- Consideration of the bill
- As outlined in Chapter 1, the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023 (the Bill) contains ten proposed amendments related to recommendations from the Comprehensive Review of the Legal Framework of the National Intelligence Community (Richardson Review), and two other proposed amendments to the Intelligence Services Act 2001 (IS Act).
- Evidence was received by the Committee in public submissions, a classified submission, a public hearing and a classified briefing.
- Not all of the measures in the Bill received evidence beyond that outlined in the supplementary material for the Bill and the submission from the Attorney-General’s Department (the Department). A number of submissions from other departments and agencies affected by the proposed amendments simply noted the effect of the relevant amendments and expressed support for them.
- This chapter will step through the measures in the order they were outlined in Chapter 1, outlining the evidence received on each.
Evidence regarding amendments proposed by the Bill
Part 1 – Powers and functions of the Attorney-General
2.5The proposed amendments to the Acts Interpretation Act 1901 (AI Act), the Australian Security Intelligence Organisations Act 1979 (ASIO Act), the Law Officers Act 1964 (Law Officers Act), and the Telecommunications (Interception and Access) Act 1979 (TIA Act), are in response to two recommendations of the Richardson Review – recommendations 18 and 19.
2.6Recommendation 18 was contained in Volume 1 of the report, related to the Review’s findings on ‘Ministerial control of intelligence agencies’, and was made in response to the issue of issuing of warrants. The recommendation stated:
The Law Officers Act should be amended to remove the ability for the Attorney‑General to delegate his or her power to issue warrants under the Australian Security Intelligence OrganisationAct to the SolicitorGeneral, Secretary of the AttorneyGeneral’s Department or any other officer of the Commonwealth. The current prohibition in respect of warrants issued under the Telecommunications (Interception and Access)Act should remain in respect of the new electronic surveillance framework.
2.7Recommendation 19 was contained within the same section of the Richardson Review report, stating:
The Attorney-General’s powers in respect of ASIO should not be able to be conferred on another minister through an action of the Executive. Legislative amendment should be required. The ability for the Governor‑General in Council to make a substituted reference order in respect of the Attorney‑General’s role in exceptional cases should be retained, but only used in exceptional circumstances, such as where there is no Attorney‑General.
2.8In relation to Recommendation 18 and item 3 of the Bill, the proposed amendments to the Law Officers Act would remove the existing delegation ability. The Department highlighted the breadth of this existing ability in its submission:
The Comprehensive Review considered that given the special role of the Attorney-General as Australia’s First Law Officer and the significance of the powers in the ASIO Act, there are no circumstances in which the Attorney-General should be able to delegate their power for issuing ASIO warrants. As currently drafted, section 17 of the Law Officers Act could allow delegation of the Attorney-General’s powers to any official, regardless of level, position or department. The Department accepts the Comprehensive Review’s assessment that this is not consistent with the principles of ministerial responsibility and accountability and the significance of the powers contained in the ASIO Act.
2.9The Department’s submission also identifies that the Richardson Review’s recommendation was only in relation to the issuing of ASIO warrants, but that the proposed amendments will go further than that scope:
Recommendation 18 only expressly concerned the Attorney-General’s power to issue warrants under the ASIO Act. In addition to the power to issue warrants, under the ASIO Act the Attorney-General is empowered to authorise Special Intelligence Operations, appoint prescribed authorities for the purpose of overseeing the execution of ASIO questioning warrants, give consent to institute prosecutions against secrecy provisions and authorise and determine guidelines concerning financial assistance to persons subject to questioning warrants. Consistent with the principles underlying Recommendation 18, the Bill removes the ability for the Attorney-General to delegate all their powers under the ASIO Act, with the exception of financial assistance powers and consent to institute prosecutions against secrecy provisions.
The authorisation of special intelligence operations is similar to the power to issue warrants as it also involves authorisation for ASIO officers and affiliates to engage in conduct which would otherwise be subject to civil or criminal liability. As such it is appropriate that this power is also not able to be delegated. The appointment of prescribed authorities in relation to ASIO’s questioning warrants is a power most appropriately exercised by the Attorney-General so the ability to delegate will be removed. Prescribed authorities oversee the execution of the warrants and make directions concerning questioning.
It is appropriate that the Attorney-General continue to have the ability to delegate powers and functions under subsections 34JE(3) and (4) of the ASIO Act as these subsections relate to the provision of financial assistance to a person who is the subject of a questioning warrant in respect of the subject’s appearance before a prescribed authority for questioning under warrant, rather than relating to ASIO’s use of powers. The only current delegation under section 17 of the Law Officers Act of the Attorney-General’s powers in the ASIO Act concerns financial assistance for questioning and apprehension matters under ASIO Act subsections 34JE(3) and (4). The ASIO Act provides that the power to provide consent to institute prosecutions against secrecy provisions can currently be exercised by ‘a person acting under the Attorney-General’s direction’. As this delegation is already expressly provided for in the ASIO Act, it will continue to have operation after the amendment to the Law Officers Act.
The proposed approach to the restriction on the power to delegate is also consistent with the existing exemption in relation to all TIA Act powers under section 17 [of the] Law Officers Act. It is also consistent with the proposed approach in response to Recommendation 19 which refers to ‘[t]he Attorney-General’s powers in respect of ASIO’.
2.10Dr Brendan Walker-Munro commented on these proposed amendments, expressing strong support for the Law Officers Act amendment, but expressing concern about the lack of a definition of ‘exceptional circumstances’ in the amendments or anywhere in the statute, as well as the vesting of authority in the Prime Minister to be satisfied as to when exceptional circumstances exist, rather than giving this to the Governor-General as the decision maker.
