in the Australian Security Intelligence Organization Legislation Amendment Bill (the Bill) arise from ASIO's practical experience and continuing examination of the operation of the ASIO Act since 1986 and after extensive consultation within government. The present proposals are intended to modernise ASIO powers, mainly to reflect advances in technology. ASIO's effectiveness and efficiency must inevitably decline if it is not able to keep pace with technological change. In respect of the proposed amendments relating to tax and FTR information, the effect would be to provide ASIO with no more than the tools already at the disposal of law enforcement agencies.

10. One important change is connected to the Year 2000 Olympic Games. However, as many of the changes concern intelligence collection, the Government considers it would be prudent for Australia to have them in place before the Olympics. The Government has consequently given high priority to the Bill and wishes it to be considered by Parliament as soon as possible. There is a sunset clause of 31 December 2000 on that amendment.

Proposed new warrants

Computer access warrant

11. The Bill provides for three new forms of warrant. The most significant is the proposed computer access warrant (clause 25). This new provision will authorise the Attorney-General to issue a warrant permitting ASIO to access and copy data in a target computer if the Attorney-General is satisfied there are reasonable grounds to believe that access to the data held in that computer will substantially assist the collection of intelligence in respect of a matter that is important to security.

12. The nature of the powers conferred on ASIO as a collector of security intelligence and foreign intelligence must necessarily be amended from time to time to reflect changes in technologies used to store and communicate information. Powers will also need to be changed as new operational techniques for gaining access to relevant intelligence become available. The new warrant provision takes into account the dominant role of computers in the modern information environment as well as advances in operational techniques.

13. The new warrant provision will enable ASIO to use techniques not presently available and will supplement methods presently available under ASIO's special powers.

14. It should be emphasised that this provision would not permit ASIO to undertake general or casual searches of computer data. The limitations include:

• the identification of the target computer in the warrant;
• the collection of intelligence must be connected to a matter that is important in relation to security or, in the case of foreign intelligence, important for defence or the conduct of international affairs;
• an express prohibition that ASIO must not interfere with the lawful use of the target computer or cause any loss or damage to persons lawfully using the target computer; and
• the requirement in all but emergencies for a warrant issued to be issued by the Attorney-General.

15. The Bill makes it clear that in gaining entry to a target computer ASIO is not permitted to cause damage to either computer or data. Indeed it would be in ASIO's interests to go to extreme lengths to ensure that it did not cause damage that might compromise its operations.

Tracking device warrants

16. Clause 23 of the Bill makes provision for ASIO to use tracking devices (defined in new subsection 26A(3)) under warrant. The new warrant provisions are similar to the present section 26 of the ASIO Act dealing with listening devices eg the Attorney-General will be able to issue a warrant for ASIO to follow the movements of either a person or an object in the course of a security investigation.

17. The authority to use tracking devices will supplement ASIO's ability to follow a person or object and thus will permit more efficient use of ASIO's resources.

18. These amendments are needed for two purposes. The first is to provide ASIO with the authority to do things that are necessary to apply, maintain or remove a tracking device but which would be unlawful without statutory authority.

19. The new warrant regime is also necessary because several States are in the process of legislating to control the use of tracking devices within their jurisdictions. This legislation will apply to ASIO if the Commonwealth Parliament does not pass its own legislation. The Government believes that the special powers of ASIO should be regulated under express Commonwealth legislation rather than laws of general application in individual States and Territories.

Access to delivery service articles

20. The third new form of warrant proposed in the Bill is set out in the new subsection 27AA which provides for a warrant that would authorise ASIO to inspect an article that is being delivered by a delivery service provider (as defined in new subsection 27AA (12)).

21. This new warrant is similar to, and supplements, the authority of the Attorney-General under section 27 of the ASIO Act to issue warrants for the inspection of postal articles.

22. This amendment will partially restore ASIO's position which has been eroded in recent years with the growth of private delivery services which has affected the usefulness of section 27 warrants.

