• Legal database
Legal database
EmailPrint
Back to browse
View full documentView full document Previous section | Next section
House of Representatives

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2022

Explanatory Memorandum

(Circulated by authority of the Minister for Home Affairs, the Honourable Karen Andrews MP)

GENERAL OUTLINE

1. The Bill implements the Government response to a number of recommendations of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review) led by Dennis Richardson AC. The measures in the Bill improve the legislative framework governing the National Intelligence Community (NIC) by addressing key operational challenges facing the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), the Defence Intelligence Organisation (DIO) and the Office of National Intelligence (ONI). The Bill also includes amendments recommended by the 2017 Independent Intelligence Review (IIR) and other measures intended to address important and pressing issues facing these agencies.

2. The Bill includes the following measures:

Schedule 1 enables ASIS, ASD and AGO to immediately undertake activities to produce intelligence where there is, or is likely to be, an imminent risk to the safety of an Australian person.
Schedule 2 enables ASIS, ASD and AGO to seek ministerial authorisation to produce intelligence on a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation.
Schedule 3 enables ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on an Australian person or a class of Australian persons where they are assisting the Australian Defence Force (ADF) in support of military operations.
Schedule 4 inserts new provisions which:

o
Amend the requirement for ASIS, ASD and AGO to obtain ministerial authorisation to produce intelligence on an Australian person to circumstances where the agencies seek to use covert and intrusive methods, which include methods for which ASIO would require a warrant to conduct inside Australia.
o
Make explicit the long-standing requirement for ASIS, ASD and AGO to seek ministerial authorisation before requesting a foreign partner agency to produce intelligence on an Australian person.

Schedule 5 enhances the ability of ASIS to cooperate with ASIO in Australia when undertaking less intrusive activities to collect intelligence on Australian persons relevant to ASIO's functions, without ministerial authorisation.
Schedule 6 amends section 13 of the Intelligence Services Act 2001 to provide that, for the purposes of carrying out its non-intelligence functions, AGO is not required to seek ministerial approval for cooperation with authorities of other countries.
Schedule 7 requires ONI to obtain Director-General approval when undertaking cooperation with public international organisations.
Schedule 8 extends the period for passport suspension and foreign travel document surrender from 14 to 28 days, to allow sufficient time for ASIO to prepare a security assessment.
Schedule 9 extends the immunity provisions provided to staff members and agents of ASIS and AGO for computer-related acts done outside Australia, in the proper performance of those agencies' functions, to acts which inadvertently affect a computer or device located inside Australia.
Schedule 10 requires DIO to have legally binding privacy rules, requires ASIS, ASD, AGO and DIO to make their privacy rules publicly available, and updates ONI's privacy rules provisions so that they apply to intelligence about an Australian person under ONI's analytical functions.
Schedule 11 includes ASD in the Assumed Identities scheme contained in the Crimes Act 1914.
Schedule 12 clarifies the meaning of an 'authority, of another country' in the Intelligence Services Act 2001.
Schedule 13 permits the Director-General of Security to approve a class of persons to exercise the authority conferred by an ASIO warrant in the Telecommunications (Interception and Access) Act 1979, clarifies the permissible scope of classes under section 12 of that Act and under section 24 of the Australian Security Intelligence Organisation Act 1979, and introduces additional record-keeping requirements regarding persons exercising the authority conferred by all relevant ASIO warrants and relevant device recovery provisions.
Schedule 14 makes technical amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.

3. The Bill amends the:

Intelligence Services Act 2001 (IS Act)
Criminal Code Act 1995 (Criminal Code)
Crimes Act 1914 (Crimes Act)
Australian Passports Act 2005 (Passports Act)
Foreign Passports (Law Enforcement and Security) Act 2005 (Foreign Passports Act)
Office of National Intelligence Act 2018 (ONI Act)
Inspector-General of Intelligence and Security Act 1986 (IGIS Act)
Australian Security Intelligence Organisation Act 1979 (ASIO Act), and
Telecommunications (Interception and Access) Act 1979 (TIA Act).

FINANCAL IMPACT

4. The Bill has nil financial impact.

COMMON ABREVIATIONS AND ACRONYMS

Abbreviation or acronym Meaning
ADF Australian Defence Force
AGO Australian Geospatial-Intelligence Organisation
AHO Australian Hydrographic Office
ASD Australian Signals Directorate
ASIO Australian Security Intelligence Organisation
ASIO Act Australian Security Intelligence Organisation Act 1979
ASIO Minister Minister responsible for administering the Australian Security Intelligence Organisation Act 1979
ASIS Australian Secret Intelligence Service
CDDA Scheme for Compensation for Detriment Caused by Defective Administration
Comprehensive Review Comprehensive Review of the Legal Framework of the National Intelligence Community
CRC Convention on the Rights of the Child
Crimes Act Crimes Act 1914
Criminal Code Criminal Code Act 1995
DIO Defence Intelligence Organisation
Foreign Fighters Act Counter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014
Foreign Passports Act Foreign Passports (Law Enforcement and Security) Act 2005
Hope Royal Commission 1974-77 Royal Commission on Intelligence and Security
ICCPR International Covenant on Civil and Political Rights
IGIS Inspector-General of Intelligence and Security
IGIS Act Inspector-General of Intelligence and Security Act 1986
IIR 2017 Independent Intelligence Review
IS Act Intelligence Services Act 2001
IS Act Agency Intelligence agency governed by the Intelligence Services Act 2001
NIC National Intelligence Community
ONI Office of National Intelligence
ONI Act Office of National Intelligence Act 2018
Passports Act Australian Passports Act 2005
PGPA Act Public Governance, Performance and Accountability Act 2013
PJCIS Parliamentary Joint Committee on Intelligence and Security
Privacy Act Privacy Act 1988
TIA Act Telecommunications (Interception and Access) Act 1979

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021

1. The Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Bill

2. This Bill implements the Government response to a number of recommendations of the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review) led by Dennis Richardson AC. The measures in the Bill improve the legislative framework governing the National Intelligence Community (NIC) by addressing key operational challenges facing the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), the Defence Intelligence Organisation (DIO) and the Office of National Intelligence (ONI). The Bill also includes amendments recommended by the 2017 Independent Intelligence Review (IIR) and other measures intended to address important and pressing issues facing these agencies.

3. The Bill includes the following measures:

Schedule 1 enables ASIS, ASD and AGO to immediately undertake activities to produce intelligence where there is, or is likely to be, an imminent risk to the safety of an Australian person.
Schedule 2 enables ASIS, ASD and AGO to seek ministerial authorisation to produce intelligence on a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation.
Schedule 3 enables ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on an Australian person or a class of Australian persons where they are assisting the Australian Defence Force (ADF) in support of military operations.
Schedule 4 inserts new provisions which:

o
Limit the requirement for ASIS, ASD and AGO to obtain ministerial authorisation to produce intelligence on an Australian person to circumstances where the agencies seek to use covert and intrusive methods, which include methods for which ASIO would require a warrant inside Australia.
o
Make explicit the long-standing requirement for ASIS, ASD and AGO to seek ministerial authorisation before requesting a foreign partner agency to produce intelligence on an Australian person.

Schedule 5 enhances the ability of ASIS to cooperate with ASIO in Australia when undertaking less intrusive activities to collect intelligence on Australian persons relevant to ASIO's functions, without ministerial authorisation.
Schedule 6 amends section 13 of the Intelligence Services Act 2001 to provide that, for the purposes of carrying out its non-intelligence functions, AGO is not required to seek ministerial approval for cooperation with authorities of other countries.
Schedule 7 requires ONI to obtain Director-General approval when undertaking cooperation with public international organisations.
Schedule 8 extends the period for passport suspension and foreign travel document surrender from 14 to 28 days, to allow sufficient time for ASIO to prepare a security assessment.
Schedule 9 extends the immunity provisions provided to staff members and agents of ASIS and AGO for computer-related acts done outside Australia, in the proper performance of those agencies' functions, to acts which inadvertently affect a computer or device located inside Australia.
Schedule 10 requires DIO to have legally binding privacy rules, for ASIS, ASD, AGO and DIO to make publicly available their privacy rules, and updates ONI's privacy rules provisions so that they apply to intelligence about an Australian person under ONI's analytical functions.
Schedule 11 includes ASD in the Assumed Identities scheme contained in the Crimes Act 1914.
Schedule 12 clarifies the meaning of an 'authority, of another country' in the Intelligence Services Act 2001.
Schedule 13 permits the Director-General of Security to approve a class of persons to exercise the authority conferred by an ASIO warrant in the Telecommunications (Interception and Access) Act 1979, clarifies the permissible scope of classes under section 12 of that Act and under section 24 of the Australian Security Intelligence Organisation Act 1979, and introduces additional record-keeping requirements regarding persons exercising the authority conferred by all relevant ASIO warrants and relevant device recovery provisions.
Schedule 14 makes technical amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.

4. The Bill amends the:

Intelligence Services Act 2001 (IS Act)
Criminal Code Act 1995 (Criminal Code)
Crimes Act 1914 (Crimes Act)
Australian Passports Act 2005 (Passports Act)
Foreign Passports (Law Enforcement and Security) Act 2005 (Foreign Passports Act)
Office of National Intelligence Act 2018 (ONI Act)
Inspector-General of Intelligence and Security Act 1986 (IGIS Act)
Australian Security Intelligence Organisation Act 1979 (ASIO Act), and
Telecommunications (Interception and Access) Act 1979 (TIA Act).

Human rights implications

5. The Bill engages the following rights under the International Covenant on Civil and Political Rights (ICCPR):

the right to an effective remedy in Article 2
the right to life in Article 6
the right to security of the person and freedom from arbitrary deprivation of liberty in Article 9
the right to freedom of movement in Article 12
the right to the presumption of innocence in Article 14
the right to privacy in Article 17
the right to freedom of expression in Article 19, and
the right to respect for the family in Articles 17(1) and 23.

6. The Bill engages the following rights under the Convention on the Rights of the Child (CRC):

the right to the child's best interests being a primary consideration in all decisions concerning them in Article 3
the right to life in Article 6
the right to freedom of expression in Article 13
the right to privacy in Article 16
the right to freedom from arbitrary deprivation of liberty in Article 37, and
the right to the presumption of innocence in Article 40.

7. The rights provided for in the ICCPR and the CRC apply to individuals within a country's territory or subject to its effective control. While a number of measures in the Bill relate predominantly to activities conducted outside Australia, Australia has accepted that there may be exceptional circumstances in which the rights provided for in the ICCPR and CRC may be relevant beyond its territory. In circumstances where Australia's human rights obligations are not engaged, certain rights may nonetheless be promoted by measures contained in the Bill.

Schedule 1 - Emergency authorisations

Overview of the current ministerial authorisation regime

8. Schedule 1 gives effect to recommendation 52 of the Comprehensive Review and recommendation 16(e) of the IIR. Currently, section 8 of the IS Act provides that the Minister responsible for each IS Act Agency must direct the agency to obtain an authorisation before undertaking certain activities, including activities undertaken for the purpose of producing intelligence on an 'Australian person' within the meaning of section 3 of the IS Act (an Australian citizen or permanent resident).

9. The core framework for the ministerial authorisation regime is contained in section 9 of the IS Act. Subsection 9(1) provides preconditions that a Minister must be satisfied of prior to giving an authorisation. Subsection 9(1A) provides additional considerations for activities regarding Australian persons. Additional requirements apply, under paragraph 9(1A)(b), if the Australian person, or class of Australian persons, is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security. Sections 9A to 9C contain a series of additional frameworks under which authorisation may be given in an emergency.

10. Currently, authorisations may only be given:

by the Minister responsible for the relevant IS Act Agency (existing section 9)
orally in an emergency situation, by the Minister responsible for the relevant IS Act Agency, the Prime Minister, the Attorney-General, another IS Act Minister or the Minister (ASIO Minister) responsible for administering the Australian Security Intelligence Organisation Act 1979 (ASIO Act) (existing section 9A), and
if no Minister is readily available or contactable, by the head of the relevant IS Act Agency (existing section 9B).

11. Despite amendments in 2014 to sections 9A and 9B, operational experience has demonstrated that the current emergency authorisation provisions in sections 9A and 9B do not support urgent action by the relevant agencies where an Australian person's life may depend on immediate action. This is an unintended consequence of the current ministerial authorisation framework, which is intended, among other things, to protect Australian persons. In circumstances where an Australian person is at imminent risk of harm, it is reasonable to assume that the person, if able, would consent to the collection of information intended to assist them.

Overview of the proposed amendments

12. Schedule 1 amends the IS Act to introduce section 9D, permitting authorised IS Act Agency heads (or their delegate/s) to make an urgent operational decision to produce intelligence on an Australian person, without first obtaining authorisation from a Minister. This applies only where there is an imminent risk to the Australian person's safety and it is not reasonably practicable to obtain their consent to the production of that intelligence, but it is reasonable to believe that the person would consent if they were able to do so. Imminent risk would arise in situations where, for example, an Australian person was involved in a hostage or kidnap situation, or an ongoing terrorist or mass casualty attack.

13. Enabling the production of intelligence on an Australian person would enable, for example, an agency to determine the location of the Australian person, which may in turn enable or facilitate Australian or foreign government authorities, or other persons or bodies, to take action to protect, or mitigate the risk of harm to, the Australian person. In these circumstances, time can be of the essence and the ministerial authorisation process, including the existing emergency authorisation provisions, can constitute a significant delay. Such a delay may present an unacceptable level of risk to the wellbeing, or indeed survival, of an Australian person. Several hours in an emergency situation may determine the difference between life and death. The scheme complements the existing emergency ministerial authorisation regime in sections 9A and 9B of the IS Act.