2.11These concerns were addressed in part in the submission from the Department, which advised that long-standing legal advice was that decision-making power should be conferred on an appropriate minister rather than the Governor-General. This was acknowledged by Dr Walker-Munro at the hearing.
2.12The issue of the basis for the Prime Minister’s decision regarding what exceptional circumstances are and how they apply to the making of a substituted reference order was elaborated by Dr Walker-Munro at the public hearing:
…essentially, it comes down to the Prime Minister's state of satisfaction about whether those exceptional circumstances exist and what an exceptional circumstance is. The example that I gave in my submission was the very famous one involving the former Prime Minister being appointed to multiple ministries, where the exceptional circumstance was the COVID-19 pandemic. That was certainly an exceptional circumstance, but it was a situation where I think the outcome was not one that was anticipated as being good for public government in the public interest. Whilst I take note of the issues that are raised in the explanatory memorandum, I do still hold a concern that, essentially, one person's view as to what an exceptional circumstance is would allow, potentially, for those matters to end up being delegated.
2.13The Department addressed this issue in its submission as follows:
Exceptional circumstances is not defined in the Bill or the Explanatory Memorandum in order to not unduly constrain when this power could be exercised. However, an example of exceptional circumstances could include where there is no Attorney-General, as stated in the Comprehensive Review and provided in the Bill’s explanatory memorandum.
Part 2 - Defences for certain national infrastructure related offences
2.14The proposed amendments to the Criminal Code Act 1995 (Criminal Code) are in response to recommendation 66 of the Richardson Review, contained within Volume 2 of the report, related to ‘Immunities for the Australian Security Intelligence Organisation” and “Cellular transmitter geolocation issues”.
2.15The recommendation stated:
The defence in subsection 474.6(7) of the Criminal Code should be extended for ASIO so that it applies to all offences in section 474.6 (Interference with facilities). The defence should only be available where ASIO officers are acting in the course of their duties, and where that conduct is reasonable in the circumstances for the purpose of performing those duties.
2.16The Richardson Review report discussed the inefficiency of the current method that ASIO employs to locate a cellular transmitter and that another more efficient method was identified, but not used due to concerns regarding criminal liability under Parts 10.6 and 10.7 of the Criminal Code.
2.17As noted in Chapter 1, the Department identified the reasoning for the proposed amendments in the Bill going further than the original recommendation of the Richardson Review, to include defences to section 477 offences as well as the offences in section 474. The Department submitted that those additional defences were ‘clearly contemplate[d]’ by the Richardson Review, and that following consultation, the Government was satisfied that they were ‘necessary, appropriate and effectively balance national security interests against the individual’s right to privacy’.
2.18ASIO provided further context and justification in its submission:
As part of our role to protect Australia and Australians from threats to their security, ASIO conducts a range of activities to identify and understand security threats.
Identifying and locating subjects of interest is a core part of this role. A person’s digital footprint – for example which devices they are using and where those devices are located – provides key enabling information.
ASIO also needs to understand who else might be in the vicinity before conducting activities – to make sure we don’t unnecessarily impact unrelated third parties in the area and to prevent our covert activity from being detected.
Finally, we need to make sure we protect our staff, sensitive capabilities and operations. As the Director-General of Security noted in his Annual Threat Assessment in February 2023:
- a. Our staff work in a complex environment where “spies want to target them and extremists want to kill them”. Consequently, we need to make sure that we understand what threats might exist before our staff are put in harm’s way.
- b. ASIO must do things “Australia’s adversaries believe are impossible”, so “it is vital to safeguard the tools, techniques and technologies” that allow us to keep Australians safe from threats to their security.
Due to developments in technology, the activities ASIO needs to undertake to effectively discharge its functions require additional, targeted legal defences. The inclusion of new defences would enable ASIO to use more efficient and effective methods when conducting functions under the ASIO Act 1979, including to protect the covert nature of activities where necessary.
The proposed amendments ensure that ASIO officers have the necessary legal protections to protect Australia and Australians from threats to their security – while also protecting themselves and our sensitive capabilities.
All activities would continue to be conducted in line with the Guidelines issued by the Minister for Home Affairs which require ASIO to only undertake activities which are proportionate, and use the least intrusive method available.
2.19The Department of Home Affairs also emphasised the role that the Minister’s Guidelines have in ensuring ASIO’s actions are as expected:
All ASIO activities are conducted in line with the Minister’s Guidelines in relation to the performance by the Australian Security Intelligence Organisation of its functions and exercise of its powers (Minister’s Guidelines), issued by the Minister for Home Affairs. In particular, the Department notes the Minister’s Guidelines are binding on ASIO and require ASIO to only undertake activities that are reasonable, necessary, and proportionate and using the least intrusive method available.
2.20Dr Walker-Munro identified concerns with the potential breadth of the proposed immunities and the inclusion of ASIO affiliates in the proposed definition of ASIO Officer:
…in relation to the extension to an ASIO affiliate, which is defined under the act to include, essentially, secondees and contractors that may have arrangements with ASIO. The Richardson review, as far as I'm aware, didn't warrant the extension of immunities from ASIO employees, who are the staff members of the agency, to anybody else. It is a very specific immunisation against a very wide range of potential civil and criminal immunities to which ASIO would have access. This takes it some way beyond that and allows ASIO, were it so minded—I'm not saying it would be—to essentially extend an immunity to anybody with whom it has taken secondment arrangements or has some form of services agreement.
