1.1
The National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021 (the Bill) was introduced into the House of Representatives by the Hon Karen Andrews MP, Minister for Home Affairs on 25 November 2021.
1.2
In her second reading speech Minister Andrews said:
This bill will strengthen the ability of our intelligence agencies to respond to emerging threats and the increasingly sophisticated capabilities of our adversaries. It contains measures that allow agencies to respond expeditiously, and with greater agility, to threats and opportunities as they arise.
This will ensure our agencies are able to do their jobs effectively, using the full suite of tools and technologies available to them. The bill also ensures that agencies remain subject to robust oversight and accountability mechanisms, including ministerial oversight and requirements for reporting to the Inspector-General of Intelligence and Security.
1.3
Minister Andrews wrote to the Parliamentary Joint Committee on Intelligence and Security (the Committee) to refer the provisions of the Bill to the Committee for inquiry and report.
Conduct of the inquiry
1.4
The Committee resolved to undertake an inquiry into the Bill and details of the inquiry were uploaded to the Committee’s website, www.aph.gov.au/pjcis,. Calls for submissions were announced the same day, with submissions requested by 3 February 2022.
1.5
The Committee received 10 submissions and 1 supplementary submission. A list of submissions received can be found at Appendix A.
1.6
The Committee received a private classified briefing on 10 February 2022 and held a public hearing on 25 February 2022. A list of witnesses appearing at the public hearing can be found at Appendix B.
1.7
Copies of submissions, the transcript from the public hearing and links to the Bill and Explanatory Memorandum, can be accessed at the Committee’s website www.aph.gov.au/pjcis.
Report structure
1.8
In addition to this introductory chapter the report has two additional chapters being:
Chapter 2 –Consideration of the Bill
Chapter 3 – Committee comment
The Bill
1.9
The Bill implements the Government response to a number of recommendations of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review) led by Dennis Richardson AC. The measures in the Bill improve the legislative framework governing the National Intelligence Community (NIC) by addressing key operational challenges facing the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), the Defence Intelligence Organisation (DIO) and the Office of National Intelligence (ONI). The Bill also includes amendments recommended by the 2017 Independent Intelligence Review (IIR) and other measures intended to address important and pressing issues facing these agencies.
1.10
The Bill includes the following measures:
Schedule 1 enables ASIS, ASD and AGO to immediately undertake activities to produce intelligence where there is, or is likely to be, an imminent risk to the safety of an Australian person.
Schedule 2 enables ASIS, ASD and AGO to seek ministerial authorisation to produce intelligence on a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation.
Schedule 3 enables ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on an Australian person or a class of Australian persons where they are assisting the Australian Defence Force (ADF) in support of military operations.
Schedule 4 inserts new provisions which:
Amend the requirement for ASIS, ASD and AGO to obtain ministerial authorisation to produce intelligence on an Australian person to circumstances where the agencies seek to use covert and intrusive methods, which include methods for which ASIO would require a warrant to conduct inside Australia.
Make explicit the long-standing requirement for ASIS, ASD and AGO to seek ministerial authorisation before requesting a foreign partner agency to produce intelligence on an Australian person.
Schedule 5 enhances the ability of ASIS to cooperate with ASIO in Australia when undertaking less intrusive activities to collect intelligence on Australian persons relevant to ASIO’s functions, without ministerial authorisation.
Schedule 6 amends section 13 of the Intelligence Services Act 2001 to provide that, for the purposes of carrying out its non-intelligence functions, AGO is not required to seek ministerial approval for cooperation with authorities of other countries.
Schedule 7 requires ONI to obtain Director-General approval when undertaking cooperation with public international organisations.
Schedule 8 extends the period for passport suspension and foreign travel document surrender from 14 to 28 days, to allow sufficient time for ASIO to prepare a security assessment.
Schedule 9 extends the immunity provisions provided to staff members and agents of ASIS and AGO for computer-related acts done outside Australia, in the proper performance of those agencies’ functions, to acts which inadvertently affect a computer or device located inside Australia.
Schedule 10 requires DIO to have legally binding privacy rules, requires ASIS, ASD, AGO and DIO to make their privacy rules publicly available, and updates ONI’s privacy rules provisions so that they apply to intelligence about an Australian person under ONI’s analytical functions.
