Purpose of the Bill
The purpose of the Intelligence Services Legislation Amendment Bill 2023 (the Bill) is to amend a number of Commonwealth Acts (see table below) to:
- expand the jurisdiction of the Inspector-General of Intelligence and Security (IGIS) and the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to include oversight of the Australian Criminal Intelligence Commission (ACIC) and the ‘intelligence functions’ of the Australian Federal Police (AFP), Australian Transaction Reports and Analysis Centre (AUSTRAC) and Department of Home Affairs (Home Affairs)
- make a range of amendments concerning oversight activities of those agencies by the IGIS and PJCIS, including those relating to:
- inquiries and inspections
- complaints management
- information sharing and disclosure
- report provision
- briefings and
- interaction between oversight bodies.
- make minor amendments to the operation of the PJCIS and amend clearance levels required by PJCIS staff
- provide that the PJCIS can review and inquire into any proposed reforms to, or expiry, lapsing or cessation of effect of, legislation relating to counter-terrorism or national security, as it sees fit
- make subsequent consequential amendments to other Commonwealth legislation related to the expansion and enhancement of oversight of the NIC
- exempt ‘defence officials’ and others from civil and criminal liability for material damage, material interference or material obstruction to a computer in Australia which arises from certain (computer-related) conduct that is connected to an intended effect outside of Australia.
Structure of the Bill and Bills Digest
The Bill is divided into five Schedules with multiple parts, as reflected in the below table. This Bills Digest focuses on the key provisions in Parts 1 and 2 of Schedule 1, and Schedule 4, with further detail on other provisions provided in the Explanatory Memorandum (EM) to the Bill.
Provisions |
Commencement |
Detail |
Schedule 1, Part 1 – |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. (At the time of writing, the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Bill 2022 has passed the House of Representatives and is before the Senate.) |
Main amendments
Amends:
(EM, pp. 19-58)
|
Schedule 1, Part 2 |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. |
Consequential amendments commencing with the main amendments
Amends:
(EM, pp. 59-142)
|
Schedule 1, Part 3 |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. |
Consequential amendments commencing after the National Anti-Corruption Commission Act 2022 (NACC Act)
Amends:
(EM, p. 143)
|
Schedule 1, Part 4 |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. |
Consequential amendments commencing after the Public Interest Disclosure Amendment (Review) Act 2023 (PID Amendment Act)
Amends:
(EM, pp. 144-146)
|
Schedule 1, Part 5 |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. |
Consequential amendments commencing after the PID Amendment Act and the National Anti-Corruption Commission (Consequential and Transitional Provisions) Act 2022 (NACC (CTP) Act).
Amends:
(EM, pp. 147-148)
|
Schedule 2, Part 1 |
Immediately after the commencement of the provisions in Schedule 1, Parts 1 and 2 of the Bill (see above). |
Consequential amendments if the NACC (CTP) Act commences before the main amendments in Schedule 1
Amends:
- ABF Act
- Crimes Act
- Ombudsman Act
(EM, pp. 149-150)
|
Schedule 2, Part 2 |
These provisions will not commence as the NACC (CTP) Act has fully commenced. |
Consequential amendments if the main amendments in Schedule 1 commence before the NACC (CTP) Act
Amends:
- ABF Act
- Crimes Act
- Ombudsman Act
(EM, pp. 151- 152)
|
Schedule 2, Part 3 |
These provisions will not commence as the NACC (CTP) Act has fully commenced. |
Consequential amendments commencing after the NACC (CTP) Act commences if the main amendments in Schedule 1 commence first
Amends:
(EM, p. 153)
|
Schedule 2, Part 4 |
Immediately after the commencement of the provisions in Schedule 1, Parts 1 and 2 of the Bill (see above). However, the provisions do not commence at all if the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Act 2023 (NSLAB (No. 2) Act) does not commence before that time. (At the time of writing, the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023 has passed the House of Representatives and is before the Senate.) |
Consequential amendments if the National Security Legislation Amendment (Comprehensive Review and Other MeasuresNo.2) Act (NSLAB (No. 2) Act) commences before the main amendments in Schedule 1
Amends:
(EM, p. 154)
|
Schedule 2, Part 5 |
Immediately after the commencement of the provisions in Schedule 1, Parts 1 and 2 of the Bill (see above). However, the provisions do not commence at all if the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Act 2023 commences before that time. |
Consequential amendments if the main amendments in Schedule 1 commence before the NSLAB (No. 2) Act
Amends:
(EM, p. 155)
|
Schedule 2, Part 6 |
Immediately after the commencement of the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Act 2023. However, the provisions do not commence at all if that Act commences before Schedule 1, Parts 1 and 2 of the Bill. |
Consequential amendments commencing after the NSLAB (No. 2) Act if the main amendments in Schedule 1 commence before the NSLAB (No. 2) Act
Amends:
(EM, p. 156)
|
Schedule 3 |
Immediately after the commencement of the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Act 2023. However, the provisions do not commence at all if that Act does not commence. |
Review of access to ACIC criminal intelligence assessment records under the archives law
Amends:
(EM, pp. 157-158)
|
Schedule 4 |
The day after Royal Assent |
Liability for certain computer-related acts
Amends:
(EM, pp. 159-162)
|
Schedule 5 |
The later of 6 months after Royal Assent or commencement of Schedule 1 of the Inspector-General of Intelligence and Security and Other Legislation Amendment (Modernisation) Act 2022. However, if that Act does not commence then this Part does not commence. |
Application and transitions provisions for Schedules 1 and 2
(EM, pp. 163-168)
|
Background
Australia’s National Intelligence Community
Australia’s National Intelligence Community (NIC) is collectively made up of a number of agencies and departments that operate under a range of Commonwealth legislation. The Australian Intelligence Community (AIC) was initially comprised of six agencies:
- Australian Geospatial-Intelligence Organisation (AGO)
- Australian Signals Directorate (ASD)
- Australian Secret Intelligence Service (ASIS)
- Australian Security Intelligence Organisation (ASIO)
- Defence Intelligence Organisation (DIO) and
- Office of National Intelligence (ONI).
As Australia’s security environment has become more complex, four other agencies subsequently became part of Australia’s National Intelligence Community (NIC):
- Australian Criminal Intelligence Commission (ACIC)
- Australian Federal Police (AFP)
- Australian Transaction Reports and Analysis Centre (AUSTRAC) and
- Department of Home Affairs (Home Affairs).
For further detail on the history of the AIC and NIC see the Bills Digest prepared in relation to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (the Integrity Measures Bill) (pages 11–12).
Accountability and oversight bodies
Australia’s current accountability and oversight framework for NIC consists ‘of a number of specialised bodies independent of the Government and each other and the agencies they oversee’ (pp. 12–13). These include:
While the NIC has expanded, it has continued to operate with the same ‘oversight and accountability framework’, which has not ‘been reformed since the formation of the community’, as the Attorney-General noted in his second reading speech for this Bill.