Statutory authority to remove listening and tracking devices

23. The Bill would include several 'device recovery provisions' in the ASIO Act. These provisions are listed in clause 13. The purpose of these provisions is to provide ASIO with an express statutory authority to enter premises for the purpose of recovering a listening device or tracking device that has been installed under warrant.

24. At present the ASIO Act permits the Attorney-General to authorise ASIO to enter premises for the purpose of recovering a listening device that has been installed under a warrant (see subsections 26(3) and 26(4)), but only while that warrant is in force.

25. The device recovery provisions would give ASIO greater flexibility to recover listening and tracking devices undetected by conferring a direct statutory authority to enter premises to remove a device while the relevant warrant is in force or within 28 days after it ceases to be in force. The recovery provisions also allow ASIO to recover a device at the earliest practical opportunity if it has not been recovered during the earlier specified periods.

26. These amendments merely permit the removal of a device. They do not in any way extend the period during which ASIO may use a device. As is presently the case, the authority to use a device ends when the warrant expires or it is revoked.

Amendments to existing warrant provisions

27. The Government proposes to take the opportunity provided by the Bill to reform several aspects of the search warrant provisions at section 25 of the ASIO Act.

28. The first is to simplify the description at subsection 25(1) of the matters about which the Attorney-General must be satisfied before issuing a search warrant. The revised description at the new subsection 25(2) is made more comprehensible by stating the test in a positive rather than a negative form.

29. The new subsection 25(5) sets out more clearly the powers of the Attorney-General to authorise ASIO to use computer and other electronic equipment found on the premises being searched under a search warrant. The present subsection 25(1) already permits ASIO to examine computer data found on premises being searched (this is because subsection 25(1) expressly provides for ASIO to inspect and copy 'records' which is defined to include objects such as magnetic tape or discs on which words or images are stored). The amendments also allow the Attorney-General to permit ASIO to use a computer or other electronic equipment found on premises being searched to examine and copy data that is accessible by using that computer or equipment. This authority is similar to that already available to a police officer executing a warrant issued by a magistrate or other issuing officer under section 3L of the Crimes Act 1914.

30. The new subsection 25(8) will permit the Attorney-General, should he or she wish to do so, to specify that a search warrant will not come into force until some specified day or when a specified event happens, provided that day or event is not more than 28 days after the warrant is issued. At present every search warrant comes into force immediately it is issued. This amendment is intended to provide for circumstances in which the Attorney-General is satisfied that there are grounds for issuing a search warrant in relation to particular premises but the Attorney-General also is satisfied that the warrant cannot be immediately executed. The amendments will reduce the need for warrant applications to be prepared and considered under great time pressure after some critical event occurs. The time limit of 28 days ensures that a warrant cannot remain unexecuted for so long that the original justification for its issue may lapse.

31. The amendments contained in the new subsection 25(10) will extend the maximum period a search warrant may remain in force from 7 to 28 days. This is to provide greater flexibility in circumstances where it is intended that a search warrant should come into effect on issue but it is likely that ASIO may have to wait for some time until the subject premises are empty and the search can be carried out undetected. Practical experience indicates that such an opportunity does not always arise. This problem is not shared by law enforcement agencies looking for evidential material rather than intelligence and who generally speaking execute search warrants openly in the presence of persons occupying premises being searched.

Cost recovery

32. The amendments (new section 17AA) will permit ASIO to recover part or all of its costs incurred in providing advice or services to other persons at their request, for example protective security advice given under paragraph 17(1)(d).

33. The purpose is to allow ASIO to recover costs from non Commonwealth agencies. Costs can already be recovered from Commonwealth agencies under administrative arrangements.

34. The provision would primarily be used in relation to ASIO's function of providing protective security advice to other agencies with the approval of the Attorney-General in accordance with paragraph 17(1)(d) of the ASIO Act.

Foreign intelligence collection

35. The new section 27B will allow the Attorney-General to issue a written notice authorising ASIO to obtain foreign intelligence in relation to a matter specified in that notice.