2.21Dr Walker-Munro also identified that the proposed amendments are unclear regarding potential application to Australian Defence Force (ADF) members:
The second danger is that it is unclear whether the proposed immunity would cover the Australian Defence Force (“ADF”). The Richardson Review was of the view that ‘a limited immunity is necessary and justified in respect of the ADF… where the ADF is properly authorised to engage in activity that could raise potential liability risks under Australian criminal law… but cannot access ASD authorities and immunities’. The proposed immunity per se does not immunise ADF members; however, there is nothing in the law that would prevent an ADF member from being engaged as a consultant or as a service provider. Further, the immunity would not automatically attach to an ADF member taking part in a special intelligence operation authorised under the ASIO Act. The coverage of ADF personnel under the proposed immunities should be clarified (i.e., whether they are intended to be immunised or that will be dealt with by subsequent legislative amendment).
2.22The IGIS also noted the breadth of potential coverage:
The IGIS notes that the definition of ‘ASIO affiliate’ is potentially quite broad, as it covers persons performing functions or services for the Organisation in accordance with a contract, agreement, or other arrangement, and includes a person engaged under section 85 and a person performing services under an arrangement under section 87.
2.23When questioned about this comment in his submission Dr Christopher Jessup KC, Inspector-General of Intelligence and Security, provided the following qualified observation:
We didn't intend to express any opinion one way or the other on whether this was a good amendment; we intended simply to draw it to the committee's attention so that, in effect, it didn't fall between the slats. Yes, I did have the benefit of listening to an earlier witness this morning, and his perspective on this particular amendment was interesting. As far as I would say it, he sufficiently exposed some of the issues that might arise in connection with this amendment, but they are matters of policy, and we really wouldn't want to go beyond what we said in our submission in that area.
2.24Further elements of the potential application of these proposed immunities were canvassed at the public hearing, with the Director-General of Security acknowledging that the expanded scope of an ASIO affiliate could include a human source or ‘agent’ of ASIO, acting upon direction and authorisation to undertake the activities that might activate the proposed defences.
2.25In a further supplementary submission to clarify the position, ASIO outlined the following:
The term ASIO affiliate is defined in section 4 of the ASIO Act 1979 as “a person performing functions or services for the Organisation in accordance with a contract, agreement or other arrangement”. In practice, this could include persons such as secondees, contractors, consultants or human sources.
Consistent with the Comprehensive Review, the amendments provide ASIO employees and ASIO affiliates with targeted legal defences for specific offences in Part 10.6 and 10.7 of the Criminal Code Act 1995, not a broad immunity from criminal liability for those offences. This means that the defences are limited to those specific offences, and must be individually justified.
The Bill proposes that the defences would only be able to be relied on by ASIO employees and ASIO affiliates when acting in good faith in the course of their duties, and that the conduct is reasonable in the circumstances for the purpose of performing that duty. As the Explanatory Memorandum notes, in the case of ASIO affiliates, this would require them to be performing functions or services for ASIO, and acting in accordance with their contract, agreement or other arrangement.
For example, it may be necessary to have a human source operate technical equipment on ASIO’s behalf to identify and locate a device in circumstances where they have physical access that ASIO is otherwise unable to achieve. In these circumstances, the human source would be conducting activities at the direction of ASIO, and within strict constraints.
In other circumstances, a human source might be able to facilitate ASIO’s access to a facility or area for ASIO to conduct the activities. Without being included in these targeted defences, there is a risk a human source could be liable for ancillary offences (such as aiding or abetting the commission of an offence) when assisting ASIO to undertake these activities.
In all cases, ASIO will keep detailed records of circumstances where ASIO affiliates rely on the defences to enable oversight activities.
All activities – regardless of whether they are conducted by ASIO employees or ASIO affiliates - must be conducted in line with the proposed safeguards built into the legislation; namely that they must be acting in good faith in the course of their duties as an ASIO employee or affiliate, and their conduct must be reasonable in the circumstances for performing those duties.
Further, ASIO must also comply with the Minister’s Guidelines which require that any means used for obtaining information must be proportionate to the gravity of the threat posed and its likelihood, including any potential impact on third parties, and using the least intrusive method available. These requirements apply to all ASIO activities for obtaining intelligence relevant to security, whether conducted by ASIO employees or ASIO affiliates.
2.26Mr Damon O’Hara submitted that the extension of the defences to actions taken without a warrant could cause concern that:
The proposed amendments would grant ASIO officers the freedom from immunity [sic] for offences when undertaking covert actions without a warrant, where the community must rely on ASIO’s own assessment of the necessity, proportionality, reasonableness and justification for the actions.
When such covert action is taken under a warrant, an officer with judicial independence may consider those guardrails of what the community may consider proper, but without such a review ASIO need only satisfy itself. Any documentation produced as part of this self-evaluation process would be hidden from any external scrutiny (save any process undertaken by the IGIS, but which has not been addressed in this review).
The offences in question involve ‘modification of data to cause impairment’ (emphasis added) of computer or telecommunication systems, offences listed under the head ‘Serious Computer Offences’ in the Criminal Code.
2.27This led to Mr O’Hara stating that he would ‘…urge the Committee to consider the seriousness of ASIO being granted impunity to undertake covert actions, without a warrant, that would otherwise be considered serious computer offences, guided only [by] ASIO’s own internal review mechanisms, for the sake of efficiency’.
2.28The Law Council of Australia (Law Council) submitted regarding the proposed defences, identifying some areas of concern, including sharing the concern that including ASIO affiliates in the definition of ASIO Officer might:
…allow other officers of law enforcement agencies, such as the AFP, or other intelligence agencies with an offshore intelligence focus, such as ASIS, to rely on the defence. This is undesirable. It would carry the risk of undermining the differentiated warrant and issuing safeguards—for example, the issuing safeguards regulating access to telecommunications data and interceptions under the TIA Act. The Law Council’s long-standing position is that the vital distinction between foreign and security intelligence should be maintained.
