2. Consideration of the Bill
   1. This chapter discusses the key measures of the Bill, including how they purport to respond to the relevant recommendation of the Comprehensive Review, and the evidence received in relation to them.
   2. The Bill contains a number of amendments to clarify language or the operation of certain provisions, about which no concerns were raised in evidence submitted to the inquiry. These clauses are not considered further within this report.
   3. The Committee received four submissions from Australian Government departments and agencies, including the Department of Home Affairs, which all supported the proposed amendments in the Bill of relevance to them. The Committee received one submission from a non-governmental organisation—Chris Taylor of the Australian Strategic Policy Institute (ASPI)—which also expressed support for the proposed amendments. The Committee notes that some intelligence agencies affected by these changes, in particular the Australian Signals Directorate (ASD), did not contribute to the inquiry.
   4. As discussed in Chapter 1, the main purpose of the Bill is to implement recommendations of the Comprehensive Review. In particular, the recommendations relate to:

• ASIO’s security assessment function (Part IV of the ASIO Act) including the definition of ‘prescribed administrative action’ (PAA), obligations on ASIO to report delays in security assessments and communication of information to states[1] or authorities of states;
• creating stronger protections for the identities of the Australian Secret Intelligence Service (ASIS) and ASIO staff members;
• consolidating pre-existing secrecy offences contained in the IS Act; and
• amending and clarifying authorisation thresholds and processes for certain intelligence activities.
  5. The Bill also seeks to repeal and replace the current publication offence in the ASIOAct (section 92) to account for changes in communications technology and to introduce a new disclosure offence; and to lower the approval level for the furnishing of non-prejudicial security clearance suitability assessments (PartIVA of the ASIO Act) for improved efficiency in ASIO’s processing of them.

ASIO’s security assessment function: Part IV of the ASIO Act

2.6The amendments proposed in Schedule 1 of the Bill would amend Part IV of the ASIO Act which, amongst other things, sets out the manner in which ASIO may provide advice to Commonwealth agencies, states and authorities of a state in relation to security assessments. It also provides a mechanism for review of adverse or qualified security assessments in the Administrative Appeals Tribunal (AAT).[2]

2.7A security assessment is a statement in writing furnished by ASIO to a Commonwealth agency, state or authority of a state, expressing any recommendation, opinion or advice on, or otherwise referring to, the question whether it would be consistent with the requirements of security for prescribed administrative action to be taken in respect of a person, or whether the requirements of security make it necessary or desirable for prescribed administrative action to be taken in respect of a person.[3]

Definition of prescribed administrative action

2.8Section 35(1) of the ASIO Act defines ‘prescribed administrative action’ in relation to ASIO’s security assessment function. The main effect of a decision or action being captured within the definition of PAA is that where ASIO communicates information to the relevant Commonwealth or state body that does, or is likely to, result in PAA being taken, it gives rise to certain notification and review rights for the affected person. The definition of PAA effectively determines when ASIO is required to provide advice in the form of a security assessment and when it is not.[4]

2.9Currently PAA is defined as an action that relates to or affects access by a person to any information or place, access to which is controlled or limited on security grounds; or a person’s ability to perform an activity in relation to, or involving, a thing (other than information or a place), if that ability is controlled or limited on security grounds; as well as the exercise by decision-makers of explicit powers under the Migration Act 1958, the Australian Citizenship Act 2007 and the Australian Passports Act 2005, the Telecommunications Act 1997, the Security of Critical Infrastructure Act 2018, and the Data Availability and Transparency Act 2022.[5]

2.10When ASIO provides security advice to a Government agency (state or Commonwealth) which may be relied on by that agency to take PAA in relation to a person, Part IV requires that the advice be provided in the form of a security assessment. If the receiving agency is not likely to take PAA on the basis of the ASIO advice, ASIO does not need to provide the advice in the form of a security assessment.[6]

2.11The purpose of these arrangements is to enhance the transparency and accountability of ASIO’s security advice, where the advice has the potential to have adverse effects on the person subject to it.[7]

2.12The proposed amendments set out in Schedule 1 of the Bill would have the effect of:

• expanding the definition of PAA to include decisions relating to parole, firearms licences and security guard licences;[8]
• introducing a regulation-making power for ASIO to designate new actions as PAA;[9] and
• clarifying the application of definitions in section 35 throughout Part IV, including explicitly exempting ASIO assessments prepared for the purpose of providing information to the Foreign Investment Review Board (FIRB) from the operation of Part IV of the ASIO Act.[10]
  13. These amendments are predominantly in response to three recommendations of the Comprehensive Review:

• Recommendation 193: The definition of ‘prescribed administrative action’ in the Australian Security Intelligence Organisation Act should be amended to include the exercise of powers or functions in relation to parole, security guard licences and firearms licences.[11]
• Recommendation 194: A regulation making power should be inserted into the definition of ‘prescribed administrative action’ in the Australian Security Intelligence Organisation Act.