Over the past six years, two separate intelligence reviews have considered the suitability and effectiveness of the NIC’s accountability and oversight arrangements, with both reaching separate and at times contradictory conclusions about the functions and oversight jurisdictions of the IGIS and the PJCIS. The current functions of the IGIS and PJCIS are outlined below, followed by a brief summary of these reviews.
Inspector-General of Intelligence and Security
The IGIS is an independent statutory agency that sits within the portfolio of the Attorney-General. The Inspector-General is an independent statutory officer who is appointed under the IGIS Act. The current Inspector-General is Dr Christopher Jessup KC.
The IGIS has inquiry, inspection and investigation functions, which it outlines on its website as follows:
Inspections of agencies activities and processes are designed to monitor agencies’ governance, compliance and control frameworks and to identify issues. Inquiries can be conducted into matters of concern, and the IGIS has strong independent investigative powers similar to those of a royal commission. These include the power to compel persons to answer questions and produce documents, to take sworn evidence, and to enter agency premises.
IGIS can also investigate complaints made by members of the public or intelligence agency staff, about the activities of intelligence agencies.
At present, the IGIS has oversight jurisdiction over six intelligence agencies within the NIC: AGO, ASD, ASIO, ASIS, DIO and ONI. Following the enactment of the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021, the IGIS also has oversight of the use of network activity warrants by the ACIC and the AFP, which are members of the NIC but not currently subject to IGIS oversight beyond their use of the above-cited warrants.
The IGIS additionally has functions and responsibilities ‘under the Public Interest Disclosure Act 2013 (PID Act) relating to disclosures about the intelligence agencies’:
… the Inspector-General has a specific role under the Freedom of Information Act 1982 (FOI Act) and the Archives Act to provide evidence on the damage that may be caused by the disclosure of certain material in national security related matters. (p. 8)
According to the most recent 25 May 2023 Senate Estimates testimony by the Inspector-General, the IGIS had an Average Staffing Level (ASL) of around 44.94 and Full-Time Equivalent (FTE) staffing of 36.69 at 31 March 2023 (p. 64), against a target ASL outlined in the 2021-22 annual report of 56 (p. 29). The Inspector General noted in his foreword to the 2021-22 annual report that resourcing was a challenge:
More generally, although the Office had many new staff join it over the year, the planned expansion to the Office’s full complement of staff has not yet been reached for a number of reasons, including those related to the necessary but lengthy security clearance process. The Office, like many public sector agencies, continues to feel the challenges of recruiting and retaining subject matter experts across a range of skillsets. These challenges continue across ICT, information governance and HR within the corporate streams, and other agency specific roles required in intelligence oversight. (p. 3)
The annual report also suggests that performance baselines in relation to the IGIS’s inquiry, inspection and complaints functions remain in the process of being established (pp. 19–21). Despite this, and the resource challenges identified above, the annual report highlights that during 2021-22:
The Office received 80 complaints during the year that fell within the jurisdiction of the IGIS Act. In addition, the Office received 141 complaints about visa and citizenship matters which are reported separately. The Office also considered more than 400 additional pieces of correspondence to determine whether they fell within the Inspector-General’s jurisdiction. (p. 22)
In terms of disclosures received and investigated under the PID Act, the annual report outlined that in 2021-22:
• The Office received 9 disclosures directly, 5 of which it allocated to itself, and 4 it allocated to other agencies.
• The Office received 1 disclosure indirectly when it was allocated the disclosure by another agency.
The Office commenced two investigations under the PID Act during 2021–22. At the end of the reporting period, one of the two investigations was complete and the other was ongoing. (p. 24)
In the IGIS’s most recent Corporate Plan, ‘the downstream impacts’ of policy and legislative processes were noted:
We consider an important part of the policy and legislative process to be the consideration of ‘downstream impacts’ on our oversight work and our agency, which may also include, from time to time, discussions about resourcing levels. For example, new powers or capabilities in intelligence agencies require us to have a comparable technical capability to understand these capabilities. Equally, an expansion in the quantum of activities of agencies in the Inspector-General’s jurisdiction can also have an impact on our work. These are important considerations to take into account to ensure that the oversight ‘footprint’ continues to be proportionate to the work of the agencies. (p. 6)
According to 25 May 2023 Senate Estimates testimony, the most recent staffing projections for the IGIS are that it will grow to 59.5 for 2023-24, to 68.5 for 2024-25 and 79.5 in 2025-26 (p. 65).
Parliamentary Joint Committee on Intelligence and Security
The PJCIS performs an important role overseeing and reviewing Australia’s NIC and has three key functions:
• providing oversight of Australian intelligence agencies by reviewing their administration and expenditure;
• building bipartisan support for national security legislation by reviewing national security bills introduced to Parliament; and
• ensuring national security legislation remains necessary, proportionate and effective by conducting statutory reviews.
As the Committee’s webpage explains ‘These functions are provided for in section 29 of the IS Act, which details many of the Committee’s specific responsibilities, including’:
• reviewing the administration and expenditure of the Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS), Australian Geospatial-Intelligence Organisation (AGO), Defence Intelligence Organisation (DIO), Australian Signals Directorate (ASD) and Office of National Intelligence (ONI), including their annual financial statements;
• reviewing any matter in relation to ASIO, ASIS, AGO, DIO, ASD or ONI referred to the Committee by the responsible Minister or by a resolution of either House of the Parliament;
• monitoring, and reviewing the performance by the Australian Federal Police (AFP) of its functions under Part 5.3 of the Criminal Code(terrorism);
• monitoring and reviewing the performance by the AFP of its functions under Division 3A of Part IAA of the Crimes Act 1914(stop, search and seizure powers), and the basis of the Minister’s declarations of prescribed security zones under section 3UJ of that Act;
• conducting reviews of a range of specific provisions in various Acts relating to national security; including terrorism, telecommunications, citizenship and migration laws;
• reviewing privacy rules applicable to intelligence agencies.
The powers of the PJCIS are limited with respect to reviewing certain activities of intelligence agencies, including their intelligence gathering and assessment priorities, operational methods, particular operations, aspects of their activities that do not affect Australians, and individual complaints about their activities. The PJCIS is also restricted from reviewing sensitive operational information and/or operational methods used by the AFP and from reviewing particular investigations or operations being undertaken or proposed by the AFP and those that have already taken place. The PJCIS also undertakes reviews of legislation and may refer a matter to the INSLM, however it is currently not authorised to initiate its own inquiries, instead being required to request that the responsible Minister refer a matter for it to review.
For further detail on function of the PJCIS and its history see the webpage of the Committee.
Recent intelligence reviews
This Bill incorporates recommendations from the 2017 Independent Intelligence Review and according to the Explanatory Memorandum (p. 159), also the 2020 Comprehensive Review of the Legal Framework of the National Intelligence Community. In the 2023–24 Budget, the Government provided additional resourcing to the Department of the Prime Minister and Cabinet to support a number of priorities, including the next Independent Intelligence Review (p. 193).
