- Introduction
- Under section 29 of the Intelligence Services Act 2001 (IS Act), the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) first function is to review the administration and expenditure of six intelligence agencies in Australia that comprise the majority of the National Intelligence Community (NIC):
- Australian Geospatial-Intelligence Organisation (AGO)
- Australian Signals Directorate (ASD)
- Australian Security Intelligence Organisation (ASIO)
- Australian Secret Intelligence Service (ASIS)
- Defence Intelligence Organisation (DIO)
- Office of National Intelligence (ONI).
- The Defence Intelligence Group (DIG), reporting to the Chief of Defence Intelligence, supports the functions of AGO and DIO.
- During the period of this review the Committee also commenced a review of the Intelligence Services Legislation Amendment Bill 2023, which was introduced into the House of Representatives and referred to the Committee on 22 June 2023.
- The Bill proposed to amend the Inspector-General of Intelligence and Security Act 1986 (IGIS Act), the IS Act and other legislation to expand the jurisdiction of the Inspector-General of Intelligence and Security (IGIS) and this Committee to oversee:
- the Australian Criminal Intelligence Commission (ACIC); and
- the intelligence functions of:
- the Australian Transaction Reports and Analysis Centre (AUSTRAC);
- the Australian Federal Police (AFP); and
- the Department of Home Affairs.
- The NIC, and within it the agencies for which the PJCIS has oversight, operates within a strict oversight and accountability framework. This framework balances the need for public accountability and publication of information against the need for agency operations and sensitive information to remain classified to protect Australia’s national security.
- As a result, intelligence agencies have limited public reporting responsibilities. During the reporting period ASIO and ASD were the only intelligence agencies that produced and presented unclassified annual reports to the Australian Parliament, while the reporting of DIO and AGO was contained within broader Department of Defence annual reporting.
- In addition to annual reporting requirements, there are several levels of oversight to ensure that intelligence agencies are accountable to the Australian Government, Parliament and the public. These include:
- oversight by the responsible Minister for each agency;
- oversight by the IGIS, who is an independent statutory officer who provides assurance that each agency acts legally and with propriety, complies with ministerial guidelines and directives, and acts consistently with human rights; and
- parliamentary oversight, including oversight of administration and expenditure by the PJCIS.
How the Committee undertakes its review of administration and expenditure
1.8The Committee is established pursuant to section 28 of the IS Act. As noted above, the functions of the Committee include an obligation to review the administration and expenditure of each of the six intelligence agencies listed in the Act, including their annual financial statements. While other work of the Committee contributes to that function, it is fulfilled most directly through an annual review of the agencies’ administration and expenditure.
1.9For the review the Committee receives detailed classified, as well as some unclassified, information about the administration and expenditure of the agencies. Each agency under review provides classified written submissions, and gives evidence to the Committee in private (classified) hearings. Much of the evidence received by the Committee must remain confidential, due to its classified nature.
1.10In addition, the Committee is able to seek evidence from any other people or organisations that it considers can assist its review, and invite submissions from the public.
1.11The IS Act places some limitations on the Committee’s functions, which apply to its conduct of the administration and expenditure reviews. It is not the Committee’s role to advise what level of resourcing is appropriate for each agency to protect Australia’s national security. Similarly, the Committee has no role in determining what Australia’s national security priorities should be, nor how these priorities may be met with existing resources. The Committee also has no role in reviewing particular operations conducted by agencies, sources of information available to agencies, aspects of the activities of agencies that do not affect Australian persons, or individual complaints about the activities of the agencies.
1.12Rather, the Committee analyses evidence put before it and explored further through hearings and questions, in order to report to the Parliament (and through it, to the Australian public) on the administrative arrangements and expenditure of each agency, and any changes to these that may affect an agency’s ability to continue to meet its objectives. Within these parameters, the Committee is able to set its own terms of reference for the review.
