Introductory Info

Date introduced: 25 November 2021
House: House of Representatives
Portfolio: Home Affairs
Commencement: Refer to pages 5–6 of this Digest for details.

Purpose of the Bill

The purpose of the Bill is to make amendments to the following Commonwealth Acts: Intelligence Services Act 2001 (IS Act); Criminal Code Act 1995; Crimes Act 1914; Australian Passports Act 2005 (Passports Act); Foreign Passports (Law Enforcement and Security) Act 2005 (Foreign Passports Act); Office of National Intelligence Act 2018 (ONI Act); Inspector‑General of Intelligence and Security Act 1986 (IGIS Act); Australian Security Intelligence Organisation Act 1979 (ASIO Act) and the Telecommunications (Interception and Access) Act 1979 (TIA Act).

The Bill is intended to implement the Government’s response to a number of recommendations of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review) led by Dennis Richardson and published in December 2019.[1] The Bill also includes amendments recommended by the 2017 Independent Intelligence Review (2017 IIR) published in June 2017 which examined how the intelligence community serves Australia’s national interest and the ongoing suitability of legislative and oversight provisions.[2]

Structure and overview of the Bill

The Bill makes amendments in 14 schedules.

Schedule 1 – Emergency authorisations

This Schedule would amend the IS Act to enable the Australian Secret Intelligence Service (ASIS), the Australian Signals Directorate (ASD), and the Australian Geospatial-Intelligence Organisation (AGO) to act immediately, through new emergency authorisation provisions, to produce intelligence on Australians who are at imminent risk overseas. This is in addition to existing emergency authorisation provisions and the Explanatory Memorandum uses a hostage situation overseas as an example of when the new provisions may be used, where timing is crucial to the safety of an Australian.[3]

Schedule 2 – Authorisations relating to counter-terrorism

The Schedule proposes amendments to the IS Act to enable ASIS, AGO and ASD to apply for a ministerial authorisation to produce intelligence on a class of Australian persons who are, or likely to be, involved with a listed terrorist organisation. Currently, only ASIS may be authorised by the Minister under section 8 to produce intelligence on a class of Australians, and only in circumstances where ASIS is assisting the Australian Defence Force (ADF) in support of military activities.[4] The proposed amendments will insert definitions of listed terrorist organisation and involved with a listed terrorist organisation.

Schedule 3 – Authorisations for activities in support of the Australian Defence Force

Schedule 3 proposes amendments in the ministerial directions framework in the IS Act to allow AGO and ASD (in addition to ASIS) to produce intelligence on one or more members of a class of Australian persons, for activities in support of military operations and when cooperating with the ADF on intelligence matters.

Schedule 4 – Authorisations for producing intelligence on Australians

This Schedule proposes amendments to the IS Act to:

• update the definition of intelligence information and insert a new definition for prescribed activity
• restrict the requirement for ASIS, ASD and AGO to obtain ministerial authorisation to produce intelligence on an Australian person to circumstances where the agencies seek to use covert and intrusive methods and
• clarify the requirement for ASIS, ASD and AGO to seek ministerial authorisation before requesting a foreign partner agency to produce intelligence on an Australian person.

Schedule 5 – ASIS cooperating with ASIO

Schedule 5 would amend the IS Act to facilitate cooperation between ASIS and ASIO in Australia when undertaking certain activities to collect intelligence on Australian persons relevant to ASIO’s functions, without ministerial authorisation. According to the Minister, the proposed changes under the Bill include provisions to allow ASIS to ‘cooperate with ASIO both inside and outside Australia, subject to appropriate safeguards and oversight’.[5]

Schedule 6 – AGO cooperating with authorities of other countries

This Schedule proposes to make amendments to the IS Act to facilitate cooperation with authorities of other countries by removing the requirement to obtain ministerial approval for the purposes of performing specific functions.

Schedule 7 – ONI cooperating with other entities

This Schedule makes amendments to the ONI Act to extend the existing approval regime to include cooperating with public international organisations. Examples of public international organisations include the United Nations (UN), the North Atlantic Treaty Organization (NATO)[6] and the International Criminal Police Organization (INTERPOL).[7]

Schedule 8 – Suspension of travel documents

Schedule 8 would extend the period under the Passports Act and the Foreign Passports Act for which travel documents may be suspended or required to be temporarily surrendered from 14 to 28 days.

Schedule 9 – Online activities

Contingent of the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021, this Schedule proposes to make amendments to sections 476.5 and 476.6 of the Criminal Code to provide immunity to ASIS and AGO for certain computer-related acts. Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021 commenced on 3 December 2021.

Schedule 10 – Privacy

Part 1 of Schedule 10 would amend the IS Act to require ASIS, ASD and AGO to make their privacy rules publicly available. Part 2 of Schedule 10 imposes a requirement on DIO to have, and publish privacy rules. Part 3 proposes to clarify that ONI’s privacy rules apply to intelligence information produced by ONI under its analytical functions, and not to administrative information or information that is already in the public domain.[8]

Schedule 11 – Assumed identities

Schedule 11 would amend the Crimes Act to include ASD in the Assumed Identities scheme set out in Part IAC of that Act, to allow ASD to operate and use an assumed identity, with some qualifications, regarding the acquisition of evidence.

Schedule 12 – Authorities of other countries

This Schedule would make amendments to the IS Act for the purposes of determining whether a body is an authority of another country. The amendment will clarify that this might include authorities in circumstances where the traditionally recognised government of the country is disputed, disrupted or not in control of its territory.

Schedule 13 – ASIO authorisations

Schedule 13 would amend section 24 of the ASIO Act and section 12 of the TIA to clarify that a particular class of persons will be included in the authorisation for exercising warrants or relevant device recovery provisions. It also clarifies how persons can be approved to exercise authority under ASIO warrants, including new record-keeping requirements.

Schedule 14 – Amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018

This Schedule would make technical amendments to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018 regarding time limits on ministerial authorisations and to correct an existing provision about reporting requirements by the Director-General in the IS Act.

Commencement details

Sections 1 to 3 will commence on Royal Assent.

Schedules 1 to 8, Schedule 10, Part 1, and Schedules 11 to 14 will commence the day after Royal Assent.

Schedule 9 will commence the day after Royal Assent or on the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021, whichever is later. Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021 commenced on 3 December 2021, therefore Schedule 9 will commence the day after Royal Assent.

Schedule 10, Parts 2 and 3 will commence on the earlier of Proclamation, or 6 months after Royal Assent.

Schedule 10, Part 4 will commence on whichever is the later of the commencement of Schedule 10, Part 2, and the commencement of Item 136 of Schedule 1 to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Act 2021. At the time of publication of this Digest, the Bill for that Act had not passed the Parliament.

Background

The Bill makes changes to provisions affecting the operations and procedures of the National Intelligence Community (NIC), which was formed following the adoption of the 2017 IIR’s recommendations.[9] The agencies that make up the NIC are:

• Office of National Intelligence (ONI)
• Australian Transaction Reports and Analysis Centre (AUSTRAC)
• Australian Secret Intelligence Service (ASIS)
• the intelligence functions of the Australian Federal Police (AFP)
• Australian Signals Directorate (ASD)
• Australian Security Intelligence Organisation (ASIO)
• the intelligence functions of the Department of Home Affairs
• Australian Criminal Intelligence Commission (ACIC)
• Australian Geospatial‑Intelligence Organisation (AGO)
• Defence Intelligence Organisation (DIO).[10]

In the second reading speech on the Bill, the Minister for Home Affairs Karen Andrews, said:

… the measures in this Bill will address situations where agencies have the operational capability to respond to threats, but are prevented from doing so by legislation that has not kept pace with the evolving threat environment.[11]

Further, the Minister said that the Bill will strengthen the ability of Australia’s intelligence agencies ‘to respond to emerging threats and the increasingly sophisticated capabilities of our adversaries. It contains measures that allow agencies to respond expeditiously, and with greater agility, to threats and opportunities as they arise’.[12]

The Bill implements a number of the recommendations of the Comprehensive Review and the 2017 IIR that were supported by the Government.[13]

Independent Intelligence Review (2017)

In 2004, the Report of the Inquiry into Australian Intelligence Agencies recommended that the intelligence community be subject to periodic external review every 5 to 7 years.[14] The timing of the 2011 Independent Review of the Intelligence Community (2011 Review) and the 2017 IIR met this recommendation.[15] The 2017 IIR examined the environment in which the intelligence community operates and considered the suitability of structural, legislative and oversight architecture of the intelligence community.[16]

The 2017 IIR recommended several significant reforms aimed at keeping pace with the continually evolving intelligence environment:

This pace of change has made the context in which Australia protects and advances its security interests more complex, less predictable and more volatile than in the past. In our view, that pace of change is set to intensify with the major influences on Australia’s national security outlook over the coming decade coalescing around three key focal points: fundamental changes in the international system, extremism with global reach and the security and societal consequences of accelerating technological change.[17]

The 2017 IIR recommended (at Recommendation 15) that a comprehensive review of the Acts governing Australia’s intelligence community be undertaken to ensure agencies operate under a legislative framework which is clear, coherent and contains consistent protections for Australians.[18] This recommendation was accepted and implemented by the Government with the Comprehensive Review of the legal framework of the NIC.