14. In order to issue an authorisation under the new regime, the head of the relevant agency must be satisfied that the facts of the case would justify the responsible Minister giving an authorisation under section 9. That is, the agency head must be satisfied that the conditions in subsections 9(1) and 9(1A) (apart from paragraph 9(1A)(b) are met.[1] Paragraph 9D(2)(b) requires the agency head to be satisfied that the responsible Minister would have given the authorisation.

15. Subsection 9D(3) provides that the agency head may specify conditions that must be observed when carrying out an activity under the authorisation.

16. The agency head may, in writing, delegate to a staff member any or all of the powers, functions or duties of the agency head under section 9D. In exercising a power or function under subsection 9D(14) the delegate must comply with any written directions of the agency head.

17. The new emergency authorisation provisions include a range of safeguards concerning record keeping and notification obligations. The agency head must:

notify the responsible Minister as soon as practicable but within 8 hours of giving the authorisation
create written records of any oral authorisation
create a summary of the facts that justified giving the authorisation, within 48 hours of giving the authorisation
provide the responsible Minister and the Inspector-General of Intelligence and Security (IGIS) such written records, and
provide the ASIO Minister and the Attorney-General these written records, if the Australian person is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security.

18. There are also a number of provisions in relation to the cancellation of the authorisation:

the responsible Minister, as soon as practicable after being given the records of the authorisation, must consider whether to cancel the authorisation
the responsible Minister can cancel the authorisation at any time, and
the agency head is required to cancel the authorisation if satisfied that there is not, and there is not likely to be, a significant risk to the safety of the Australian person or class of Australian persons.

19. Within 30 days of the IGIS being given the written records of the authorisation by the agency head, the IGIS must:

consider whether the agency head complied with the requirements of the section
provide the responsible Minister with a report on the IGIS's views concerning the extent of the compliance by the agency head with the requirements of the section, and
provide the Parliamentary Joint Committee on Intelligence and Security (PJCIS) with a copy of the conclusions of the report.

20. Subsection 9D(9) provides that the authorisation ceases to have effect at the earliest of the following times:

at the end of six months, starting on the day the authorisation is given
if the authorisation specifies a time when the authorisation ceases to have effect - that time
if the responsible Minister cancels the authorisation under subsection 9D(10) - the time of cancellation
if the agency head cancels the authorisation under subsection 9D(12) - the time of cancellation, or
if an authorisation for the activity, or series of activities, is given under section 9, 9A or 9B - the time the authorisation under section 9, 9A or 9B is given.

21. The maximum period of six months for an emergency authorisation is consistent with the maximum period for a ministerial authorisation given under section 9. Should the responsible Minister, upon receipt of the records of the emergency authorisation, choose not to issue a cancellation, the emergency authorisation will be taken to have received ministerial authorisation.

22. There are a range of additional safeguards that apply under the IS Act. Any intelligence produced on an Australian person can only be retained and communicated in accordance with the respective agency's privacy rules, made in accordance with section 15 of the IS Act. In making the rules, the relevant Minister must have regard to the need to ensure the privacy of Australian persons is preserved as far as is consistent with the proper performance by the agency of its functions. The IS Act also requires that agencies must not communicate intelligence, except in accordance with the privacy rules. The IGIS must brief the PJCIS on the content and effect of the rules if requested or if the rules change.

23. Section 11 provides further limits on IS Act Agencies' functions. Subsection 11(1) provides that the functions of the agencies are to be performed only in the interests of Australia's national security, Australia's foreign relations or Australia's national economic well-being and only to the extent that those matters are affected by the capabilities, intentions or activities of people or organisations outside Australia. Subsection 11(2) provides that IS Act Agencies' functions do not include police functions or any other responsibility for the enforcement of the law.

24. For ASIS, other limits continue to apply, including under subsections 6(4) and 6(6) of the IS Act (prohibition on paramilitary activities, violence against the person, or the use of weapons by ASIS staff members and agents, other than the provision and use of weapons or self-defence techniques in accordance with Schedule 2 or Schedule 3 of the IS Act).

25. Should an Australian person be adversely affected by, wish to object or make a complaint relating to the production of intelligence on that person, they may refer the matter to the IGIS. The IGIS is an independent statutory office holder mandated to review the activities of Australia's intelligence agencies for legality, propriety and consistency with human rights

26. Should the IGIS choose to conduct an inquiry into the actions of an intelligence agency, it has strong coercive powers, similar to those of a royal commission, including powers to compel the production of information and documents, enter premises occupied or used by a Commonwealth agency, issue notices to persons to appear before the IGIS to answer questions relevant to the inquiry, and to administer an oath or affirmation when taking such evidence. At the conclusion of the inquiry, paragraph 22(2)(b) of the IGIS Act requires the IGIS to recommend to the responsible Minister that the person receive compensation, if the IGIS is satisfied that the person has been adversely affected by action taken by a Commonwealth agency and should receive compensation.

27. The Scheme for Compensation for Detriment caused by Defective Administration (CDDA) provides a mechanism for non-corporate Commonwealth entities to compensate persons who have experienced detriment as a result of the entity's defective actions or inaction.

28. Section 65 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) allows the making of discretionary 'act of grace' payments if the decision-maker considers there are special circumstances and the making of the payment is appropriate.

Human rights implications

29. To the extent that a person will be subject to Australia's effective control, the rights in Articles 6, 9 and 17 of the ICCPR and Articles 3, 6 and 16 of the CRC may be engaged.

The right to life and the right to liberty and security of the person in Articles 6 and 9 of the ICCPR and the right to life and the right to liberty in Articles 6 and Article 37 of the CRC

30. The right to life in Article 6 of the ICCPR places a positive obligation on states to protect individuals from unwarranted actions by private persons that threaten their right to life. Article 6 of the CRC places the same obligation on states with respect to the child. The right to security of the person in Article 9 of the ICCPR requires states to provide reasonable and appropriate measures to protect a person's physical security. Article 9 of the ICCPR also places a positive obligation on states to protect individuals from unlawful or arbitrary deprivation of their liberty. Article 37 of the CRC places the same positive obligation on states with respect to the child.

31. Schedule 1 promotes the right to life and the right to security of the person by enabling the immediate production of intelligence on an Australian person (including an Australian child) where there is imminent risk to their safety, for example in the case of a kidnapping, hostage situation, ongoing terrorist attack or mass casualty attack. The production of intelligence would enable IS Act Agencies to pursue opportunities to lessen the threat to life and security arising from such a situation. The right to liberty may be promoted where, for example, a kidnapping victim is rescued or released as a result of the production of intelligence.

The best interests of the child shall be a primary consideration in all decisions concerning them in Article 3 of the CRC

32. Article 3 of the CRC requires that in all actions concerning children, the best interests of the child shall be a primary consideration. This will be promoted where states take appropriate measures to ensure a child receives such protection and care as is necessary for his or her safety and wellbeing.

33. Schedule 1 promotes the best interests of the child by addressing circumstances where there is an imminent risk to an Australian person's safety, including an Australian child. In the case of imminent risk to a child's safety, the best interest of the child in that circumstance is to mitigate or remove that risk to the greatest extent possible. The production of intelligence would enable IS Act Agencies to pursue opportunities to achieve that aim.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

34. Article 17 of the ICCPR and Article 16 of the CRC provide that no person (adult or child) shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. The United Nations Human Rights Committee has interpreted 'reasonableness' to imply that any limitation must be proportionate and necessary in the circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

35. The amendment to the ministerial authorisation regime in the IS Act permits an agency head or their delegate to authorise the production of intelligence on an Australian person without first obtaining authorisation from the responsible Minister. To the extent that activities which enable the production of intelligence on an Australian person take place where Australia is exercising its effective control, the right to freedom from arbitrary and unlawful interference may be engaged.

36. The amendment pursues the legitimate objectives of protecting the life and security of an Australian person, mitigating any imminent and significant risks to their safety, and addressing national security risks to Australia. An imminent risk to an Australian person's safety would arise in situations where, for example, an Australian person is involved in a kidnapping or hostage situation, or an ongoing terrorist or mass casualty attack. The production of intelligence includes, for example, locating an Australian person who has been taken hostage.

37. The amendment is rationally connected to its objective of protecting Australian lives. In circumstances where there is imminent risk to a person's safety, the ministerial authorisation process, including the current emergency authorisation provisions, may constitute a significant delay. Such a delay may cause opportunities to mitigate or remove the risk of harm to be lessened or lost. This would constitute an unacceptable level of risk to the wellbeing of the Australian person. It is reasonable to expect that the Australian person would consent to the production of intelligence where that person was at imminent risk of harm.

38. The amendment only goes so far as is necessary in limiting the right to privacy. First, only the agency head, or a staff member authorised by the agency head, can give an authorisation under section 9D. The ability for the agency head to delegate his or her authority under section 9D to certain select staff members is necessary, as the IS Act Agencies operate in a wide range of operational environments and contexts. The ability for the agency head to delegate his or her authority under section 9D to certain select staff members, as opposed to that authority being vested in all staff members of the agency, ensures that only staff members that the agency head considers to be appropriately qualified to make such a decision are in fact authorised. In exercising a power, performing a function or discharging a duty under such a delegation, the delegate must comply with all provisions under section 9D, as well as any written directions issued by the agency head.

39. Second, for the regime to be triggered, the agency head or his or her delegate must be satisfied either that there is, or is likely to be, an imminent risk to an Australian person, and that it is necessary or desirable to produce intelligence on that person. Both these requirements must be satisfied. It is not enough that there is an imminent risk to an Australian person if it is not necessary or desirable to produce intelligence on the person. Upon passage of the amendment, agencies will develop internal processes for emergency authorisations that will outline criteria that must be taken into account when deciding to approve an emergency authorisation. This will include factors that must be met before such a regime can be triggered, and the requirement to consider privacy implications against the immediacy of the risk.

40. Third, the regime is subject to scrutiny by the IGIS. The IGIS is required by subsection 9D(8) to consider whether the agency head or his or her delegate complied with the requirements of the section, including evaluating whether it was necessary or desirable to produce the intelligence. The role of the IGIS is to ensure agencies act legally and with propriety, comply with ministerial guidelines and directives, and respect human rights. There is also a requirement for the IGIS to provide its conclusions in a report to the PJCIS, which facilitates appropriate parliamentary oversight of the regime. Further, agencies may only engage in conduct in the proper performance of their functions, which are set out in sections 6, 6B and 7(1) of the IS Act, respectively. The agencies are subject to direct ministerial control.

41. Fourth, subsection 9D(4) requires the agency head or his or her delegate to notify the responsible Minister of the authorisation as soon as practicable (and no later than 8 hours) after it is given. Subsection 9D(5) then requires the agency head or their delegate to provide the responsible Minister and IGIS with written notice of the authorisation and a summary of the facts that justified the giving of the authorisation, as soon as practicable (and no later than 48 hours) after it is given. This ensures that ministerial oversight is maintained while allowing agencies to act expeditiously, without ministerial authorisation, where an Australian person is at imminent risk of harm.

42. Fifth, subsections 9D(10) and (11) provide the responsible Minister with the ability to cancel the authorisation at any point in time. Subsections 9D(12) and (13) require the agency head or his or her delegate to cancel the authorisation if he or she is satisfied that there is not, and is not likely to be, a significant risk to the safety of the Australian person, and to notify the Minister, the Attorney-General and the IGIS of that cancellation. This continuous duty for the Minister, an agency head or their delegate to cancel the authorisation if the risk of harm to the Australian person ceases to be significant ensures that there is continuous oversight and assessment of the appropriateness of the actions.

43. Sixth, any intelligence produced on an Australian person or concerning an Australian person must only be communicated and retained in accordance with the privacy rules made by the responsible Ministers under section 15 of the IS Act, which are available publicly and are subject to parliamentary scrutiny through the PJCIS. The agencies' privacy rules regulate the communication and retention of intelligence information concerning Australian persons. In making the rules, the relevant Minister must have regard to the need to ensure that the privacy of Australians in preserved as far as is consistent with the proper performance by the agencies of their functions. The IGIS conducts oversight of agencies' compliance with the privacy rules.

44. This measure limits the right to privacy, but the limitation is for the legitimate purpose of protecting the life and security of an Australian person and is necessary to ensure intelligence can be produced on an Australian person to assist in mitigating an imminent risk to their safety. The right is only limited so far as necessary, with strict oversight and accountability requirements. The measure is limited to circumstances where it is reasonable to expect the person would, if able, consent to the intrusion.

Schedule 2 - Authorisations relating to counter-terrorism

Overview of the current ministerial authorisation regime relating to counter-terrorism

45. Schedule 2 gives effect to recommendation 45 of the Comprehensive Review, consistent with recommendation 16(a) of the IIR. Both reviews recommended the introduction of a counter-terrorism class ministerial authorisation to allow ASIS, ASD and AGO to expeditiously produce intelligence on one or more members of a class of Australian persons who are, or are likely to be, involved with a proscribed terrorist organisation.

46. At present, under subparagraphs 8(1)(a)(ia) and (ib) of the IS Act, the responsible Minister for ASIS, being the Minister for Foreign Affairs, may give an authorisation to ASIS to produce intelligence on one or more members of a class of Australian persons, where ASIS is undertaking activities in the course of providing assistance to the ADF in support of military operations. This is the only class ministerial authorisation available to an IS Act Agency under current legislation.