1. The regulation making power should allow regulations to add an action to the definition of ‘prescribed administrative action’ where that action has potential to affect an individual’s liberty or livelihood. Matters relating to security would be a key consideration in taking that action.
2. Regulations made under the regulation making power should be reviewed by the PJCIS before the end of the applicable disallowance period in each Chamber prior to coming into effect.[12]

• Recommendation 197: ASIO security assessments prepared for the purpose of informing the Foreign Investment Review Board should be exempted from the operation of Part IV of the Australian Security Intelligence Organisation Act.[13]
  14. Submissions from ASPI, ASIO and the Department of Home Affairs all included statements of support for the proposed amendments to the definition of PAA. ASIO submitted:

By specifying which administrative decisions are considered to be prescribed administrative action, ASIO would have certainty about when security advice is required to be given in the form of a security assessment.[14]

Decisions about parole, firearms licences and security guard licences

2.15The Comprehensive Review observed that the current definition of PAA in paragraph 35(1)(a) of the ASIO Act is open to interpretation and considered that it may be open to conclude that security assessments informing the grant of a security guard licence, a parole decision, or a firearms licence do not fall within the definition of PAA.[15] This was the genesis of recommendation 193.

2.16Providing that decisions about parole, firearms licences and security guard licences are prescribed administrative actions will ensure that affected persons have access to the notification and review rights available under Part IV.[16]

2.17The submission from ASPI stated,

the extension of the term’s application to prescribed administrative actions in relation to (more non-traditional) uses such as probation, and gun and private security licences, etc seems a reasonable adaptation to the proliferation of such security-based decision-making outside of the Commonwealth.[17]

Adding classes of PAA by regulation

2.18The Bill also proposes the addition of a regulation-making power for ASIO to introduce new classes of PAA, in response to recommendation 194 of the Comprehensive Review. Currently, changes to the definition of PAA require legislative amendment through an Act of Parliament. The proposed insertion of new paragraph 35(1)(i) and section 36AA into the ASIO Act would permit ASIO to make regulations to prescribe an action as PAA if:

1. the action is likely to affect a person’s liberty or livelihood; and
2. matters relating to security would be a primary consideration in deciding whether to take the action.[18]
   19. To ensure that parliamentary scrutiny still occurs, proposed subsection 36AA(2) would require that the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review the relevant regulations as soon as possible after they are made and report the Committee’s comments and recommendations to each House of the Parliament before the end of the applicable disallowance period for that House.
   20. According to the Department of Home Affairs’ submission:

Inserting a regulation-making power will allow for new categories to be added quickly into the definition of PAA … This will ensure ASIO advice continues to be appropriately subject to notice and review rights as new categories of decisions requiring security advice emerge.[19]

Exclusion of foreign investment advice

2.21In addition to clarifying what is included under the definition of PAA, the proposed amendments also seek to clarify what is excluded. Under the Foreign Acquisitions and Takeovers Act 1975, the Treasurer may make orders to prohibit a foreign entity from taking certain action on grounds relating to national security. In considering whether to make such a decision, ASIO may provide advice relating to security to the Treasurer.[20] The proposed amendments would insert a new subsection 35(1A):

A decision made under the Foreign Acquisitions and Takeovers Act 1975 or the regulations under that Act is not prescribed administrative action.[21]

2.22The Comprehensive Review observed that in the case of foreign companies it is incongruous that merits review should be available in respect of ASIO security assessments when the Treasurer’s decisions under the Act are exempt from review.[22]

2.23ASPI expressed the view that ‘it is sensible to exclude analysis provided by ASIO to the Foreign Investment Review Board (FIRB) from the characterisation of “security assessment”’.[23]

2.24The Department of Home Affairs submitted that

foreign companies seeking to make major investments in Australia have the potential to pose a risk to national security. Normally, these companies are making legitimate investments that can benefit Australian national and local economies. However, some companies have links to the governments of foreign states or are obliged to comply with laws in their home country to share information with state authorities. As foreign companies are not Australian it would be inappropriate to permit access to the notification and review rights in Part IV of the ASIO Act.[24]

Preliminary communications in advance of furnishing a security assessment

2.25Currently, Part IV of the ASIO Act treats the communication of security advice by ASIO in urgent circumstances differently depending on whether that advice is being communicated to a Commonwealth agency or a state (including via a Commonwealth agency).[25] A Commonwealth agency may take action of a temporary nature on the basis of a preliminary communication by ASIO—that is, a communication which is not provided in the form of a security assessment—if the Commonwealth agency is satisfied that the requirements of security make it necessary to take that action as a matter of urgency, pending the furnishing of an assessment by ASIO.[26] There is no equivalent provision for state agencies.