2.29Additionally, the Law Council expressed concerns regarding the interactions between the proposed defences and warrant and issuing safeguards regarding interceptions and access to telecommunications and data under the TIA Act, as well as the reliance on the Ministerial Guidelines, identifying that:
…the Law Council remains concerned that the Minister’s 2020 Guidelines provide insufficiently precise and clear guidance in the following respects:
- categories of particularly sensitive information—specific guidance on the collection, use, disclosure, storage, destruction or retention of categories of particularly sensitive information, such as:
- information that is, or is likely to be, subject to client legal privilege or parliamentary privilege;
- health information (such as medical records) and biometric information (such as fingerprints); and
- journalistic information, such as the identity of journalists’ sources, and the information provided by those sources;
- bulk personal data—specific guidance on the acquisition, interrogation, retention and destruction of bulk personal datasets;
- targeting vulnerable persons—guidance on exercising coercive or otherwise intrusive intelligence collection powers against vulnerable persons, including children, people with disabilities, and people who belong to minority groups.
The Law Council reiterates its recommendation that the Minister’s 2020 Guidelines should be revised and re-issued, tabled in Parliament, and reviewed by the Committee.
2.30At the public hearing for the review, the Department of Home Affairs identified that the current Guidelines are about to be reviewed:
The minister is committed to reviewing the minister's guidelines. We are currently working on the terms of reference for those guidelines, with a view to having the minister agree, shortly, to conduct that review process.
2.31When questioned regarding the concerns that the Law Council identified with the 2020 Guidelines, the Director-General Security provided the following response:
What is in the ministerial guidelines is a matter for the minister, and, when the minister sets the new guidelines based on the review that will be undertaken, the minister will consult with the Attorney-General, and they are the current arrangements that are in place for the setting of ASIO's ministerial guidelines. I think they're sufficient, but obviously I'll leave that to the minister, the government and parliament to determine what is sufficient in that regard.
I would also say on the face of the law it is very clear on what we can and can't do and how we do it. The ministerial guidelines add an additional layer of minister's expectations on us as defined by what we do under law, and I think that's adequate. I would close by saying, of course, on top of all of that, it's not only the oversight of the government, the minister, this committee and the Attorney-General, we also have the oversight of the Inspector-General of Intelligence and Security that would actually call us out on anything that was not in line with law or the ministerial guidelines.
2.32The IGIS did not express any concerns about compliance with the current Guidelines as a result of his office’s inspections and investigations when questioned about that during the public hearing, noting that ‘…instances to the contrary would be isolated’.
Part 4 - Spent convictions
2.33The proposed amendments to Part VIIC of the Crimes Act 1914 (Crimes Act), relating to the spent convictions scheme, relate to Recommendation 136 of the Richardson Review, contained in Volume 3 of the report, which covered “Specific information sharing issues” and the sharing of spent convictions records.
2.34The recommendation states:
Exclusions in the spent convictions scheme in Part VIIC of the Crimes Act should be expanded to enable ASIO to use, record and disclose spent conviction information for the performance of its functions.
2.35ASIO outlined brief justifications for the proposed amendment in its submission:
As a security agency, ASIO works closely with law enforcement and other government agencies to protect Australia and Australians from threats to their security.
Spent conviction information has the potential to help inform ASIO’s understanding of security threats, including in relation to people who might also be the subject of a law enforcement investigation.
However, currently, these agencies are not able to share spent conviction information – relating to older, less serious convictions – with ASIO, other than for the purposes of assessing the suitability of prospective employees or consultants.
2.36The Department provided further rationale for the amendments:
The Commonwealth spent convictions scheme aims to prevent discrimination on the basis of previous convictions by limiting the use and disclosure of older, less serious convictions and findings of guilt. Currently, certain agencies, primarily law enforcement, have exemptions to the scheme which allow them to use spent conviction information in the performance of their functions. Excluding ASIO from the spent conviction scheme will allow ASIO to use, record and disclose spent conviction information to better perform its security functions. Further, it will rectify an existing discrepancy whereby law enforcement agencies are able to use, record and disclose spent conviction information for investigations or the prevention of a crime, while ASIO is prohibited from doing the same in the performance of its functions.
In accordance with paragraph 85ZZ(1)(b) of the Crimes Act, the Information Commissioner has advised the Department that ASIO’s exclusion from the spent convictions scheme should be granted and has specified no restriction should be placed on the exclusion beyond the wording of the Bill.
2.37Dr Walker-Munro expressed concerns regarding potential access by other National Intelligence Community (NIC) agencies to spent conviction information to be granted by the proposed amendments in Part 4:
The access to spent convictions in the manner that the Richardson review proposed was appropriate. I think that ASIO should have access to that information for the purposes of discharging their functions under the act. The potential issue then becomes whether or not there is a flow-on effect that permits the sharing of that information with agencies that would not otherwise be permitted to access it, so other NIC agencies that would not necessarily be able to access that information gaining access to it essentially through an information share with ASIO. My concern on that side is that you've essentially got a way to circumvent the law in a way that perhaps the law didn't intend.
The difference for its comparator, which affects the law enforcement agencies, for example, is that there are generally—if the AFP, for example, share information with a state or territory police force there is less of a concern because those individual agencies would ordinarily have access to that information in their own right, whereas the other NIC agencies would not necessarily have that access without more steps being taken to have access to that information.
2.38In response to this concern, the Director-General of Security outlined that:
It would allow ASIO access but not unfettered access. If the concern was that an affiliate could then take it and use it back in his or her home agency, that wouldn't be allowed because they can only use it inside ASIO and there'd be restrictions on them under their home agency under the spent convictions law, so, no, I don't believe that's valid. I understand the perspective, but I think it's a misunderstanding of how it operates or would operate.