Schedule 11 includes ASD in the Assumed Identities scheme contained in the Crimes Act 1914.
Schedule 12 clarifies the meaning of an ‘authority, of another country’ in the Intelligence Services Act 2001.
Schedule 13 permits the Director-General of Security to approve a class of persons to exercise the authority conferred by an ASIO warrant in the Telecommunications (Interception and Access) Act 1979, clarifies the permissible scope of classes under section 12 of that Act and under section 24 of the Australian Security Intelligence Organisation Act 1979, and introduces additional record-keeping requirements regarding persons exercising the authority conferred by all relevant ASIO warrants and relevant device recovery provisions.
Schedule 14 makes technical amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.
1.11
The 14 schedules of the Bill are described in more detail below.
Schedule 1 – Emergency authorisations
1.12
Schedule 1 amends the IS Act to introduce section 9D, permitting authorised IS Act Agency heads (or their delegate/s) to make an urgent operational decision to produce intelligence on an Australian person, without first obtaining authorisation from a Minister. This applies only where there is an imminent risk to the Australian person’s safety and it is not reasonably practicable to obtain their consent to the production of that intelligence, but it is reasonable to believe that the person would consent if they were able to do so. Imminent risk would arise in situations where, for example, an Australian person was involved in a hostage or kidnap situation, or an ongoing terrorist or mass casualty attack.
1.13
The Explanatory Memorandum states that:
Enabling the production of intelligence on an Australian person would enable, for example, an agency to determine the location of the Australian person, which may in turn enable or facilitate Australian or foreign government authorities, or other persons or bodies, to take action to protect, or mitigate the risk of harm to, the Australian person. In these circumstances, time can be of the essence and the ministerial authorisation process, including the existing emergency authorisation provisions, can constitute a significant delay. Such a delay may present an unacceptable level of risk to the wellbeing, or indeed survival, of an Australian person. Several hours in an emergency situation may determine the difference between life and death.
1.14
In order to issue an authorisation under the new regime, the head of the relevant agency must be satisfied that the facts of the case would justify the responsible Minister giving an authorisation under section 9. That is, the agency head must be satisfied that the conditions in subsections 9(1) and 9(1A) (apart from paragraph 9(1A)(b) are met. Paragraph 9D(2)(b) requires the agency head to be satisfied that the responsible Minister would have given the authorisation.
1.15
Subsection 9D(3) provides that the agency head may specify conditions that must be observed when carrying out an activity under the authorisation.
1.16
The agency head may, in writing, delegate to a staff member any or all of the powers, functions or duties of the agency head under section 9D. In exercising a power or function under subsection 9D(14) the delegate must comply with any written directions of the agency head.
1.17
The new emergency authorisation provisions include a range of safeguards concerning record keeping and notification obligations. The agency head must:
notify the responsible Minister as soon as practicable but within 8 hours of giving the authorisation
create written records of any oral authorisation
create a summary of the facts that justified giving the authorisation, within 48 hours of giving the authorisation
provide the responsible Minister and the Inspector-General of Intelligence and Security (IGIS) such written records, and
provide the ASIO Minister and the Attorney-General these written records, if the Australian person is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security.
1.18
There are also a number of provisions in relation to the cancellation of the authorisation:
the responsible Minister, as soon as practicable after being given the records of the authorisation, must consider whether to cancel the authorisation
the responsible Minister can cancel the authorisation at any time, and
the agency head is required to cancel the authorisation if satisfied that there is not, and there is not likely to be, a significant risk to the safety of the Australian person or class of Australian persons.
1.19
Within 30 days of the IGIS being given the written records of the authorisation by the agency head, the IGIS must:
consider whether the agency head complied with the requirements of the section
provide the responsible Minister with a report on the IGIS’s views concerning the extent of the compliance by the agency head with the requirements of the section, and
provide the Parliamentary Joint Committee on Intelligence and Security (PJCIS) with a copy of the conclusions of the report.
1.20
Subsection 9D(9) provides that the authorisation ceases to have effect at the earliest of the following times:
at the end of six months, starting on the day the authorisation is given
if the authorisation specifies a time when the authorisation ceases to have effect – that time
if the responsible Minister cancels the authorisation under subsection 9D(10) – the time of cancellation
if the agency head cancels the authorisation under subsection 9D(12) – the time of cancellation, or
if an authorisation for the activity, or series of activities, is given under section 9, 9A or 9B – the time the authorisation under section 9, 9A or 9B is given.