36. One of ASIO's functions is to obtain within Australia foreign intelligence - but only by means that are authorised pursuant to a relevant warrant. This amendment will permit ASIO also to collect foreign intelligence by other means that are lawfully available to ASIO without need for the authority of a warrant, such as by utilising a human agent. This will allow Ministers to utilise ASIO's existing resources to supplement foreign intelligence collection by other agencies.

37. Before authorising the collection of foreign intelligence under this provision, the Minister must be satisfied, on advice received from the Minister for Defence or the Minister for Foreign Affairs, that the collection of that intelligence is important to the defence of the Commonwealth or to the conduct of the Commonwealth's international affairs.

38. In addition, paragraph 27A(1)(a) will be amended to refer to the new kinds of warrant added to the ASIO Act by this Bill. This will maintain the connection between section 27A and other warrant provisions in the ASIO Act whereby the Attorney-General may authorise ASIO, for the purpose of obtaining foreign intelligence in Australia, to do acts or things which the Minister can authorise in other warrants under that Act.

Emergency warrants

39. The Director-General is currently permitted to issue a listening device warrant if the specified conditions are met, including that security will be, or is likely to be, seriously prejudiced if the action authorised by the warrant is not commenced before a warrant can be issued by the Minister.

40. Under the amendments, the Director-General, subject to the same conditions as presently apply, will be able to issue warrants of the same kind as the Minister is able to issue under the ASIO Act, excepting a warrant under section 27A to collect foreign intelligence which will continue to be issued only by the Minister. The intention is to allow the Director-General to be able to respond more effectively in an emergency.

41. An emergency warrant issued by the Director-General under section 29 may remain in force for a period of up to 48 hours but may be revoked earlier by the Minister.

42. The Director-General must provide a copy of the warrant to the Minister as well as a statement of the grounds on which the Director-General was satisfied that it was necessary for him or her to issue the warrant.

Security assessments for State purposes related to the Olympics

43. Part IV of the ASIO Act sets out the statutory framework for the preparation and communication by ASIO of security assessments on individuals. The Bill contains amendments to Part IV in relation to security assessments connected to the Year 2000 Olympic games. These changes are subject to a sunset clause of 31 December 2000.

44. In general, security vetting decisions for the Year 2000 Olympic Games will be made by the responsible State authorities. ASIO is permitted to provide security assessments to assist those decisions where a decision by a State authority would affect security connected with matters within the functions of a Commonwealth agency. However, ASIO is not able to provide a security assessment directly to a State authority. A security assessment must be communicated to a State authority through another Commonwealth agency.

45. The present arrangement was not designed to deal with the very large numbers of security assessments that are expected to be requested by State authorities for the Year 2000 Games and which would impose a significant administrative burden on the Attorney-General's Department in 'post officing' security assessments connected to the functions of the Protective Security Coordination Centre (a division of this Department). The proposed amendments would allow ASIO to give a security assessment for Olympics purposes directly to the State authority that has requested it.

46. The amendments maintain the rights of a person affected by a prejudicial assessment to be given a copy of that assessment and to be advised of their entitlement to review by the Administrative Appeals Tribunal.

47. It will still be possible to communicate security assessments related to the Olympics through an intermediate Commonwealth agency if that arrangement is appropriate.

FTR information

48. The Bill amends the Financial Transaction Reports Act 1988 to give ASIO access to data on certain financial transactions that are reported to AUSTRAC. The amendment will permit ASIO to follow the money trail for the purpose of performing its functions, in a way similar to that which occurs in an investigation of criminal activities. Access to FTR information is currently available to taxation officers, law enforcement agencies, the Australian Customs Service and State or Territory revenue authorities.

49. Access to FTR information will assist ASIO to give security advice to government. Further, the amendment goes some way to implementing international measures to fight terrorism. In July 1996, the G7/P8 governments agreed to, and invited other States to adopt, a range of measures to prevent terrorism including the taking of appropriate domestic measures to counteract the financing of terrorists and terrorist organisations. The official document adopted by the G7/P8 expressly identified the adoption of appropriate measures to monitor cash transfers and bank disclosures as a desirable domestic response.