…
Anything that ASIO would use this information on would be within line and limited by ASIO's purpose, which is pretty clear under law. It couldn't go broader than that. Another agency that was not allowed to see this information couldn't ask ASIO for that. We could not give it to them under law. An affiliate could not give it to their home agency or a mate under law because it wouldn't be in line with ASIO's purpose or the restrictions placed on them under the legislation that covers spent convictions today. This would not bypass any of that.
Part 5 - Reporting by the Inspector-General of Intelligence and Security
2.39The proposed amendments to the Inspector-General of Intelligence and Security Act 1986 (IGIS Act) to require annual reporting of complaints and public interest disclosure (PID) information in this Part of the Bill stem from recommendation 145 of the Richardson Review, contained within Volume 3 of the report relating to “Amendments to enhance public transparency” and PIDs.
2.40Following discussion acknowledging that the IGIS already publishes much of the highlighted material, the Review assessed that a legislative requirement would enhance and codify this transparency:
The IGIS should be subject to a legislative requirement to report annually on public interest disclosures received by, and complaints about similar conduct made to, the IGIS.
2.41The IGIS provided supporting information in its submission, identifying what is currently included, and proposed to be included, in its reporting.
2.42The Department noted in its submission that:
The Attorney-General would continue to have the ability under existing subsection 35(5) of the IGIS Act to make such deletions from the copy of the report that is tabled in Parliament as the Attorney-General considers necessary in order to avoid prejudice to security, the defence of Australia, Australia’s relations with other countries, law enforcement operations or the privacy of individuals.
Part 6 - Investigations by the Ombudsman
2.43The proposed amendment to the Ombudsman Act 1976 (Ombudsman Act) to remove oversight of the six core NIC agencies is in response to Recommendation 167 of the Richardson Review, contained within Volume 3 of the report relating to “Oversight agencies”.
2.44After short commentary outlining the statutory extension of the Ombudsman’s oversight of NIC agencies, but the practical reality that no such oversight is exercised by convention, and that the IGIS oversights the relevant agencies, the Review simply recommended that:
ASIS, AGO, ASD, ONI and DIO should be excluded from the Commonwealth Ombudsman’s jurisdiction.
2.45The Richardson Review report did comment that ‘from a practical perspective, the Ombudsman is not adequately equipped to protect sensitive national security information’, as a further justification for removal of this oversight.
2.46The Ombudsman provided a very brief submission acknowledging the current practice and supporting the recommendation, noting that ASIO was already removed from its oversight by Regulation 6 of the Ombudsman Regulations 2017.
2.47This proposed amendment was also supported by the IGIS, who noted in his submission that it ‘…will not impact on the role of the IGIS in relation to these agencies’, reflecting that IGIS oversight is already occurring.
2.48The Department identified in an answer to a Question on Notice that ‘Since 14December 2005, the Ombudsman and the IGIS have had a memorandum of understanding which guides the approaches of these offices to oversight of these intelligence agencies’.
2.49Mr Iain Anderson, Commonwealth Ombudsman, stated at the public hearing that:
…the IGIS is better equipped in terms of the larger number of officers with higher security classifications. I wasn't saying that we're not adequately equipped; it's really just that the IGIS is in a better position to deal with that material generally. I'm satisfied that we have the personnel and the capability to deal adequately with our other oversight functions—under the TIA Act, for example, about stored communications and all of those things—when we're dealing with the agencies that we otherwise deal with who fall within the national intelligence community, outside these six agencies who, I think, are best left to the IGIS.
2.50The Law Council identified in its submission that it ‘considers it essential that the resourcing of the IGIS be continually reviewed to ensure it is sufficient to discharge its statutory responsibilities’.
Part 7 - Exemptions from freedom of information law
2.51The proposed amendments to the Freedom of Information Act 1982 (FOI Act) in relation to existing exemptions for documents that have originated with, or been received from, the Australian Hydrographic Office in the performance of its functions under subsection 223(2) of the Navigation Act 2012 are as a result of Recommendation 186 of the Richardson Review, contained within Volume 3 of the report relating to “Australian Geospatial-Intelligence Organisation—non-intelligence functions”.
2.52The Review recommended that:
The Freedom of Information Act should be amended to remove AGO’s exemption in respect of its non-intelligence function.
2.53No additional evidence was received related to this proposed amendment, other than statements of support.
2.54The second set of proposed amendments to the FOI Act in this Part to align the protections afforded to the Australian Transaction Reports and Analysis Centre’s (AUSTRAC) Suspicious Matter Reports and Suspicious Transaction Reports under the FOI Act, stem from Recommendation 188 of the Richardson Review. This recommendation is contained within Volume 4 of the report relating to FOI issues and AUSTRAC.
2.55The recommendation states:
In respect of AUSTRAC, consistent protections should be afforded to Suspicious Matter Reports and Suspicious Transaction Reports under the Freedom of Information Act.
2.56As outlined in Chapter 1, this recommendation and the proposed amendments are to ensure that protections of the information contained in such reports is protected under the FOI Act regardless of which agency holds the information.
2.57No additional evidence was received related to this proposed amendment, other than statements of support.
Part 8 - Review under the archives law
2.58The proposed amendments to the Administrative Appeals Tribunal Act 1975 (AAT Act) and the ArchivesAct 1983 (Archives Act) requiring all proceedings related to security records to be heard in the Security Division of the Administrative Appeals Tribunal (AAT), arises from Recommendation 191 of the Richardson Review, contained in Volume 4 of the report, related to “Administrative Appeals Tribunal protections”.
2.59The recommendation was that:
All security matters arising under the Archives Act should be heard in the Security Division of the Administrative Appeals Tribunal.
2.60No additional evidence was received related to this proposed amendment, other than statements of support.