1.21
The maximum period of six months for an emergency authorisation is consistent with the maximum period for a ministerial authorisation given under section 9. Should the responsible Minister, upon receipt of the records of the emergency authorisation, choose not to issue a cancellation, the emergency authorisation will be taken to have received ministerial authorisation.
1.22
There are a range of additional safeguards that apply under the IS Act. Any intelligence produced on an Australian person can only be retained and communicated in accordance with the respective agency’s privacy rules, made in accordance with section 15 of the IS Act.
Schedule 2 – Authorisations relating to counter-terrorism
1.23
Schedule 2 amends the ministerial authorisation framework under section 9 of the IS
1.24
Act to introduce a counter-terrorism class ministerial authorisation to support ASIS, ASD and AGO to more effectively produce intelligence on Australians who are, or are likely to be, involved with a listed terrorist organisation. For the purpose of the authorisation, listed terrorist organisation will have the same meaning as the definition of ‘listed terrorist organisation’ in subsection 100.1(1) of the Criminal Code. That is, an organisation that is specified by the regulations for the purposes of paragraph (b) of the definition of terrorist organisation in section 102.1 of the Criminal Code.Schedule 3 – Authorisations for activities in support of the Australian Defence Force
1.25
Schedule 3 amends section 8 of the IS Act to enable ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on one or more members of a class of Australian persons when the agencies are operating in the course of providing assistance to the ADF in support of military operations and cooperating with the ADF on intelligence matters. The class ministerial authorisation regime introduced by this schedule is subject to the safeguards introduced in new section 10AA (Additional requirements for class authorisations) by Schedule 2, which apply to all class ministerial authorisations issued under the IS Act.
1.26
This amendment allows the Minister responsible for ASD and AGO to give class authorisations allowing ASD and AGO to produce intelligence on a class of Australian persons when acting in support of the ADF. It is appropriate that the ability to obtain a ministerial authorisation in relation to a class of Australian persons when providing support to the ADF be extended to AGO and ASD, as they, like ASIS, have a clear and established function to do so.
1.27
The Explanatory Memorandum states that:
It is necessary that all three IS Act Agencies (rather than just ASIS) have the ability to seek class ministerial authorisations in support of the ADF, as the respective types of intelligence that they collect (those being human (ASIS), signals (ASD) and geospatial (AGO) intelligence) are all required for the planning and conduct of military operations. Class ministerial authorisations allow agencies to respond expeditiously to developing threats from previously unidentifiable individuals, thereby enabling them to provide additional, more detailed and timelier intelligence. In the military context in particular, circumstances develop rapidly and decision-making can have extreme consequences. Rapid intelligence production enabled by a class authorisation may mean the difference between a successful or failed operation, or the difference between life and death for ADF personnel.
Schedule 4 – Authorisations for producing intelligence on Australians
1.28
Schedule 4 amends section 3 of the IS Act to provide a definition of ‘prescribed activity’, and inserts subsection 8(1A) to provide an explanation of what is meant by ‘producing intelligence’. This amendment clarifies that the following activities fall within the meaning of ‘producing intelligence’:
the use of covert and intrusive intelligence collection methods, which includes those methods for which ASIO would require a warrant if conducted onshore, and
expressly or impliedly requesting an authority referred to in paragraph 13(1)(c) (authorities of other countries) to collect intelligence by covert and intrusive methods.
1.29
This clarifies that the requirement for a ministerial authorisation to produce intelligence on an Australian person applies only to covert and intrusive intelligence collection activities, which includes activities for which ASIO would require a warrant to conduct onshore. It is also intended that this would include the tasking of an agent or network of agents by ASIS to use covert and intrusive intelligence collection methods, consistent with recommendation 16d of the IIR.
1.30
The amendment to the definition of ‘intelligence information’ in Section 3 of the IS Act, to remove the word ‘information’, will address the unintended consequences of the 2005 amendments by focusing on intelligence obtained under an agency’s intelligence collection functions and thereby excluding routine and publicly available information concerning Australian persons.