47. Existing ministerial authorisation provisions do not specifically address the seriousness of the threat of terrorism and the number of Australians with connections to terrorist organisations. The use of class authorisations, in addition to existing individual authorisations, will strengthen agencies' abilities to investigate terrorist organisations. Specifically, reducing barriers to agencies' abilities to investigate classes of persons with links to terrorist organisations will enhance their ability to identify previously unidentifiable individuals of security concern. Allowing agencies to seek approval to investigate a class of persons, rather than requiring them to seek ministerial approval for each individual that would fall within a class, allows for the production of intelligence that is timelier, more agile and more responsive to the contemporary security environment, particularly where methodologies employed by terrorists have become more discreet than in the past and their methods for obfuscation of activities more sophisticated. In some cases, class ministerial authorisations may enhance the ability of agencies to identify would be lone-actor attackers with links to terrorist organisations.

Overview of the proposed amendments

48. Schedule 2 amends the ministerial authorisation framework under section 9 of the IS Act to introduce a counter-terrorism class ministerial authorisation to support ASIS, ASD and AGO to more effectively produce intelligence on Australians who are, or are likely to be, involved with a listed terrorist organisation. For the purpose of the authorisation, listed terrorist organisation will have the same meaning as the definition of 'listed terrorist organisation' in subsection 100.1(1) of the Criminal Code. That is, an organisation that is specified by the regulations for the purposes of paragraph (b) of the definition of terrorist organisation in section 102.1 of the Criminal Code.

Human rights implications

49. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Article 17 of the ICCPR and Article 16 of the CRC may be engaged.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

50. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations to not be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

51. The amendment to the existing ministerial authorisation scheme in the IS Act will allow the responsible Ministers for ASIS (Minister for Foreign Affairs), and ASD and AGO (Minister for Defence) to authorise the production of intelligence on one or more members of a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation. To the extent that the amendments permit the production of intelligence on a person in Australia's territory or subject to Australia's effective control, the right to privacy may be engaged.

52. The amendment pursues the legitimate objectives of protecting the lives and security of Australians, mitigating any imminent and significant risks to their safety, and addressing national security risks to Australia. Specifically, the amendment protects lives by enabling the expeditious production of intelligence on an Australian person who is a member of an approved class when there is reason to believe that they are involved with a listed terrorist organisation and by extension may engage in terrorist acts. The production of intelligence on an Australian person involved with a listed terrorist organisation may include information that reveals the plotting of a terrorist attack, terrorism financing or the recruitment of foreign fighters.

53. The amendment only goes so far as necessary in limiting the right to privacy. The amendments provide for a Minister to authorise an activity pursuant to subsection 9(1AAA) in circumstances where he or she is satisfied the class of Australian persons is or is likely to be 'involved with' a listed terrorist organisation. The authorisation is subject to the agreement of the Attorney-General. As outlined in subsection 9(1AAB), involvement with a listed terrorist organisation includes directing or participating in the activities of the organisation; recruiting a person to join, or participate in the activities of, the organisation; providing, receiving or participating in training to, with or from the organisation; being a member of the organisation; providing financial or other support to the organisation; advocating for, or on behalf of, the organisation; or meeting any other criteria prescribed by the regulations. The class is specifically defined with reference to a 'listed terrorist organisation' with the same meaning as 'listed terrorist organisation' in subsection 100.1(1) of the Criminal Code. That is, a terrorist organisation specified as such by the regulations. The listing of a new terrorist organisation in the regulations is subject to parliamentary scrutiny (and through it the public) with a disallowable period of 15 days. Defining the class in these narrow terms ensures that individuals who are identified as falling within the class are relevant to national security.

54. Section 10AA requires each IS Act Agency head to ensure that a list is kept that identifies each Australian person in relation to whom the agency intends to undertake activities under a class authorisation; give an explanation of the reasons why the agency believes the person is a member of the relevant class; and include any other information that the agency head considers appropriate. Subsection 10AA(4) requires the agency head to ensure that the list is available for inspection by the IGIS. Subsection 10A(3) provides additional oversight by requiring that the agency head provide a report to the responsible Minister in respect of activities undertaken under a class authorisation, accompanied by a statement identifying every Australian person who was included on the list referred to in section 10AA during the period the authorisation was in effect. Further, ministerial decision-making remains subject to the preconditions outlined in subsections 9(1) and 9(1A) of the IS Act, providing a safeguard around the exercise of the provision.

55. The treatment of any 'intelligence information' collected in the course of IS Act Agency functions remains subject to agencies' respective privacy rules as made by the responsible Minister for that agency.

56. Should an Australian person wish to object or make a complaint relating to the production of intelligence on that person, they may refer the matter to the IGIS. The IGIS is an independent statutory office holder mandated to review the activities of Australia's intelligence agencies for legality, propriety and consistency with human rights.

57. Should the IGIS choose to conduct an inquiry into the actions of an intelligence agency, it has strong coercive powers, similar to those of a royal commission, including powers to compel the production of information and documents, enter premises occupied or used by a Commonwealth agency, issue notices to persons to appear before the IGIS to answer questions relevant to the inquiry, and to administer an oath or affirmation when taking such evidence. At the conclusion of the inquiry, paragraph 22(2)(b) of the IGIS Act requires the IGIS to recommend to the responsible Minister that the person receive compensation, if the IGIS is satisfied that the person has been adversely affected by action taken by a Commonwealth agency and should receive compensation.

58. The CDDA provides a mechanism for non-corporate Commonwealth entities to compensate persons who have experienced detriment as a result of the entity's defective actions or inaction.

59. Section 65 of the PGPA Act allows the making of discretionary 'act of grace' payments if the decision-maker considers there are special circumstances and the making of the payment is appropriate.

Schedule 3 - Authorisations for activities in support of the Australian Defence Force

Overview of the current authorisation framework for activities in support of the ADF

60. This amendment gives effect to recommendation 46 of the Comprehensive Review, which, consistent with recommendation 16(b) of the IIR, recommended that all IS Act Agencies (rather than just ASIS) be able to obtain an authorisation to produce intelligence on one or more members of a class of Australian persons when providing assistance to the ADF in support of military operations.

61. The IS Act explicitly provides that it is a function of all three IS Act Agencies to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters. However, section 8 of the IS Act currently provides that class authorisations for activities in support of the ADF can only be issued by the Minister for Foreign Affairs (the responsible Minister for ASIS) in respect of ASIS. Under the current legislation, there are no corresponding provisions enabling ASD and AGO to seek authorisation from the Minister for Defence (the responsible Minister for ASD and AGO) to produce intelligence on a class of Australian persons when acting in support of the ADF.

Overview of the proposed amendments

62. Schedule 3 amends section 8 of the IS Act to enable ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on one or more members of a class of Australian persons when the agencies are operating in the course of providing assistance to the ADF in support of military operations and cooperating with the ADF on intelligence matters. The class ministerial authorisation regime introduced by this schedule is subject to the safeguards introduced in new section 10AA (Additional requirements for class authorisations) by Schedule 2, which apply to all class ministerial authorisations issued under the IS Act.

63. This amendment allows the Minister responsible for ASD and AGO to give class authorisations allowing ASD and AGO to produce intelligence on a class of Australian persons when acting in support of the ADF. It is appropriate that the ability to obtain a ministerial authorisation in relation to a class of Australian persons when providing support to the ADF be extended to AGO and ASD, as they, like ASIS, have a clear and established function to do so.

64. It is necessary that all three IS Act Agencies (rather than just ASIS) have the ability to seek class ministerial authorisations in support of the ADF, as the respective types of intelligence that they collect (those being human (ASIS), signals (ASD) and geospatial (AGO) intelligence) are all required for the planning and conduct of military operations. Class ministerial authorisations allow agencies to respond expeditiously to developing threats from previously unidentifiable individuals, thereby enabling them to provide additional, more detailed and timelier intelligence. In the military context in particular, circumstances develop rapidly and decision-making can have extreme consequences. Rapid intelligence production enabled by a class authorisation may mean the difference between a successful or failed operation, or the difference between life and death for ADF personnel.

Human rights implications

65. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Articles 6, 9 and 17 of the ICCPR and Articles 3, 6 and 16 of the CRC may be engaged.

The right to life and security of the person in Articles 6 and 9 of the ICCPR and the right to life in Article 6 of the CRC

66. The right to life in Article 6 of the ICCPR places a positive obligation on states to protect individuals from unwarranted actions by private persons that threaten their right to life. Article 6 of the CRC places the same positive obligation on states with respect to the child. The right to security of the person in Article 9 of the ICCPR requires states to provide reasonable and appropriate measures to protect a person's physical security.

67. The amendments in Schedule 3 will apply to ASD and AGO's activities for the purposes of assisting the ADF in support of military operations. Intelligence activities by those agencies may contribute to ADF action that results in loss of life.

68. The ADF's ability to take military action is not affected by these amendments and will continue to be governed by relevant domestic and international laws, rules of engagement and other Australian government policies governing the use of military force. To the extent that the amendments result in the ADF receiving additional, more detailed, and timelier intelligence relating to military operations, the amendments may promote the right to life as they are likely to enhance the ability of the ADF to make fully-informed decisions about the necessity and proportionality of its activities.

69. Additional, more detailed and timelier intelligence relating to military operations may also promote the right to life by enhancing the ability of the ADF to identify threats to ADF personnel and others, enabling the ADF to pursue opportunities to lessen that threat.

70. Significant safeguards apply to all of ASD's and AGO's activities, including their activities done in support of the ADF. The agencies must not do anything that is not necessary for the proper performance of their functions. The IGIS also has the power to examine the legality and propriety of action taken by intelligence agencies in support of the ADF. In defining a class of persons, the responsible Minister must be satisfied that the intelligence produced on that class would be relevant to the conduct of the particular military operation in question. For example, a class of Australian persons who were members of, or involved with, an enemy combatant group would likely hold intelligence that would assist the ADF in conducting operations against said group.

71. The Schedule is consistent with the right to life and the right to security of the person. Any activity in accordance with these provisions would be lawful and would not be arbitrary, as it would be reasonable and necessary to support the ADF in the particular circumstances, for example, where there may be imminent risk to the safety or security of ADF personnel. The production of intelligence by IS Act Agencies is necessary to assist the ADF in responding to threats to life and assist in identifying threats to ADF personnel operating overseas.

72. The class ministerial authorisation regime introduced by Schedule 3 is subject to the safeguards introduced in new section 10AA by Schedule 2, which apply to all class ministerial authorisations issued under the IS Act.

73. Should the IGIS choose to conduct an inquiry into the actions of an intelligence agency, it has strong coercive powers, similar to those of a royal commission, including powers to compel the production of information and documents, enter premises occupied or used by a Commonwealth agency, issue notices to persons to appear before the IGIS to answer questions relevant to the inquiry, and to administer an oath or affirmation when taking such evidence. At the conclusion of the inquiry, paragraph 22(2)(b) of the IGIS Act requires the IGIS to recommend to the responsible Minister that the person receive compensation, if the IGIS is satisfied that the person has been adversely affected by action taken by a Commonwealth agency and should receive compensation.

74. The treatment of any 'intelligence information' collected in the course of IS Act Agency functions remains subject to agencies' respective privacy rules as made by the responsible Minister for that agency.

The best interests of the child shall be a primary consideration in all decisions concerning them in Article 3 of the CRC

75. Article 3 of the CRC requires that in all actions concerning children, the best interests of the child shall be a primary consideration. This will be promoted where states take all appropriate measures to ensure a child receives such protection and care as is necessary for his or her safety and wellbeing.

76. Schedule 3 does not distinguish between adults and children for the purpose of producing intelligence on a class of Australian persons. However, in the case that agencies produce intelligence on a child, the best interests of the child are promoted, as agencies have internal practices in place with respect to producing such intelligence.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

77. This amendment engages the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

78. The exercise of producing intelligence engages the right to protection against arbitrary and unlawful interferences with privacy. This is because ASD and AGO exercise a wide range of intelligence collection tools - such as accessing a person's computer or computers at their workplace, or computers of associates at their premises, interfering with data and using surveillance devices to record, listen to or track a person. To the extent that activities which enable the production of intelligence on an Australian person take place where Australia is exercising its effective control, the right to freedom from arbitrary and unlawful interference may be engaged. This may involve interference with a person's privacy more generally, as well as their home and correspondence.

79. This amendment pursues the legitimate objective of protecting Australia's national security, the safety of Australians and the security of ADF personnel. It is important to Australia's national security that ASD and AGO are able to gain access to information that is necessary for them to support the ADF. Any activities that intrude on an individual's (or child's) right to protection against arbitrary and unlawful interference with privacy need to be provided for by law, be appropriately circumscribed and proportionate to achieving a legitimate objective and have sufficient safeguards and oversight measures to ensure that they are not, in practice, arbitrary.

80. ASD and AGO activity authorisations are subject to significant safeguards, which ensure that activities are authorised in a manner consistent with the right to protection against arbitrary and unlawful interferences with privacy. Safeguards include the high thresholds prescribed by statute for the issuing of class authorisations and the exercise of powers under them, the requirement for the Minister to give authorisation, and the requirements for agencies to report to oversight bodies. In general, ASD and AGO may only engage in conduct in the proper performance of their functions, which are set out in sections 7(1) and 6B of the IS Act, respectively. They are also subject to direct ministerial control, consistent with the recommendations of the 1974-77 Royal Commission on Intelligence and Security (Hope Royal Commission).

81. Subsection 9(1) of the IS Act requires that before a Minister gives an authorisation, the Minister must be satisfied that:

the activities authorised are necessary for the proper performance of a function of the agency concerned
there are satisfactory arrangements in place to ensure that nothing will be done beyond what is necessary for the proper performance of that function, and
there are satisfactory arrangements in place to ensure the nature and consequences of the activities will be reasonable, having regard for the purposes for which they are carried out.