2.61The second element of the Part 8 proposed amendments, that would oblige the IGIS to provide evidence in proceedings under those Acts only where the material in the proceedings relates to one or more of the agencies the IGIS oversees, relates to Recommendation 192 of the Richardson Review, contained in Volume 4 of the report, under “Inspector-General of Intelligence and Security evidence to the Administrative Appeals Tribunal and the Information Commission”.
2.62The Recommendation stated:
The Freedom of Information Act and Archives Act should be amended so that the IGIS is only required to provide evidence that addresses the damage that would, or could reasonably be expected to, arise from the release of material where the matter involves one or more of the agencies that the IGIS oversees.
2.63The IGIS outlined the current issue in its submission:
Currently, where the Information Commissioner (IC) or the AAT is conducting a review in relation to a document or record sought to be exempt under s 33 of the respective Acts, the evidence of the IGIS must be sought prior to the decision-maker determining that the document is not an exempt document. Further, the IGIS must comply with the request unless the IGIS is of the opinion that they are not appropriately qualified to give evidence on the matters the subject of the request.
2.64The IGIS outlined in its submission that in the 2021-22 financial year the IGIS received three requests from the Information Commissioner in the circumstances above, with the IGIS of the opinion that they weren’t qualified to give answers in all three cases. The process consumed IGIS time and resources without adding any value to the reviews.
2.65Following the public hearing, the IGIS further identified that during the current IGIS’s tenure (to April 2023), five requests from the Information Commissioner had been received. All of them related to agencies outside the IGIS’s jurisdiction.
2.66In its primary submission, the IGIS provided the following information regarding requests for the IGIS’s own documents or records:
For completeness, pursuant to the proposed amendments, the IC or AAT will also not be able to request the Inspector-General to provide evidence in relation to IGIS’s own documents or records. Although there will be no independent body to provide expert evidence in these circumstances, the IGIS would have the opportunity to provide submissions in relation to the national security exemptions sought as a matter of course.
Part 3 - Membership of the Parliamentary Joint Committee on Intelligence and Security
2.67The proposed amendments in Part 3 are one of two measures related to the IS Act, but not to a Richardson Review recommendation. Part 3 proposes amendments to alter the constitution and quorum requirements of the PJCIS.
2.68The Explanatory Memorandum (EM) provides limited reasoning for this proposed amendment. The Department’s submission provides the following detail regarding the proposed amendments:
Schedule 1, Part 3 of the Bill would amend the IS Act to provide that the PJCIS is to consist of 13 members, comprised of at least 2 Government senators, 2 Government members of the House of Representatives, 2 non-Government senators and 2 non-Government members of the House of Representatives. The remaining 5 members could be drawn from either chamber. The quorum requirement would also increase from 6 to 7 members. The Bill does not amend the requirement for the Government to hold a majority.
This amendment is intended to allow for greater flexibility in determining PJCIS membership while retaining the requirement for representation of both the Senate and House of Representatives, and Government and non-Government members. It also raises the quorum requirement accordingly. Oversight and accountability by an expanded PJCIS will provide confidence to the Australian public that intelligence and security agencies are subject to robust parliamentary oversight.
2.69When the Department was questioned further about this at the public hearing for the review, the additional justification for the identification of the change provided was:
It came about as a recommendation from government, via our office, as a measure to enhance the flexibility of this committee, to reduce the constraints on its composition but also to allow an additional two people, which might assist when covering leave or other absences.
2.70When asked if the need for flexibility or covering of absences was identified in consultation with the Committee, the Department identified that no consultation had occurred, and that the reasoning for including the proposed change (as well as the Part 9 amendments discussed below) in the Bill was for expediency:
The 10 recommendations that are included in this bill were put in this vehicle because they were drafted and ready to go. The government was of the mind to try and get moving on the implementation of the Richardson recommendations. Those 10 were largely drafted and ready to be introduced in this sitting. The addition of the two other amendments, which did not come from the comprehensive review, were a result, really, of a decision about expediency. This omnibus bill was available and ready to go. Those two measures were identified by other agencies—well, one by the government and one through our colleagues at DFAT—identified as a vehicle that we could also put those measures in.
2.71The Department was also asked a further written Question on Notice regarding whether consultation occurred with a range of members of the Opposition, crossbench members of the House of Representatives and Senate or heads of NIC agencies or the Australian Federal Police. In response the Department outlined:
The Attorney-General’s Department did not consult with or advise non-government parliamentarians on the proposed changes to the membership and composition of the Committee.
This measure was a recommendation of Government.
Officers from the National Intelligence Community agencies as well as the Departments of the Prime Minister and Cabinet, Defence, Foreign Affairs and Trade, Home Affairs and Infrastructure, Transport, Regional Development, Communications and the Arts were consulted on the National Security Legislation Amendment (Comprehensive Review and Review of the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 2) Bill 2023, and no comments were received on the proposed changes to the composition of the Parliamentary Joint Committee on Intelligence and Security.
2.72Contained within a further answer to a Question on Notice, the Department identified that ‘The Department of Foreign Affairs and Trade has policy responsibility for administering the provisions in the IS Act that relate to the Committee’s membership and appointments’.
2.73When questioned about the proposed changes to the constitution of the Committee and any security concerns related to the number of Committee members, the Director-General of Security responded:
'Need to know' is a sound principle. And, yes, the more people know something, the risk increases.
…
My only ask of this committee would be that secrets are kept secret. Beyond that, the nature and the composition of this committee is a matter for government and parliament. I might also add, in the awkward situation that we had some security-relevant information, I would always discuss that with the leader of the party it concerned.