Schedule 5 – ASIS cooperating with ASIO
1.31
Schedule 5 amends the IS Act by extending section 13B (Activities undertaken in relation to ASIO) to ASIS’s onshore activities, allowing ASIS to cooperate with ASIO both inside and outside Australia.
1.32
The requirement for ASIO to issue ASIS with a written notice to produce intelligence to support ASIO in the performance of its functions would remain. The amendments make clear that the exceptional circumstances provision, allowing an ASIS officer to act outside Australia in an emergency in the absence of a written notice from ASIO, would not apply in Australia.
1.33
The Explanatory Memorandum states:
The extension of section 13B to enable ASIS to conduct onshore activities at ASIO’s request is necessary to enhance cooperation and integration between agencies. The current geographic limit restricts cooperation that is essential to maximising the likelihood of Australia’s success in thwarting attacks and defeating other threats to security.
And:
The activities referred to in this amendment are only to be performed by ASIS in support of ASIO’s functions, which include gathering intelligence for the legitimate purpose of protecting the security of Australia and Australians. The Government considers that there is an increasing operational necessity to improve cooperation and integration between intelligence agencies, particularly as Australia’s security environment becomes more complex and the lines of demarcation between foreign and security intelligence more porous. With more extensive and direct involvement of some Australians in international terrorist and extremist causes, and with greater scope for external covert interference in Australia generally, domestic and foreign sources of security threats have become less mutually exclusive. Security threats to Australians, in Australia, have increased and diversified as a result.
Schedule 6 – AGO cooperating with authorities of other countries
1.34
Schedule 6 amends section 13 of the IS Act to provide that AGO is not required to seek ministerial approval under paragraph 13(1)(c) where cooperation with an authority of another country is for the purpose of performing AGO’s functions under paragraphs 6B(1)(e), (ea) or (h).
1.35
AGO’s function under paragraph 6B(1)(e) is to provide certain bodies and persons, which includes authorities of other countries, with imagery and other geospatial, hydrographic, meteorological and oceanographic products, where those products are not intelligence, and to provide assistance in relation to the production and use of such products and related technologies.
1.36
AGO’s function under paragraph 6B(1)(ea) is to provide certain bodies and persons, which includes authorities of other countries, with assistance in relation to the performance of emergency response, safety, scientific research, economic development, cultural and environmental protection functions, where the provision of such assistance is incidental to the performance by AGO of its other functions.
1.37
AGO’s function under paragraph 6B(1)(h) is to carry out the functions of the Australian Hydrographic Office (AHO), which is part of AGO. The primary role of the AHO is to provide products such as nautical maps and surveys to support maritime safety, and contribute to the coordination, exchange and standards related to hydrographic and maritime production policy, and maritime geospatial data in general.
1.38
AGO’s functions under 6B(1)(e), (ea) and (h) require cooperation with a range of government and non-government partners. For example, the AHO performs its role by cooperating with universities, international organisations, and foreign governments. The AHO’s primary customers are the Australian public, civilian shipping, local and international port authorities, the Australian Government and the Australian Defence Force.
1.39
The purpose of ministerial approval for cooperation with authorities of other countries is to provide an additional layer of oversight where the cooperation, by virtue of involving potentially sensitive, covert or intrusive activities and capabilities, carries particular foreign relations and other risks.
1.40
AGO’s functions under paragraphs 6B(1)(e), (ea) and (h) are non-intelligence functions and do not involve covert or intrusive activities. The practical effect of the requirement to seek ministerial approval for cooperation under paragraph 13(1)(c) has been, in certain circumstances, to hinder AGO’s ability to effectively carry out these functions.
1.41
The exemption from the requirement to seek ministerial approval for cooperation with authorities of other countries with respect to these functions is a necessary and proportionate measure. The AGO functions that are exempt from the approval framework do not fall within the intended scope of functions envisaged by the requirement for ministerial approval under paragraph 13(1)(c) of the IS Act, which are typically higher risk activities, involving potentially sensitive, covert or intrusive intelligence capabilities.
1.42
The Explanatory Memorandum states:
Ensuring that AGO is able to freely cooperate with authorities of other countries in the performance of its functions under 6B(1)(e), (ea) and (h) will ensure that AGO is able to continue to provide essential maritime and geospatial services to its partners in the international community.