2017 Independent Intelligence Review
The 2017 Independent Intelligence Review concluded that there was ‘a compelling case for a consistent oversight regime to apply to all the intelligence capabilities that support national security, across the ten agencies of the NIC’ (p. 116).
It recommended expanding oversight roles of the IGIS and PJCIS to include all ten agencies within the NIC, with oversight of the AFP, Home Affairs and ACIC limited to their intelligence functions (Recommendation 21). The Independent Intelligence Review did not recommend the ACIC be defined as an intelligence agency and moved solely under the oversight of the IGIS as has been provided for in this Bill.
The Independent Intelligence Review also recommended that the role of the PJCIS be expanded, including by enabling the PJCIS to request the IGIS conduct an inquiry into the legality and propriety of particular operational activities of NIC agencies, and to provide a report to the PJCIS, Prime Minister and the responsible Minister (Recommendation 23).
Further detail on the Independent Intelligence Review is available in a Parliamentary Library Briefing Book article on Intelligence community reforms. Additional information can be found in Bills Digest for the Integrity Measures Bill and the PJCIS report on that Bill and various submissions.
2020 Comprehensive Review of the Legal Framework of the National Intelligence Community
The Independent Intelligence Review recommended that a ‘comprehensive review of the Acts governing Australia’s intelligence community be undertaken to ensure agencies operate under a legislative framework which is clear, coherent and contains consistent protections for Australians’ (Recommendation 15).
The Comprehensive Review (also known as the Richardson Review, after Dennis Richardson who conducted the review) agreed with some but not all of the Independent Intelligence Review recommendations. The Comprehensive Review recommended against expanding IGIS oversight to the AFP and Home Affairs (p. 56, vol 1). It did not definitively address the ACIC and AUSTRAC’s status in relation to IGIS oversight but did note there was ‘a stronger case for IGIS oversight of the ACIC and AUSTRAC’s intelligence activities’ (p. 56, vol 1). The Comprehensive Review also endorsed the Independent Intelligence Review’s recommendation that ‘the PJCIS be able to request the IGIS to conduct an operational inquiry and report to the PJCIS, Prime Minister and responsible minister’ (p. 55, vol 1).
A consolidated list of all the Comprehensive Review’s recommendations, marked up by policy subject area, is included at Appendix B of the Bills Digest prepared in relation to the Integrity Measures Bill. Other Bills Digests prepared for recent Bills which also responded to recommendations from the Comprehensive Review provide further context, including:
Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020
The previous Coalition Government introduced the Integrity Measures Bill on 9 December 2020. The Bill proposed to respond to certain recommendations of the Independent Intelligence Review and the Comprehensive Review, including amending the IGIS Act to expand the powers of the IGIS to conduct oversight of the intelligence functions of the ACIC and AUSTRAC. The Bill also proposed amendments to the IS Act to expand PJCIS oversight to the intelligence functions of AUSTRAC.
The Bill was referred to the PJCIS on 18 December 2020, which undertook an extensive inquiry into the Bill and tabled its report on 9 February 2022. The PJCIS made five recommendations, including:
- that the Bill and, to the extent necessary, other legislation be amended to expand the oversight remit of the PJCIS and the IGIS to cover the intelligence functions of the AFP (Recommendation 1) and
- that the Bill be amended to provide the PJCIS with oversight of the ACIC (Recommendation 2).
The Bill was never debated and lapsed when Parliament was dissolved on 11 April 2022.
Committee consideration
At the time of writing, the Bill has not been referred to any committees for inquiry and report.
Senate Standing Committee for the Scrutiny of Bills
At the time of writing, the Senate Standing Committee for the Scrutiny of Bills had not yet considered the Bill.
Policy position of non-government parties/independents
At the time of writing, the Bill does not appear to have attracted public comment from non-government parties and independents.
Position of major interest groups
At the time of writing the Bill does not appear to have attracted public comment from major interest groups.
As discussed in the background section, several of the key amendments in this Bill relating to broadening the jurisdiction of the IGIS and PJCIS has previously been the subject of comment and discussion through two major intelligence reviews, subsequent government responses and a number of previous Bills, at least one of which was the subject of a PJCIS inquiry. A number of entities provided submissions to the PJCIS inquiry including the IGIS, the Ombudsman, and the Law Council of Australia. Their submissions and those of others are available at the PJCIS inquiry page and discussed throughout the PJCIS’s report on the Integrity Measures Bill. They are also summarised in the Bills Digest to that Bill.
Financial implications
The Explanatory Memorandum notes that $4.9 million ongoing and $12.2 over three years beginning 2024-25 has been committed to support the expansion of jurisdiction for the IGIS (p. 6). The expanded jurisdiction of the PJCIS will be supported by $0.3 million ongoing and $1.3 million over four years commencing 2023-24, which the Explanatory Memorandum notes was contained in the 2023-24 Budget (p. 6).
Statement of Compatibility with Human Rights
As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011, the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act.
The Government has stated that the Bill’s amendments would engage the following human rights contained in the International Covenant on Civil and Political Rights (ICCPR):
- the right to humane treatment in detention under article 10(1)
- the right to a fair trial and a fair hearing under article 14(1)
- the prohibition on interference with privacy under article 17 and
- the right to freedom of expression under article 19.
The Government considers that the Bill is compatible.[1]
Parliamentary Joint Committee on Human Rights
At the time of writing, the Parliamentary Joint Committee on Human Rights had not considered the Bill.
Key issues and provisions
The below section summarises some of the key provisions of the Bill, with a focus on the provisions in Parts 1 and 2 of Schedule 1, and Schedule 4.
Due to time constraints, not all key provisions may have been identified or discussed in detail. The Parliamentary Library has also not been able to revisit and incorporate previous inquiries, reports, government responses, PJCIS inquiry reports and stakeholder submissions relevant to this Bill and earlier Bills in which the same or similar recommendations, provisions and issues have been raised. Given the scope, extent, significance and contested nature of reforms across the national security and intelligence ecosystem in Australia in recent times, further scrutiny of certain provisions within this Bill would be worthwhile.
Expansion of the role of the IGIS
Greater oversight of intelligence agencies
Key provisions – IGIS Act
Item 3 of the Bill will amend the current definition of intelligence agency contained in subsection 3(1) of the IGIS Act to define the ACIC as an intelligence agency and expand the IGIS’s jurisdiction to include the ‘intelligence functions’ of AUSTRAC, AFP and Home Affairs.