2.74When questioned along the same lines and in response to the Director-General’s evidence, Ms Hartigan from the Department responded:
The addition of two members doesn't change the framework that exists around the protection of information in documents that are put before the committee or provided to the committee. The secrecy provisions, the secrecy offences that are in, I think, schedule 1 to the act still apply, as do the requirements on committee members to respect the classifications et cetera of the material that's put before them. That doesn't change, none of that is being amended.
…
I did hear the director-general say that he had to accept that, yes, that increases the risk, but being a public servant and having to work within a framework very similar to yourselves I believe that, where the framework is there and it's abided by, we shouldn't have those difficulties.
Part 9 - Other amendments
2.75The other proposed measure in the Bill not related to the Richardson Review is contained in Part 9 of Schedule 1 of the Bill. It relates to Ministerial directions to the Australian Secret Intelligence Service (ASIS) by the Foreign Minister under paragraph 6(1)(e) of the IS Act.
2.76This proposed amendment and its purpose are explained in similar terms in both the supplementary material for the Bill and the Department’s submission, as outlined in Chapter 1.
2.77The nature of the activities that may be undertaken by ASIS in response to the Ministerial directions necessitates a high level of sensitivity in considering the scope and impact of the potential amendments. Accordingly, the Committee received a classified submission from ASIS regarding the proposed changes, and held a classified briefing on 8 May 2023.
2.78The contents of the classified submission from ASIS cannot, for obvious reasons, be discussed in this report. However, the Committee was aided by ASIS’ identification of the need for the amendments, the process of consideration that ASIS undertook, and the legal and practical matters that the Committee should consider in assessing the appropriateness of the amendments.
2.79Dr Walker-Munro expressed concerns regarding the perceived disconnection between Ministerial directions specifying ‘activities’ with only optional reference to a legitimate purpose of ASIS under the IS Act:
The issue, as much as I have with it, is essentially that the Richardson review was very clear about making sure that these activities that are undertaken by NIC agencies are done with purpose. If parliament is looking to amend the legislation, I [see] no reason why there shouldn't be a reference to purpose—indeed, the explanatory memoranda and the submissions from the department this morning make clear reference to the fact that currently it is longstanding practice to talk about a purpose in relation to the types of activities that the minister may actually prescribe under the Intelligence Services Act. The problem is that if you're talking about a class of activities and that's all you talk about and there is no connection to a purpose then you're really just listing [off] a set of things that ASIS might choose to do or could do at some point in relation to some threat or in relation to some function or in some foreign operational theatre. There is no real granularity in terms of what is actually being done, for what purpose, to achieve a particular outcome. I fully accept that you could say, for example, and I will use the explanatory memoranda, that disrupting telecommunications is a class of activities, and you might undertake that for a purpose of preventing an individual from engaging in terrorism. That's the connection between the activities and the purpose. If all you're providing is a class of activities—say, the disruption of communications—you're not really achieving the purpose of those provisions, which is to provide that greater level of clarity about what the minister might want ASIS to do.
…
I think it's also about having ASIS being given a level of detail. If you're talking about the activities, that is the how. There should also then be a purpose, which is the why: Why are you doing these things? What's the outcome the minister wants you to achieve by engaging in those activities? There has already been reference in those documents to there being a purpose—the minister may say to do this for that purpose— but it's not something they are required to do by law.
2.80Additionally, in his written submission Dr Walker-Munro expressed concern regarding the ability for ASIS to satisfy itself that it is complying with the directions:
…the proscribed [sic] amendment does not actually provide further detail about what the Minister is authorising. The Explanatory Memorandum states that ‘[w]here a class [of activities] has been specified by the Minister, ASIS will be responsible for satisfying itself that a proposed activity falls within the specified class’. This raises the possibility that – consistent with the example in the Explanatory Memorandum – the Minister merely provides a “ballpark” of possible options within which ASIS is constrained to operate. This does not achieve any greater level of clarity about exactly what activities ASIS can undertake.
…
Given the highly volatile and uncertain environments in which ASIS operates offshore, it does not appear appropriate for the Minister to derogate responsibility for compliance in such a fashion, and may threaten either or both of the lives of ASIS officers or the operational integrity of their work. Instead, officers of ASIS should be free – subject to the existing restraints in the Act – to pursue the activities that are operationally justified within the purpose set out in the Ministerial direction and the Ministerial authorisation.
2.81In response to these concerns, Director-General of ASIS Ms Kerri Hartland tendered a public submission, which stated that:
It is not correct to state the amendment seeks to disconnect the activities under a Ministerial direction from their intended purpose. Section 6(1)(e) allows the Minister to direct ASIS to undertake “other activities”. The focus of the provision is intentionally narrowed to be on the activity and is not more broadly defined as the purpose. The amendment is not intended to change this. Instead, it provides more certainty as to how the activities can be described. Of particular importance is that it makes clear the activities can be described by way of a class. It does not fragment the operation of the Ministerial direction.
As noted above, section 6(1)(e) does not and has never specified what are the “other activities” which may be directed by the Minister. There are, however, a range of limits specified in the IS Act which will in practice limit what activities can be directed (see in subsections 6(4), (5B) and (6) and sections 11 and 12).
The amendment will not threaten the lives of ASIS officers or the operational integrity of their work. Instead, for the reasons identified above, it will provide greater certainty regarding the level of detail required in the Ministerial direction itself. By retaining the existing focus on the activities which may be directed, rather than broadening section 6(1)(e) to allow the Minister to direct ASIS solely by reference to a purpose, the amendment appropriately maintains Ministerial control. The Minister directs the activities or class of activities which ASIS may undertake. The Minister may choose, but is not required, to further limit this by purpose. ASIS considers the Minister has always been able to further limit the directed activities by reference to the purpose, but the amendment removes any doubt.