Schedule 7 – ONI cooperating with other entities
1.43
Schedule 7 amends section 13 of the ONI Act to extend the approval regime that applies to cooperation with the authorities of other countries to cooperation with public international organisations (but not to ‘entities’ more broadly). This will require that cooperation with public international organisations be subject to Director-General approval under subsection 13(2).
1.44
Consequently, the Director-General will be able to consider whether there is a risk in ONI undertaking the cooperation. The Government considers that similar risks apply to cooperation with public international organisations, which comprise nation states, as to cooperation with the authorities of other countries. Therefore, the Director-General’s approval should be required in both cases, and the Prime Minister should be notified of, and have the opportunity to cancel, such an approval consistent with section 13(5) of the ONI Act.
1.45
The amendments are necessary to place safeguards on cooperation with public international organisations and ensure that the Director-General is responsible for making decisions which may impact Australia’s foreign relations.
1.46
The inclusion of ‘public international organisations’ in section 13 will not change the cooperation arrangements in the ONI Act for other entities or persons within or outside Australia.
Schedule 8 – Suspension of travel documents
1.47
Schedule 8 amends the Passports Act and Foreign Passports Act to extend the period of time for which the Minister for Foreign Affairs may order the suspension or surrender of an Australian or foreign travel document, from 14 to 28 days, in order to afford ASIO sufficient time, with minimal disruption to other priority investigations, to resolve all appropriate investigative activities and to prepare a thorough security assessment considering whether permanent action is appropriate.
Schedule 9 – Online activities
1.48
Schedule 9 amends the limited immunities for staff members and agents of ASIS and AGO under section 476.5 of the Criminal Code in response to changes in technology, and updates agencies’ immunities to ensure they can continue to efficiently perform their functions to protect Australia’s national security, foreign relations and national economic well-being, in an increasingly complex online environment.
1.49
The amendments extend the immunity to apply where a staff member or agent of ASIS or AGO engages in conduct inside or outside Australia and reasonably believes that the conduct is likely to cause a computer-related act, event, circumstance or result to take place outside Australia (whether or not it in fact takes place outside Australia). These updates align the immunities for staff members and agents of ASIS and AGO to that of staff members and agents of ASD in respect of computer offences. This amendment is required to allow these agencies to continue to operate effectively in an increasingly complex online environment, where it is not always possible to reliably determine the geographic location of a device or computer. This challenge is exacerbated where adversaries (including foreign intelligence services, persons engaged in proliferation-related activities and terrorist organisations) take active steps to obfuscate their physical location. For agencies to be able to effectively perform their functions in such an environment, it is necessary to protect staff members and agents from liability if they inadvertently affect a computer or device located inside Australia.
1.50
The amendments will not provide staff members or agents of these agencies with immunity from liability in circumstances where they know or believe a target computer or device to be located inside Australia. Nor will it provide such persons with immunity where their belief that a target computer or device is located outside Australia is not reasonable. The immunity will also no longer apply once it is known to the staff member or agent that the target is not outside Australia. Any continued targeting in Australia, once a staff member or agent is aware that it is within Australia, would not attract the immunity.
1.51
Consistent with current subsection 476.5(1), the immunity will continue to apply only where a staff member or agent’s conduct is done in the proper performance of a function of the agency concerned.
Schedule 10 - Privacy
Part 1 - Privacy rules of ASIS, AGO and ASD
1.52
Recommendation 189 of the Comprehensive Review concluded that while ASIS, ASD and AGO continue to meet the relevant criteria justifying their exemption from the Privacy Act, and that their current privacy regimes are adequate, minor changes should be made to improve transparency. Specifically, the Comprehensive Review considered that these agencies should be required, by legislation, to maintain and publish their own legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.
1.53
Part 1 of Schedule 10 amends section 15 of the IS Act to introduce a requirement that ASIS, ASD and AGO must, as soon as is practicable after their respective privacy rules have been made, publish those rules on their websites.
1.54
Part 1 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review privacy rules made under section 15 of the IS Act, but makes clear the PJCIS does not have the power to review compliance with such rules.