Item 4 of the Bill will repeal the existing definition of intelligence function and item 6 of the Bill will insert proposed section 3A to define the meaning of intelligence function with respect to the AFP, AUSTRAC, and Home Affairs. Notably, intelligence function with respect to Home Affairs is defined by reference to regulations made by the Minister (who must first seek agreement from the Minister responsible for Home Affairs before making any regulations). The Explanatory Memorandum provides that this is necessary as:
Many of Home Affairs’ intelligence functions are not legislated and cannot be directly linked to specific legislated functions, instead being provided for in the Administrative Arrangement Order. This means that Home Affairs’ intelligence functions may change, including to add new intelligence functions, quickly and with potential frequency. (p. 25)
This reflects Recommendation 16 of the Comprehensive Review which stated that the intelligence functions of Home Affairs should not be specified in legislation.
The Bill also provides for expanded jurisdiction with respect to the functions performed by the AFP (as discussed in the background section the IGIS currently has oversight of the use of network activity warrants by the ACIC and the AFP).
Items 7-16 of Schedule 1 will amend section 8 of the IGIS Act, which provides for the inquiry functions of the IGIS with respect to intelligence agencies. The most significant amendments appear to be the introduction of proposed subsection 8(4) which sets out the expanded list of functions with respect to the ACIC. This includes inquiring at the request of the Attorney-General or the responsible Minister, on the IGIS’s own motion, or in response to a complaint made to the IGIS, into any matter that relates to:
- the compliance by the ACIC with the laws of the Commonwealth and of states and territories or compliance with the directions or guidelines given by the responsible Minister, or the propriety of particular activities
- the effectiveness and appropriateness of ACIC procedures relating to the legality or propriety of ACIC’s activities
- an act or practice of the ACIC that: is or may be inconsistent with or contrary to any human right, that constitutes or may constitute discrimination, that is or may be unlawful under the Age Discrimination Act 2004, the Disability Discrimination Act 1992, the Racial Discrimination Act 1975 or the Sex Discrimination Act 1984
- the ACIC’s compliance with directions or guidelines given by, or policies or other decisions made by, the board of the ACIC or the Inter-Governmental Committee established under the ACC Act.
Proposed subsection 8(4) will also allow the IGIS to inquire into the procedures of the ACIC relating to redress of grievances of employees at either the request of the Attorney-General, or the Minister or on the IGIS’s own motion (though not in response to a complaint made to the IGIS).
The Bill will also amend section 8 to clarify the scope of the IGIS’s functions with respect to the AFP, AUSTRAC and Home Affairs.
Items 21 and 26 of Schedule 1 make changes to the IGIS’s inspection and inquiry functions where a warrant has been issued by a specified intelligence agency under its legislation (currently this only applies to ASIO). As the ACIC has the power to detain persons under its Act, the Bill will expand the IGIS’s power to also enter any place where a person is being detained under the relevant provisions of the ACC Act for the purpose of carrying out the IGIS’s inspection and inquiry functions.
The ACIC’s coercive powers, similar to a Royal Commission, are used in special operations and special investigations to obtain information where the Board of the ACIC determines that it is in the public interest to do so. These coercive powers are exercised by independent statutory officers, known as ‘Examiners’, with Division 2 of Part II of the ACC Act setting out the process for conducting examinations. Examiners are authorised to compel people to give evidence for the purposes of special ACIC operations or investigations.
Item 34 inserts proposed section 32AFA which provides for additional requirements relating to the sharing of ACIC examination material (as defined in section 4B of the ACC Act) by the IGIS. Specifically, before examination material is shared by the IGIS (except to an IGIS official), the IGIS must consider and consult with the CEO of the ACIC as to whether that sharing:
- might prejudice a person’s safety
- would reasonably be expected to prejudice the fair trial of the examinee for the examination material if the examinee has been charged with a related offence or a charge for a related offence is imminent or
- might prejudice the effectiveness of a special ACC operation or special ACC investigation.
The information can be shared by the IGIS irrespective of the views of the ACIC CEO, provided consultation has occurred and the listed matters have been considered. The recipient of the information will need to comply with the relevant restrictions regarding its use and disclosure as set out in the ACIC Act.
Comments
Whether various agencies within the NIC should be the subject of oversight by IGIS, and the extent of this oversight, has been the subject of multiple intelligence and committee reviews and various Bills, as the background section of this Bills Digest has highlighted.
The provisions in this Bill go beyond the recommendation of the 2017 Independent Intelligence Review, which did not recommend the ACIC be overseen by the IGIS in its entirety, instead only its intelligence function, which placed the ACIC in the same category as the AFP and Home Affairs (however it did recommend that the IGIS’s oversight of AUSTRAC not be restricted to its intelligence functions) (Recommendation 21). The 2020 Comprehensive Intelligence Review recommended against expanding IGIS oversight to the AFP and Home Affairs and did not explicitly address the ACIC and AUSTRAC’s status in relation to IGIS oversight (p. 56, v1). It did suggest that the ACIC ‘remain subject to the FOI Act in its entirety (p. 58, v1). The Explanatory Memorandum for the Integrity Measures Bill outlined a number of reasons why the ACIC was not listed as an intelligence agency in its entirety (pp. 4-5), which were also discussed in the Bills Digest.
The Explanatory Memorandum for the current Bill does not address the issues raised in the Explanatory Memorandum to the Integrity Measures Bill, which the Bills Digest noted included issues arising from ACIC functions related to serious violence or child abuse committed against an Indigenous person ‘on the basis that the IGIS is not the appropriate body to conduct oversight of those specific activities’ (p. 28). These functions are currently overseen by the Office of the Commonwealth Ombudsman. The Explanatory Memorandum for the Integrity Measures Bill noted ‘Oversight of these matters would require specialist subject-matter expertise, including cultural competencies that the IGIS could not be expected to possess, or to obtain readily (p. 92).
Another reason cited in the Explanatory Memorandum for the Integrity Measures Bill related to ACIC examiners being already subject to review by a range of other bodies including the Ombudsman, the Law Enforcement Integrity Commissioner (now the NACC) and ultimately, a court of law, with the argument being that it was therefore ‘not necessary for the IGIS to oversee these aspects of the ACIC’s activities’ (p. 95).
The PJCIS report into the Integrity Measures Bill supported the IGIS overseeing only the intelligence function of the ACIC (p. 32). The Labor position statement outlined as Additional Comments by Labor Members in the PJCIS report did not advocate for the IGIS to oversee the ACIC in its entirely.
The current Bill sees a change in position wherein the ACIC in its entirety will fall under IGIS jurisdiction. While additional funding does appear to have been allocated to the IGIS, without knowledge of the extent of consultation about this Bill, it is not clear if the funding was intended to/can cover developing the competencies and specialist subject matter expertise required to oversight the additional ACIC functions in addition to increasing staffing levels and capabilities in line with expanded oversight responsibilities more generally. The implications of the IGIS having full oversight of the ACIC (including resourcing) has not been previously scrutinised as it has not been raised by either intelligence review and therefore may require further consideration.
Key provisions – other Acts
Items 86–89 of Schedule 1 amend the PCJLE Act to no longer require the Commonwealth Ombudsman to provide a briefing to the PCJLE about the involvement of the ACIC in controlled operations under Part IAB of the Crimes Act, and instead require the IGIS to brief the PCJLE on such activities.