Four of the recommendations from the 2017 IIR were similarly made in the Comprehensive Review of the legal framework of the NIC and are the foundation of this Bill.[19]

Comprehensive Review of the legal framework of the National Intelligence Community

In May 2018 the Attorney-General announced that the Government had commissioned a comprehensive review of the legal framework governing the NIC to be undertaken by Dennis Richardson.[20] The review is referred to as the Comprehensive Review in this Digest. The Comprehensive Review examined the effectiveness of the legislative framework governing the NIC and prepared findings and recommendations for reforms.[21]

The Comprehensive Review:

… amounted to the first wide-ranging consideration of the many national security laws passed since the 11 September 2001 terror attacks (allowing that the Independent National Security Legislation Monitor conducts reviews on specific matters). The legislative framework governing intelligence agencies has evolved considerably since the Australian Security Intelligence Organisation Act 1979 and the intelligence Services Act 2001 were first introduced.[22]

The Comprehensive Review was presented in 4 volumes and the ‘observations and recommendations are intended to preserve the principled underpinnings of the legislative framework, build on those principles where reform is required, and to provide guidance to inform future calls for reform’.[23] Covering a range of areas, the Comprehensive Review covered:

• authorisations, immunities and electronic surveillance
• information, technology, powers and oversight
• accountability and transparency.

Submissions to the Comprehensive Review are not published but submitters are listed in the Annexes of the review, in Volume 4.[24]

Ministerial Authorisations

Currently Australia’s foreign intelligence agencies may, in certain circumstances, collect intelligence on Australians if they obtain a Ministerial Authorisation from the responsible minister. For example, in the case of ASIS, the responsible minister is the Minister for Foreign Affairs.[25] Currently, only ASIS may be authorised by the Minister under section 8 to produce intelligence on a class of Australians, and only in circumstances where ASIS is assisting the Australian Defence Force (ADF) in support of military activities.[26]  

While the Comprehensive Review found that ‘existing consultation processes for ministerial authorisations under the [IS Act] are robust and support an appropriate level of assurance’, the Bill proposes additional measures to ‘improve the workability of the ministerial authorisation framework’.[27]

Both the 2017 IIR and the Comprehensive Review recommended the use of class authorisations, in addition to the individual authorisations, to strengthen the ability of agencies to investigate terrorist organisations:

Specifically, reducing barriers to agencies’ abilities to investigate classes of person with links to terrorist organisations will enhance their ability to identify previously unidentifiable individuals of security concern. Allowing agencies to seek approval to investigate a class of persons, rather than requiring them to seek ministerial approval for each individual that would fall within a class, allows for the production of intelligence that is timelier, more agile and more responsive to the contemporary security environment, particularly where methodologies employed by terrorists have become more discreet than in the past and their methods of obfuscation of their activities more sophisticated.[28] [emphasis added]

The Law Council of Australia (LCA) raised a concern that expanding class ministerial authorisations for Australians involved with international terrorist groups ‘must be narrowly confined to ensure that broad categories of innocent Australians are not inadvertently captured’.[29]

Further amendments are proposed in Schedule 3 to allow ASD and AGO (in addition to ASIS) to obtain ministerial authorisation to produce intelligence on one or more members of a class of Australians when providing assistance to the Australian Defence Force in support of military operations. The LCA has recommended in its submission to the inquiry on the Bill, that paragraph 9(1)(d) of the IS Act should be amended to apply a 6-month maximum period of effect to written requests made by the Defence Minister for an IS Act agency to provide assistance to the ADF in support of military operations outside Australia.[30]

Passports

In 2014, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Foreign Fighters Act) amended the Passports Act and the Foreign Passports Act to enable the ministerial suspension of a person’s travel documents for a period of 14 days if requested by the Director‑General of Security.

A person’s travel documents, including passports, might be suspended if it is suspected on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country.[31] On the basis of this suspicion, the person’s travel documents may be suspended or surrendered temporarily in order to prevent the person from engaging in that conduct.

During the period of suspension or surrender, ASIO may need to compile a full security assessment to support a recommendation for permanent cancellation (where appropriate).[32] The Explanatory Memorandum to this Bill indicates that ‘operational experience has shown that the 14-day suspension period currently available for ASIO to prepare a full security assessment can be insufficient to enable ASIO to resolve all appropriate investigative activities and prepare a properly considered security assessment, without diverting resources from other priority investigations’.[33]

The Bill will make amendments to support intelligence agency powers by increasing the time for which the Minister can order the suspension or temporary surrender of a person’s Australian or foreign travel documents from 14 days to 28 days to allow ASIO time to complete a thorough threat assessment.

These amendments were not part of recommendations in either the Comprehensive Review or the 2017 IIR.

Online activities

The Criminal Code contains a range of criminal offences for unlawfully accessing or interfering with a telecommunications system or accessing data in a computer without authorisation. Prior to the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021 on 3 December 2021, subsection 476.5(1) of the Criminal Code provided immunity from civil and criminal liability for staff members and agents of ASIS, ASD and AGO whose computer-related activities were done outside Australia, in the proper performance of their functions.[34]

The Comprehensive Review recommended, in Recommendation 74, that immunity for certain computer offences for ASIS, AGO and ASD be extended to apply where a staff member or agent of the relevant agency acted on a reasonable belief that the computer-related activities occurred outside Australia, even if that activity occurred inside Australia.[35] This was intended to help manage the challenges of identifying the geographic location of computers.

Since the recommendation was made, the Security Legislation Amendment (Critical Infrastructure) Act 2021 amended section 476.5 so that it only applies to ASIS and AGO. ASD is now covered by subsection 476.6(1), which provides wider immunity for conduct engaged in inside or outside Australia by staff members and agents of ASD, on the reasonable belief that it is likely to cause a computer‑related act, event, circumstance or result to take place outside Australia, whether or not it in fact takes place outside Australia, if the conduct is engaged in in the proper performance of their functions. A computer-related activity is an act, event, circumstance or result involving:

(a) the reliability, security or operation of a computer; or

(b) access to, or modification of, data held in a computer or on a data storage device; or

(c) electronic communication to or from a computer; or

(d) the reliability, security, or operation of any data held in or on a computer, computer disk, credit card, or other data storage device; or

(e) possession or control of data held in a computer or on a data storage device; or

(f)  producing, supplying, or obtaining data held in a computer or on a data storage device.[36]

Schedule 9 will repeal section 476.5 and amend section 476.6 so that the wider immunity applies to ASIS and AGO, in addition to ASD.

Assumed identities

Schedule 11 will amend the Assumed Identities regime in the Crimes Act to provide ASD with the ability to operate and use an assumed identity. The Assumed Identities scheme allows authorised officers of law enforcement and intelligence agencies to act under false identities, enabling them to obscure sensitive activities that would be undermined if they were to be connected with a law enforcement or intelligence agency, and protecting the true identity of individual officers. Currently, ASIS and ASIO operate assumed identities on ASD’s behalf, in accordance with the Crimes Act. The amendments will list ASD as an intelligence agency for the purposes of Part IAC of the Act.

Privacy rules

The Bill also intends to improve transparency regarding agencies’ privacy protections for Australians. These changes include introducing a new legislated requirement that ASIS, AGO and ASD publish their privacy rules on their websites; requiring DIO to have, and publish, privacy rules; clarifying the scope of the privacy rules of ONI; and establishing a new role for the Parliamentary Joint Committee on Intelligence and Security by requiring it to review the privacy rules of those agencies.

Committee consideration

Parliamentary Joint Committee on Intelligence and Security

On 25 November 2021 the Minister for Home Affairs, Karen Andrews, referred the Bill to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for public inquiry. While no reporting date has been set, submissions were due to the PJCIS by 3 February 2022. A number of submissions have been published on the Committee’s website.

Senate Standing Committee for the Scrutiny of Bills

In its Digest of 4 February 2022, the Senate Standing Committee for the Scrutiny of Bills raised concerns in relation to:

• broad delegation of administrative powers for emergency authorisation of intelligence gathering by ASIS, ASD and AGO regarding Australians overseas who are perceived to be at imminent risk (Schedule 1)
• insufficiently defined administrative powers in relation to authorisations to produce intelligence on a class of Australians who are, or are likely to be involved with a listed terrorist organisation (Schedule 2)
• the privacy implications of the amendment that will allow ASIS to undertake, in Australia, certain intelligence collection activities on Australian people, in support of ASIO, without ministerial authorisation (Schedule 5)
• the extension of the broad discretionary power of the Minister for Foreign Affairs to suspend a person's Australian passport or to order the temporary surrender of a person's foreign travel documents (including passports) for a period of 28 days (from a current period of 14 days) (Schedule 8)
• the absence of a requirement to table agencies privacy rules in Parliament (Schedule 10).[37]

These concerns, and the Minister’s response to them, are discussed below in ‘Key issues and provisions’.  