Part 2 – Privacy rules of DIO
1.55
Recommendation 189 of the Comprehensive Review concluded that, while DIO continues to meet the relevant criteria justifying its exemption from the Privacy Act, and that its current privacy regime is adequate, minor changes should be made to their privacy arrangements to improve transparency. Specifically, the Comprehensive Review considered that, as with ASIO, ASIS and AGO, DIO should also be required, by legislation, to maintain and publish its own legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.
1.56
While DIO, unlike ASIS, ASD and AGO, is not established under an Act, the Comprehensive Review considered that it would be legislatively possible to require it to have privacy rules, as has been done in relation to other matters in the IS Act that relate to DIO, such as secrecy.
1.57
Part 2 of Schedule 10 amends the IS Act to introduce new section 41C. Section 41C introduces a requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons. These rules must, as soon as is practicable, be published on DIO’s website.
1.58
Part 2 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review DIO’s privacy rules made under section 41C of the IS Act, but makes clear the PJCIS does not have the power to review compliance with such rules.
1.59
Part 2 of Schedule 10 also makes minor amendments to the IGIS Act to reflect new reporting requirements concerning DIO’s privacy rules, as introduced by new section 41C in the IS Act.
Part 3 - Privacy rules of ONI
1.60
210. The purpose of the privacy rules is to provide a necessary and important protection for the privacy of Australian persons, given the nature of ONI’s analytical functions, which in certain circumstances, may limit the right to privacy. As such, it is necessary that the privacy rules continue to apply to the communication of information concerning Australian persons where such information is for the purposes of ONI’s analytical functions — that is, where intelligence analysis is applied to that information.
1.61
However, it is both impractical and unnecessarily burdensome for the privacy rules to apply to administrative, staffing or publicly available information where the privacy risk associated with communicating that information is low, because that information is either voluntarily provided to the agency, or is already in the public domain. Further, unlike other NIC agencies, ONI does not have covert or intrusive powers to collect intelligence (such as the ability to obtain warrants or conduct compulsory questioning), nor do ONI’s functions include directing a NIC agency to carry out operational activities. As such, personal information about Australian persons that is obtained for the purposes of ONI’s nonanalytical functions is unlikely to impact on the right to privacy and is outside the intended purpose of the privacy rules. ONI ensures that its internal policies and practices provide appropriate privacy protections for personal information that is obtained as part of ONI’s non-analytical functions, as far as is consistent with the proper performance by ONI of its functions.
1.62
Part 3 of Schedule 10 implements recommendation 12 of the Comprehensive Review, which found that the ONI Act should be amended to provide that the privacy rules apply to the communication of information pursuant to ONI’s open source function, only where intelligence analysis has been applied to that information. It does so by amending section 53 of the ONI Act to make a distinction between ‘personal information’ and ‘intelligence information’. The effect of this is to exclude the communication of non-intelligence open source products from the privacy rules regime. This means that, under the amended privacy provisions, ONI’s privacy rules do not apply to the communication of personal information where that personal information is not also intelligence information. The privacy rules apply in circumstances where the personal information provide to, or collected or assembled by, ONI is evaluated, analysed, interpreted, integrated and/or tested such that it becomes intelligence. The privacy rules continue to regulate the collection of information concerning Australian persons by ONI when performing its open source function.
1.63
Consistent with the Government response to recommendation 12 of the Comprehensive Review, Part 3 of Schedule 10 further amends section 53 of the ONI Act to provide that the privacy rules apply only to personal information about an Australian citizen or permanent resident where that information is also intelligence information under ONI’s two other analytical functions (paragraphs (7(1)(c) and (d)). This aligns with the approach described above for the treatment of personal information for ONI’s open source function. This means that, under the amended privacy provisions, ONI’s privacy rules do not apply to, for example, the communication of administrative and staffing information. This is consistent with the approach currently taken by the IS Act and as amended by Schedule 4 of this Bill.
1.64
Part 3 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review ONI’s privacy rules made under section 53 of the ONI Act, but makes clear the PJCIS does not have the power to review compliance with such rules.
1.65
Part 3 of Schedule 10 also makes minor amendments to a note in the IGIS Act to reflect the amendments to ONI’s privacy rules.
Part 4 - Contingent amendments
1.66
Part 4 of Schedule 10 makes a minor contingent amendment to the IS Act to clarify that the definition of ‘intelligence function’ in section 3 (contingent upon passage of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020) is in relation to AUSTRAC only.