AUSTRAC database

50. The AUSTRAC database of reportable transactions consists of reports by financial institutions and other "cash dealers" on:

• cash transactions of $10,000 or more;
• transactions which the institution considers suspicious;
• all international funds transfer instructions ("wire transfers");
• the carrying or sending (for example by post) into or out of Australia of cash of $10,000 or more.

That database is maintained in one searchable file.

Memorandum of Understanding

51. The details of ASIO's access to the AUSTRAC database of reportable transactions will be regulated by a Memorandum of Understanding (MoU) between the Director-General of Security and the Director of AUSTRAC.

52. In general, the access will allow authorised ASIO officers to search by the name of the cash dealer customer, using AUSTRAC's online inquiry system - searching by name (that is, a person's or a corporate body's name).

53. The MoU will set out the type of access and the level of ASIO officers who can access the database and will indicate how many officers have been nominated by the Director-General of Security to access the AUSTRAC database. The MoU gives the Director of AUSTRAC power to approve wider searching of the AUSTRAC database by ASIO on a case by case basis.

54. The FTR information accessed by ASIO in accordance with the MoU is to be treated by ASIO as personal information, so that the Attorney General's Guidelines in relation to the performance by ASIO of its Functions apply to that FTR information obtained by ASIO.

Use of FTR information

55. The Bill will prohibit an ASIO officer who obtains FTR information from divulging or communicating it other than to:

• another ASIO Officer
• an IGIS officer
• a Police Officer

and only for the purposes of or in connection with the performance of that person's duties. In the case of ASIO and IGIS officers that access is regulated by the Bill. In the case of police officers, the access and use of FTR information obtained from an ASIO officer is regulated by the FTR Act, and is in accordance with the use of FTR information that a police officer obtains directly from AUSTRAC (so that it is not a "back-door" or unaccountable access).

56. If ASIO obtains information about a report of a suspect transaction, the ASIO officer is not authorised by the Bill to seek further information from the cash dealer about that report. Any further information must be sought through the Director of AUSTRAC.

57. FTR information obtained by ASIO cannot be used for any purpose other than the purpose for which it was obtained.

58. AUSTRAC will provide ASIO with an Online Usage Statistical Report on a quarterly basis. Those reports give the number of times each ASIO officer logged on to the AUSTRAC database, and the number and type of searches conducted by that officer.

Inspector-General of Intelligence and Security

59. The Inspector-General of Intelligence and Security (IGIS) will have a monitoring role, overseeing ASIO's access to and use of FTR information. The IGIS will monitor ASIO's compliance with the FTR Act, the AG's Guidelines (insofar as those Guidelines relate to access to and use of FTR information), and the MoU.

60. The IGIS will also review the Online Usage Statistical Report provided by the Director of AUSTRAC, in relation to ASIO's authorised access. If the Director-General of Security seeks wider access to FTR information and the Director of AUSTRAC agrees to that request, the Director of AUSTRAC will advise the IGIS of any such wider searching.

61. The IGIS will provide to the Attorney-General, for dissemination to the Director of AUSTRAC, an annual compliance statement in relation to ASIO's compliance with the AG's Guidelines, the FTR Act, and the MoU.

IGIS access to & use of FTR Information

62. An ASIO officer may communicate FTR information to an IGIS officer for the purpose of or in connection with the performance of the IGIS officer's duties.

63. An IGIS officer may communicate that information only to:

• another IGIS officer, for the purpose of that IGIS officer's duties in relation to ASIO; or
• to the Director-General of Security in a draft report under section 21 of the IGIS Act in relation to ASIO or its employees;
• to Ministers or a complainant in a report under sections 22 or 23 of the IGIS Act in relation to ASIO or its employees, but only in a manner that does not identify and is not reasonably capable of being used to identify a person to whom the information relates; or
• to Ministers or the Director General of Security in a report under section 25A of the IGIS Act.