Policy position of non-government parties/independents

Non-government parties and independents did not appear to have publicly stated their position on the Bill as at the date of this Digest.

Position of major interest groups

There has been little public commentary on the Bill itself. One article published in the Canberra Times stated:

… [p]roposed laws to expand and streamline Australia’s spying and intelligence operations will allow one agency to spy on Australian in the country for the first time in its nearly 75-year lifetime. But while experts say the changes won’t result in a nationwide spying regime of Snowden proportions, they warned the more shadowy intelligence agencies need “a dose of sunshine” to lift public confidence in privacy protections further deteriorated during the COVID-19 pandemic.[38]

The article stated that the Bill would make amendments to allow ASD to ‘undertake signals intelligence collecting on people within the country without the need of a warrant if there is an imminent risk to life’.[39] The Department of Home Affairs issued a media statement disputing the accuracy of this statement and asking the Canberra Times to publish a correction, stating:

The ‘imminent risk to life’ amendments in the Bill only apply to events occurring outside of Australia.

Further, the Bill does not grant the Australian Signals Directorate new powers to undertake signals intelligence collection in Australia that would otherwise be unlawful without a warrant.[40]

There has not been other media attention on the Bill.  

However, as part of the Comprehensive Review, many stakeholders made submissions that were later referred to in the Review. While the submissions are not published on the Attorney-General’s Department’s website, some are available on the stakeholders’ own websites. A list of submitters is in Volume 4 of the Comprehensive Review, including those from the non-government sector.[41] It should also be noted that the PJCIS inquiry has advised prospective submitters that any submission to the Committee’s inquiry must be prepared solely for that inquiry.[42]

The LCA’s submission to the Comprehensive Review made more than 20 recommendations to improve the legal framework of the NIC.[43] With regards to ministerial authorisations, the LCA recommended confining the proposed class authorisation regime to persons involved with listed terrorist organisations under the Criminal Code, requiring the agreement of the Attorney-General and oversight by the Inspector-General of Intelligence and Security (IGIS). Further, the LCA recommended specifying the maximum duration of the class authorisation and for the agency head to keep a current list of the Australians on whom they are seeking to produce intelligence under that authorisation. This Bill implements all of these recommendations in Schedule 2.

The LCA’s submission to the PJCIS inquiry focused on the proposed amendments to Schedules 1–5 and made some more secondary observations on Schedules 8 and 9. The LCA does not hold any significant concerns about the amendments to Schedules 6–7 and 10–14.

In relation to Schedules 1–4, which deal with additional grounds and mechanisms authorising ASIS, ASD and AGO to produce intelligence on an Australian person outside Australia, the LCA ‘identified some technical issues in the design and drafting’ of the provisions. As outlined in recommendations 1–8 of its submission, the LCA proposes ‘targeted amendments to address apparent instances of statutory overbreadth, ambiguity and potential unintended consequences’.[44]

Schedule 5 expands the cooperative regime under which ASIS may produce intelligence on Australians without a ministerial authorisation in support of ASIO’s performance of its functions, from collection activities undertaken by ASIS outside Australia to also include domestic collection activities by ASIS. The LCA notes that while the 2017 IIR supported this change, the Comprehensive Review, published in December 2019, recommended that it not proceed due to ‘insufficient evidence’ of the need for such a provision.[45]

The LCA’s concern with Schedule 5 is that ‘the extrinsic materials to the Bill do not provide adequate information to publicly establish the necessity of authorising ASIS to operate domestically to collect security intelligence (that is, as a discrete legal entity to ASIO…)’.[46] The LCA considers that ‘further public explanation is needed’, and suggests through recommendation 9 three matters that need addressing.[47]

In its submission to the PJCIS inquiry, Civil Liberties Australia criticised the Bill and raised a number of broad issues including:

… the unceasing nature of demands by intelligence and security agencies along with elements in Australia’s political class for further intrusions into the civil liberties of ordinary Australian; the absence of any strategic planning based on empirical data as opposed to episodic reporting of actual or speculative occurrences.[48]

The NSW Council for Civil Liberties submitted to the PJCIS inquiry some concerns about Schedules 1–9, including that more precise definitions be proposed for the class authorisations relating to counter-terrorism and that requests by the Defence Minister for IS Act agencies to conduct activities in support of the ADF be subject to sunsetting, so that they cannot be relied on in perpetuity.[49]

The IGIS indicated in its submission to the PJCIS inquiry that the Office of the IGIS will oversee agencies’ compliance with the provisions in the Bill, in accordance with its usual practices.[50]

The Department of Defence, the Department of Home Affairs and ASD made submissions to the inquiry supporting the Bill.[51]

Financial implications

The Explanatory Memorandum states that the Bill has nil financial impact.[52]

Statement of Compatibility with Human Rights

As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 (Cth), the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act. The Government considers that the Bill is compatible.[53]

Parliamentary Joint Committee on Human Rights

The Parliamentary Joint Committee on Human Rights (PJCHR) reported on the Bill in its first report of 2022.[54] In assessing the human rights implications on parts of the Bill, the Committee sought the Minister’s advice on a number of matters. Explicitly:

• whether the broad scope of class ministerial authorisations are reasonable, necessary and proportionate to the engagement and limitation on the rights to privacy, equality and non‑discrimination and life[55]
• with regards to Schedule 5, which allows ASIS to assist ASIO by collecting intelligence on Australians in Australia, whether there is a pressing and substantial concern to be addressed, noting that the Comprehensive Review recommended not implementing the measure[56]
• whether the measures in Schedule 8 (extension of the period for suspension or surrender of passports) are a proportionate limitation on the rights to freedom of movement, privacy and an effective remedy.[57]

These concerns, and the Minister’s response to them, are discussed below in ‘Key issues and provisions’.

Key issues and provisions

The Explanatory Memorandum for this Bill provides a comprehensive and accurate explanation of each and every provision, including the operational impact of many of the provisions. What follows is a brief summary of the key issues and provisions, rather than a detailed analysis of their operational impact.

Ministerial Authorisations where there is an imminent risk to the safety of an Australian person

Schedule 1 implements Recommendation 52 of the Comprehensive Review and Recommendation 16(e) of the Independent Intelligence Review.

Recommendation 52 said:

The emergency authorisation provisions in the Intelligence Services Act do not require amendment, beyond implementing amendments to address situations where it is reasonable to believe that an Australian person consents to the production of intelligence by the IS Act agency on that person, as recommended by the 2017 Independent Intelligence Review.[58]

Recommendation 16 of the 2017 IIR recommended amendments to the Ministerial Authorisation regime in the IS Act and associated processes to address practical difficulties arising from implementation of the regime. These amendments would include:

(e) Permitting an ISA agency to act immediately and without a MA [ministerial authorisation] in situations where it is reasonable to believe that an Australian person consents to the ISA agency producing intelligence on that person. In these circumstances, the ISA agency should be required to notify the responsible Minister and the IGIS as soon as possible and at a maximum, within 48 hours. In situations involving a threat to security, the Minister responsible for the Australian Security Intelligence Organisation (ASIO) should also be advised.[59]

Section 8 of the IS Act provides that the Ministers responsible for ASIS, ASD and AGO must issue a written direction requiring the agency to obtain a ministerial authorisation before undertaking certain activities. In emergency situations, if a minister or the Attorney-General are not readily available or contactable, the agency head may provide the authorisation.

Section 9 of the IS Act currently outlines the preconditions for a ministerial authorisation and sections 9A, 9B and 9C prescribe the arrangements in the case of emergency, including where the Minister or Attorney-General are unavailable to make the authorisation.

Item 2 of Schedule 1 to the Bill inserts proposed section 9D which would permit an IS Act Agency Head or their delegates to authorise the production of intelligence on an Australian person, without first obtaining authorisation from a Minister, where:

• there is, or is likely to be, an imminent risk to the safety of an Australian person who is outside Australia
• it is necessary or desirable to undertake an activity or a series of activities for the specific purpose (or for purposes that include the specific purpose) of producing intelligence on the person
• it is not reasonably practicable to obtain the person’s consent to the agency producing that intelligence
• having regard to the nature and gravity of the risk, it is reasonable to believe that the person would consent to the agency producing that intelligence if the person were able to do so.

In relation to the degree of imminent risk necessary to trigger the power to make an authorisation without Ministerial authorisation the Explanatory Memorandum notes:

Imminent risk would arise in situations where, for example, an Australian person was involved in a hostage or kidnap situation, or an ongoing terrorist or mass casualty attack.[60]

The agency head may only give the authorisation in these circumstances if they are satisfied that:

• the facts of the case would justify the responsible Minister giving an authorisation under section 9 because the conditions in subsections 9(1) and 9(1A) are met
• the Minister would have given the authorisation (proposed subsection 9D(2)).

Subsections 9(1) and 9(1A) require the Minister, before giving authorisation for an activity, to be satisfied (as currently relevant) that:

• any activities which may be done in reliance on the authorisation will be necessary for the proper performance of a function of the agency concerned
• there are satisfactory arrangements in place to ensure that nothing will be done beyond what is necessary for the proper performance of a function of the agency
• there are satisfactory arrangements in place to ensure that the nature and consequences of acts done in reliance on the authorisation will be reasonable, having regard to the purposes for which they are carried out
• the relevant Australian person is, or is likely to be, involved in one or more specified activities, including activities that present a significant risk to a person’s safety.