2.26Part 2, Division 3 of Schedule 1 of the Bill would amend ASIO’s functions as outlined in section 17 of the ASIO Act to include making preliminary communications to a state or an authority of a state.[27]

2.27It would also introduce a new subsection 40(1A) to enable ASIO to communicate information, whether directly, or indirectly through a Commonwealth agency, to a state or an authority of a state for the purpose of enabling certain PAA to be taken, where it would be necessary as a matter of urgency to take that action.[28] These provisions are modelled on existing section 39 of the ASIO Act, which provides the same to Commonwealth agencies.[29]

2.28This proposed amendment would implement recommendation 198 of the Comprehensive Review:

The [ASIO] Act should be amended to allow ASIO to make a preliminary communication directly to a state or territory agency where the requirements of security make it necessary, as a matter of urgency, to take action of a temporary nature pending the furnishing of a security assessment.[30]

2.29The submissions from ASPI, ASIO and the Department of Home Affairs expressed support for the proposed amendments as providing greater flexibility for ASIO. ASIO stated:

ASIO supports the amendments enabling the Organisation to communicate information … for the purpose of enabling that State or authority to take certain PAA of a temporary nature as a matter of urgency, pending the furnishing of a security assessment.

This replicates the current arrangement for Commnonwealth agencies and removes a barrier to the State or authority of a State from taking temporary, urgent action where the requirements of security make it necessary.[31]

2.30As a consequence of the proposed amendments to the definition of PAA, the Bill would also clarify that action of a temporary nature includes the new classes of PAA, outlined above.[32]

2.31However, the ASIO Act does not define action ‘of a temporary nature’, nor provide review rights to individuals in relation to such temporary actions.

New reporting requirements for delayed security assessments

2.32Currently, an individual who is the subject of a security assessment has no access to recourse, other than making a complaint to the Inspector-General of Intelligence and Security (IGIS), where there is unreasonable delay in the furnishing of that assessment by ASIO.[33]

2.33The Bill would introduce new sections 41 and 42 into the ASIO Act requiring the Director-General of Security, in accordance with a written protocol, to notify the IGIS of a delay of more than 12 months in finalising a security assessment after ASIO starts to prepare the assessment under Part IV of the ASIO Act. The same requirement is proposed in Part 2 of Schedule 4 of the Bill for security clearance decisions and security clearance suitability assessments under the newly established Part IVA of the ASIO Act.

2.34This proposed amendment to Part IV of the ASIO Act arose from recommendation 199 of the Comprehensive Review, which concluded:

The Australian Security Intelligence Organisation Act should be amended to require ASIO to notify the IGIS in every instance where it has taken more than 12 months to finalise a security assessment, and subject to the requirements of security, notify the individual in writing of their ability to make a written complaint under the Inspector-General of Intelligence and Security Act. If the requirements of security do not permit notification of the individual, IGIS must be notified of this fact.[34]

2.35Proposed section 42 would require that a written protocol be put in place to establish the mechanism for ASIO’s notifications to the IGIS. According to the Bill, the protocol must specify when ASIO is taken to have started to prepare the assessment, the period in which notification of a delayed assessment or decision must be made, and the information to be included in the notification. It must also contain steps to be taken by ASIO in relation to the delayed security assessment after notifying the IGIS and may specify other requirements the Director-General of Security considers appropriate. Notification to the IGIS would not be required where the security assessment is no longer necessary or where ASIO had initiated the preparation of the security assessment, rather than in response to a request.[35]

2.36In the Australian Government’s 2020 response to the Comprehensive Review, it agreed that it would amend the ASIO Act to require the Director-General of Security and the IGIS to agree upon a protocol for the handling of these matters. However, the Government rejected the recommendation that ASIO should notify the affected individual of their ability to make a complaint to the IGIS.[36] The Government response stated:

The IGIS will be given greater visibility of lengthy security assessments and will be able to consider the reasons for, and reasonableness of, the delay in finalising them through the requirement for ASIO to notify the IGIS. This approach avoids any risk of individuals and their associates gaining an understanding of the precise prioritisation of ASIO’s categories of security assessments, which may allow those people to modify their behaviour and activities to obscure matters of security interest.

The Review’s recommendation that ASIO notify individuals of their ability to make a complaint to the IGIS was intended to ensure that individuals were aware of this right. As such, the Government considers that the most appropriate solution is for individuals to be better alerted to that right, for example through changes to relevant application forms or guidance material.[37]

2.37ASIO and the Department of Home Affairs were both supportive of the proposed amendments. ASIO submitted that the required protocol would

provide mechanisms to ensure that the IGIS is notified of any delayed assessments or decisions, but would not compel ASIO to re-prioritise, or rectify any aspect of, those cases which are delayed.[38]

2.38The Office of the IGIS offered a different perspective:

The Inspector-General understands that these requirements are designed to ensure that the protocol includes steps which ASIO must take beyond mere notification, such as providing an explanation to the Inspector-General of the reasons for the delay, directions to take steps as set out in relevant ASIO policies or procedures, or requiring relevant senior executive officers to be briefed.