Tax information

64. The amendments to the Taxation Administration Act 1953 will permit the Tax Commissioner to disclose tax information to ASIO. This provision will put ASIO into the same position as law enforcement agencies which may already receive tax information from the Commissioner.

65. This amendment has the potential to assist ASIO in espionage and terrorist investigations, but especially the former.

66. Before disclosing tax information to ASIO, the Commissioner will need to be satisfied that the information requested is relevant to the performance of ASIO's functions. ASIO's use and capacity to disclose tax information will be strictly regulated and confined, and its access to and use of tax information can be monitored by the Inspector-General of Intelligence and Security. As with the FTR Act amendment, tax information disclosed to ASIO will be treated as personal information so that the Attorney-General's Guidelines in relation to the performance by ASIO of its functions will apply to the information.

67. Conditions of ASIO's access will be regulated by a Memorandum of Understanding between the Tax Commissioner and the Director-General of Security. An important provision in the MoU is that the ATO will not be required to collect information on ASIO's behalf-any ATO response will be limited to information already in ATO's possession. Another is that a request for information can only be made by the Director-General or by an SES officer delegated by the Director-General for that purpose.

68. In addition to secrecy provisions and IGIS monitoring, accountability mechanisms include an annual report to Parliament of the number of ASIO requests and ATO disclosures.

Control and accountability

69. There currently exists a comprehensive system for the control and oversight of ASIO. That system strikes a balance between ASIO's requirements for secrecy and the need for supervision of its activities in the public interest. It enables ASIO to get on with its job while at the same time ensuring it does not exceed its charter or interfere improperly with individual rights and liberties.

70. Key features of the system of control and accountability include:

• statutory definition of ASIO's authorised functions and special powers;
• ministerial direction - including the power of the responsible minister to issue directions and guidelines to the Director-General;
• ministerial control over the issue of warrants;
• the IGIS as a 'watchdog' to inspect and inquire into ASIO's activities;
• express requirements that the Leader of the Opposition be:
  
  - consulted on the appointment of the Director-General
  
  - kept regularly informed on security matters by the Director-General
  
  - provided with a copy of ASIO's annual report including parts not tabled in Parliament on security grounds
• oversight by the Parliamentary Joint Committee; and
• the rights of individuals to obtain administrative or judicial review of certain decisions by ASIO.

71. The Bill will strengthen these arrangements in several ways. Schedule 5 of the Bill contains amendments to the Inspector-General of Intelligence and Security Act 1986 which will make separate provisions for monitoring inspections of ASIO, as well as other intelligence agencies. The Inspector-General will be empowered to inspect ASIO on a regular basis to confirm that ASIO is complying with Australian laws and with ministerial directives (and guidelines) as well as the appropriateness and effectiveness of its internal procedures. More detail is given in the Inspector-General's submission.

72. Parliament has decided that the Privacy Act 1988 should not apply to ASIO. However, the Attorney-General has issued guidelines under section 8A of the ASIO Act dealing with the treatment of personal information by the Organization.

73. As the Bill will allow ASIO to access additional forms of personal information for the performance of its functions, the Attorney-General has decided that the present guidelines should be reviewed in consultation with the Privacy Commissioner. This will be done before the Bill is enacted. Revised guidelines would be tabled in Parliament in accordance with the ASIO Act (subsection 8A(4)).

Discussions with Privacy Commissioner's office

74. The Attorney-General's Department sought the views of the Privacy Commissioner's office on the Bill. In response the Privacy Commissioner's office raised questions about the accountability mechanisms in relation to ASIO's access to AUSTRAC and ATO information. In response, this Department provided assurances about the degree to which the amendments and the associated administrative arrangements strengthened the reporting and monitoring functions of the IGIS.

75. On this basis, the Privacy Commissioner has advised that his concern that the new data flows could become entrenched without independent examination of how the information is being used should be substantially allayed.

A copy of this submission is also available from the Committee Secretariat.