Conduct of the inquiry
1.13The Committee commenced Review No. 22 in September 2023. Submissions were sought and received from the six intelligence agencies listed in paragraph 1.1, as well as from the IGIS and the Australian National Audit Office (ANAO).
1.14A complete list of submissions for the review is at Appendix A.
1.15Private (classified) hearings were held in April and May 2024. Appendix B lists the witnesses who appeared before the Committee. Transcripts of these hearings are classified and not publicly available. However, unclassified portions of these transcripts are referred to in relevant sections of this report.
1.16In addition to the submissions and private (classified) hearings, the Committee received a (classified) briefing from ASIO on its use of AI at its headquarters in August 2024.
1.17In addition to the standard administration and expenditure information provided by agencies, the Committee requested that agencies provide specific additional commentary on the following areas of focus:
- Artificial Intelligence (AI), Machine Learning (ML) and Bio-Intelligence, including governance—being the ethical and responsible management of AI, ML and Bio-Intelligence systems—to ensure they are developed, deployed, and used in a manner that aligns with societal values and priorities in addition to the Australian Government’s intelligence priorities; how AI, ML and Bio-Intelligence internal systems are assessed against common standards, details of that assessment, common trends and future challenges in this space.
- Detail of policies, guidelines and other initiatives for staff support services; including the provision of psychological support services, as well as support of staff career development in terms of career planning.
- Strategic workforce planning activities and initiatives in development or implemented, aimed at attracting and retaining culturally and linguistically diverse (CALD) staff with native language proficiency.
- The use of external contractors such as PwC, Deloitte, KPMG and EY; including the value of contracts (starting value and end value), whether contracts were awarded to an entity that also assisted in any aspect of the tender process, and any initiatives aimed at reducing the use of such contractors.
- All submissions received from intelligence agencies, as well as the IGIS and ANAO, were classified. Accordingly, these submissions are not publicly available. However, unclassified versions of their submissions were provided by ONI, IGIS and ANAO and published on the Committee’s website. This report draws on both the unclassified submissions and unclassified excerpts or summaries of other evidence provided.
- ASIO provided the Committee with information concerning authorisations for telecommunications data pursuant to paragraphs 94(2A)(c)–(j) of the Australian Security Intelligence Organisation Act 1979 (ASIO Act). It is a function of the Committee to review matters related to the retained data activities of ASIO that are included in this part of ASIO’s (classified) annual report, for the sole purpose of assessing and making recommendations on the overall operation and effectiveness of the mandatory data retention regime. Unlike its other functions, the Committee is authorised to review particular ASIO operations for the purpose of performing this function.
- This report is divided into three chapters:
- The remainder of Chapter 1 provides an overview of the security environment for the 2022-23 review period, and provides a Committee comment relating to agencies’ engagement with the Review.
- Chapter 2 discusses administration of intelligence agencies, the expenditure and financial position of intelligence agencies, and any related issues that were identified during the course of the inquiry.
- Chapter 3 discusses the areas of focus identified by the Committee for this review period, as well as any other observations noted in the course of the review.
The security environment during 2022-2023
1.21ASIO indicated that Australia’s security environment remained ‘complex, challenging and changing’ during the reporting period.
1.22In November 2022, ASIO lowered the national terrorism threat level from ‘probable’ to ‘possible’, with ASIO’s subject matter experts assessing that
while Australia remains a potential terrorist target, there are fewer extremists with the intention and capability to conduct an attack in Australia than there were when the threat level was raised in 2014. In particular, there’s been a moderation in the threat from religiously motivated violent extremists. International networks, capabilities and allure of groups such as ISIL and al-Qa’ida have been degraded, with their support in Australia declining accordingly. But terrorism remains a significant threat in some parts of the world and a growing menace in others, and developments overseas could resonate in Australia, with little warning.
1.23In addition ASIO stated in evidence to the Committee that
ideologically motivated violent extremism — particularly nationalist and racist violent extremism — remains a domestic threat and its adherents will continue to court publicity by engaging in offensive behaviours.