…

The Inspector-General recognises that the protocol will need to be classified in order to operate as intended, noting the types of information that are likely to be included in the protocol, such as how ASIO manages different classes of security assessments … this lack of transparency is balanced by the requirement that the Inspector-General is consulted on the protocol’s development and his ability to oversee the implementation of the protocol in accordance with his usual practices.[39]

Protecting identities and information

Cover employment for ASIO, ASIS and ASD staff members

2.39The ASIO Act and the IS Act do not currently include provisions for the use of cover employment for ASIO, ASIS or ASD staff members. This is despite, in the case of ASIO and ASIS, employees being required by law to not disclose the true nature of their employment:

• Section 41 of the IS Act prohibits the identification of a person as being, or having been, an agent or staff member of ASIS, other than the Director-General of ASIS or such persons as determined by the Director-General.
• Section 92 of the ASIO Act prohibits a person from publishing or causing to be published that a person is an ASIO employee or affiliate, without the written consent of the Minister or Director-General of Security.
  40. To avoid breaching these laws, ASIS and ASIO staff members need to use cover arrangements in a wide range of personal situations where the person’s employer needs to be identified, including for banking and insurance purposes.[40]
  41. During the conduct of the Comprehensive Review it was considered that the use of cover employment could give rise to a number of offences, including those relating to fraud and false or misleading statements.[41] While the risk of prosecution for the use of cover employment was considered to be low, the Comprehensive Review considered it appropriate to enable ASIS and ASIO staff members to use cover employment with confidence. This resulted in two recommendations:

• Recommendation 70: The Intelligence Services Act should be amended to provide that the Director General of ASIS can authorise the use of a Commonwealth department or agency as the cover employer for ASIS officers.
• Recommendation 71: The Australian Security Intelligence Organisation Act should be amended to provide that the Director-General of Security can authorise the use of a Commonwealth department or agency as the cover employer for ASIO employees and affiliates.[42]
  42. Part 1 of Schedule 2 of the Bill would amend the IS Act and the ASIO Act to give effect to these recommendations. New provisions would allow the Directors-General of ASIO, ASIS and ASD to authorise, in writing, the use of a Commonwealth department or agency (Commonwealth authority) as the cover employer of their staff members. The relevant Director-General would only be able to provide their authorisation after consultation with that department or agency.
  43. In response to this proposed amendment, ASIO submitted:

To protect the identities of our staff, ASIO employees and affiliates need to use cover arrangements to avoid disclosing their connection with ASIO in some circumstances. The proposed amendment formalises and updates existing cover arrangements. It will enable ASIO employees and affiliates to identify another Commonwealth authority as their employer or place of work where it would be inappropriate, for security reasons, to identify ASIO as their employer or place of work.[43]

2.44In addition to providing legal protection for staff members deploying cover arrangements, the proposed amendments would also codify protections for third parties who assist staff members with cover employment arrangements in the course of their official duties. Proposed section 41AC of the IS Act and proposed section92D of the ASIO Act would provide third parties with protection from criminal liability in this regard.

2.45ASIS noted that:

The period for which the current or former staff member may identify a Commonwealth authority as their employer or place of work, is limited to those periods in which that person is or was a staff member.[44]

2.46The Comprehensive Review did not explicitly recommend that these cover provisions extend to ASD staff members, but they have been included in the proposed amendments to the IS Act to mirror those for ASIS. This would allow the Director-General of ASD to authorise the use of a Commonwealth authority as the cover employer for staff members of ASD. The Comprehensive Review considered the merits of introducing a specific secrecy offence prohibiting the disclosure of information identifying an ASD employee, but it concluded that such an offence was not required, due to there being

no risk to the life or safety of informants and sources (which provides strong justification for these offences for ASIO and ASIS) in the case of ASD due to the different nature of its work.[45]

2.47No information about the need or basis for the Bill’s extension of these arrangements to ASD is included in the EM, and no evidence was provided to the Committee on this matter.

2.48ASPI commented that the rationale of secrecy provisions is

to protect individuals from physical harm (eg from those seeking to undertake politically motivated violence) [and] to shield them from counter-intelligence threats (ie from adversarial foreign intelligence services who might wish to coerce, compromise or disrupt them). The ultimate adversarial intention is to compromise Australian intelligence operations, given the identification of intelligence staff is often key to identifying sources and operational methods.[46]

2.49In relation to the implementation of recommendations 70 and 71 and the proactive expansion to include ASD, the submission from ASPI noted,

the proposed changes both reflect the growing importance of ‘intelligence as contest’ and a punctiliousness on the part of the government … to cross every possible ‘T’ and dot every ‘I’ on these matters.[47]

Consolidation of secrecy offences in the IS Act

2.50Currently, the IS Act creates specific secrecy offences which prohibit the unauthorised communication of information, the unauthorised recording of information and the unauthorised dealing with records for each of the agencies governed by the Act: ASIS, ASD, the Australian Geospatial-Intelligence Organisation (AGO) and the Defence Intelligence Organisation (DIO). This creates a total of 12 separate offences specific to each agency.