According to the Explanatory Memorandum (p. 5), Part 2 of Schedule 1 of the Bill proposes to amend a number of Commonwealth Acts to:
- make consequential amendments to ensure that information that is protected by secrecy offences under relevant legislation can be disclosed to IGIS officials performing duties or functions, or exercising powers, as IGIS officials. These amendments would allow for the transfer of complaints regarding AUSTRAC and Home Affairs between the IGIS and other integrity bodies to facilitate effective consideration of those complaints by the appropriate body
- make consequential amendments to address overlapping jurisdiction between the IGIS and relevant oversight bodies.
This Bills Digest has not examined these provisions in-depth, though does draw attention to the proposed amendments to the ACC Act relating to the presence of an IGIS during an ACIC examination.
Division 2 of Part II of the ACC Act sets out the process for an ACIC examiner to conduct an examination for the purposes of a special ACIC operation/investigation. As noted on the ACIC website:
Examinations are held in private. Witnesses may claim protection so the answers, documents or things they provide are not admissible in evidence against them in a criminal proceeding to impose a penalty, except in limited circumstances.
Item 113 will amend subsection 25A(4) to provide that the IGIS may be present during an examination by ACIC examiners. However, item 114 will insert proposed subsections 114(4A)–(4C) which would allow an ACIC examiner to exclude an IGIS official from an ACIC examination if the examiner considered that the IGIS official’s attendance would be reasonably likely to prejudice:
- the life or safety of a person or
- the effectiveness of the examination.
In exercising this discretion, the ACIC examiner must either notify the IGIS in writing beforehand or notify them orally during the examination and in writing as soon as practicable after the examination. They must also provide the IGIS official with an audio-visual recording of the examination as soon as practicable afterwards.
Comments
The prevention of an oversight official attending in both contexts provided for in the Bill raise human rights and oversight concerns.
The need for an IGIS official to be excluded from an examination is not adequately outlined in the Explanatory Memorandum or in the Government’s Statement of Compatibility with Human Rights (see EM, pp. 7-8). It is not clear how the presence of an IGIS official could put the life or safety of a person at risk, and conversely if the life or safety of an ACIC examiner, the person detained for the purposes of the examination or any other persons in attendance is at risk, there are questions to be had about progressing an examination under these circumstances. The follow-on provisions relating to providing the IGIS with a recording of the examination after the exclusion of its official also suggest there is an intent that the examination could, and will most likely, continue.
The Explanatory Memorandum also makes mention of ‘operational reasons’ which are not defined (p. 70). With respect to an IGIS official’s presence impacting on the effectiveness of an examination, the Explanatory Memorandum offers no explanation as to how this might take place. The provision might be regarded as taking the position that effectiveness trumps oversight.
It is noted that the ASIO Act provides for far more rigorous oversight including clarifying that an IGIS official may be present at the questioning or apprehension of a person under Division 3 of Part III of the ASIO Act (which provides for ASIO’s compulsory questioning powers) where the IGIS official is exercising a power or performing a function or duty of the IGIS (section 34JB). Given that the ACIC is being defined as an intelligence agency in its entirety and not as a dual hatted agency with intelligence and non-intelligence functions, the absence of similar oversight provisions, such as those that apply to ASIO with respect to its questioning, is worthy of further scrutiny by the committee.
Changes to the type of complaints IGIS must inquire into
Key provisions
Subsection 11(1) of the IGIS Act currently sets out when the IGIS must inquire into action taken by an intelligence agency that is the subject of a complaint. Item 22 of Schedule 1 inserts proposed paragraph 11(1)(aa) which provides that the requirement to conduct an inquiry into a complaint only applies where the Inspector-General is satisfied that the action to which the complaint relates is the kind of action that is reasonably likely to be taken by an intelligence agency. Item 23 inserts a note at the end of subsection 11(1) intended to clarify that ‘action’ (as used in paragraph 11(1)(aa)) includes the making of a decision or recommendation, and the failure or refusal to take any action or to make a decision or recommendation.
As noted in the Explanatory Memorandum:
This does not require the Inspector-General to be satisfied that the action has actually been taken by an intelligence agency, only that there is a reasonable likelihood that the intelligence agency could or would undertake that activity. This could include both actions within an intelligence agency’s functions and actions that exceed those functions. This amendment is necessary to clarify the IGIS’s complaint handling functions in circumstances where activity alleged in a complaint is considered to be implausible or otherwise not credible. (p. 32)
Comments
The most recent IGIS 2021-22 annual report contains a footnoted mention of the ‘high level of resources required to receive, consider and respond to all complaints and correspondence, whether or not they fell within IGIS’s jurisdiction’ (p. 103). In that period 431 reports were identified as not falling within the jurisdiction of the IGIS Act or PID Act, with another 80 determined to fall within the jurisdiction of the IGIS Act (p. 103). The report also outlines the IGIS’s current complaint handling processes, as also depicted in the below infographic (pp. 102-104).
On the basis of the above complaints process chart, the provisions set out in the Bill may not be necessary, particularly given that paragraph 11(2)(c) of the IGIS Act already applies:
When inquiry or further inquiry into complaints is not required
(2) Where a complaint is made to the Inspector‑General in respect of action taken by an intelligence agency, the Inspector‑General may decide not to inquire into the action or, if the Inspector‑General has commenced to inquire into the action, decide not to inquire into the action further if the Inspector‑General is satisfied that:
(a) the complainant became aware of the action more than 12 months before the complaint was made;
(b) the complaint is frivolous or vexatious or was not made in good faith; or
(c) having regard to all the circumstances of the case, an inquiry, or further inquiry, into the action is not warranted.
Proposed paragraph 11(1)(aa) does not outline how ‘action of a kind reasonably likely to have been taken by an intelligence agency’ would be determined or assessed. Nor is this detailed in the Explanatory Memorandum. Assuming a reasonable likelihood that an intelligence agency could or would, or could not or would not, undertake an activity or action without at least a precursory inquiry, is potentially fraught, with the provision as it stands possibly opening up a gap in oversight coverage. For example, it could allow for a complaint to be dismissed outright because a view was initially formed about plausibility, when further investigation may reveal that the action may or may not have occurred. Given the role deception (lawfully when compliant) plays in intelligence activities, and that there already exists grounds under paragraph 11(2)(c) for the IGIS to not further inquire into a complaint, this provision could benefit from further review.
As the motivation for this provision is not explicitly stated in the Explanatory Memorandum (or the degree to which it was developed in consultation with the IGIS) it is difficult to determine the purpose for its inclusion. Complaint numbers do not appear to be high enough to warrant this approach, nor raised in a manner in the most recent Annual Report to suggest they are burdensome to this extent.