2.82The Law Council also expressed some concerns regarding the proposed amendments, with an initial observation that the EM and other resources do not provide adequate justification for the proposed changes, nor the potential human rights implications, recommending that:
…these issues be more fully explored in a Supplementary Explanatory Memorandum, or, alternatively, that Part 9 of Schedule 1 be split into a separate Bill and be considered separately with adequate time periods for consultation.
2.83Similar to Dr Walker-Munro, the Law Council expressed concern regarding the discretion potentially afforded to ASIS:
The Law Council is concerned that Part 9 of Schedule 1 to the Bill leaves an impermissibly wide ambit of discretion for ASIS. This carries the risk of undermining the primacy of ministerial responsibility and accountability as a key underpinning of the authorisation mechanism in Part 2 of the IS Act. Any ability for agency heads to give internal authorisation should be regarded as an exceptional measure.
2.84The Law Council argued that the proposed amendments may undermine the dual function of authorisation safeguards contained in sections 9, 9A or 9B of the IS Act, identifying three key design principles in relation to the authorisation mechanism in Part of the IS Act that it recommended to the Richardson Review:
- Ministerial responsibility and accountability must be given primacy in the design of authorisation mechanisms: In the absence of a judicial authorisation model for intelligence warrants in Australia (in contrast to all other countries in the Five Eyes alliance), Ministerial-level authorisation of the intrusive intelligence collection powers of ISA agencies, in relation to Australian persons, ought to be the default requirement. This should be conveyed clearly in the legislative text and structure of the ISA. A Ministerial approval model is preferable to a model of internal ‘self-authorisation’ by agency officials. Having regard to the gravity, intrusiveness, and covert nature of the intelligence collection powers of ISA agencies, Ministerial authorisation (in the absence of judicial authorisation) is essential to ensure visibility, responsibility and accountability. The primacy of Ministerial responsibility for the issuance of authorisations was also a significant guiding principle for the Richardson Review;
- Any ability for agency heads to give internal authorisation should be regarded as an exceptional measure: any devolution of responsibility for issuing such authorisations to ISA agency heads is properly regarded as an extraordinary measure, which is an exception to the general model of giving primacy to Ministerial responsibility and accountability for the issuance of authorisations to the agency. This power should therefore be limited to clearly defined circumstances of emergency or significant urgency;
- In all cases, authorisations must be subject to rigorous issuing thresholds, and administrative requirements to facilitate operational oversight (both Ministerial and independent): all forms of authorisation under Part 2 of the ISA (that is, both Ministerial and agency head authorisations) should be subject to rigorous statutory thresholds, and other legally binding safeguards relevant to their execution. Key safeguards include statutory record-keeping, reporting and notification requirements, which are important in facilitating oversight and accountability in relation to acts done in reliance on Part 2 authorisations, noting that such acts will generally attract the extensive immunities from legal liability under section 14 of the ISA.
- In response to these concerns Ms Hartland submitted that:
Given the nature of ASIS activities there are some limits on the level of detail which can be provided in the Explanatory Memorandum. ASIS has provided the Committee with a classified submission which is intended to provide additional justification for the amendment.
…
There are no human rights implications as a result of the change. Section 6(1)(e) currently allows the Minister to direct ASIS to undertake “other activities”. This will not change. All that will change is that there will be greater certainty about the level of detail required in the direction itself. The types of possible activity to disrupt terrorism identified in the Explanatory Memorandum could already be the subject of Ministerial direction. The practical effect of the amendment is to make clear that activities cannot be described in the direction solely by reference to their purpose, but the description can be of a general or specific nature or by way of a class or classes of activity.
We consider the amendment is consistent with the three key design principles identified in the Law Council submission.
The amendment maintains the key role for the Minister by retaining the focus on the Minister’s power to direct an activity. The purpose of the amendment is to provide greater certainty as to the level of detail required in the direction. Also, under section 8(2)(a) of the IS Act the Minister can provide further direction to ASIS in the performance of its functions, including in relation to activities under a section 6(1)(e) Ministerial direction.
The amendment does not enable internal authorisation by an agency head. The Minister must direct the activity. Where the Minister has directed the activity by way of a class, ASIS will be bound by the scope of that class. However, as recognized in the Explanatory Memorandum, in practice, where ASIS has been directed to undertake an activity by way of a class ASIS will be responsible and accountable for ensuring any activity it undertakes falls within that class. The IGIS will oversight ASIS’s assessment of this. In this regard, it will operate in the same way as the current classes relating to Ministerial authorisaton in section 8. Under section 8 the Minister may direct ASIS to produce intelligence on a class of Australian persons and ASIS is responsible and accountable for ensuring the Australian persons on whom it produces intelligence fall within the specified class.
The amendment does not change the requirement for rigorous issuing thresholds and administrative operational oversight. The direction must relate to activities. The other IS Act limitations remain. ASIS remains subject to the operational oversight of the IGIS. The existing requirement to maintain suitable records to enable this oversight is unchanged.
2.86During its classified briefing the Committee was provided with evidence in-camera by ASIS and the IGIS. This evidence provided additional information explaining the need for the amendment, which is proposed to provide greater clarity in the ISA. The current uncertainty relates to the level of detail required in a Ministerial direction issued under paragraph 6(1)(e) of the ISA. The concern has arisen in the context of a classified IGIS report that looked at ASIS's compliance with a particular overarching classified Ministerial direction, and whether the activities undertaken by ASIS in accordance with the direction met the requirements of paragraph 6(1)(e). While the IGIS report did not make any findings relating to compliance with Australian law more generally, it did find that the direction was at too high a level unless ASIS sought specific approval from the Minister for each individual activity. The evidence provided demonstrated the need for more certainty about the level of detail required for the Minister to describe the directed activities under paragraph 6(1)(e) in order to avoid a similar situation arising in the future.