2.51A practical effect of this is that charging a person with one of those offences would immediately identify their association with a particular agency. For ASIS, this is particularly problematic given that the identity of ASIS staff members is protected under law and any prosecution would reveal their true name.

2.52The Bill proposes consolidating these 12 separate offences (each applying to one agency at a time) into three offences capturing all the IS Act agencies in each offence. This would not alter the scope of any of the offences as for each of the agencies the current offences are expressed in identical language.

2.53This amendment is in response to recommendation 143 of the Comprehensive Review, which stated:

The secrecy offences in sections 39-40M of the Intelligence Services Act should be consolidated. The scope of the offences should not be expanded.[48]

2.54Australia’s secrecy provisions have been the subject of significant consideration over the past several years. In its 2018 Advisory Report on the National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017, this Committee recommended that the Attorney-General’s Department consider the need for specific secrecy offences contained in other Commonwealth legislation, following the commencement of the new general offences in the Criminal Code Act 1995 (Criminal Code).[49]

2.55Due to the existence of these other secrecy offence reviews, the Comprehensive Review in 2019 only considered the secrecy offences in the IS Act, and avoided broader consideration of the efficacy of secrecy offence provisions, so as not to duplicate efforts.[50] Mr Richardson limited his consideration to the option of either repealing the IS Act secrecy offences and instead relying on the general secrecy offences in part 5.6 of the Criminal Code, or keeping the offences in the IS Act and simply consolidating them to remedy the issue identified by ASIS of possible disclosure of identities.

2.56In 2023 the Attorney General’s Department published its Review of Secrecy Provisions: Final Report. It expressed support for individual Government departments working to consolidate secrecy offences, while noting that ‘by itself this would not reduce the high number of secrecy offences, nor the complexity and fragmentation’ that has resulted.[51]

2.57In January 2024 the INSLM commenced a review of the secrecy provisions in Part 5.6 of the Criminal Code.[52] One of the questions the INSLM’s review intends to look at is whether it is more appropriate to have the secrecy offences for the six main intelligence agencies in the Criminal Code rather than replicating offences in the IS Act, the ASIO Act and the Office of National Intelligence Act 2018.[53]

2.58There is therefore a possibility that additional recommendations for legislative amendment may arise out of the INSLM’s review later this year.

Protection from disclosure under the Archives Act

2.59The Archives Act 1983 (Archives Act) creates an access regime under which members of the public (either by request or through public release) can access Commonwealth records after a certain period. The Archives Act applies to all NIC agencies, but there are broad exemptions that apply with respect to the release of certain information.

2.60The Comprehensive Review considered whether there should be a class exemption under the Archives Act for documents that reveal the identities of ASIS and ASIO staff members or agents and other sensitive material relating to intelligence agencies. This resulted in recommendation 190, which stated:

The identities of ASIO and ASIS staff members and agents should be protected from disclosure under the Archives Act.[54]

2.61The proposed provisions in Part 2 of Schedule 3 of the Bill would amend the Administrative Appeals Tribunal Act 1975 and the Archives Act to give effect to this recommendation.

2.62Across the submissions received, there was widespread support for the introduction of such amendments in line with the recommendation of the Comprehensive Review. ASPI submitted:

This is a positive move that will help clarify much decision-making around archival releases, although I anticipate it might possibly exacerbate some consternation experienced around non-release of cabinet materials where there are incidental references to such persons in those documents.[55]

2.63No evidence expressing such concerns was submitted to this inquiry.

Publication of ASIO identities: updated and new offences

2.64Section 92 of the ASIO Act currently makes it an offence for a person, except with the consent in writing of the Minister or the Director-General of Security, to publish or cause to be published, including through various means, any matter stating, or from which it could reasonably be inferred, that a person having a particular name or otherwise identified is a current or former ASIO employee or ASIO affiliate.

2.65Part 4 of Schedule 2 of the Bill would repeal and replace section 92 with an updated publication offence omitting reference to specific methods of publication, instead making it an offence for a person to make information public, or to cause or permit information to be made public, that identifies a current or former ASIO employee or affiliate. The Bill also proposes the addition of a new section 92A which would make it an offence for a person to disclose information to another person or engage in conduct that results in information being disclosed to another person that identifies or could reasonably lead to the identification of a current or former ASIO employee or affiliate, where the person possesses any of the below states of mind:

• intent to endanger the health or safety of a person;
• intent to prejudice the effective performance of the functions or duties, or the effective exercise of the powers, of ASIO;
• knowledge that the disclosure will endanger the health or safety of a person; or
• knowledge that the disclosure will prejudice the effective performance of the functions or duties, or the effective exercise of the powers, of ASIO.
  66. ASPI commented that the Bill ‘suitably updates the existing publication offence in the ASIO Act to reflect the evolved media landscape’ but made no mention of the additional identification offence.[56]
  67. ASIO submitted:

Disclosure of the identity of an ASIO employee or affiliate could hamper their ability to carry out their covert duties; this could damage ASIO’s ability to perform its functions. In addition, ASIO employees and affiliates continue to face great personal risk, including risk to life, if their identities are made public, published or inappropriately disclosed.