Expansion of the role of the PJCIS
The expansion of the powers and jurisdiction of the PJCIS has been the subject of disagreement between the various reviews, as outlined by the PJCIS:
The Committee notes the conflicting positions of the Independent Intelligence Review (IIR) and Comprehensive Review of the Legal Framework of the National Intelligence Community (Richardson Review) in relation to the role of the Parliamentary Joint Committee on Intelligence and Security (PJCIS). The IIR recommended that the oversight role of the PJCIS be expanded to all agencies which make up the National Intelligence Community (NIC). The Richardson Review did not make recommendations to expand the oversight role of the PJCIS to further intelligence agencies, however commented that there was a strong case for Inspector-General of Intelligence and Security (IGIS) oversight of the ACIC and AUSTRAC intelligence functions. (p. 31)
While well covered in some contexts, owing to the introduction of broader jurisdictional coverage for both IGIS and the PJCIS than either review covered or anticipated, this too is worthy of additional scrutiny alongside that already carried out as part of inquiries into previous Bills.
Broader oversight of the ACIC, AFP, AUSTRAC and Home Affairs
Key provisions
The Bill will expand the role of the PJCIS to include broader oversight of the ACIC, AFP, AUSTRAC and Home Affairs by amending section 29 of the IS Act, which sets out the functions of the PJCIS, to reflect its expanded jurisdiction in relation to these agencies.
The key amendments are:
- Item 50 will repeal and replace paragraph 29(1)(a) to include the ACIC as an intelligence agency whose administration, expenditure and annual financial statements the PJCIS can review and provide that the AFP, AUSTRAC and Home Affairs (in relation to their intelligence functions), can similarly be reviewed.
- Item 51 will amend paragraph 29(1)(b) to allow the PJCIS to review any matter in relation to ACIC referred to it by the responsible Minister, the Attorney-General or by a resolution of either House of the Parliament.
- Item 53 will insert proposed paragraphs 29(1)(bad) and (bae) which will allow the PJCIS to monitor and review the performance by, or to report to both Houses of Parliament on any matter relating to, the intelligence functions of the AFP, AUSTRAC and Home Affairs where a referral has been made by either the responsible Minister, the Attorney-General or by a resolution of either House of Parliament.
- Items 55 and 56 amend subsection 29(2), which allows the PJCIS, by resolution, to request the responsible Minister or the Attorney-General refer a matter related to the activities of listed agencies to the PJCIS. The amendments include the ACIC, AFP, AUSTRAC and Home Affairs on the list of agencies.
Items 58–64 of the Bill will amend subsection 29(3) which provides clarity on what matters the PJCIS cannot inquire into. With respect to the ACIC, the PJCIS will not be able to:
- review the intelligence gathering and assessment priorities of ACIC, consistent with the same restriction applying to other intelligence agencies under PJCIS oversight (item 58)
- review the sources of information, other operational assistance or operational methods available to ACIC consistent with the same restriction applying to other intelligence agencies under PJCIS oversight (item 59)
- review special ACC operations, or special ACC investigations (within the meaning of the ACC Act) that have been, are being, or are proposed to be undertaken by the ACIC (item 60)
- review an aspect of the activities of the ACIC that does not affect an Australian person (item 61), consistent with the same restriction applying to other intelligence agencies under PJCIS oversight
- conduct inquiries into individual complaints about the activities of the ACIC (item 62).
The Bill will also prevent the PJCIS from conducting inquiries into individual complaints about the activities of the AUSTRAC and Home Affairs (item 62), consistent with the same restriction applying to the AFP, and expand the current restrictions relating to PJCIS reviews of AFP operations activities to include AUSTRAC and Home Affairs (items 63 and 64).
Items 65–67 amend section 30 of the IS Act to expand the list of persons whom the PJCIS can requests briefings from. Currently section 30 only allows the PCJIS to request briefings from the relevant heads of ASIO, ASIS, AGO, DIO, ASD, ONI, IGIS, AFP, and Home Affairs. The amendments will expand this list to include the heads of AUSTRAC, ACIC, the INSLM, and any agency head of an agency whose functions relate to a matter being considered by the PJCIS under section 29 of the IS Act. The Bill will also clarify that this list does not limit the ability of the PJCIS to request briefings from persons not listed.
The Bill will also amend Schedule 1 of the IS Act to clarify the PJCIS’s role with respect to its expanded oversight of the ACIC, AUSTRAC, AFP and Home Affairs. The most significant amendments relate to the definition of operationally sensitive information (items 70–72) and greater restrictions on the disclosure of information in a PJCIS report (items 76–77).
Broader oversight of counter-terrorism or national security legislation
Item 52 will insert proposed paragraph 29(1)(ba) to provide that the PJCIS can review and inquire into any proposed reforms to, or expiry, lapsing or cessation of effect of, legislation relating to counter-terrorism or national security, as it sees fit.
Ability to request the IGIS to undertake an inquiry
Item 17 of Schedule 1 inserts proposed section 8AA into the IGIS Act which provides that the inquiry functions the IGIS may perform at the request of the Attorney-General or the responsible Minister relating to the legality or propriety of particular activities of intelligence agencies (as set out in section 8) can also be performed following a request by the PJCIS under proposed subsection 29(2A) of the IS Act.
Proposed subsection 29(2A) of the IS Act (at item 57 of Schedule 1) provides that the PJCIS may, by resolution, request the IGIS to inquire into a matter, whether or not the functions of the PJCIS include reviewing the matter, if this matter:
- relates to the legality and propriety (however described) of the operational activities of an agency (which the PJCIS is prevented from reviewing under subsection 29(3) of the IS Act)
- is within the functions of the IGIS mentioned in section 8AA of the IGIS Act and
- does not relate to an individual complaint about the activities of the agency.
In requesting that the IGIS review a matter the PJCIS must provide a copy of the request to the Minister responsible for the agency to which the request relates.
Item 30 inserts proposed section 22A into the IGIS Act which sets out the requirements in relation to the IGIS’s response to the PJCIS following completion of its inquiry. As noted in the Explanatory Memorandum (page 35), while the PJCIS may request the IGIS inquire into a matter, the IGIS has discretion in deciding whether to conduct any such inquiries. If the IGIS decides not to inquire into a matter, the IGIS is not required to provide a response to the PJCIS.
The IGIS must take reasonable steps to provide a written response to the PJCIS in relation to its inquiry, unless the IGIS is satisfied on reasonable grounds that doing so would prejudice security, the defence of Australia or Australia’s relations with other countries.
Before giving a response to the PJCIS, the IGIS and the head/s of the intelligence agency/agencies to which the inquiry related must agree that the terms of the proposed response would not prejudice:
- security, the defence of Australia or Australia’s relations with other countries
- law enforcement operations, including methodologies and investigative techniques
- confidential commercial information held by AUSTRAC
- operationally sensitive information (within the meaning of Schedule 1 of the IS Act).