1.24During the period ASIO commented on the terrorist attack in Wieambilla in December 2022, assessing that the killers were motivated by a ‘Christian violent extremist ideology’ and stated that this attack showed how the most likely terrorist attacks would be from ‘an individual or small group, using a readily available weapon, with little or no warning’.
1.25ASIO said that espionage and foreign interference remained its
principal security concern. ASIO adopted a more aggressive posture to respond to this threat, ensuring a significant number of foreign intelligence operatives and their proxies were either removed from Australia or rendered inoperative.
1.26ASIO advised that foreign intelligence services from multiple countries were
seeking to covertly understand and shape Australia’s political and business decision-making, our alliance and partnerships, and our economic and policy priorities. They are trying to cultivate and recruit elected officials, public servants, well-placed individuals in business and community leaders.
1.27ASIO also reported that foreign governments and their proxies were attempting to interfere in Australia by ‘monitoring and harassing’ diaspora communities. ASIO said:
These activities are assaults on our sovereignty and affronts to our freedoms. In one case late last year [2022], a network of individuals was tasked with locating and filming a perceived dissident as part of a plot to intimidate other dissidents. ASIO intervened to neutralise the threat.
1.28ASIO stated:
Despite the complex, challenging and changing security environment, ASIO remains well placed to counter threats to life and threats to our way of life.
1.29A detailed discussion of Australia’s security environment is contained in the publicly available ASIO Annual Report 2022-23 and also in the Director-General’s 2024 Annual Threat Assessment.
Committee comment
1.30The Committee makes the following comment following an issue that arose during its previous administration and expenditure review, in relation to the classification of evidence provided to the Committee, and the security ‘vetting’ of its draft reports.
1.31The requirement that relevant Ministers review PJCIS reports prior to tabling is an power granted by the Parliament via the IS Act. Relevantly, schedule 1, clause 7 states that:
7(1) The Committee must not disclose in a report to a House of the Parliament:
(a) the identity of a person who is or has been a staff member of ASIO or ASIS or an agent of ASIO, ASIS, AGO or ASD; or
(b) any information from which the identity of such a person could reasonably be inferred; or
(c) operationally sensitive information that would or might prejudice:
(i) Australia’s national security or the conduct of Australia’s foreign relations; or
(ii) the performance by an agency of its functions.
…
7(3) The Committee must obtain the advice of the responsible Minister or responsible Ministers concerned as to whether the disclosure of any part of the report would or might disclose a matter referred to in subclause (1).
7(4) The Committee must not present a report of the Committee to a House of Parliament if a responsible Minister concerned has advised that the report or a part of the report would or might disclose such a matter.
1.32This provision is accepted by the Parliament as an exception to long-established principles of parliamentary privilege and practice, justified by the particular need to protect national security classified and sensitive information dealt with by the PJCIS from inadvertent publication.
1.33During the vetting process for the draft report of the Committee’s Review of Administration and Expenditure No. 21 (2021-2022), one agency requested an amendment to the draft report outside the vetting process, at first characterising it as correction of a factual error, then subsequently re-characterising the matter as a national security issue. The Committee’s secretariat identified that while the information in question had been classified SECRET in one document provided to the Committee, the same information was labelled as unclassified (OFFICIAL) in a different document provided to the Committee. The Committee agreed to make a small amendment to its report to address the request of the agency.
1.34While the Committee recognises that this situation concerned only one agency, the Committee considers it timely to remind all agencies of the appropriate use and limitations of the vetting process, as well as drawing attention to the importance of consistent approaches to classification of information.
1.35For its part, the Committee takes seriously its responsibility to protect national security classified and sensitive information. The Committee emphasises that it is equally important that:
- information provided to it by agencies is appropriately and consistently classified, to assist the Committee draft its reports accurately; and
- any changes to draft reports requested as part of the vetting process must be limited to the matters provided for in clause 7 of Schedule 1 to the IS Act, and included in a Minister’s letter.