The section 92 offence references methods of publication that have failed to keep pace with the introduction of modern forms of publication and communication. The amendments in the Bill would ensure the publication offence remains current by removing references to specific publication methods, so that the offence will apply regardless of the means by which the information is made public.[57]

2.68In relation to the additional offence, ASIO’s submission stated that:

This offence brings protections for the identity of ASIO employees and affiliates into closer alignment with other intelligence staff under section 41 of the Intelligence Services Act 2001.

2.69The Department of Home Affairs provided additional context to proposed sections 92 and 92A, stating:

The Department also notes the amendments align with 9 of 12 principles for framing secrecy offences set out in the Review of Commonwealth Secrecy Offences. The amendments do not align with two of the principles and one of the principles is not applicable.

1. The amendments do not align with Principle 6 ‘Secrecy Offences should clearly identify any third parties regulated by the offence and separate offences should apply to third parties’ and Principle 7 ‘Offences capturing third parties should have a higher threshold for establishing criminal liability’. The ASIO Act offences do not treat third parties separately as ASIO staff members should not be exposed to harm by virtue of their association with ASIO, regardless of who makes the association public.
2. Principle 12 ‘All Commonwealth departments and agencies should regularly review specific secrecy offences in legislation they administer as part of reviews of legislation and legislative instruments,’ is not applicable.[58]
   70. The Committee received no evidence that consideration had been given to how these new provisions would interact with pre-existing secrecy offences in Commonwealth legislation.

Authorisations for intelligence activities

2.71Schedule 3 of the Bill proposes amendments to clarify several approval processes for intelligence activities in the IS Act and the ASIO Act.

2.72Currently, before authorising an activity against an Australian person under section 9 of the IS Act, the responsible Minister for ASIS, AGO or ASD must first obtain the agreement (orally or in writing) of the Attorney-General.[59]

2.73Part 1 of Schedule 3 of the Bill would amend the IS Act to enable the relevant Minister to give an authorisation to ASIS, AGO or ASD to undertake certain activities in respect of Australian persons, in circumstances where Australian persons are, or are likely to be, involved in activities that are, or are likely to be, a threat to security or, involved with a listed terrorist organisation, without first obtaining the agreement of the Attorney-General. However, the authorisation would not take effect unless and until the agreement of the Attorney-General had been obtained.

2.74This amendment would give effect to recommendation 2 of the Comprehensive Review:

The sequencing of steps required in the Intelligence Services Act’s ministerial authorisation process should be adjusted to enable the responsible minister to authorise an Intelligence Services Act agency to produce intelligence on an Australian person and then seek the Attorney-General’s agreement to that authorisation. The authorisation would not take effect until the Attorney-General has given agreement.[60]

2.75The Department of Home Affairs and ASIS both supported the proposed amendments. ASIS commented:

ASIS supports this measure to improve and streamline ministerial processes for threat to security ministerial authorisations and provide flexibility and potential efficiencies in the approval process for ministerial authorisations on these grounds.[61]

2.76ASPI described it as:

a minor but otherwise sensible refinement to the process for Ministerial Authorisations (MAs) under the Intelligence Services Act sought on security grounds, such that in the future a MA can be signed by the Attorney General or the Defence/Foreign Minister in either order. Regardless, both the Attorney General and the relevant Minister will both still need to sign before an authorisation becomes effective or commences.[62]

2.77The Office of the IGIS similarly expressed support for the amendments as implementation of recommendation 2. However, particular attention was drawn to the comment in the EM that states the relevant minister would only provide authorisation before the Attorney-General where it is operationally necessary:

The Inspector-General understands that these amendments are intended to provide flexibility for agencies in seeking ministerial authorisations where the Attorney-General’s agreement is required. It is anticipated that the relevant Minister would give an authorisation before the Attorney-General gives their agreement only where it is operationally necessary.[63]

2.78Subsection 9(1A) sets out, amongst other things, the preconditions that must be met before a minister authorises either the production of intelligence against an Australian person or class of Australian persons, or an activity that will or is likely to have a direct effect on an Australian person or class of Australian persons by ASIS, AGO or ASD. Currently, one of these prerequisites is that the minister be satisfied that the Australian person, or class of Australian persons is, or is likely to be, involved in ‘activities that present a significant risk to a person’s safety’.[64]