Proposed section 9D will outline the requirements for an agency head to record and notify the responsible Minster of the authorisation. Proposed subsection 9D(14) will allow the agency head to delegate to staff (not consultants or contractors) all or any of the powers, functions or duties of the agency head under the section.

The Scrutiny of Bills Committee raised concerns with the breadth of this delegation power and sought the Minister’s advice on whether the Bill could be amended to either:

• limit the ability to delegate powers, functions or duties under proposed section 9D to staff members of the senior executive service (or equivalent) and above or
• limit the scope of the powers, functions and duties under proposed section 9D that can be delegated to a staff member.[61]

In response, the Minister advised that ‘there is a strong operational need for this power to be devolved’ as any delay ‘would defeat the purpose of the new authorisation and potentially put Australians at further risk’.[62] In relation to the scope of the delegation, the Minister argued that it was appropriate for the scope of the delegation to include any or all of the powers, functions or duties of the agency head under proposed section 9D, as requiring the agency head personally to fulfil these requirements ‘could have the counter-productive effect of delaying provision to the responsible Minister and IGIS of the information and documentation to which they are legally entitled’.[63] The Minister emphasised that proposed section 9D is intended for ‘the protection and benefit of individual Australians and can only be used in very narrow circumstances’ and that the delegation power should be ‘reflective of this operational reality’.[64]

The Scrutiny Committee thanked the Minister for Home Affairs for her response, but stated that it remained unclear to the Committee ‘why all of the powers and functions of an agency head under proposed section 9D may be delegated to any staff member (other than a consultant or contractor)’.[65] The Committee further questioned why the delegation could not be limited to SES members without compromising the ability of the agency to ensure that the Minister and IGIS are efficiently informed.[66]

Accordingly, the Committee reiterated its scrutiny concerns and sought the Minister’s further advice as to:

• the level of staff members who, in practice, it is expected will be delegated the power to give emergency authorisations
• whether the Bill could be amended to:
  • require an agency head, when making a delegation, to be satisfied that the person has the appropriate training, qualifications or experience to appropriately exercise the delegated power
  • limit the delegation of an agency head's responsibilities under proposed subsections 9D(4) or (5) (which relate to the recording and notification of the authorisation) to members of the Senior Executive Service.[67]

At the date of this Digest the Minister’s response to the Scrutiny Committee’s further questions had not been received by the Committee.[68]

Ministerial Authorisations relating to counter-terrorism

Schedule 2 of the Bill will insert a new class authorisation, as recommended by the Comprehensive Review and the 2017 IIR:

As both Reviews recognised, counter-terrorism class ministerial authorisations will allow IS Act Agencies to respond expeditiously to threats from previously unidentifiable individuals, such as lone-actor attackers.[69]

The only existing ministerial authorisations that can apply to one or more members of a class of person are under subparagraphs 8(1)(a)(ia) and (ib) of the IS Act, which allow ASIS, in the course of providing assistance to the Defence Force in support of military operations, to seek authorisation to produce intelligence on one or more members of a class of Australians or undertake an activity that will, or is likely to, have a direct effect on one or more members of a class of Australians.[70]

The Comprehensive Review recommend that the class ministerial authorisation regime apply to a persons involved with a ‘proscribed’ terrorist organisation.[71] This proscription is done in Regulations for the purposes of subsections 102.1(1) and 100.1(1) of the Criminal Code.[72]

Item 1 will insert new definitions of involved with a listed terrorist organisation and listed terrorist organisation into section 3 of the IS Act.

Listed terrorist organisation will have the same meaning as in subsection 100.1(1) of the Criminal Code. That is, an organisation that is specified by the regulations for the purposes of the definition of terrorist organisation in subsection 102.1(1) of the Code.

Involved with a listed terrorist organisation is not specifically defined, but includes circumstances where a person:

• directs, or participates in, the activities of the organisation
• recruits a person to join, or participate in the activities of, the organisation
• provides training to, receives training from, or participates in training with, the organisation
• is a member of the organisation (within the meaning of subsection 102.1(1) of the Criminal Code[73]
• provides financial or other support to the organisation
• advocates for, or on behalf of, the organisation.[74]

This means that proposed subsection 9(1AAB) lists particular activities in which a person is taken to be involved with a listed terrorist organisation, but ‘does not limit the circumstances in which a person is involved with a listed terrorist organisation’.[75] The NSW Council of Civil Liberties argued:

The definition in proposed s9(1AAB) of involvement with a listed terrorist organisation is too broad. A person would be taken to be involved with a listed terrorist organisation if the person inter alia provides ‘financial or other support to’ or ‘advocates for, or on behalf of, the organisation’.

Non-financial support and advocacy are not defined in this context, and the conduct captured would cover a broad spectrum of activity, some of which would not constitute terrorist-related activity as it is generally understood (and ought to be understood). Would baking for a lamington drive or turning chippolatas at a sausage sizzle held by a local community group constitute ‘support’ for a listed organisation? Given that there is no requirement for a person to knowingly provide support for a listed organisation, nor that they know the group they are supporting is a listed terrorist organisation, it is quite possible that an individual may innocently be providing such support, yet their conduct might be captured.

Without further definition, ‘advocating for’ an organisation might include merely reporting on or expressing a view sympathetic to one or more of the organisation’s causes or ideals that would not be understood as terrorism-related. Without further definition, this has the potential to impede the work of journalists, including providing legitimate information to the public, creating an unreasonable fetter upon journalistic freedom and the freedom of political expression. In order to avoid unintended consequences, the conduct sought to be captured ought to be defined more precisely so that it covers only support or advocacy that materially assists or is intended to materially assist the terrorist-related activities of the listed organisation.[76] [emphasis added]

 In that regard the Explanatory Memorandum notes:

Some examples of activities that would be captured under the concept of providing ‘support’ include logistical support, or actively engaging in advocacy for, or on behalf of, a terrorist organisation. The concept is not intended to capture mere sympathy for the general aims or ideology of an organisation.[77] [emphasis added]

As set out above, section 8 of the IS Act provides that the ministers responsible for ASIS, ASD and AGO must issue a written direction requiring the agency to obtain a ministerial authorisation before undertaking certain activities. Item 2 will insert new subparagraph 8(1)(a)(iaa) to require the ministers to direct the agencies to obtain an authorisation before undertaking an activity or a series of activities for the specific purpose (or for purposes that include the specific purpose) of producing intelligence on one or more members of a class of Australian persons. The preconditions that must be satisfied are (under existing subsection 9(1)):

• that the activities will be necessary for the proper performance of the agency’s functions
• that there are satisfactory arrangements in place to ensure that:
  • nothing will be done beyond what is necessary for the proper performance of the agency’s functions
  • the nature and consequences of acts done in reliance on the authorisation will be reasonable, having regard to the purposes for which they are carried out.

The Minister must also obtain the agreement of the Attorney-General before giving the authorisation for the production of intelligence on a class of Australians (proposed paragraph 9(1AAA)(b) of the IS Act, at item 3 of Schedule 2).

Proposed section 10AA (at item 12 of Schedule 2) imposes additional oversight and reporting requirements in relation to the proposed counter-terrorism class ministerial authorisation and existing class authorisations to provide assistance to the Defence Force by requiring that the agency head ensures that a list is kept that:

• identifies each Australian person in relation to whom the agency intends to undertake activities under the authorisation
• gives an explanation of the reasons why the agency believes the person is a member of the class
• includes any other information that the agency head considers appropriate.

Proposed subsection 10AA(3) requires that, where the Attorney-General’s agreement is obtained in relation to a relevant class authorisation the agency head must ensure that the Director-General of Security (the head of ASIO) is provided with a copy of the list and written notice when any additional Australian person is added to the list.

The Explanatory Memorandum notes that this:

… recognises the role of ASIO in conducting security intelligence operations and ensures that ASIO has visibility of individuals who have been identified as relevant to security.[78]

Proposed subsection 10AA(4) requires the agency head to ensure that the list is available for inspection by the IGIS on request, and thus ensures a degree of independent oversight of the use of class authorisations.