In addition to the above requirement, before providing the PJCIS with the response, the IGIS must consult the head(s) of the intelligence agency/agencies to which the inquiry referred on whether the terms of the proposed response would prejudice the privacy of individuals or the fair trial of a person or the impartial adjudication of a matter. Although the IGIS has a duty to consult on this matter, it has discretion as to whether or not to adjust the proposed response in relation to concerns raised on these issues by the agency head. The IGIS may also consult the head of any other intelligence agency on the terms of the proposed response.
The IGIS must give a copy of the response provided to the PJCIS to the responsible Minister and may give a copy of the response that this provided to the PJCIS to either or both the Prime Minister and the Attorney-General if the IGIS considers it appropriate to do so.
If as a result of a PJCIS request, the IGIS completes an inquiry in respect of the operational activities of an intelligence agency or intelligence agencies, and does not provide a response to the PJCIS, the IGIS must notify the PJCIS of the reason why the response was not provided.
Requirement for agencies to brief the PJCIS
Item 85 of Schedule 1 inserts proposed section 18A into the ONI Act which requires the Director-General of ONI to brief the PJCIS at least once each calendar year.
According to the Explanatory Memorandum (p. 57):
- the briefing requirement may be satisfied by any briefings provided by the Director-General of ONI to the PJCIS, including those provided in compliance with requirements under other legislation
- the Director-General may delegate this function to a person who holds, or performs the duties of, an SES equivalent position within ONI.
Enacting such a requirement was a recommendation of the 2017 Independent Intelligence Review (Recommendation 23) and it ‘is intended to ensure the PJCIS has the context necessary to support its oversight work’ (EM, p. 57).
Item 44 also inserts proposed section 32C into the IGIS Act which requires the IGIS to brief the PJCIS at least once each calendar year.
Changes to the staffing and operation of the PJCIS
Key provisions
The Bill also proposes to make changes to the operation of the PJCIS, including allowing the PJCIS to meet virtually, provided it follows advice from relevant agency heads as to the required security arrangements for virtual meetings where classified information may be discussed (items 78–79); and changes to the processes in relation to sub-committees, including appointments (items 81-84).
The most significant amendments relate to the downgrading of security clearance requirements for PJCIS staff members. Currently clause 21 of Schedule 1 of the IS Act provides that each member of the staff of the PJCIS must be cleared for security purposes to the same level and at the same frequency as staff members of ASIS. Item 80 amends this clause to provides that staff of the PJCIS must be cleared for security purposes at least at a level and frequency:
- appropriate for access to information and systems at the classification that the staff member requires, in accordance with government policy in relation to protective security and
- acceptable to all of the agency heads.
The Explanatory Memorandum sets out the Government’s justification for this change:
This amendment is intended to reflect practical implications of the change in the PJCIS’s work over time, including the increase in public hearings. Much of the work of the staff of the PJCIS does not require a high level of security clearance. Obtaining high level security clearances is a lengthy process and one which may entail significant intrusions on the privacy of the person obtaining the clearance. PJCIS staff should only need to hold security clearances that are commensurate with the classification and sensitivity of the information and matters they observe. (p. 56).
Comments
The downgrading of security clearance requirements has the potential to affect the quality and scope of the PJCIS coverage at a time in which its responsibilities are expanding.
Exclusion of liability for certain computer related acts
History of these provisions
The Criminal Code contains a range of criminal offences for unlawfully accessing or interfering with a telecommunications system or accessing data in a computer without authorisation. Division 476 of the Criminal Code currently provides immunity to ASIS, AGO and ASD officials for certain computer-related acts (section 476.6).
The history of these provisions is set out in the Explanatory Memorandum to the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021:
Section 476.5 of the Criminal Code was introduced by the Cybercrime Act 2001. As originally introduced, subsection 476.5(1) provided immunity from civil and criminal liability for the staff members and agents of ASIS and ASD (then Defence Signals Directorate (DSD)) whose computer-related activities done outside Australia, in the proper performance of their functions, were intended and required by Government. The Intelligence Services Legislation Amendment Act 2005 extended the immunity to apply to the then Defence Imagery and Geospatial Organisation (now the AGO). (p. 79)
The Comprehensive Review recommended, in Recommendation 74, that immunity for certain computer offences for ASIS, AGO and ASD be extended to apply where a staff member or agent of the relevant agency acted on a reasonable belief that the computer-related activities occurred outside Australia, even if that activity occurred inside Australia (p. 227, vol. 2). This was intended to help manage the challenges of identifying the geographic location of computers (p. 10).
The Security Legislation Amendment (Critical Infrastructure) Act 2021 amended section 476.5 so that it only applies to ASIS and AGO, with ASD covered by subsection 476.6(1):
…which provides wider immunity for conduct engaged in inside or outside Australia by staff members and agents of ASD, on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia, whether or not it in fact takes place outside Australia. [p. 29]
The National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2022 (NSLAB-1 Act) then repealed section 476.5 and amended 476.6(1) to extend the broader immunity in that section to ASIS and AGO. The Government stated that these amendments:
… bring the immunities for staff members and agents of ASIS and AGO to that of staff members and agents of ASD in respect of computer offences. These amendments are required as it is not always possible to determine with certainty the geographic location of computer-related activity. Criminal liability should not apply when a staff member or agent of ASIS, AGO or ASD acts in the genuine belief that the activity is outside Australia. These amendments will protect staff from criminal liability only where they have acted in good faith in the proper performance of the agency’s (ASIS, AGO, ASD) functions. (p. 80)
In commenting on these amendments, the Law Council of Australia noted:
… while the Law Council did not categorically oppose the extension of the immunity to the relevant computer-related acts [by ASD] occurring within Australia, it raised questions about its necessity, in particular as to why an immunity was needed in preference to placing reliance on the defence of mistake of fact in relation to the geographical location of a computer (with respect to the potential exposure of agency staff members to prosecution for computer-related offences).
The Law Council also raised questions about the broader implications of the expanded immunity. This included whether it should encompass an immunity from civil liability, or be limited to criminal liability. (Noting that the expansion of the immunity to acts done inside Australia will increase the prospect of causing significant loss or damage to Australian persons. It will extinguish the rights of affected Australians to obtain a legal remedy in respect of that loss or damage.)
The Law Council also queried whether aspects of the technical drafting of the immunity provision may be unintentionally broad, in that they might potentially operate to confer immunity for any telecommunications interception or access to telecommunications data, which may occur as part of the technical process of gaining access to data that is held in, or is accessible from, in a computer. (pp. 50–51)
Key provisions in the Bill
Item 4 of Schedule 4 to the Bill will insert proposed section 476.7 into Division 476 of the Criminal Code, which will also provide immunity to certain defence officials for certain computer-related acts.
Proposed section 476.7 is drafted in similar terms to section 476.6. Proposed subsection 476.7(1) provides for civil and criminal immunity where a defence official has engaged in conduct inside or outside Australia and the conduct:
- is engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia (whether or not it in fact takes place outside Australia) and
- is engaged in in the proper performance of authorised ADF activities.