2.79Part 1 of Schedule 3 of the Bill would repeal and replace subsection 9(1A) of the IS Act to explicitly include circumstances where Australian persons are involved in ‘activities that present a significant risk to any person’s safety’, or where Australian persons are involved in activities relating to the contravention, or alleged contravention, of a United Nations sanction enforcement law.[65]

2.80These proposed amendments have not come from any Comprehensive Review recommendations.[66] Minimal explanation for the rationale for such a change in language was provided in the EM.[67]

2.81ASIS stated the policy rationale for this amendment is ‘to make the language of this provision consistent with other provisions of the Act’ and to ‘provide clarity around the application of the relevant provisions’.[68]

2.82The change in language from ‘a person’ to ‘any person’ and the explicit clarification in the EM that this includes instances where a person is engaged in activities that present a significant risk to their own safety could potentially be viewed as broadening the circumstances in which a minister can grant an authorisation. However, ASIS drew attention to the role of the IGIS in this respect

the IGIS oversights ASIS’s activities for legality, propriety and compliance with human rights. This includes the activities ASIS undertakes under ministerial authorisations.[69]

2.83The remainder of Schedule 3 of the Bill makes other proposed amendments to authorisations for certain intelligence activities, which would:

• amend the language in the ASIO Act and the TIA Act to clarify that references to the Attorney-General do not include a junior minister, although it may include a person acting as the Attorney-General. This is in direct response to recommendation 17 of the Comprehensive Review;[70] and
• amend the ASIO Act to specify that applications to the Attorney-General for a special intelligence operation authorisation should only be made by the Director-General of Security, per recommendation 68 of the Comprehensive Review.

ASIO’s security vetting and security clearance related activities: refinements to Part IVA of the ASIO Act

2.84Currently, under subsection 16(1C) of the ASIO Act, the Director-General of Security may delegate the power or function under subsection 82D(1) to furnish a security clearance suitability assessment to an ASIO employee or affiliate who holds or is acting in a position in ASIO that is equivalent to or higher than an Executive Level 1 (EL1) position. This makes no distinction between furnishing a prejudicial and a non-prejudicial security clearance suitability assessment.

2.85As well as clarifying the definition of certain terms, proposed amendments to the ASIO Act in Schedule 4 of the Bill would confine this limitation on delegation to prejudicial security clearance security assessments (within the meaning of Part IVA of the ASIO Act). As a consequence of this amendment, subsection 16(1B) of the ASIO Act would allow the Director-General of Security to delegate their power or function to furnish non-prejudicial security clearance suitability assessments under paragraph 82C(1)(d) to ASIO employees or affiliates regardless of the substantive level of the position they hold.

2.86In its submission ASIO characterised this proposed amendment as ‘supporting quicker processing of non-prejudicial security clearance suitability assessments’ and stated that

ASIO supports these amendments, which are essential to ensure the effective operation of ASIO’s security vetting and security clearance related functions, taking into account the anticipated high volume of security clearance suitability assessments, while ensuring delegations remain commensurate with their impact on a clearance subject.

Employees and affiliates exercising the delegated function or power, regardless of substantive position, can be expected to have suitable training and experience to make non-prejudicial decisions, proportionate and appropriate to the significance of the decision being made.

The existing requirement for appropriate executive level approval of prejudicial security clearance suitability assessments would be unchanged.[71]

2.87ASPI commented that these measures reflect ‘ASIO’s growing centrality to the conduct of security clearance work within the Australian Government’ and that,

this will aid in achieving efficiencies to address what is a lingering national security vulnerability—namely a mess of clearance lapses and delays.[72]

2.88As discussed above, Part 2 of Schedule 4 would mirror the proposed requirements for notifying the IGIS about delayed security assessments in Part IV to also apply to delayed security clearance decisions and suitability assessments in Part IVA of the ASIO Act.

Footnotes

[1]Throughout this report, references to states include references to Australian territories also, unless otherwise indicated.

[2]As of March 2024, a suite of legislation is before Parliament that would abolish the Administrative Appeals Tribunal (AAT) and establish a new administrative review body, to be named the Administrative Review Tribunal. The proposed legislation includes provisions that would transition AAT operations and matters to the new Tribunal.

[3]Australian Security Intelligence Organisation Act 1979, s. 35(1) (ASIO Act).

[4]D Richardson AC, Comprehensive Review, vol. 4, p. 69.

[5]ASIO Act, ss. 35(1)(a)–(f).

[6]D Richardson AC, Comprehensive Review, vol. 4, p. 69.

[7]D Richardson AC, Comprehensive Review, vol. 4, pp. 70–71.

[8]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 1, div. 1.

[9]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 1, div. 2.

[10]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 2, divs. 1–2.

[11]D Richardson AC, Comprehensive Review, vol. 4, p. 73.

[12]D Richardson AC, Comprehensive Review, vol. 4, p. 74.