82. Section 11 of the IS Act provides a further safeguard by placing limits on IS Act Agencies' functions. Subsection 11(1) provides that the functions of the agencies are to be performed only in the interests of Australia's national security, Australia's foreign relations or Australia's national economic well-being, and only to the extent that those matters are affected by the capabilities, intentions or activities of people or organisations outside Australia. Subsection 11(2) provides that IS Act Agencies' functions do not include police functions or any other responsibility for the enforcement of the law.

83. Further, any intelligence produced on an Australian person or concerning an Australian person must only be communicated and retained in accordance with the privacy rules by the responsible Minister under section 15 of the IS Act. The privacy rules are available publicly and subject to parliamentary scrutiny through the PJCIS. The IGIS conducts oversight of agencies' compliance with the privacy rules.

84. The amendments contained in Schedule 3 are provided by law and contains a series of safeguards which will ensure that any interferences with privacy during the execution of agency activities are reasonable, necessary and proportionate to achieving the legitimate objective of assisting the ADF to effectively protect Australia's national security and the safety of ADF personnel.

Schedule 4 - Authorisations for producing intelligence on Australians

Overview of the current authorisation regime for producing intelligence on Australians

85. In the context of the NIC, warrants and ministerial authorisations provide agencies with authority to engage in particular conduct. Ministerial authorisations for IS Act Agencies perform a different function to ASIO warrants. Instead of authorising activities that would otherwise be unlawful, they allow additional ministerial control over intrusive intelligence collection activities because the legislature-and through it, the public-has determined additional control to be desirable. They do not act as an immunity from offences under Australian law. Rather, the requirement to obtain a ministerial authorisation provides an additional procedural protection to Australian persons, in respect of intelligence activities conducted by IS Act Agencies, both onshore and offshore.

86. Schedule 4 implements recommendation 41 of the Comprehensive Review, consistent with recommendation 16(d) of the IIR. Both Reviews recommended that a definition of 'producing intelligence' be included in the IS Act to clarify the range of activities for which IS Act Agencies require ministerial authorisation.

87. Under section 8 of the IS Act, IS Act Agencies are required to obtain ministerial authorisation before undertaking any activity, or series of activities, for the purpose of producing intelligence on an Australian person. Currently, the term 'producing intelligence' is not defined in the IS Act. This has led to some uncertainty as to when the requirement applies, resulting in ministerial authorisations being sought in a broader range of circumstances than originally envisioned.

88. This is problematic for a number of reasons. Firstly, it inhibits preliminary activities not involving the use of covert and intrusive intelligence collection capabilities and prevents some routine activities (e.g. staffing activities) from being undertaken without a ministerial authorisation. Secondly, it does not support public understanding of the meaning of the legislation, which is required to foster public trust and confidence in the work of the IS Act Agencies. Thirdly, it does not provide IS Act Agencies themselves with sufficient certainty regarding their statutory mandate. It is neither appropriate, nor within the original purpose of the ministerial authorisation regime, that ministerial authorisations be required for non-covert, non-intrusive information gathering activities that are routine and legal under Australian law.

89. Consistent with recommendation 16(d) of the IIR, Schedule 4 also amends the definition of 'intelligence information' in the IS Act. Subsection 15(5) of the IS Act provides that IS Act Agencies must not communicate 'intelligence information' concerning Australian persons, except in accordance with the privacy rules issued by their responsible Minister.

90. Originally, the definition of intelligence information meant information obtained by ASIS under paragraph 6(1)(a) or ASD under paragraph 7(1)(a) of the IS Act (i.e., those agencies' intelligence collection functions). However, the definition was amended by the Intelligence Services Legislation Amendment Act 2005, which extended the definition in respect of ASIS to include all information obtained by ASIS in the performance of its functions. This had the unintended consequence of extending the application of the privacy rules to a wide range of routine, non-intelligence information obtained by ASIS, for example, the sharing of media articles about Australians, or the curricula vitae of visiting Australians to partner agencies.

Overview of the proposed amendments

91. Schedule 4 amends section 3 of the IS Act to provide a definition of 'prescribed activity', and inserts subsection 8(1A) to provide an explanation of what is meant by 'producing intelligence'. This amendment clarifies that the following activities fall within the meaning of 'producing intelligence':

the use of covert and intrusive intelligence collection methods, which includes those methods for which ASIO would require a warrant if conducted onshore, and
expressly or impliedly requesting an authority referred to in paragraph 13(1)(c) (authorities of other countries) to collect intelligence by covert and intrusive methods.

92. This clarifies that the requirement for a ministerial authorisation to produce intelligence on an Australian person applies only to covert and intrusive intelligence collection activities, which includes activities for which ASIO would require a warrant to conduct onshore. It is also intended that this would include the tasking of an agent or network of agents by ASIS to use covert and intrusive intelligence collection methods, consistent with recommendation 16d of the IIR.

93. The amendment to the definition of 'intelligence information' in Section 3 of the IS Act, to remove the word 'information', will address the unintended consequences of the 2005 amendments by focusing on intelligence obtained under an agency's intelligence collection functions and thereby excluding routine and publicly available information concerning Australian persons.

Human rights implications

94. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Article 17 of the ICCPR and Article 16 of the CRC may be engaged.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

95. This amendment engages the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

96. By introducing definitions of 'prescribed activity' and 'producing intelligence', Schedule 4 clarifies that the requirement for a ministerial authorisation to produce intelligence on an Australian person (as defined) applies only to covert and intrusive intelligence collection activities. It removes the requirement for a ministerial authorisation for routine, non-intrusive collection activities.

97. Routine, non-covert and non-intrusive information collection activities, while less invasive than covert and intrusive intelligence collection activities, may nonetheless involve a limited interference with a person's privacy. Removing the requirement for ministerial authorisation to carry out such activities may therefore engage the right to privacy.

98. Despite the removal of the requirement for ministerial authorisation for non-covert, non-intrusive activities, agencies will continue to be bound by the requirements in sections 11 and 12 of the IS Act, concerning limits to agencies functions and activities, as well as the privacy rules made under section 15 when undertaking such activities. The provisions under these sections provide significant safeguards to ensure that activities are undertaken consistently with the right to protection against arbitrary and unlawful interferences with privacy. The limits on agency functions and activities in sections 11 and 12 of the IS Act, the privacy rules and agency reporting and oversight requirements ensure that information is obtained and shared only when it is necessary and proportionate to do so.

Schedule 5 - ASIS cooperating with ASIO

Overview of current framework relating to cooperation with ASIO

99. The arrangements under Division 3 of Part 2 of the IS Act (Activities undertaken in relation to ASIO) permit ASIS, without ministerial authorisation and subject to limits in section 13D, to undertake an activity or a series of activities for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person or a class of Australian persons where the Director-General of Security or a senior ASIO position holder authorised by the Director-General of Security has notified ASIS in writing that it requires the production of intelligence on the Australian person or class of Australian persons. The limits in section 13D ensure that Division 3 does not allow ASIS to do any act that ASIO could not do in at least one state or territory, without it being authorised by a warrant issued under Division 2 of Part III of the ASIO Act, or under Part 2-2 of the Telecommunications (Interception and Access) Act 1979 (the TIA Act). That is, IS Act Agencies may not undertake activities in support of ASIO that would break Australian law.

100. The arrangements under Division 3 of the IS Act provide a consistent and coherent framework for cooperation between ASIS and ASIO. They are a vital tool that assist ASIS and ASIO to work together and allow ASIS to undertake 'less intrusive' activities in support of ASIO. However, the framework is limited in that it only applies to cooperation outside Australia.

Overview of the proposed amendments

101. Schedule 5 amends the IS Act by extending section 13B (Activities undertaken in relation to ASIO) to ASIS's onshore activities, allowing ASIS to cooperate with ASIO both inside and outside Australia.

102. The requirement for ASIO to issue ASIS with a written notice to produce intelligence to support ASIO in the performance of its functions would remain. The amendments make clear that the exceptional circumstances provision, allowing an ASIS officer to act outside Australia in an emergency in the absence of a written notice from ASIO, would not apply in Australia.

103. The extension of section 13B to enable ASIS to conduct onshore activities at ASIO's request is necessary to enhance cooperation and integration between agencies. The current geographic limit restricts cooperation that is essential to maximising the likelihood of Australia's success in thwarting attacks and defeating other threats to security.

Human rights implications

104. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Article 17 of the ICCPR and Article 16 of the CRC may be engaged.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

105. This amendment engages the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

106. The activities referred to in this amendment are only to be performed by ASIS in support of ASIO's functions, which include gathering intelligence for the legitimate purpose of protecting the security of Australia and Australians. The Government considers that there is an increasing operational necessity to improve cooperation and integration between intelligence agencies, particularly as Australia's security environment becomes more complex and the lines of demarcation between foreign and security intelligence more porous. With more extensive and direct involvement of some Australians in international terrorist and extremist causes, and with greater scope for external covert interference in Australia generally, domestic and foreign sources of security threats have become less mutually exclusive. Security threats to Australians, in Australia, have increased and diversified as a result.

107. In addition to the general protections in sections 11 and 12 of the IS Act, there are safeguards associated with this type of cooperation to ensure activities are not authorised unless they are necessary and proportionate. Specifically, under section 13E, the Director-General of ASIS must be satisfied that there are satisfactory arrangements in place to ensure that activities will be undertaken only for the specific purpose of supporting ASIO in the performance of its functions. There must also be satisfactory arrangements in place to ensure that the nature and consequences of the acts done will be reasonable, having regard to the purposes for which they are carried out.

108. ASIO must issue ASIS with a written notice stating that it requires the production of intelligence on the Australian person, or class of Australian persons, before ASIS may rely on the framework in Division 3 of Part 2 of the IS Act inside Australia. This ensures that any interference with privacy as a result of the amendments is not 'arbitrary' and represents an important safeguard. ASIO must be satisfied the production of intelligence is related to its statutory functions and must have notified this to ASIS in writing, for ASIS to rely on the framework.

109. In giving such a notice, ASIO must act in accordance with the ASIO Act, including by:

ensuring that the intelligence requirement relates to ASIO's statutory functions which, relevantly, relate to the obtaining of intelligence relevant to 'security'-which is defined in the ASIO Act and includes the protection of, and of the people of, the Commonwealth and the States and Territories from matters such as espionage, acts of foreign interference, and politically motivated violence
adhering to the requirement in section 17A of the ASIO Act, that the exercise of the right to lawful advocacy, protest or dissent shall not, by itself, be regarded as prejudicial to security, and
complying with the Director-General of Security's special responsibility, set out in section 20 of the ASIO Act, to take all reasonable steps to ensure that the work of ASIO is limited to what is necessary for the purpose of the discharge of its functions, and that ASIO is kept free from any influences or considerations not relevant to its functions and nothing is done that might suggest that ASIO is concerned to further or protect the interests of any particular section of the community, or with any matters other than the discharge of its functions.

110. Additionally, if ASIO could not undertake a particular act in at least one state or territory without it being authorised by a special powers warrant or telecommunication interception warrant then ASIS may not undertake that act without ministerial authorisation (in which case the provisions implemented by Schedule 5 would not apply). That is to say, the amendments will not authorise or provide a legal basis for ASIS to undertake activities inside Australia that would otherwise be unlawful.

111. Under subsection 13F(3) of the IS Act, all notices provided to ASIS under paragraph 13B(1)(d) must be kept by ASIS and made available for inspection on request by the IGIS. ASIS must also give its responsible Minister a written report in respect of activities undertaken in accordance with section 13B as soon as practicable after each year ending on 30 June.

Schedule 6 - AGO cooperating with authorities of other countries

Overview of current framework for cooperation with other entities

112. Section 13 of the IS Act establishes a legal framework under which IS Act Agencies may cooperate with Commonwealth authorities, State authorities and authorities of other countries in the performance of the agencies' own functions.

113. In the case of cooperation with an authority of another country, under paragraph 13(1)(c) IS Act Agencies may cooperate only where those authorities are approved by the responsible Minister as being capable of assisting the agency in the performance of its functions.

Overview of the proposed amendments

114. Schedule 6 amends section 13 of the IS Act to provide that AGO is not required to seek ministerial approval under paragraph 13(1)(c) where cooperation with an authority of another country is for the purpose of performing AGO's functions under paragraphs 6B(1)(e), (ea) or (h).

115. AGO's function under paragraph 6B(1)(e) is to provide certain bodies and persons, which includes authorities of other countries, with imagery and other geospatial, hydrographic, meteorological and oceanographic products, where those products are not intelligence, and to provide assistance in relation to the production and use of such products and related technologies.

116. AGO's function under paragraph 6B(1)(ea) is to provide certain bodies and persons, which includes authorities of other countries, with assistance in relation to the performance of emergency response, safety, scientific research, economic development, cultural and environmental protection functions, where the provision of such assistance is incidental to the performance by AGO of its other functions.

117. AGO's function under paragraph 6B(1)(h) is to carry out the functions of the Australian Hydrographic Office (AHO), which is part of AGO. The primary role of the AHO is to provide products such as nautical maps and surveys to support maritime safety, and contribute to the coordination, exchange and standards related to hydrographic and maritime production policy, and maritime geospatial data in general.

118. AGO's functions under 6B(1)(e), (ea) and (h) require cooperation with a range of government and non-government partners. For example, the AHO performs its role by cooperating with universities, international organisations, and foreign governments. The AHO's primary customers are the Australian public, civilian shipping, local and international port authorities, the Australian Government and the Australian Defence Force.

119. The purpose of ministerial approval for cooperation with authorities of other countries is to provide an additional layer of oversight where the cooperation, by virtue of involving potentially sensitive, covert or intrusive activities and capabilities, carries particular foreign relations and other risks.