While noting the additional protections provided by proposed section 10AA of the IS Act, the Scrutiny of Bills Committee advised that it ‘continues to have significant scrutiny concerns regarding the use of class authorisations’.[79] In relation to the new class authorisation power introduced by the Bill, the Committee noted the breadth of the definition of persons involved with a terrorist organisation and the likely adverse effects on the rights and liberties of people who are the subject of such an authorisation.[80] The Committee drew the appropriateness of expanding the class authorisation regime to the Senate as a whole to consider.[81]

The PJCHR also raised concerns with Schedule 2, noting that it may limit the rights to privacy, and equality and non-discrimination (to the extent that the class ministerial authorisations could discriminate against individuals based on their religion, race or ethnicity).[82] The PJCHR advised that it considers that Schedule 2 seeks to achieve the legitimate objective of protecting national security and noted that it implements a recommendation of the Comprehensive Review. However, the PJCHR felt that the broad scope of class ministerial authorisations raised questions as to the proportionality of the measures.[83] In order to assess the human rights implications of Schedule 2, the PJCHR sought advice from the Minister on:

• the circumstances in which a class authorisation would apply to those within Australia or subject to Australia's effective control
• the basis on which the Minister would be able to be satisfied that a class of Australian persons are 'involved', or 'likely to be involved' with a listed terrorist organisation (other than the non-exhaustive circumstances set out in proposed subsection 9(1AAB)). For example, could all Australian members of the family of a person who has advocated on behalf of a terrorist organisation be subject to a class authorisation on the basis that it is likely that they too would be involved, because of their family connection
• why it is necessary for proposed subsection 9(1AAB) (which sets out a range of circumstances in which a person is taken to be involved in a listed terrorist organisation) to be a non-exhaustive list
• whether the measures may disproportionately affect people who adhere to a particular religion, or from particular racial or ethnic backgrounds, and if so, whether this differential treatment is based on reasonable and objective criteria
• what safeguards are in place to ensure individuals who do not have any actual involvement in a terrorist organisation are not part of a class authorisation
• how can an individual seek a remedy for any unlawful interference with their privacy if they are part of a class authorisation.[84]

In response to the PJCHR’s questions, the Minister responded as follows:

• the collection of intelligence by IS Act agencies is not bound by geography. It may, on occasion, be able to be collected inside Australia, including collecting intelligence on an Australian person, if authorised by the Minister. Beyond that, the Minister advised ‘[i]t is not possible to be more specific about the circumstances in which intelligence may be collected in Australia. It would be dependent on operational circumstances, and the movements of individuals who may be covered by the class authorisation in and out of Australia’ ^[85]
• there is no minimum threshold for the degree to which a person must be 'involved with' a listed terrorist organisation. For example, there is no minimum amount of financial support or level of non-financial support that a person must provide before they can be considered to be 'involved with' a listed terrorist organisation. However, the concept of ‘support’ does not capture mere sympathy for the general aims or ideology of an organisation. The Minister advised that it is appropriate that IS Act agencies be permitted to obtain a ministerial authorisation in order to investigate intelligence, leads, tip-offs, or indications that a person may be providing a small amount of support to a listed terrorist organisation[86]
• the Minister clarified that a family member or friend of a person who advocated on behalf of a terrorist organisation would not be covered by a class authorisation merely because of their familial or friend relationship. People would only be covered by a class authorisation if they were personally involved with a terrorist organisation[87]
• it is appropriate for the range of circumstances in which a person is taken to be involved in a listed terrorist organisation at proposed subsection 9(1AAB) to be a non-exhaustive list to allow ministers greater flexibility in determining the scope of a particular class authorisation. The Minister advised:

  Setting out an exhaustive definition of what it means to be ‘involved with’ a terrorist organisation could prevent agencies from collecting valuable intelligence. It could also lead to the need for further amendments to legislation to introduce new grounds in response to emerging threats and future operational needs.[88]

• the measures in Schedule 2 are not targeted at people of any particular religion, or racial or ethnic background. The Minister pointed to safeguards in the authorisation process to preclude inappropriate use and targeting of the authorisations, including requirements for the responsible minister to be satisfied that:
  • any activities done in reliance on the authorisation will be necessary for the proper performance of a function of the agency, and that there are satisfactory arrangements in place to ensure that nothing will be done beyond what is necessary for the proper performance of a function of the agency and
  • that there are satisfactory arrangements in place to ensure that the nature and consequences of acts done in reliance on the authorisation will be reasonable, having regard to the purposes for which they are carried out[89]
• the minister must also obtain the agreement of the Attorney-General for a counter-terrorism class authorisation and be satisfied that the Defence Minister has requested assistance for class authorisations to support the ADF[90]
• there are a number of safeguards in place to ensure individuals who do not have any actual involvement in a terrorist organisation are not part of a class authorisation, including (as recommended in the Comprehensive Review) the requirement for agency heads to ensure that a list is kept that identifies each Australian on whom activities are being undertaken under the class authorisation and gives an explanation of the reasons why that person is a member of the class. This list must be provided to the Director-General of Security and made available to the IGIS for inspection[91]
• in relation to the ability of an individual to seek a remedy for any unlawful interference with their privacy if they are part of a class authorisation, the Minister advised that, as currently, ‘an individual is unlikely to ever be aware of whether they were the subject of a class authorisation’ as it would not be appropriate ‘to disclose details of an IS Act agency’s operations to the target of those operations, due to the potential prejudice it would cause to national security and the safety of Australians’. This is why IGIS oversight is provided, along with strong compulsory powers, to enable the review of IS Act agency activities ‘for legality, propriety and consistency with human rights’. The Minister reiterated that if an investigation by the IGIS reveals that a person has been adversely affected by action taken by a Commonwealth agency and should receive compensation, the IGIS is required to recommend to the Minister that compensation be provided.[92] 

The PJCHR thanked the Minister for her response, advising that it considered that some questions still remained in relation to the proportionality of class ministerial authorisations. The PJCHR considers that this may be assisted by:

• amending proposed subsection 9(1AAB) to provide:
  • an exhaustive list of circumstances in which a person is taken to be involved with a listed terrorist organisation, and if considered necessary, to include a power for further circumstances to be set out in a disallowable legislative instrument (rather than leaving this to ministerial discretion)
  • that the provision of financial or other support to, or advocacy for or on behalf of, a listed terrorist organisation relates to support or advocacy that is material to that organisation's engagement in, or capacity to engage in, terrorism-related activity
• the development of guidelines to provide direction to IS Act agencies as to how they are to exercise their powers under a class authorisation, which includes requiring consideration as to whether any actions taken against an individual are proportionate to their suspected level of involvement with a listed terrorist organisation, or with activities relevant to military operations.[93]

The PJCHR recommended that the Statement of Compatibility with Human Rights in the Explanatory Memorandum to the Bill be updated to reflect the information provided to the Committee by the Minister.[94]

Ministerial authorisations relating to activities in support of the Australian Defence Force

Item 1 of Schedule 3 will amend subparagraph 8(1)(a)(ia) of the IS Act, which allows ASIS, in the course of providing assistance to the Defence Force in support of military operations, to seek authorisation to produce intelligence on one or more members of a class of Australians. This amendment will also allow AGO and ASD to seek class authorisations for the purposes of assisting the ADF in support of military operations. This will implement Recommendation 46 of the Comprehensive Review (which endorsed Recommendation 16(b) of the 2017 IIR).[95]

The PJCHR raised concerns with Schedule 3, noting that it may limit the rights to privacy, equality and non-discrimination, and life.[96] The PJCHR advised that it considers that Schedule 3 seeks to achieve the legitimate objective of protecting national security and notes that it implements a recommendation of the Comprehensive Review. However, the PJCHR felt that the broad scope of class ministerial authorisations raises questions as to the proportionality of the measure.[97] In order to assess the human rights implications of Schedule 3, the PJCHR sought advice from the Minister on:

• the circumstances in which a class authorisation would apply to those within Australia or subject to Australia's effective control
• whether the measure may disproportionately affect people who adhere to a particular religion, or from particular racial or ethnic backgrounds, and if so, whether this differential treatment is based on reasonable and objective criteria
• what safeguards are in place to ensure individuals who do not have any actual involvement in activities relevant to military operations are not part of a class authorisation
• how an individual can seek a remedy for any unlawful interference with their privacy if they are part of a class authorisation
• what class of persons would be defined to support a military operation and why the Bill is not more specific about who could be included in such a class.[98]

The Minister’s response to the PJCHR in relation to class authorisations, and the Committee’s views on that response, are discussed above in relation to Schedule 2. In relation to class authorisations specifically directed at allowing IS Agencies to assist the ADF, the Minister advised that before giving such an authorisation, the responsible Minister must be satisfied that the class of Australian persons is, or is likely to be, involved in one or more of the following activities:

• activities that present a significant risk to a person’s safety
• acting for, or on behalf of, a foreign power
• activities that are, or are likely to be, a threat to security
• activities that pose a risk, or are likely to pose a risk, to the operational security of ASIS
• activities related to the proliferation of weapons of mass destruction or the movement of goods listed in the Defence and Strategic Goods List
• activities related to a contravention, or an alleged contravention, by a person of a UN sanction enforcement law
• committing a serious crime by moving money, goods or people
• committing a serious crime by using or transferring intellectual property and
• committing a serious crime by transmitting data or signals by means of guided and/or unguided electromagnetic energy.[99]

The Minister emphasised that ‘an individual cannot be covered by the class authorisation proposed in Schedule 3 unless one of the above grounds is satisfied’.[100]

Definitions relating to Ministerial Authorisations in the Intelligence Services Act