[13]D Richardson, Comprehensive Review, vol. 4, p. 79.

[14]Australian Security Intelligence Organisation (ASIO), Submission 3, p. 4.

[15]D Richardson AC, Comprehensive Review, vol. 4, p. 72.

[16]Explanatory Memorandum to the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, Schedule 1, para. 33 (Explanatory Memorandum).

[17]Australian Strategic Policy Institute (ASPI), Submission 1, p. 3.

[18]Explanatory Memorandum, Schedule 1, para. 20.

[19]Department of Home Affairs, Submission 4, p. 8.

[20]Explanatory Memorandum, Schedule 1, para. 35.

[21]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 2, div.1, item 11.

[22]D Richardson AC, Comprehensive Review, vol. 4, pp. 77–78.

[23]ASPI, Submission 1, p. 3.

[24]Department of Home Affairs, Submission 4, p. 8.

[25]D Richardson AC, Comprehensive Review, vol. 4, p.79.

[26]ASIO Act, s. 39.

[27]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 2, div. 3, items 15 and 16.

[28]Explanatory Memorandum, Schedule 1, paras. 41, 52.

[29]ASIO Act, s. 39: subsection 39(2) provides an exception to the prohibition on a Commonwealth agency relying upon communication other than in the form of a security assessment to take prescribed administrative action in relation to a person, where that action is of a temporary nature and the requirements of security make it necessary to take that action as a matter of urgency pending the furnishing of an assessment by the Organisation.

[30]D Richardson AC, Comprehensive Review, vol. 4, p. 82.

[31]ASIO, Submission 3, pp. 4–5.

[32]National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Bill 2023, sch. 1, pt. 2, div. 4.

[33]D Richardson AC, Comprehensive Review, vol. 4, p. 82.

[34]D Richardson AC, Comprehensive Review, vol. 4, p. 86.

[35]Explanatory Memorandum, Schedule 1, para. 74.

[36]Commonwealth Government response to the Comprehensive Review of the Legal Framework of the National Intelligence Community, December 2020, p. 51 (Government Response).

[37]Government Response, p. 51.

[38]ASIO, Submission 3, p. 5.

[39]Inspector-General Intelligence and Security (IGIS), Submission 2, p. 3-4. See also Explanatory Memorandum, Schedule 1, paras. 84-85, 320.

[40]D Richardson AC, Comprehensive Review, vol. 2, p. 219.

[41]D Richardson AC, Comprehensive Review, vol. 2, p. 220.

[42]D Richardson AC, Comprehensive Review, vol. 2, p. 221.

[43]ASIO, Submission 3, p. 3.

[44]Australian Secret Intelligence Service (ASIS), Submission 5, p. 3.

[45]D Richardson AC, Comprehensive Review, vol. 3, p. 109.

[46]ASPI, Submission 1, p. 4.

[47]ASPI, Submission 1, p. 4 (citations omitted).

[48]D Richardson AC, Comprehensive Review, vol. 3, p. 117.

[49]Parliamentary Joint Committee on Intelligence and Security (PJCIS), Advisory Report on theNational Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017, paras. 4.188-190; DRichardson AC, Comprehensive Review, vol. 3, p. 99.

[50]D Richardson AC, Comprehensive Review, vol. 3, p. 99.

[51]Attorney-General’s Department, Review of Secrecy Provisions: Final Report 2023, p. 34, https://www.ag.gov.au/crime/publications/review-secrecy-provisions.

[52]www.inslm.gov.au/node/268.

[53]Jake Blight, Review of Secrecy Offences in Part 5.6 of the Criminal Code 1995: Issues Paper – January 2024, p. 6.

[54]D Richardson AC, Comprehensive Review, vol. 4, p. 55.

[55]ASPI, Submission 1, pp. 4–5.

[56]ASPI, Submission 1, p. 5.

[57]ASIO, Submission 3, p. 3.

[58]Department of Home Affairs, Submission 4, p. 11.

[59]Intelligence Services Act 2001, ss. 9(1A)(b), 9(1AAA)(b) (IS Act).

[60]D Richardson AC, Comprehensive Review, vol. 1, p. 194.

[61]ASIS, Submission 5, p. 5.

[62]ASPI, Submission 1, p. 5.

[63]IGIS, Submission 2, p. 6.

[64]IS Act, s. 9(1A)(a)(i).

[65]Explanatory Memorandum, Schedule 3, para. 247.

[66]ASIS, Submission 5, p. 5.

[67]Explanatory Memorandum, Schedule 3, paras. 244-251; Explanatory Memorandum, Statement of Compatibility with Human Rights, para. 3.

[68]ASIS, Submission 5, p. 5.

[69]ASIS, Submission 5, p. 5.

[70]D Richardson AC, Comprehensive Review, vol. 1, p. 314.

[71]ASIO, Submission 3,p. 6.

[72]ASPI, Submission 1, p. 5.