120. AGO's functions under paragraphs 6B(1)(e), (ea) and (h) are non-intelligence functions and do not involve covert or intrusive activities. The practical effect of the requirement to seek ministerial approval for cooperation under paragraph 13(1)(c) has been, in certain circumstances, to hinder AGO's ability to effectively carry out these functions.

121. The exemption from the requirement to seek ministerial approval for cooperation with authorities of other countries with respect to these functions is a necessary and proportionate measure. The AGO functions that are exempt from the approval framework do not fall within the intended scope of functions envisaged by the requirement for ministerial approval under paragraph 13(1)(c) of the IS Act, which are typically higher risk activities, involving potentially sensitive, covert or intrusive intelligence capabilities.

122. Ensuring that AGO is able to freely cooperate with authorities of other countries in the performance of its functions under 6B(1)(e), (ea) and (h) will ensure that AGO is able to continue to provide essential maritime and geospatial services to its partners in the international community.

Human rights implications

123. The amendments in Schedule 6 do not engage human rights. AGO's functions under paragraphs 6B(1)(e), (ea) and (h) are concerned with geospatial, hydrographic, meteorological etc. data and technologies, and do not relate to individuals or individuals' rights.

Schedule 7 - ONI cooperating with other entities

Overview of current arrangements in relation to ONI's cooperation with other entities

124. Section 13 of the ONI Act establishes a legal framework under which ONI may cooperate with an authority of another country, and any other person or entity in connection with the performance of its functions and exercise of its powers. Subsection 13(1) provides ONI with a broad ability to cooperate with entities both inside and outside of Australia.

125. In the case of cooperation with an authority of another country, subsection 13(2) provides that the Director-General of ONI is required to authorise such cooperation before it can take place. The Director-General must also notify the Prime Minister of the approval. Once an authorisation has been given, it remains in place until amended or revoked by the Director-General or cancelled by the Prime Minister under subsection 13(5).

126. Under the legislation in its current form, public international organisations are considered 'entities' for the purposes of paragraph 13(1)(b). Therefore, ONI can cooperate with public international organisations without seeking Director-General approval for that cooperation under subsection 13(2).

Overview of the proposed amendments

127. Schedule 7 amends section 13 of the ONI Act to extend the approval regime that applies to cooperation with the authorities of other countries to cooperation with public international organisations (but not to 'entities' more broadly). This will require that cooperation with public international organisations be subject to Director-General approval under subsection 13(2).

128. Consequently, the Director-General will be able to consider whether there is a risk in ONI undertaking the cooperation. The Government considers that similar risks apply to cooperation with public international organisations, which comprise nation states, as to cooperation with the authorities of other countries. Therefore the Director-General's approval should be required in both cases, and the Prime Minister should be notified of, and have the opportunity to cancel, such an approval consistent with section 13(5) of the ONI Act.

129. The amendments are necessary to place safeguards on cooperation with public international organisations and ensure that the Director-General is responsible for making decisions which may impact Australia's foreign relations.

130. The inclusion of 'public international organisations' in section 13 will not change the cooperation arrangements in the ONI Act for other entities or persons within or outside Australia.

Human rights implications

131. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Articles 17 and Article 16 of the CRC may be engaged.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

132. This amendment engages the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child.

133. This right is engaged as ONI will be communicating information for the purposes of cooperation with public international organisations. The amendment promotes the right to privacy, as it introduces the additional requirements of Director-General approval and Prime Ministerial oversight to cooperation with public international organisations. In addition, when collecting or communicating identifiable information, ONI must do so in accordance with its privacy rules as set by the Prime Minister.

Schedule 8 - Suspension of travel documents

Overview of current framework for suspension of travel documents

134. Currently, the Minister for Foreign Affairs may order the suspension or surrender of a person's travel documents for 14 days at the request of the Director-General of Security. The Director-General may make a request where he or she suspects on reasonable grounds that a person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person's travel documents should be suspended or temporarily surrendered in order to prevent the person from engaging in the conduct. The Minister's power to grant the request is discretionary.

135. In addition to the power to request a temporary suspension or surrender, the Director-General also has the power to request that a person be refused an Australian passport, that their existing Australian passport be cancelled or that their foreign travel documents be subject to long-term surrender, if he or she suspects on reasonable grounds that:

if the person had an Australian passport or foreign travel document, the person would be likely to engage in conduct that might (among other things) prejudice the security of Australia or a foreign country, endanger the health or physical safety of other persons, or interfere with the rights or freedoms of other persons, and
the person's Australian or foreign travel document should be refused, cancelled or surrendered in order to prevent the person from engaging in the conduct.

136. The temporary nature of the passport suspension is commensurate with the lower threshold for the making of a request for suspension or temporary surrender, in comparison to the higher threshold that must be met before the Director-General makes a request for the cancellation or permanent surrender of a person's travel documents.

137. The temporary suspension powers were introduced in 2014 to enhance the Australian Government's ability to take proactive, swift and proportionate action to mitigate security risks relating to Australians travelling overseas. The Director-General's request must include the security rationale for the request, which allows the Minister to make an informed decision as to whether it is appropriate to take temporary action to suspend a person's travel documents.

Overview of the proposed amendments

138. Schedule 8 amends the Passports Act and Foreign Passports Act to extend the period of time for which the Minister for Foreign Affairs may order the suspension or surrender of an Australian or foreign travel document, from 14 to 28 days, in order to afford ASIO sufficient time, with minimal disruption to other priority investigations, to resolve all appropriate investigative activities and to prepare a thorough security assessment considering whether permanent action is appropriate.

Human rights implications

139. This amendment engages the right to freedom of movement in Article 12 of the ICCPR and the right to respect for the family in Articles 17(1) and 23 of the ICCPR.

Right to freedom of movement in Article 12 of the ICCPR

140. Article 12(1) of the ICCPR provides that everyone lawfully within the territory of a State shall, within the territory, have the right to freedom of movement. Everyone shall also be free to leave any country, including his own. Article 12(3) provides that the right to liberty of movement can be permissibly limited if the limitations are provided by law and are necessary to protect national security. The suspension mechanism will temporarily restrict a person's right to freedom of movement if that person seeks to travel while their Australian travel documents are suspended. Consistent with Article 12(3), the restriction will be provided by law and is necessary for the protection of Australia's national security.

141. This amendment will increase the time for which the Minister can order the suspension or temporary surrender of a person's Australian or foreign travel documents from 14 days to 28 days.

142. The suspension mechanism is reasonable and necessary to achieve the national security objective of taking proactive, swift and proportionate action to mitigate security risks relating to Australians travelling overseas who may be planning to engage in activities of security concern. The making of a suspension request by ASIO must be based on credible information which indicates that the person may pose a security risk.

143. The ability to suspend travel documents was introduced in 2014. At the same time, there was a marked increase in the complexity and volume of matters under consideration, including an increased number of cases involving potential foreign fighters trying to leave Australia. Between December 2014 (when the suspension powers commenced) and June 2021, around 190 passports have been cancelled or refused in relation to the conflict in Syria and Iraq, while in the same period around 40 passports were subject to temporary suspension.

144. After requesting that a person's passport be suspended or a foreign travel document be surrendered, ASIO must compile a new security assessment to support cancellation or long-term surrender. It is vital that a security assessment recommending cancellation or long-term surrender of a person's passport or travel documents should be given thorough attention, taking into account all relevant and appropriate information.

145. Operational experience has demonstrated that 14 days can be insufficient time to resolve all appropriate investigative activities and prepare a subsequent security assessment, giving full consideration to the need to ensure any recommendation for permanent action is appropriate. On a number of occasions, the first time a person has come to ASIO's attention has been as they are preparing to travel overseas to a conflict zone, and it has therefore been necessary to take action in a very short timeframe to prevent them from leaving Australia.

146. There is a need to balance ASIO's ability to take urgent action to prevent a person from leaving the country to engage in activities of security concern with the requirement to ensure that, in preparing a security assessment recommending cancellation or long-term surrender of a person's travel documents, ASIO takes full account of any relevant information and presents a balanced, thorough assessment. Extending the period to 28 days protects national security by allowing time for all appropriate investigative activities to be resolved, a properly considered security assessment to be prepared, and for all relevant information to be presented to the Minister to consider whether to cancel or require the permanent surrender of an individual's travel documents.

147. Under the proposed changes, no extension beyond 28 days will be available. When an order expires, any subsequent request for a suspension must be based on information gathered after the expiry of the first order. While the suspension period is longer than the maximum 7 day suspension period proposed by the Independent National Security Legislation Monitor in his 2014 Annual Report, the 28 day period is necessary and proportionate to ensure that ASIO has adequate time available to prepare a thorough security assessment for the purposes of consideration of cancellation or long-term surrender of a person's travel documents. Further, extending the period to 28 days ensures ASIO is not required to divert resources from other priority investigations to prepare a request supporting long-term surrender. A 28 day period is also consistent with the emergency visa cancellation provisions under the Migration Act 1958. Additionally, the ability of the Minister to suspend a passport is in itself a less restrictive way of achieving the objective of preventing foreign fighters from travelling overseas than making an order for permanent cancellation.

148. Safeguards to ensure that this power is only exercised in a proportionate and balanced way include the need for the request to come from the Director-General of Security, ministerial discretion as to whether to order suspension or surrender, and maintaining the prohibition on 'rolling' or consecutive orders. The temporary suspension or surrender is intended as an interim measure that can be taken in order to prevent a person from travelling while a security assessment considering cancellation or long-term surrender can be made, and this is reflected in the short-term duration of the suspension. Any decision relating to an order for cancellation or long-term surrender of travel documents is subject to merits review, and an ASIO security assessment supporting such an order will be subject to the regime in Part IV of the ASIO Act.

149. Article 12(4) of the ICCPR states that no one shall be arbitrarily deprived of the right to enter his or her own country. The proposed 28 day temporary surrender of foreign travel documents under the Foreign Passports Act may prevent a person from returning to their own country. The limited duration of the seizure ensures that a foreign national's right to return to their own country is not unduly impinged.

150. The conflict in Syria and Iraq has demonstrated that events overseas can drive significant and sustained increases in the number of people who may seek to leave Australia to engage in harmful conduct abroad. Not only does such conduct create risks of serious harm to people in foreign countries and conflict zones, it also poses a threat to Australia's national security. Individuals who have travelled overseas to fight with extremist groups acquire skills that would enable them to mount attacks domestically, and gain a level of prestige and influence among the extremist community that can motivate others to act. They can also engage directly with peer groups in Australia and contribute to further radicalisation. The restriction on this right is reasonable, necessary and proportionate to mitigate the security risk arising from persons travelling overseas who may be planning to engage in such activities that are of security concern.

Right to respect for the family in Articles 17(1) and 23 of the ICCPR

151. Articles 17(1) and 23 of the ICCPR concern the right to respect for family. Article 17(1) prevents arbitrary and unlawful interference with one's family while Article 23 states that the family is a natural and fundamental group unit of society and is entitled to protection by society and the State. There is no right to family reunification in international law. In circumstances where the family unit is currently separated, Australia does not have an obligation to unify the family. In addition, limiting an individual's ability to move freely from Australia to a foreign State does not restrict their family members in a foreign state from travelling to Australia where they may otherwise do so. The legitimate objective being pursued is the Australian Government's capacity to take proactive, swift and proportionate action to mitigate security risks relating to Australians travelling overseas. The limitation of the right to respect for the family by extending to the temporary restriction is in pursuance of that legitimate objective.

Schedule 9 - Online activities

Overview of current immunity framework

152. The amendments in Schedule 9 are contingent upon the commencement of the Security Legislation Amendment (Critical Infrastructure) Bill 2021 (as currently named).

153. Schedule 9 gives effect to recommendation 74 of the Comprehensive Review, which recommends the current immunity in section 476.5 of the Criminal Code for ASIS, ASD and AGO should be extended to apply where a staff member or agent reasonably believes the relevant conduct is likely to take place outside Australia, whether or not it in fact takes place outside Australia.

154. Section 476.5 of the Criminal Code was introduced by the Cybercrime Act 2001. As originally introduced, subsection 476.5(1) provided immunity from civil and criminal liability for the staff members and agents of ASIS and ASD (then known as the Defence Signals Directorate) whose computer-related activities done outside Australia, in the proper performance of their functions, were intended and required by Government. The Intelligence Services Legislation Amendment Act 2005 extended the immunity to apply to AGO (then known as the Defence Imagery and Geospatial Organisation).

155. Sections 476.5 and 476.6 currently provide immunity to staff members and agents of ASIS, AGO and ASD for certain computer-related acts. Section 476.5 provides that staff members and agents of ASIS and AGO are not subject to any civil or criminal liability for computer-related acts done outside Australia if the act is done in the proper performance of a function of the relevant agency. The Security Legislation Amendment (Critical Infrastructure) Bill 2021 introduced section 476.6 which mirrors the immunity in section 476.5 for ASD. However, it also extends the immunity to circumstances where the staff member or agent of ASD acted on a reasonable belief that the computer-related activity occurred outside Australia, even where that activity actually occurred inside Australia.

156. The immunities for computer-related acts under sections 476.5 and 476.6 of the Criminal Code supplement the general immunities for ASIS, ASD and AGO under subsection 14(1) of the IS Act, to ensure Australian law, including the computer offences in Part 10.7 of the Criminal Code, does not prohibit these agencies from doing computer-related acts outside Australia in the proper performance of their functions.

Overview of the proposed amendments

157. Schedule 9 amends the limited immunities for staff members and agents of ASIS and AGO under section 476.5 of the Criminal Code in response to changes in technology, and updates agencies' immunities to ensure they can continue to efficiently perform their functions to protect Australia's national security, foreign relations and national economic well-being, in an increasingly complex online environment.