As discussed above, section 8 of the IS Act provides that the ministers responsible for ASIS, ASD and AGO must issue a written direction requiring the agency to obtain a ministerial authorisation before undertaking certain activities. Producing intelligence on an Australian person, or one or more members of a class of Australian persons, is such an activity for which ministerial authorisation must be obtained under section 8. ‘Producing intelligence’ is not currently defined in the IS Act, which has made the scope of activities for which ministerial authorisation must be sought somewhat unclear. However, the Comprehensive Review observed that:

… it is plain that it encompasses a significantly wider range of activities than those which would require ASIO to obtain a warrant under the ASIO Act.[101]

Both the 2017 IIR and the Comprehensive Review recommended that a definition of ‘producing intelligence’ be inserted into the IS Act.[102] The Comprehensive Review recommended:

The Intelligence Services Act should be amended to provide that an agency is ‘producing intelligence’ on an Australian person or a class of Australian persons only if:

• the agency undertakes a covert and intrusive activity, or a series of covert and intrusive activities, or
• the agency expressly or impliedly requests a body, authority, organisation or group to undertake a covert and intrusive activity, or a series of covert and intrusive activities to obtain that intelligence.[103]

Proposed subsection 8(1A) of the IS Act, at item 3 of Schedule 4, implements the recommendation by providing that an agency is producing intelligence for the purposes of the ministerial authorisation requirements in section 8 only if the agency:

• undertakes a prescribed activity to obtain that intelligence or
• expressly or impliedly requests an authority of a foreign country to undertake a prescribed activity to obtain that intelligence.

Proposed subsection 8(1B) of the IS Act, will insert a definition of prescribed activity in the IS Act. A prescribed activity is a covert and intrusive activity, or a series of covert and intrusive activities and, to avoid doubt, includes an activity, or a series of activities, that ASIO could not undertake in at least one state or territory without it being authorised by warrant under:

• Division 2 of Part III of the ASIO Act (which provides for warrants including search warrants, computer access warrants and surveillance device warrants) or
• Part 2-2 of the TIA Act (which relates to warrants allowing ASIO to intercept telecommunications).

This will have the effect that an IS Act agency will only be producing intelligence on an Australian person (and therefore be required to obtain ministerial authorisation for that activity) if the agency either undertakes a covert and intrusive activity to obtain that intelligence, or expressly or impliedly requests an authority of another country to do so.

ASIS cooperation with ASIO

Subsection 13B(1) of the IS Act provides that ASIS may undertake an activity or series of activities to support ASIO if:

1. the activity or series of activities will be undertaken for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person or a class of Australian persons
2. the activity or series of activities will be undertaken outside Australia and
3. either the Director‑General of Security or an authorised senior position holder in ASIO has notified ASIS in writing that ASIO requires the production of intelligence on the Australian person or class of Australian persons.

Such activity does not require ministerial authorisation (subsection 13B(5)) and may not involve activity that could not be undertaken by ASIO in at least one state or territory without a warrant under the ASIO Act or the TIA Act (section 13D).

Item 1 of Schedule 5 will repeal paragraph 13B(1)(b) to remove the requirement that activities undertaken to assist ASIO under this provision be undertaken outside Australia. This will allow ASIS to produce intelligence on an Australian person or a class of Australian persons inside Australia.

While this amendment was recommended by the 2017 IIR,[104] the Comprehensive Review recommended that the amendment not be made, stating:

Section 13B of the Intelligence Services Act should not be extended to apply to ASIS’s onshore activities.[105]

The Comprehensive Review explained:

Section 13B exists to enable ASIS to support ASIO in the performance of ASIO’s functions. There is insufficient evidence before the Review to demonstrate the operational need for such a supporting role onshore in the same way as it is needed offshore. The Review considers that any issues with the 13B regime can be mitigated by focusing on collaboration, understanding and working relationships between ASIO and ASIS staff, at all levels.[106]

The Scrutiny of Bills Committee noted ‘significant scrutiny concerns’ with the removal of paragraph 13B(1)(b) of the IS Act, ‘which would allow ASIS to undertake intelligence gathering on Australians in Australia’.[107] The Committee considered that the explanatory materials for the Bill do not provide an adequate justification for the amendment, noting that it was not recommended by the Comprehensive Review.[108] The Committee drew the amendment to the attention of Senators and left to the Senate as a whole the appropriateness of the amendment, noting its potential impact on the right to privacy.[109]

The PJCHR also raised concerns with this amendment, raising questions as to whether it is a proportionate limitation on the right to privacy.[110] To assess the measure’s impact on rights, the PJCHR sought the following information from the Minister:

• what is the pressing and substantial public or social concern that the measure is seeking to address (noting the Comprehensive Review recommended against introducing this measure); and
• what specifically would this measure authorise ASIS to do (including examples as to the type of information that may be gathered).[111]

In response to the PJCHR’s questions, the Minister advised:

• the proposed amendments in Schedule 5 will enhance cooperation between ASIS and ASIO and enable ASIO to better protect Australians from threats to their security. Currently, ASIS has the ability to undertake less intrusive activities without ministerial authorisation to assist ASIO outside Australia but not inside Australia. The Minister advised:

  while this tool works well for activities that are purely offshore, it leads to situations where important intelligence collection activities must be stopped because of the geographical limit in the legislation. For example, ASIS must currently direct an agent overseas not to contact possible sources in Australia for information, even if those contacts might have key information relevant to ASIO’s functions – such as the location or intention of an Australian foreign fighter based overseas[112]

• while the Comprehensive Review recommended against changes to the cooperation regime, its primary concern was that ASIS should continue to require a written notice from ASIO that ASIS’s assistance is required. The Minister advised that the Comprehensive Review ‘did not explicitly consider whether onshore cooperation should be permitted in circumstances where a written notice would be mandatory’ and that the reforms in the Bill address this concern by ensuring that ASIS cannot act unilaterally, by always requiring ASIS to have a written notice from ASIO that ASIS’s assistance is required onshore[113]
• in relation to the second question raised by the PJCHR, the Minister advised that ‘it would not be appropriate to comment on the specific operational activities ASIS might undertake under this measure as it may prejudice Australia’s national security’.[114] However, the Minister did emphasis that ASIS is only able to undertake ‘less intrusive’ activities under this framework (that is, activities for which ASIO would not require a warrant) to produce intelligence on Australians.[115]

The PJCHR thanked the Minister for her response, advising that is considered that the amendments would appear to risk arbitrarily limiting the right to privacy, as a pressing and substantial concern that would require ASIS to collect intelligence on Australians within Australia had not been established and the level of intrusiveness of activities authorised under the amendments remained unclear.[116]   

At present, subsection 13B(3) allows an ASIS staff member to undertake activities in support of ASIO in the absence of a written notice from ASIO under paragraph 13B(1)(d) if an authorised staff member of ASIS who will be undertaking the activity, reasonably believes that it is not practicable in the circumstances for ASIO to notify ASIS in accordance with that paragraph before undertaking the activity. Consequential to the amendment to subsection 13B(1) made by item 1, item 2 of Schedule 5 repeals and replaces subsection 13B(3) to ensure that activity by ASIS under section 13B can only occur without a written notice from ASIO if the activity occurs outside Australia.

The Explanatory Memorandum states:

This provision will not be extended to apply to activities undertaken inside Australia. Accordingly, ASIS will always require either a ministerial authorisation or a written notice from ASIO to undertake activities to produce intelligence on an Australian person inside Australia. This ensures ASIO always has awareness of the activities ASIS is undertaking onshore in support of ASIO and the implications for security. This is appropriate given the barriers to communicate offshore are less likely to be present within Australia.[117]

AGO cooperating with authorities of other countries

Section 13 of the IS Act provides for cooperation between the IS Act agencies (ASIS, AGO and ASD) and authorities of the Commonwealth, states and territories, and other countries. An agency may cooperate with an authority of another country that has been approved by the relevant Minister as being capable of assisting the agency in the performance of its functions (paragraph 13(1)(c)).   

Item 1 of Schedule 6 will amend section 13 of the IS Act to provide that the Australian Geospatial-Intelligence Organisation (AGO) is not required to seek ministerial approval under paragraph 13(1)(c) where cooperation with an authority of another country is for the purpose of performing AGO’s functions under existing paragraphs 6B(1)(e), (ea) or (h), which are non-intelligence functions.[118] These functions are to provide:

• imagery and geospatial, hydrographic, meteorological, and oceanographic products and related technologies
• products such as nautical maps and surveys to support maritime safety, and contribute to the coordination, exchange and standards related to hydrographic and maritime production policy and maritime geospatial data in general
• assistance to others in relation to the performance of emergency response, safety, scientific research, economic development, and cultural and environmental protection functions.[119]

The Director of AGO must provide an annual report to the Minister and IGIS detailing any significant cooperation of this type provided to authorities of other countries.[120] Items 2 and 3 of Schedule 6 amend subsection 13(6) to specify that this report must be in writing and is not a legislative instrument.