Proposed subsection 476.7(2) provides for civil and criminal immunity where a person has engaged in conduct inside or outside Australia and the conduct:
- is preparatory to, in support of, or otherwise directly connected with, authorised ADF activities outside of Australia
- taken together with a computer-related act, event, circumstance or result that took place, or was intended to take place, outside Australia, could amount to an offence, but in the absence of that computer-related act, event, circumstance or result, would not amount to an offence
- is engaged in in the proper performance of authorised ADF activities.
Proposed subsection 476.7(8) defines an authorised ADF activity to mean an activity, or class of activities, that is authorised by the Chief of the ADF and connected with the defence or security of Australia. It also defines a defence official to mean:
- a member of the ADF
- a defence civilian within the meaning of the Defence Force Discipline Act 1982
- an employee of the Defence Department, including a consultant, contractor or person on secondment
- any other person included in a class of person specified in a legislative instrument made by either the Secretary of the Defence Department or the Chief of the ADF (proposed subsection 476.7(9)) or their delegates (proposed subsections 476.7(10) and (11)).
Proposed subsection 476.7(3) provides that this immunity for preparatory and supporting activities does not undermine the warrant frameworks under the ASIO Act and TIA Act by authorising persons to commit acts in Australia that would otherwise be unlawful without obtaining a warrant.
Proposed subsections 476.7(6) and (7) require a person to provide written notification to the Chief of the ADF and, if a person is not under their command, the Secretary of the Defence Department, if a person engages in conduct that causes material damage, material interference or material obstruction to a computer. The Explanatory Memorandum provides that written notification is important ‘given the possible significance the conduct may have on Australian persons or businesses if computers within Australia are impacted in a way that causes material damage, material interference or material obstruction’ (p. 161).
Comments
In its submission to the Comprehensive Review, the Defence Department expressed ‘concerns about the extent of the ADF’s legislative authorities and immunities to collect and possess intelligence, and provided examples where ADF activities conducted outside situations of armed conflict could raise questions of criminal liability under Commonwealth law’, particularly under the telecommunications offences in Part 10.6 and the computer offences in Part 10.7 of the Criminal Code (pp. 221–222, vol. 2 ). As well as the immunity provisions in the Criminal Code, section 14 of the IS Act provides broad general immunities for agencies governed by that Act (currently ASIS, AGO or ADG). Defence submitted ‘that the development of its own cyber capabilities has bought into focus the need for legislative immunities for ADF activities, other than where it would be working cooperatively with an IS Act agency and therefore attracting the immunity available under section 14 of the IS Act’ (p. 223, vol. 2). These arguments were accepted by Mr Richardson in his recommendations.
The Explanatory Memorandum for the Bill states that the amendments in Schedule 4 address Recommendation 72 of the Comprehensive Review (p. 159), which provided:
The Criminal Code should be amended to give Australian Defence Force members immunity under Part 10.7 for computer-related acts done outside Australia in the course of properly declared operations under legally approved rules of engagement. (p. 225, vol. 2) [emphasis added]
Recommendation 72 does not appear to cover immunity for damage to computers inside Australia, or for computer-related acts undertaken inside Australia with an intended effect outside of Australia. It appears that the amendment in Schedule 4 contains a mix of what was recommended in Recommendation 72 and also Recommendation 74 which provided:
The current immunity in section 476.5 of the Criminal Code for ASIS, ASD and AGO should be extended to apply where a staff member or agent reasonably believes the relevant conduct is likely to take place outside Australia, whether or not it in fact takes place outside Australia. This should also apply to the Australian Defence Force, if it is included within the immunity in section 476.5. (p. 227, vol. 2) [emphasis added]
While the Comprehensive Review supported the inclusion of these provisions, it does not appear to have considered the distinction between the oversight arrangements for ASIS, AGO and ASD (which are overseen by the IGIS) and the ADF (which does not fall within the remit of the IGIS).
Further, subsection 476.6(8) of the Criminal Code requires the head of ASIS, AGO and ASD to provide notice to the IGIS when one of its officials engages in conduct which would attract immunity and causes material damage, material interference or material obstruction to a computer. This oversight was emphasised by the Government in arguing that the amendments contained in the NSLAB-1 Act were proportionate given they ‘indirectly create a risk that a person’s right to protection against arbitrary and unlawful interferences with privacy under Article 17 of the ICCPR may be violated’ and engage the right to an effective remedy in Article 2(3) of the ICCPR (pp. 35–36). The Government also noted that the IGIS has the power to recommend a person receive compensation and that arrangements exist which would allow for a person to receive compensation:
Should the IGIS choose to conduct an inquiry into the actions of an intelligence agency, it has strong coercive powers, similar to those of a royal commission, including powers to compel the production of information and documents, enter premises occupied or used by a Commonwealth agency, issue notices to persons to appear before the IGIS to answer questions relevant to the inquiry, and to administer an oath or affirmation when taking such evidence. At the conclusion of the inquiry, paragraph 22(2)(b) of the IGIS Act requires the IGIS to recommend to the responsible Minister that the person receive compensation, if the IGIS is satisfied that the person has been adversely affected by action taken by a Commonwealth agency and should receive compensation.
The Scheme for Compensation for Detriment caused by Defective Administration provides a mechanism for non-corporate Commonwealth entities to compensate persons who have experienced detriment as a result of the entity’s defective actions or inaction.
Section 65 of the Public Governance, Performance and Accountability Act 2013 allows the making of discretionary ‘act of grace’ payments if the decision-maker considers there are special circumstances and the making of the payment is appropriate. [p. 13]
While the Bill will require a person to give notice of similar conduct to the Chief of the ADF/Secretary of the Defence Department, there is no requirement for anyone to notify the IGIS or any other oversight body. The PJCIS also does not have oversight of the ADF/Defence Department. The Explanatory Memorandum to the Bill is silent as to whether other compensation arrangements would apply with respect to damages caused by a defence official and the Statement of Compatibility with Human Rights is silent as to the impact of these provisions on a person’s right to an effective remedy under Article 2(3) of the ICCPR. The Explanatory Memorandum does note the potential for damage to Australian people or computers could be significant, and as such this amendment raises a number of questions for further scrutiny.
The Explanatory Memorandum is also extremely short on detail as to why this provision is necessary, what it relates to, and why there is a need for ‘defence official’ to be defined in part by legislative instrument given the scope of persons included in the proposed definition is already very broad. Given such a broad delegation of power has not been required with respect to staff of ASIS, ASD, or AGO, it is unclear why it is needed or who the Government intends to be specified as a ‘defence official’.
Concluding comments
While the intent and substance of a number of amendments in this Bill have been the subject of previous inquiry, debate and comment through a number of channels, including but not limited to intelligence reviews (and Government responses), PJCIS inquiries, and Bills put forward in current and previous parliaments, there are a number of elements to this Bill that have not had such scrutiny, and/or are worthy of further scrutiny by Parliament, particularly given the contested history of reform in this space and the importance of accountability and oversight.