158. The amendments extend the immunity to apply where a staff member or agent of ASIS or AGO engages in conduct inside or outside Australia and reasonably believes that the conduct is likely to cause a computer-related act, event, circumstance or result to take place outside Australia (whether or not it in fact takes place outside Australia). These updates align the immunities for staff members and agents of ASIS and AGO to that of staff members and agents of ASD in respect of computer offences. This amendment is required to allow these agencies to continue to operate effectively in an increasingly complex online environment, where it is not always possible to reliably determine the geographic location of a device or computer. This challenge is exacerbated where adversaries (including foreign intelligence services, persons engaged in proliferation-related activities and terrorist organisations) take active steps to obfuscate their physical location. For agencies to be able to effectively perform their functions in such an environment, it is necessary to protect staff members and agents from liability if they inadvertently affect a computer or device located inside Australia.

159. The amendments will not provide staff members or agents of these agencies with immunity from liability in circumstances where they know or believe a target computer or device to be located inside Australia. Nor will it provide such persons with immunity where their belief that a target computer or device is located outside Australia is not reasonable. The immunity will also no longer apply once it is known to the staff member or agent that the target is not outside Australia. Any continued targeting in Australia, once a staff member or agent is aware that it is within Australia, would not attract the immunity.

160. Consistent with current subsection 476.5(1), the immunity will continue to apply only where a staff member or agent's conduct is done in the proper performance of a function of the agency concerned.

Human rights implications

161. To the extent that a person will be in Australia's territory or subject to its effective control, the right in Article 2(3) of the ICCPR may be engaged.

Right to an effective remedy in Article 2(3) of the ICCPR

162. Article 2(3) of the ICCPR protects the right to an effective remedy for any violation of rights or freedoms recognised by the ICCPR, including the right to have such a remedy determined by the competent judicial, administrative or legislative authorities, or by any other competent authority provided for by the legal system of the State. The right to an effective remedy applies notwithstanding that a violation has been committed by persons acting in an official capacity.

163. By providing staff members and agents of ASIS and AGO with immunity from criminal and civil liability for computer-related activities done in the proper performance of a function of the agency concerned and on the reasonable belief that they will take effect outside Australia, the existing framework and the amendments contained in the Bill indirectly create a risk that a person's right to protection against arbitrary and unlawful interferences with privacy under Article 17 of the ICCPR may be violated. Accordingly, the Bill engages the right to an effective remedy for any unlawful or arbitrary violation to the right to privacy.

164. The ability to conduct computer-related activities that take effect outside Australia (but which may inadvertently affect a computer or device inside Australia) is necessary to ensure that Australia's foreign intelligence agencies can gain and maintain access to foreign intelligence concerning serious threats to Australia's national security, foreign relations and national economic well-being. Protecting staff members and agents from liability for engaging in such conduct, in the proper performance of a function of a relevant agency, is necessary to ensure that those staff members and agents can undertake such activities in accordance with the Australian Government's requirements, without fear of personal liability.

165. Extending the immunity to apply in circumstances where staff members and agents conduct computer-related activities on the reasonable belief that they will take effect outside Australia (but which may inadvertently affect a computer or device inside Australia) is necessary to ensure that the scope of the legal immunity reflects the technological reality of the environment in which these persons operate. It is not always possible for staff members and agents to be certain as to the location of a computer or device online, particularly where an adversary takes active steps to conceal or obfuscate their location. Protecting staff members and agents from liability in such circumstances is necessary to ensure that those staff members and agents can undertake such activities on the reasonable belief that their conduct will take effect outside Australia, without fear of personal liability if their belief turns out to be mistaken.

166. The immunity is proportionate, in that it is limited to circumstances where staff members and agents engage in conduct in the proper performance of a function of a relevant agency, including in compliance with the requirement under the IS Act to obtain ministerial authorisation to produce intelligence on an Australian person. Staff members and agents will not be immune for conduct engaged in otherwise than in the proper performance of a function of a relevant agency.

167. The immunity is also limited to circumstances where staff members and agents engage in conduct on the reasonable belief that it will cause a computer-related act, event, circumstance or result to take place outside Australia. A staff member or agent will not be immune if he or she believes that their conduct will take effect inside Australia, or if his or her belief is not reasonable in the circumstances in which he or she found himself or herself. In this regard, the scope of the immunity reflects the well-established defence of mistake of fact, contained in section 9.1 of the Criminal Code.

168. Notwithstanding the existence of the immunity, there are effective remedies available for a person in Australia who is inadvertently adversely affected by a computer-related act to seek and obtain compensation. An agency will be required to report to the IGIS on activities that cause material damage, interference or obstruction to a computer in Australia. Section 11 of the IGIS Act also allows any person to make a complaint to the IGIS in respect of action taken by an intelligence agency, and requires the IGIS to inquire into the action.[2] However under paragraph 11(2)(c) of the IGIS Act, where a complaint is made to the IGIS in respect of action taken by an intelligence agency, the IGIS may decide not to inquire into the action, or if the IGIS has commenced to inquire into the action, decide not to inquire into the action further if the IGIS is satisfied that having regard to all the circumstances of the case, an inquiry, or further inquiry into the action is not warranted.

169. In conducting an inquiry, the IGIS has strong coercive powers, similar to those of a royal commission, including powers to compel the production of information and documents, enter premises occupied or used by a Commonwealth agency, issue notices to persons to appear before the IGIS to answer questions relevant to the inquiry, and to administer an oath or affirmation when taking such evidence. Paragraph 22(2)(b) of the IGIS Act requires that at the conclusion of the inquiry, the IGIS recommend to the head of the agency and responsible Minister that the person receive compensation if the IGIS is satisfied that the person has been adversely affected by action taken by a Commonwealth agency and should receive compensation.

170. The CDDA provides a mechanism for non-corporate Commonwealth entities, including ASIS and AGO, to compensate persons who have experienced detriment as a result of the entity's defective actions or inaction.

171. Section 65 of the PGPA Act allows the making of discretionary 'act of grace' payments if the decision-maker considers there are special circumstances and the making of the payment is appropriate.

172. Any claim for compensation or remedial relief stemming from alleged computer-related activities of ASIS or AGO will generally involve highly sensitive information about those agencies' methods and operations. The arrangements under the IGIS Act, CDDA scheme and PGPA Act enable decisions about potential compensation and remedies to be made, taking into account such information.

Schedule 10 - Privacy

Part 1 - Privacy rules of ASIS, AGO and ASD

Overview of the current privacy rules framework

173. To perform their functions effectively, Australia's intelligence agencies must be able to protect sensitive sources, techniques and capabilities. For this reason, intelligence agencies are either exempt or partially exempt from the provisions of the Privacy Act 1988 (Privacy Act).

174. ASIS and ASD are fully exempt from the operation of the Privacy Act, while AGO is exempt where the acts and practices that impact on privacy relate to their functions.[3] Instead, these agencies are subject to direct ministerial control, IGIS oversight, and importantly, privacy rules made by the responsible Minister, which regulate the communication and retention of intelligence information concerning Australian persons.

175. ASIS, ASD and AGO are currently required by section 15 of the IS Act to have legally-binding privacy rules made by their responsible Minister. ASIS, ASD and AGO's privacy rules are publicly available on their respective websites. However, there is no current legislative requirement for them to be so.

Overview of the proposed amendments

176. Recommendation 189 of the Comprehensive Review concluded that while ASIS, ASD and AGO continue to meet the relevant criteria justifying their exemption from the Privacy Act, and that their current privacy regimes are adequate, minor changes should be made to improve transparency. Specifically, the Comprehensive Review considered that these agencies should be required, by legislation, to maintain and publish their own legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

177. Part 1 of Schedule 10 amends section 15 of the IS Act to introduce a requirement that ASIS, ASD and AGO must, as soon as is practicable after their respective privacy rules have been made, publish those rules on their websites.

178. Part 1 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review privacy rules made under section 15 of the IS Act, but makes clear the PJCIS does not have the power to review compliance with such rules.

Human rights implications

179. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Articles 2(1) and 17 of the ICCPR and Articles 2(1) and 16 of the CRC may be engaged by these amendments.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

180. These amendments engage the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child.

181. By introducing additional legislative requirements concerning ASIS, ASD, and AGO privacy rules, the amendments to section 15 of the IS Act promote the right to privacy.

182. By improving oversight and transparency concerning the privacy of Australian persons, the amendments help to ensure that any limitation on the right to privacy arising from the actions of an IS Act Agency is not arbitrary. In clarifying the application of the privacy rules, they support greater public understanding of the extent of the legislation, which is required to foster public trust and confidence in the work of Australia's intelligence agencies. Oversight and transparency is further strengthened by providing the PJCIS with the power to review agencies' privacy rules.

183. The amendments do not remove any legislative requirements concerning the privacy rules and do not introduce any new or expanded functions or powers for ASIS, ASD, or AGO. Therefore, the amendments do not limit the right to privacy in any way.

Part 2 - Privacy rules of DIO

Overview of the current privacy rules framework

184. To perform their functions effectively, Australia's intelligence agencies must be able to protect sensitive sources, techniques and capabilities. For this reason, intelligence agencies such as DIO are either exempt or partially exempt from the provisions of the Privacy Act.

185. DIO is exempt where the acts and practices that impact on privacy relate to its functions and is instead subject to direct ministerial control, IGIS oversight, and importantly, privacy rules made by the responsible Minister, which regulates the communication and retention of intelligence information concerning Australian persons.

186. DIO has publicly available privacy rules approved by the Minister for Defence. However, these are not currently mandated by legislation.

Overview of the proposed amendments

187. Recommendation 189 of the Comprehensive Review concluded that, while DIO continues to meet the relevant criteria justifying its exemption from the Privacy Act, and that its current privacy regime is adequate, minor changes should be made to their privacy arrangements to improve transparency. Specifically, the Comprehensive Review considered that, as with ASIO, ASIS and AGO, DIO should also be required, by legislation, to maintain and publish its own legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

188. While DIO, unlike ASIS, ASD and AGO, is not established under an Act, the Comprehensive Review considered that it would be legislatively possible to require it to have privacy rules, as has been done in relation to other matters in the IS Act that relate to DIO, such as secrecy.

189. Part 2 of Schedule 10 amends the IS Act to introduce new section 41C. Section 41C introduces a requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons. These rules must, as soon as is practicable, be published on DIO's website.

190. Part 2 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review DIO's privacy rules made under section 41C of the IS Act, but makes clear the PJCIS does not have the power to review compliance with such rules.

191. Part 2 of Schedule 10 also makes minor amendments to the IGIS Act to reflect new reporting requirements concerning DIO's privacy rules, as introduced by new section 41C in the IS Act.

Human rights implications

192. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Articles 2(1) and 17 of the ICCPR and Articles 2(1) and 16 of the CRC may be engaged by these amendments.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

193. These amendments engage the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child.

194. By introducing additional legislative requirements concerning DIO privacy rules, the amendments to section 41C of the IS Act promote the right to privacy.

195. By improving oversight and transparency concerning the privacy of Australian persons, the amendments help to ensure that any limitation on the right to privacy arising from DIO's actions is not arbitrary. In clarifying the application of the privacy rules, they support greater public understanding of the extent of the legislation, which is required to foster public trust and confidence in the work of Australia's intelligence agencies. Oversight and transparency is further strengthened by providing the PJCIS with the power to review DIO's privacy rules.

196. The amendments do not remove any legislative requirements concerning the privacy rules and do not introduce any new or expanded functions or powers for DIO. Therefore, the amendments do not limit the right to privacy in any way.

Right to non-discrimination in Article 2(1) of the ICCPR and Article 2(1) of the CRC

197. The introduction of new section 41C engages the right to non-discrimination with respect to the right to privacy. Article 2(1) of the ICCPR requires States to ensure, for all individuals within their territory or subject to their effective control, the rights recognised in the ICCPR are recognised 'without distinction of any kind' and prohibits discrimination on various grounds, including nationality. Article 2(1) of the CRC provides the same right with respect to the child.

198. Section 41C requires the responsible Minister for DIO to make privacy rules regulating the communication and retention by DIO of intelligence information concerning Australian persons. For the purposes of the IS Act, Australian person means an Australian citizen or permanent resident. This engages the right to non-discrimination, as the privacy rules are only required to apply to Australian citizens and permanent residents, rather than all individuals within Australia's territory or subject to its effective control.

199. The aim of this distinction is to achieve a legitimate purpose, which is to provide protections for Australian persons while facilitating the performance by DIO of its functions in the interests of national security and for Australia's economic, strategic and political benefit. The discrimination in this case promotes the rights of Australians, rather than establishing a way to remove rights or deprive any other group of protections under international human rights law.

200. Special protection for Australians is a long-standing, core principle of accountability for Australian intelligence agencies. The principle was recognised by the Hope Royal Commission and was acknowledged as a relevant and reasonable principle of intelligence law by both the Comprehensive Review and IIR.

201. The IIR identified that there is "an emphasis on the special rights to privacy and civil liberties of Australian persons" and argued that "that underpinning continues to be important and the privileging of Australian persons in the mandates of ... Australian intelligence agencies and in Australian law remains strong".[4] The Comprehensive Review found that "the legislative framework for the collection and production of ... intelligence appropriately distinguishes between Australians and non-Australians" and, "additional procedural steps for ... intelligence collection activities in respect of Australians ... [is] a deliberate decision by the Parliament".[5]

202. DIO's functions are primarily focused on international matters, with a heavy reliance on intelligence provided by other foreign intelligence collection agencies (ASIS, ASD and AGO). All NIC agencies are subject to strict controls regarding when they are able to collect personal information. When this information is obtained by DIO, DIO remains subject to strict secrecy and information handling provisions that provide strong protections for all of its information, including the personal information of both Australians and non-Australians.