ONI cooperating with other entities

Schedule 7 will make amendments to the Office of National Intelligence Act 2018 (ONI Act). The Act establishes a legal framework for cooperation by ONI with other entities and people in connection with the performance of ONI’s functions and exercise of its powers.[121] Section 13 of the ONI Act provides that ONI may only cooperate with an authority of another country if the Director-General has given written approval (subsections 13(1) and (2)). The Director-General must notify the Prime Minister of any such approval (or variation or revocation of an approval) (subsection 13(3)) and the Prime Minister may cancel an approval at any time (subsection 13(5)). This approval regime ‘is broadly based on requirements that apply to agencies under the IS Act and ASIO under the ASIO Act in respect of their cooperation with foreign authorities, with some modification to reflect that ONI’s cooperation is likely to be less operational in nature’.[122]

The approval regime does not currently apply to cooperation by ONI with public international organisations. Item 1 of Schedule 7 will insert a new definition of public international organisation into subsection 4(1) of the ONI Act, mirroring that definition in section 70.1 of the Criminal Code, which provides (in the context of bribery of foreign officials) that public international organisation means (broadly) an organisation constituted by countries or national governments, or an organ or committee of such an organisation. The UN, NATO and the World Trade Organization are examples of public international organisations.  

The Comprehensive Review found that section 13 did not require amendment.[123] However, in its response to the Comprehensive Review, the Government advised that ‘the safeguards in section 13 of the ONI Act for authorities of another country should also apply to ONI’s cooperation arrangements with international organisations’ as these arrangements raise similar risks to cooperation with foreign authorities.[124]

Items 2 and 3 amend section 13 to require the Director-General’s approval for ONI to cooperate with public international organisations in connection with the performance of its functions and the exercise of its powers. Such approval must be reported to the Prime Minister, who may cancel it at any time.

Suspension of travel documents

Schedule 8 deals with the suspension of travel documents. Currently the Passports Act enables the Minister for Foreign Affairs to suspend a person’s travel documents (such as passports) for a period of 14 days if requested by the Director-General of Security.[125] Similarly the Foreign Passports Act allows the Minister to order the surrender of a person’s foreign travel documents for 14 days if requested by the Director-General.[126] The Director-General may make such a request if they suspect on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country and that their travel documents should be suspended or surrendered in order to prevent them from engaging in the conduct. This is intended to be a temporary measure that allows the Minister to take swift action to mitigate the security risk posed by people seeking to leave Australia to engage in activities of security concern.

Item 1 in Schedule 8 will amend subsection 22A(1) of the Passports Act to extend the period for which the Minister may suspend an Australian travel document upon request by the Director-General from 14 days to 28 days. Item 3-6 will also make amendments to the Foreign Passports Act to extend the period for which the Minister may order the temporary surrender of a foreign travel document upon request by the Director-General from 14 days to 28 days.

The Scrutiny of Bills Committee noted that it had previously raised concerns with the 14 day suspension power when it was introduced in 2014.[127] It 'continues to have significant scrutiny concerns regarding the minister’s broad discretionary power’ and left to the Senate as a whole the appropriateness of extending the period of time the minister may suspend, or order the temporary surrender of, a person's travel documents from 14 to 28 days, ‘noting the potential of the measure to trespass on a person's rights and liberties’.[128]  

The extension of the period of suspension or surrender also concerned the PJCHR, which considered it to engage and limit the rights to freedom of movement and privacy, and to potentially engage the right to an effective remedy.[129] To inform its consideration of the compatibility of the measure with these rights, the PJCHR asked the Minister for the following information:

• why 28 days is considered an appropriate period of time and whether other less rights-restrictive approaches have been considered, for example retaining 14 days but with the possibility of one extension where it is demonstrated it is necessary to have further time
• why it is considered necessary for the Director-General of Security to be able to make a request to the minister where they suspect, on reasonable grounds, that a person may leave Australia to engage in particular conduct rather than would be likely to engage in particular conduct, given the substantial travel document suspension period of 28 days
• why merits review of a decision to suspend travel documents is not available
• whether any effective remedy (such as compensation) is available for individuals who have had their travel documents suspended for 28 days where it is assessed that their travel documents should not have been suspended.[130]

In response to the PJCHR’s questions, the Minister advised:

• ASIO’s operational experience has demonstrated the current 14-day suspension period is not sufficient in all cases to undertake all necessary and appropriate investigative steps before preparing a security assessment, and that providing for a 14-day suspension, with the possibility of an extension, could result in further delays to the security assessment process. The Minister advised:

  The risks involved in having to return a person’s travel documents before an assessment could be completed, should an extension not be granted in time, would represent a disproportionate impact on security compared to the temporary limitation on the freedom of movement resulting from an additional, initial 14 days’ suspension under the proposed framework. It could potentially require the return of a person’s travel documents, enabling them to travel, before the level of threat they pose to national security could be sufficiently quantified[131]

• in response to the PJCHR’s second question, the Minister confirmed that the Bill does not change the existing threshold for the Director-General of Security to make a request to the Minister to suspend a person’s travel documents (with that threshold set out in the Passports Act and the Foreign Passports Act). The Minister advised:

  The purpose of the ‘may’ threshold for suspensions is to enable ASIO to undertake precisely the work necessary to determine whether a person would be likely to engage in the relevant conduct, to inform a higher threshold decision on cancellation or long-term surrender. Changing the threshold for seeking a suspension could establish a burden sufficiently high as to prevent the Director-General from being able to seek a suspension unless a security assessment had already been undertaken. This would defeat the purpose of the suspension power[132]

• the Bill does not amend the current position under which decisions relating to temporary suspension or surrender are not merits reviewable. This approach has been taken as review of security related matters may compromise the operations of security agencies and defeat the national security purpose of the mechanisms. The Minister noted that the restriction of merits review in these circumstances is consistent with the advice of the Administrative Review Council.[133] The Minister also drew attention to the availability of merits review for a permanent cancellation decision resulting from a security assessment conducted during the temporary suspension period[134]
• in relation to the availability of an effective remedy (including compensation) for individuals whose travel documents should not have been suspended, the Minister advised that IGIS oversight is provided, along with strong compulsory powers, to enable the review of IS Act agency activities ‘for legality, propriety and consistency with human rights’. The Minister reiterated that if an investigation by the IGIS reveals that a person has been adversely affected by action taken by a Commonwealth agency and should receive compensation, the IGIS is required to recommend to the Minister that compensation be provided.[135] 

After considering the Minister’s response, the PJCHR advised that it considered that the proportionality of the measure proposed in Schedule 8 may be assisted by amending the Bill to retain the current 14-day suspension period, but allow for one extension of this period if it is demonstrated this is necessary for operational reasons.[136]

Immunity for certain online activities – computer offences

Schedule 9 will make amendments to the Criminal Code to extend the immunity for certain computer offences (for ASIS and AGO) in Division 476, to apply where a staff member or agent of the relevant agency acted on a reasonable belief that a computer‑related activity occurred outside Australia, even if that activity actually occurred inside Australia.

This complements similar reforms introduced by the Government for ASD in the Security Legislation Amendment (Critical Infrastructure) Act 2021. Prior to the commencement of Schedule 2 to that Act, subsection 476.5(1) of the Criminal Code provided immunity from civil and criminal liability for staff members and agents of ASIS, ASD and AGO whose computer-related activities were done outside Australia, in the proper performance of their functions.[137] The Act amended section 476.5 so that it only applies to ASIS and AGO. ASD is now covered by subsection 476.6(1), which provides wider immunity for conduct engaged in inside or outside Australia by staff members and agents of ASD, on the reasonable belief that it is likely to cause a computer‑related act, event, circumstance or result to take place outside Australia, whether or not it in fact takes place outside Australia.

Items 4 and 5 of Schedule 9 will amend new subsection 476.6(1) of the Criminal Code, extending the immunity in the section to ASIS and AGO. The Schedule ‘updates the existing limited immunities to staff members and agents of ASIS and AGO to ensure they remain effective in light of technological change’.[138]

In that regard the LCA noted:

… while the Law Council did not categorically oppose the extension of the immunity to the relevant computer-related acts [by ASD] occurring within Australia, it raised questions about its necessity, in particular as to why an immunity was needed in preference to placing reliance on the defence of mistake of fact in relation to the geographical location of a computer (with respect to the potential exposure of agency staff members to prosecution for computer-related offences).

The Law Council also raised questions about the broader implications of the expanded immunity. This included whether it should encompass an immunity from civil liability, or be limited to criminal liability. (Noting that the expansion of the immunity to acts done inside Australia will increase the prospect of causing significant loss or damage to Australian persons. It will extinguish the rights of affected Australians to obtain a legal remedy in respect of that loss or damage.)