Schedule 11 – Assumed identities
1.67
Schedule 11 amends Part IAC of the Crimes Act to include ASD in the Assumed Identities scheme, with the ability to operate and use an assumed identity. However, the measure will not enable ASD to acquire evidence of an assumed identity. This is considered an appropriate limitation, as other agencies have the expertise to acquire evidence of an assumed identity and can perform this function on ASD’s behalf. Enabling ASD officers to operate under an assumed identity when performing ASD’s functions will protect national security capabilities.
1.68
The amendment places greater responsibility and accountability on the Director-General of ASD for ASD’s use of assumed identities. This includes responsibility for ensuring the requirements in Part IAC of the Crimes Act are met, such as around record keeping and auditing. It is appropriate that ASD should have oversight and operational control of assumed identities used in the carrying out of its functions.
Schedule 12 – Authorities of other countries
1.69
Schedule 12 provides that for a body to be an ‘authority, of another country’ for the purposes of the IS Act, it is not required that the body be established by a law of the country or be connected with an internationally recognised government of a country. This amendment does not introduce a comprehensive definition of the term; whether a body is an authority of another country will still need to be considered on a case-by-case basis.
1.70
This amendment is designed to displace any assumption that for a body to be an ‘authority, of another country’ it would need to be established by a law of the country or be controlled by, or connected to, the internationally recognised government of the country. The amendment clarifies that agencies can cooperate with authorities of a body or group which exercises effective or de facto control over all or a part of the country. This could occur in situations where the internationally recognised government of a country is disputed, disrupted or not in control of the whole of its territory.
1.71
The amendment does not disturb the ordinary meaning of the word ‘authority’. This means that a body or group of persons must still be an ‘authority’ in order for agencies to be able to cooperate with them. An authority may include a body which is performing, or purporting to perform, one or more functions that are governmental in nature. It could also include a person or organisation having political or administrative power and control. The amendment ensures that, for the purposes of paragraph 13(1)(c), agencies can continue to cooperate with authorities of governments that may have temporarily lost power in their country (such as governments which have been removed by a coup) but are still performing, or purporting to perform, their governmental functions. It ensures that agencies can continue to seek ministerial approval to carry out their activities in countries which may not always have stable and functioning governmental authorities.
1.72
The amendment clarifies the interpretation of the term throughout the IS Act. For example, paragraph 13(1)(c) provides that agencies may cooperate with authorities of other countries where those authorities are approved by the responsible Minister as being capable of assisting the agency in the performance of its functions. The amendment is also relevant to other parts of the IS Act including, for example, paragraph 6(1)(d), subsection 11(2AA) and subsection 42(2).
1.73
Schedule 13 – ASIO authorisations
1.74
Schedule 13 amends section 24 of the ASIO Act to clarify that where the Director-General of Security, or a senior position-holder appointed by the Director-General, approves a person or class of persons holding, occupying or performing the duties of an office or position the approval extends to an office or position that comes into existence after the approval is given.
1.75
Schedule 13 also amends section 12 of the TIA Act to:
make clear the Director-General of Security, or an ‘authorising officer’, can approve a class of persons to exercise, on behalf of ASIO, the authority conferred by a Part 2-2 warrant; and
consistent with the amendments to section 24 of the ASIO Act, clarify that, under section 12 of the TIA Act, where the Director-General of Security, or an ‘authorising officer’, approves a person or a class of persons holding, occupying or performing the duties of an office or position to exercise the authority conferred by a Part 2-2 warrant, the approval extends to an office or position that comes into existence after the approval is given.
1.76
Schedule 13 also introduces a requirement that the Director-General of Security must ensure accurate records are kept of the person or persons who exercise the authority conferred by a relevant warrant or relevant device recovery provision under the ASIO Act or a warrant issued under Part 2-2 of the TIA Act. In the ASIO Act, a relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.
1.77
The record keeping requirement captures those people who actually exercise the authority conferred by such warrants or provisions, rather than all persons who are approved to exercise authority conferred by the warrant or provision. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or people who undertake activities to exercise the authority conferred by the warrant or provision and not the particular power that was exercised by the person pursuant to the warrant.
Schedule 14 – Technical amendments
1.78
Schedule 14 makes several technical amendments to correct a referencing error and a minor omission in the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.