203. Agencies that provide information to DIO include foreign intelligence collection agencies ASIS, ASD and AGO, whose legislation and rules distinguish between Australians and non-Australians. Extending the privacy rules to all individuals within Australia's jurisdiction would impose a disproportionate burden on DIO by requiring DIO to identify whether a foreign national is currently in Australia or subject to its effective control, and therefore subject to stricter privacy obligations under the privacy rules, in circumstances where the agency providing the information was under no obligation to make such a distinction and the majority of the information was collected outside Australian territory. DIO requires access to such information in order to perform its functions.

204. These provisions do not impermissibly limit the right to freedom from discrimination, as they are reasonable, necessary and proportionate to achieve a legitimate objective and provide additional protections for Australians.

Part 3 - Privacy rules of ONI

Overview of the current privacy rules framework

205. To perform their functions effectively, Australia's intelligence agencies must be able to protect sensitive sources, techniques and capabilities. For this reason, intelligence agencies are either exempt or partially exempt from the provisions of the Privacy Act.

206. ONI is fully exempt from the operation of the Privacy Act. Instead, ONI is subject to direct ministerial control, IGIS oversight, and importantly, privacy rules regulating ONI's collection of information mentioned in paragraph 7(1)(g) to the extent that information is identifiable information, and the communication, retention and handling of identifiable information concerning Australian persons.

207. Under section 53 of the ONI Act, the Prime Minister must make privacy rules which regulate the collection of identifiable information under ONI's open source information function (paragraph 7(1)(g)), and the communication, handling and retention of identifiable information by ONI more generally. Identifiable information is personal information about Australian citizens or residents. Section 53 currently applies to personal information about Australian citizens or residents, regardless of how it was obtained. Before making the privacy rules, the Prime Minister must consult with the Attorney-General, the IGIS, the Privacy Commissioner and the Director-General of ONI.

208. Currently Section 53(5) prohibits ONI from collecting or communicating information concerning Australians, except in accordance with the privacy rules.

209. The privacy rules currently cover all of ONI's functions, analytical or otherwise. This encompasses a broad range of scenarios, including where the information concerned is either administrative in nature, or, in the case of ONI's open source function (7(1)(g)), already in the public domain - for example, contained in a news article. The Comprehensive Review considered that, in practical terms, the current definition of 'identifiable information' in the ONI Act is overly broad, and could constrain ONI in the performance of its functions. The practical effect of this has been, particularly in relation to ONI's open source function, to hinder ONI from contributing valuable insights to NIC and other government forums.

Overview of proposed amendments

210. The purpose of the privacy rules is to provide a necessary and important protection for the privacy of Australian persons, given the nature of ONI's analytical functions, which in certain circumstances, may limit the right to privacy. As such, it is necessary that the privacy rules continue to apply to the communication of information concerning Australian persons where such information is for the purposes of ONI's analytical functions - that is, where intelligence analysis is applied to that information.

211. However, it is both impractical and unnecessarily burdensome for the privacy rules to apply to administrative, staffing or publicly available information where the privacy risk associated with communicating that information is low, because that information is either voluntarily provided to the agency, or is already in the public domain. Further, unlike other NIC agencies, ONI does not have covert or intrusive powers to collect intelligence (such as the ability to obtain warrants or conduct compulsory questioning), nor do ONI's functions include directing a NIC agency to carry out operational activities. As such, personal information about Australian persons that is obtained for the purposes of ONI's non-analytical functions is unlikely to impact on the right to privacy and is outside the intended purpose of the privacy rules. ONI ensures that its internal policies and practices provide appropriate privacy protections for personal information that is obtained as part of ONI's non-analytical functions, as far as is consistent with the proper performance by ONI of its functions.

212. Part 3 of Schedule 10 implements recommendation 12 of the Comprehensive Review, which found that the ONI Act should be amended to provide that the privacy rules apply to the communication of information pursuant to ONI's open source function, only where intelligence analysis has been applied to that information. It does so by amending section 53 of the ONI Act to make a distinction between 'personal information' and 'intelligence information'. The effect of this is to exclude the communication of non-intelligence open source products from the privacy rules regime. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to the communication of personal information where that personal information is not also intelligence information. The privacy rules apply in circumstances where the personal information provide to, or collected or assembled by, ONI is evaluated, analysed, interpreted, integrated and/or tested such that it becomes intelligence. The privacy rules continue to regulate the collection of information concerning Australian persons by ONI when performing its open source function.

213. Consistent with the Government response to recommendation 12 of the Comprehensive Review, Part 3 of Schedule 10 further amends section 53 of the ONI Act to provide that the privacy rules apply only to personal information about an Australian citizen or permanent resident where that information is also intelligence information under ONI's two other analytical functions (paragraphs (7(1)(c) and (d)). This aligns with the approach described above for the treatment of personal information for ONI's open source function. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to, for example, the communication of administrative and staffing information. This is consistent with the approach currently taken by the IS Act and as amended by Schedule 4 of this Bill.

214. Part 3 of Schedule 10 amends subsections 29(1) and 29(3) of the IS Act to provide the PJCIS with the power to review ONI's privacy rules made under section 53 of the ONI Act, but makes clear the PJCIS does not have the power to review compliance with such rules.

215. Part 3 of Schedule 10 also makes minor amendments to a note in the IGIS Act to reflect the amendments to ONI's privacy rules.

Human rights implications

216. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Article 17 of the ICCPR and Article 16 of the CRC may be engaged by these amendments.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

217. These amendments engage the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

218. The amendments to section 53 of the ONI Act are a necessary measure to remove an impediment to the communication of information where the privacy risk associated with that information is low, either because the information is for staffing or administrative purposes, or already publicly available, or because unlike other NIC agencies, ONI does not have covert or intrusive powers to collect intelligence (such as the ability to obtain warrants or conduct compulsory questioning) and ONI's functions do not include directing a NIC agency to carry out operational activities. Additionally, the amendments, in clarifying the application of the privacy rules, support greater public understanding of the operation of the legislation, which fosters public trust and confidence in the work of Australia's intelligence agencies. The amendments also provide ONI itself with greater certainty regarding its statutory mandate.

219. Despite the removal of the privacy rules from ONI's non-analytical functions, ONI continues to be bound by the requirements in sections 7 and 10 of the ONI Act, which set out ONI's functions and powers, and Part 4 of the ONI Act, which provides for, among other things, the protection of information provided to ONI, and secrecy offences that apply to ONI information. These sections provide significant safeguards to ensure that ONI's activities are undertaken consistently with the right to protection against arbitrary and unlawful interferences with privacy. Sections 7 and 11, and Part 4 of the ONI Act, information handling and retention requirements in the Protective Security Policy Framework, IGIS reporting and oversight requirements, and direct ministerial control, ensure that all information is obtained and shared only when it is necessary and proportionate to do so, irrespective of whether it be for the purposes of ONI's analytical or non-analytical functions.

Part 4 - Contingent amendments

220. Part 4 of Schedule 10 makes a minor contingent amendment to the IS Act to clarify that the definition of 'intelligence function' in section 3 (contingent upon passage of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020) is in relation to AUSTRAC only.

221. As a minor clarifying measure, this amendment does not engage human rights.

Schedule 11 - Assumed identities

Overview of current arrangements in relation to assumed identities

222. The need for legislation to regularise the creation and use of false identities by undercover officers (at both the state and federal level) was recognised by the Wood Royal Commission into the New South Wales Police Service.[6] The Measures to Combat Serious and Organised Crime Act 2001 introduced Part IAC of the Crimes Act (Assumed Identities scheme). Part IAC sets out a regime for the acquisition and use of assumed identities, including relevant documentation, by law enforcement and intelligence agencies. The Minister's second reading speech provided that 'assumed identities are false identities adopted to facilitate intelligence and investigative functions, or infiltration of a criminal, hostile or insecure environment with a view to collecting information and investigating offences'.

223. Under subsection 15KB(2) of the Crimes Act, an authority to acquire or use an assumed identity can only be granted in connection with one or more specific purposes. These purposes include 'the exercise of powers and performance of functions of an intelligence agency'. Currently, the only intelligence agencies included in the scheme are ASIO, ASIS and ONI. ASD is not currently captured by the definition of 'intelligence agency' in Part IAC, despite ASD being defined as an intelligence agency elsewhere in the Crimes Act.[7]

224. ASD, in accordance with its functions under the IS Act, relies on the use of assumed identities to perform activities related to its functions in circumstances where ASD's operations would be compromised were the activities to be connected to ASD. Currently, ASIS and ASIO operate assumed identities on ASD's behalf, in accordance with the Crimes Act and other legislation governing the activities of these agencies. This means that it is the chief officer of ASIO or ASIS who is required to approve a request from ASD to acquire and use an assumed identity. In addition, a supervisor from either ASIO or ASIS must be appointed to oversee ASD's use of the assumed identity, even where ASIO or ASIS has no involvement in the activities or operations requiring the assumed identity.

Overview of the proposed amendments

225. Schedule 11 amends Part IAC of the Crimes Act to include ASD in the Assumed Identities scheme, with the ability to operate and use an assumed identity. However, the measure will not enable ASD to acquire evidence of an assumed identity. This is considered an appropriate limitation, as other agencies have the expertise to acquire evidence of an assumed identity and can perform this function on ASD's behalf. Enabling ASD officers to operate under an assumed identity when performing ASD's functions will protect national security capabilities.

226. The amendment places greater responsibility and accountability on the Director-General of ASD for ASD's use of assumed identities. This includes responsibility for ensuring the requirements in Part IAC of the Crimes Act are met, such as around record keeping and auditing. It is appropriate that ASD should have oversight and operational control of assumed identities used in the carrying out of its functions.

Human rights implications

227. To the extent that a person will be in Australia's territory or subject to its effective control, the rights in Articles 17 and 19 of the ICCPR and Articles 13 and 16 of the CRC may be engaged. This provision does not distinguish in its operation between adults and children, but is not intended to be directed towards children.

Right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC

228. This amendment engages the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR and Article 16 of the CRC. Article 17 of the ICCPR provides that no-one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. Article 16 of the CRC provides the same right with respect to the child. The term 'unlawful' means that no interference can take place except as authorised under domestic law. The use of the term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR or CRC (as applicable) and should be reasonable in the particular circumstances. This right may be subject to permissible limitations where those limitations are provided by law and are non-arbitrary. In order for limitations not to be arbitrary, they must be aimed at a legitimate objective and be reasonable, necessary and proportionate to that objective.

229. Including ASD in the Assumed Identities scheme does not expand ASD's ability to conduct activities which interfere with privacy. Rather, it clarifies the existing administrative arrangements, making clear the ability of ASD to operate and use assumed identities on its own behalf. ASD may only engage in conduct in the proper performance of its functions as set out in section 7(1) of the IS Act. ASD is also subject to direct ministerial control, consistent with the recommendations of the Hope Royal Commission. There will be no additional interferences with privacy arising from this amendment.

Right to freedom of expression in Article 19(2) of the ICCPR and Article 13 of the CRC

230. Article 19(2) of the ICCPR provides that everyone has the right to freedom of expression, including the freedom to impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art or through any other media. Article 13 of the CRC provides the same right in respect of the child. Both Article 19(2) of the ICCPR and Article 13 of the CRC provide that the right to freedom of expression carries with it special duties and responsibilities and may be limited on grounds including national security. However, any limitations must be prescribed by legislation and be reasonable, necessary and proportionate to achieve the desired purpose.

231. Including ASD in the Assumed Identities Scheme engages the right to freedom of expression by bringing ASD within the scope of existing offences concerning the disclosure of assumed identities. The Crimes Act 1914 provides that it is an offence:

for a person to disclose information that reveals or is likely to reveal that another person has acquired, will acquire or is using or has used an assumed identity, with a penalty of imprisonment for two years (basic offence)
for a person to disclose information where the person, in addition to fulfilling the elements of the basic offence, is reckless as to whether their conduct will endanger the health or safety of any person, a penalty of imprisonment for ten years (aggravated offence 1), and
for a person to disclose information where the person, in addition to fulfilling the elements of the basic offence, is reckless as to whether their conduct will prejudice the effective conduct of an investigation or intelligence-gathering in relation to criminal activity, a penalty of imprisonment for ten years (aggravated offence 2).

232. The offences seek to implement a legitimate objective, which is to protect sensitive procurement activities undertaken by ASD in accordance with its functions. If the protection of an assumed identity was not provided, there could be significant consequences for national security. ASD's activities could be prejudiced through revealing ASD's capabilities to persons of intelligence interest.

233. There is a rational connection between the measure and the limitation on the right to freedom of expression. Without the offence provisions, individuals would be able to freely reveal details of an assumed identity which would prejudice an activity pursued in the performance of the functions of ASD.

234. Freedom of expression and opinion is not restricted any more than necessary. When an assumed identity is authorised, the offences attach to the disclosure of material that would be inherently harmful to national security. For a person to be found guilty of the aggravated offences, the prosecution must prove beyond reasonable doubt that the person was aware of a substantial and not remote possibility that the information would endanger the life, health and safety of a person, or prejudice the effective conduct of an investigation or intelligence-gathering exercise. Further, the prosecution must prove that, having regard to those circumstances at the time of disclosure, it was reckless for the person to take that risk.

235. Further, there are numerous exceptions within existing subsection 15LC(4) of the Crimes Act that appropriately limit the application of the offences. According to that subsection, a person does not commit an offence if the disclosure is:

in connection with the administration or execution of Part IAC or a corresponding assumed identity law
for the purposes of any legal proceeding arising out of or otherwise related to Part IAC or a corresponding assumed identity law or of any report of any such proceedings
made by the Commonwealth Director of Public Prosecutions for the purposes of a legal proceeding
in accordance with the exercise of powers or performance of functions of a law enforcement agency or an intelligence agency, and
in accordance with any requirement imposed by law.