The Law Council also queried whether aspects of the technical drafting of the immunity provision may be unintentionally broad, in that they might potentially operate to confer immunity for any telecommunications interception or access to telecommunications data, which may occur as part of the technical process of gaining access to data that is held in, or is accessible from, in a computer.[139]

The NSW Council for Civil Liberties expressed similar concerns.[140]

Privacy rules of the intelligence agencies

ASIS, ASD, AGO, DIO and ONI are exempt from the operation of the Privacy Act 1988.[141] The responsible ministers for ASIS, AGO and ASD are required, under section 15 of the IS Act, to make written rules regulating the communication and retention by the relevant agency of intelligence information concerning Australian persons. These rules are on the agencies’ websites, but there is no legislative requirement to make them publicly available.[142] Part 1 of Schedule 10 amends section 15 of the IS Act to formalise in legislation the requirement that the responsible ministers must, as soon as is practicable after making their respective agencies’ privacy rules, ensure those rules are published on the agency’s website.[143] This implements Recommendation 189 of the Comprehensive Review.[144]

DIO is not currently subject to a legislative requirement to have Ministerial rules on privacy. Part 2 of Schedule 10 inserts proposed section 41C into the IS Act, to require the responsible Minister for DIO to:

• make privacy rules regulating the communication and retention by DIO of intelligence information concerning Australian persons
• ensure, as soon as is practicable, that DIO’s privacy rules be published on DIO’s website.

This implements Recommendation 189 of the Comprehensive Review.[145]

As set out above, ONI is exempt from the operation of the Privacy Act 1988.[146] Instead, section 53 of the Office of National Intelligence Act 2018 (ONI Act) requires the Prime Minister to make privacy rules regulating:

• the collection of information relating to matters of political, strategic or economic significance to Australia that is accessible to any section of the public (to the extent that the information is identifiable information)
• the communication, handling and retention by ONI of identifiable information.

The first dot point covers information that is collected under paragraph 7(1)(g) of the ONI Act, which is referred to as the ‘open source function’ (as the information is from sources that are available to the public).

Identifiable information means information or an opinion about an identified Australian citizen or permanent resident, or an Australian citizen or permanent resident who is reasonably identifiable; whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.[147] The Comprehensive Review considered whether the term identifiable information in the ONI Act was too far-reaching. The Review noted that it applies to personal information about Australian citizens or residents, regardless of how the information was obtained.[148] This includes ‘open source’ information that was already in the public domain. The Review concluded that the definition of was ‘overly broad, and could constrain ONI in the performance of its functions’.[149] Accordingly, it recommended:

Where ONI applies analysis to identifiable information, ONI’s privacy rules must continue to apply; these rules are a necessary and important protection for the privacy of Australian persons. In cases where ONI shares, but does not apply analysis to, identifiable information produced by another entity, such as a news article, ONI’s privacy rules should not apply.[150]

Part 3 of Schedule 10 seeks to implement Recommendation 12 of the Comprehensive Review so that the privacy rules apply only to personal information where that information is also intelligence information. The privacy rules will apply in circumstances where the personal information provided to or collected by ONI is evaluated, analysed, interpreted, integrated and/or tested such that it becomes intelligence.[151]

The privacy rules continue to regulate the collection of information concerning Australian persons by ONI performing its open source function under existing paragraph 7(1)(g) of the ONI Act.[152]

The amendments at items 3, 10, and 15 will provide that it is a function of the PJCIS to review the privacy rules of ASIS, ASD, AGO, DIO and ONI as part of its functions in section 29 of the ISA. Items 4, 11 and 16 clarify that it is not a function of the PJCIS to review compliance by the agencies with those privacy rules. This reflects Recommendation 183 of the Comprehensive Review.[153]

The Scrutiny of Bills Committee noted that there is no legislative requirement for any of the agencies’ privacy rules to be tabled in Parliament, and reiterated its ‘consistent scrutiny view’ that ‘tabling documents in Parliament is important to parliamentary scrutiny, as it alerts parliamentarians to the existence of documents and provides opportunities for debate that are not available where documents are not made public or are only published online’. Accordingly, the Committee sought the Minister’s advice on whether the Bill could be amended to provide for the privacy rules to be tabled in Parliament.[154]

The Minister advised that as the Bill already requires the rules (other than sensitive information) to be published, and subject to PJCIS oversight, she considered that ‘a requirement to table the rules is unlikely to result in any additional transparency or scrutiny’.[155] In response, the Committee advised that although it welcomed the proposed PJCIS oversight of agencies’ privacy rules ‘the process of tabling documents in Parliament provides opportunities for debate that are not available where documents are only published online, even where such documents are also subject to review by a parliamentary committee’.[156]

In concluding its consideration of this issue, the Scrutiny Committee asked the Minister to table an addendum to the Explanatory Memorandum, containing the key information provided to the Committee, and left the appropriateness of the absence of a tabling requirement for agencies’ privacy rules to the Senate as a whole.[157]

Assumed Identities in Part IAC of the Crimes Act

Part IAC of the Crimes Act 1914 allows specified law enforcement and intelligence agencies (ASIO, ASIS and ONI) to authorise officers to acquire and use assumed identities where it is necessary for one or more specified purposes. ASD is not specified in the legislation as a participant in the Assumed Identities scheme. The Explanatory Memorandum notes that currently ASIO and ASIS operate assumed identities on ASD’s behalf in circumstances where ASD’s operations would be compromised were the activities to be connected to ASD.[158] Amendments in Schedule 11 will amend Part IAC to include ASD in the Assumed Identities scheme.

Section 15K sets out the definitions for Part IAC of the Crimes Act. Items 1 to 4 of Schedule 11 will amend section 15K to include ASD in the definition of intelligence agency, which means that the Director-General of ASD will be able to authorise ASD officers to acquire and use an assumed identity.

Sections 15KG and 15KH of the Crimes Act allow law enforcement agencies and specified intelligence agencies to apply to the Supreme Court of a state or territory for an order that an entry be made in a register of births, deaths or marriages in relation to acquiring evidence of an assumed identity, and to cancel such an entry when it is no longer needed.[159] Currently ASIS and ASIO (but not ONI) are authorised to make such applications. Items 6 and 7 amend these sections so that ASD, like ONI, will not have authority to apply for such orders.

In this regard the Explanatory Memorandum notes:

While these amendments include ASD in the Assumed Identities scheme, ASD does not have the ability to undertake the acquisition of evidence of an assumed identity. Instead, this continues to be done on ASD’s behalf by ASIO and ASIS, which are the agencies with relevant experience in acquiring evidence of assumed identities… Since ASD has no ability to acquire evidence, this means in effect that only the chief officer of ASIO or ASIS is able to make a request for an entry in a register of births, deaths or marriages. If such a request is operationally necessary for ASD, it is intended that an authority to acquire evidence be issued by either ASIO or ASIS, and the chief officer of ASIO or ASIS is able to make a request on ASD’s behalf… The intention of this is that ASD is able to use assumed identities, but all external engagement in respect of evidence of an assumed identity is done by ASIO or ASIS.[160] [emphasis added]

Authorities of other countries

The IS Act currently includes the undefined term ‘authority of another country’. For example, section 13 of the IS Act, discussed above, provides for cooperation between IS Act agencies and an authority of another country that has been approved by the relevant Minister as being capable of assisting the agency in the performance of its functions (paragraph 13(1)(c)).   

The amendments in Schedule 12 to the IS Act will provide that for a body to be an ‘authority of another country’ it is not required that the body be established by a law of the country or be connected with an internationally recognised government of the country. The Explanatory Memorandum states that the Schedule:

… clarifies that bodies can be authorities of other countries where they are, or are connected to, bodies that have effective control over all or part of another country. This could occur in situations where the internationally recognised government of a country is disputed, disrupted or not in control of the whole of its territory…

This also means that, in a circumstance where a government may have temporarily lost power in its country (for example, where a government has been removed by a coup) agencies can continue to cooperate with authorities of that country, provided that the authority is still capable of performing a relevant governmental function, such as an intelligence or security function.[161]

ASIO authorisations in the ASIO Act and the TIA Act    

Schedule 13 deals with authorisations under the Australian Security Intelligence Organisation Act 1979 (ASIO Act) and the Telecommunications (Interception and Access) Act 1979 (TIA Act). Currently, subsection 24(2) of the ASIO Act allows the Director-General of Security (or an appointed person) to approve a person or class of person to exercise the authority conferred by a relevant warrant or relevant device recovery provision. Section 12 of the TIA Act allows the Director-General (or an appointed person) to authorise ‘any persons’ to exercise the authority conferred by a warrant allowing ASIO to intercept telecommunications.

Recommendation 37 of the Comprehensive Review recommended that section 24 of the ASIO Act be amended to clarify that the permissible scope of a ‘class of persons’ includes changes to, or expansion of, the class which occur after the authorisation is initially made.[162] Item 1 of Schedule 13 implements this recommendation. Consistent with the amendment made by item 1, items 3 to 5 amend section 12 of the TIA Act to clarify that approval can be given to a class of persons to exercise authority under an interception warrant and to provide that the approved class includes changes to, or expansion of, the class which occur after the authorisation is initially made.[163]

Recommendation 36 of the Comprehensive Review recommended that ASIO be required to keep accurate records of all individuals involved in the execution of a warrant.[164] This recommendation is implemented by item 2 (in relation to warrants and device recovery under the ASIO Act) and item 5 (in relation to telecommunications interception warrants under the TIA Act).

This will facilitate oversight by ensuring that records are available to the IGIS of which members of the approved class have actually exercised the authority of the warrant or provision.

Other amendments

Schedule 14 makes technical corrections to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.