236. The scheme balances the need to protect national security with the public interest in ensuring that agencies are not acting improperly. The scheme maintains oversight and reporting mechanisms to ensure appropriate use of the assumed identities. The scheme includes safeguards against improper use of an assumed identity through section 15LB of the Crimes Act, which makes it an offence for an authorised person or authorised civilian to use or acquire evidence of an assumed identity if the person is reckless as to whether the acquisition or use is not in accordance with an authority or the course of duty, with a penalty of imprisonment for two years.

237. The scheme includes reporting requirements to ensure effective oversight. For example, in section 15LE of the Crimes Act, as soon as practicable after the end of each financial year, the chief officer of an intelligence agency must submit a report to the IGIS, including whether or not any fraud or other unlawful activity was identified by an audit under section 15LG during the year, the number of applications and any other information that the IGIS considers appropriate relating to authorities and assumed identities.

238. Additionally, the IGIS has broad powers under the IGIS Act to inquire into any matter relating to compliance by an intelligence agency with laws of the Commonwealth, the states and territories or with directions or guidelines issued by the responsible Minister, the propriety of its actions and the effectiveness and appropriateness of procedures relating to legality or propriety. Further, provisions in the legislation of oversight and accountability bodies confer immunity from criminal or civil liability upon persons who produce documents or provide information to the relevant body in accordance with an obligation to do so. For example, subsection 18(9) of the IGIS Act provides that a person is not liable to penalty under any law of the Commonwealth or of a territory by reason only of the person having given information, produced a document, or answered a question when required to do so in accordance with a written notice issued by the IGIS under subsection 18(1) of the IGIS Act.

239. On that basis, the limitation on the right to freedom of expression goes no further than is necessary, reasonable and proportionate to achieving a legitimate objective.

Schedule 12 - Authorities of other countries

Overview of current authorities of other countries

240. The IS Act currently includes the term 'authorities, of other countries' which is not defined.

Overview of proposed amendments

241. Schedule 12 provides that for a body to be an 'authority, of another country' for the purposes of the IS Act, it is not required that the body be established by a law of the country or be connected with an internationally recognised government of a country. This amendment does not introduce a comprehensive definition of the term; whether a body is an authority of another country will still need to be considered on a case-by-case basis.

242. This amendment is designed to displace any assumption that for a body to be an 'authority, of another country' it would need to be established by a law of the country or be controlled by, or connected to, the internationally recognised government of the country. The amendment clarifies that agencies can cooperate with authorities of a body or group which exercises effective or de facto control over all or a part of the country. This could occur in situations where the internationally recognised government of a country is disputed, disrupted or not in control of the whole of its territory.

243. The amendment does not disturb the ordinary meaning of the word 'authority'. This means that a body or group of persons must still be an 'authority' in order for agencies to be able to cooperate with them. An authority may include a body which is performing, or purporting to perform, one or more functions that are governmental in nature. It could also include a person or organisation having political or administrative power and control. The amendment ensures that, for the purposes of paragraph 13(1)(c), agencies can continue to cooperate with authorities of governments that may have temporarily lost power in their country (such as governments which have been removed by a coup) but are still performing, or purporting to perform, their governmental functions. It ensures that agencies can continue to seek ministerial approval to carry out their activities in countries which may not always have stable and functioning governmental authorities.

244. The amendment clarifies the interpretation of the term throughout the IS Act. For example, paragraph 13(1)(c) provides that agencies may cooperate with authorities of other countries where those authorities are approved by the responsible Minister as being capable of assisting the agency in the performance of its functions. The amendment is also relevant to other parts of the IS Act including, for example, paragraph 6(1)(d), subsection 11(2AA) and subsection 42(2).

Human rights implications

245. This Schedule does not engage human rights. The amendments merely clarify what an authority of another country is for the purposes of the IS Act. They do not expand the scope of agencies' powers.

Schedule 13 - ASIO authorisations

Overview of the current authorisation regime

246. Under subsection 24(2) of the ASIO Act, the Director-General of Security (or a senior position-holder appointed by the Director-General of Security under subsection (3)) may approve a person or class of persons to exercise the authority conferred by a relevant warrant or a relevant device recovery provision.

247. The ASIO Act does not specify whether subsection 24(2) accommodates an expansion to a class of persons subsequent to such an authorisation being made. Such a situation may arise if, for example, the Director-General of Security has approved a particular class of persons to exercise the authority conferred by a particular warrant and, subsequent to that approval being given, an additional position is created that is within the scope of the original approved class-the Act does not specify whether that additional position may exercise the authority conferred by the warrant.

248. Section 12 of the TIA Act, provides that the Director-General of Security (or an 'authorising officer') may approve persons to exercise the authority, on behalf of ASIO, under a Part 2-2 warrant. An 'authorising officer' is an ASIO employee or ASIO affiliate appointed by the Director-General of Security.

Overview of the proposed amendments

249. Schedule 13 amends section 24 of the ASIO Act to clarify that where the Director-General of Security, or a senior position-holder appointed by the Director-General, approves a person or class of persons holding, occupying or performing the duties of an office or position the approval extends to an office or position that comes into existence after the approval is given.

250. Schedule 13 also amends section 12 of the TIA Act to:

make clear the Director-General of Security, or an 'authorising officer', can approve a class of persons to exercise, on behalf of ASIO, the authority conferred by a Part 2-2 warrant; and
consistent with the amendments to section 24 of the ASIO Act, clarify that, under section 12 of the TIA Act, where the Director-General of Security, or an 'authorising officer', approves a person or a class of persons holding, occupying or performing the duties of an office or position to exercise the authority conferred by a Part 2-2 warrant, the approval extends to an office or position that comes into existence after the approval is given.

251. Schedule 13 also introduces a requirement that the Director-General of Security must ensure accurate records are kept of the person or persons who exercise the authority conferred by a relevant warrant or relevant device recovery provision under the ASIO Act or a warrant issued under Part 2-2 of the TIA Act. In the ASIO Act, a relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.

252. The record keeping requirement captures those people who actually exercise the authority conferred by such warrants or provisions, rather than all persons who are approved to exercise authority conferred by the warrant or provision. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or people who undertake activities to exercise the authority conferred by the warrant or provision and not the particular power that was exercised by the person pursuant to the warrant.

Human rights implications

253. These amendments do not engage human rights, as the ability to approve a person or a class of person to exercise the authority conferred by a warrant, or for records to be kept of those who exercise the authority conferred by a warrant, does not affect the scope or types of activities that can be undertaken under such a warrant. As such, the amendments are administrative in nature only and this Schedule does not engage human rights.

Schedule 14 - Amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018

254. Schedule 14 contains minor amendments which do not engage international human rights obligations.

Conclusion

255. The Bill is compatible with human rights because it promotes the protection of human rights. To the extent that it may limit human rights, those limitations are reasonable, necessary and proportionate in achieving a legitimate objective.

Notes on Clauses

Preliminary

Clause 1 - Short title

1. This clause provides for the short title of the Act to be the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2021.

Clause 2 - Commencement

2. This clause provides for the commencement of each provision in the Bill, as set out in the table. Schedules 1-8 and 11-14 will commence the day after the Act receives the Royal Assent.

3. Schedule 9 will commence at the later of:

the day after the Act receives the Royal Assent, or
the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021.

4. The provisions in Schedule 9 do not commence at all if the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021 does not occur.

5. Part 1 of Schedule 10 will commence the day after the Act receives the Royal Assent.

6. Each of Parts 2 and 3 of Schedule 10 will commence on a single day to be fixed by Proclamation. However, if the provisions do not commence within the period of 6 months beginning on the day after the Act receives the Royal Assent, they commence on the day after the end of that period.

7. Part 4 of Schedule 10 will commence at the later of:

the commencement of the provisions at Part 2 of Schedule 10, or
the commencement of item 136 of Schedule 1 to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Act 2021.

8. The provisions in Part 4 of Schedule 10 do not commence at all if the commencement of item 136 of Schedule 1 to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Act 2021 does not occur.

Clause 3 - Schedules

9. Each Act specified in a Schedule to this Act is amended or repealed as is set out in the applicable items in the Schedule. Any other item in a Schedule to this Act has effect according to its terms.

Schedule 1 - Emergency authorisations

Intelligence Services Act 2001

Overview

10. This Schedule implements recommendation 52 of the Comprehensive Review. Consistent with recommendation 16(e) of the IIR, the Comprehensive Review identified that the emergency authorisation provisions in the IS Act require amendment to address situations where it is reasonable to believe that an Australian person consents to the production of intelligence by an IS Act Agency on that person. The IIR described the issue in the following terms: These are operations where it is in the interests of the Australian person that the capabilities of the [IS Act] agencies be used to produce intelligence about their activities or whereabouts. The clearest example is where an Australian is kidnapped or taken hostage, and could also include situations where an Australian person is in arbitrary detention overseas. At present ASIS and ASD are required to seek [ministerial authorisation] before undertaking any activity to produce intelligence which may, for example, help identify where that person may be, who may have kidnapped them and what intermediaries may be involved. In these types of circumstances, time can be of the essence and the [ministerial authorisation] process, including the emergency authorisation provisions, can be an unnecessary delay.[8]

11. Both Reviews recommended permitting IS Act Agencies to act immediately and without a ministerial authorisation in situations where it is reasonable to believe that an Australian person consents to the IS Act Agency producing intelligence on that person.

12. Currently, section 8 of the IS Act provides that the Ministers responsible for ASIS, ASD and AGO must issue a written direction requiring the respective agency to obtain an authorisation from the responsible Minister before undertaking certain activities, including activities for the specific purpose of producing intelligence on an Australian person. Ministerial authorisations are an exercise of a Minister's supervisory responsibilities for an agency. In an emergency, agencies may obtain an authorisation from one of several Ministers listed in the IS Act, or if none of the listed Ministers are readily available or contactable, from the agency head.

13. Subsection 9(1) of the IS Act provides preconditions which a Minister must be satisfied of prior to giving an authorisation. Subsection 9(1A) provides additional considerations for activities regarding Australian persons. Additional requirements apply, under paragraph 9(1A)(b), if the Australian person, or class of Australian persons, is or is likely to be involved in an activity or activities that are or are likely to be a threat to security. Sections 9A to 9C contain a series of additional legal frameworks under which authorisation may be given in an emergency.

14. The Intelligence Services Legislation Amendment Act 2005 inserted section 9A to the IS Act to address circumstances where there is a need for an agency to undertake activities concerning an Australian person in an emergency and the responsible Minister for the agency is not readily contactable or available. Section 9A in its current form provides that the Prime Minister, Minister for Defence, Minister for Foreign Affairs, the Attorney-General or the Minister (ASIO Minister) responsible for administering the Australian Security Intelligence Organisation Act 1979 (ASIO Act) may give a ministerial authorisation in these circumstances.

15. Section 9A was amended, and sections 9B and 9C were inserted, by the Counter-Terrorism Legislation Amendment Act (No 1) 2014. The amendment to section 9A enabled the authorisation to be issued orally, in line with a number of other emergency authorisation or warrant based provisions, including those applicable to law enforcement warrants authorising the searching of premises, the interception of telecommunications and the use of surveillance devices.

16. Section 9B was designed to provide contingency arrangements, in the event that none of the relevant Ministers are readily available or contactable, and there is an urgent need to collect intelligence. It enables an agency head to give an authorisation where necessary or desirable, and where failure to undertake the relevant activities is likely to have serious adverse consequences for security or the life or safety of a person. Specifically, the agency head is required to be satisfied that if the activity or series of activities is not undertaken before an authorisation is given under sections 9 or 9A, security (within the meaning of the ASIO Act) will be or is likely to be prejudiced or there will be, or is likely to be, a serious risk to a person's safety.

17. Section 9C was inserted in the IS Act to apply to emergency authorisations under both section 9A and section 9B, where agreement of the Attorney-General is required to be obtained. This was to address circumstances where the Attorney-General may not be readily available or contactable to provide his or her agreement to the making of an authorisation in cases involving a threat to security. Section 9C enabled an authorisation to be given without obtaining the agreement of the Attorney-General where the agency head obtains the agreement of the Director-General of Security to the authorisation being given without the agreement of the Attorney-General. The only exception to this requirement is where the agency head is satisfied that the Director-General of Security is not readily available or contactable. Notification of the Attorney-General and the ASIO Minister is required before the end of eight hours after an authorisation is given under sections 9A or 9B. Notification of the Inspector-General of Intelligence and Security (IGIS) is to occur as soon as practicable, and no later than 3 days after an authorisation is given under sections 9A or 9B. The IGIS is required to consider compliance with section 9C, provide the responsible Minister with a report on the agency head's compliance with the section and provide a copy of the conclusions of the report to the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

18. For example, in a hostage situation in certain overseas locations, a close foreign partner may have the capability to react quickly to locate and seek to effect the release of the Australian person. It is likely, in such a situation, the foreign partner will contact one or more Australian intelligence agencies seeking information to assist in locating the Australian person. The activity required to locate the person is likely to be an activity to produce intelligence on the person for the purposes of the agency Minister's direction under subsection 8(1) of the IS Act, which would require the Minister's prior written authorisation. In such a situation, time is of the essence, and a delay of even 30 minutes could be the difference between the opportunity arising and being lost.

19. The emergency arrangements in sections 9A and 9B do not necessarily lend themselves to action within such a timeframe, particularly where the need for the authorisation arises overseas. As the IS Act Agencies respond to emergencies overseas, the requirement for ministerial or emergency authorisation often arises late at night or in the early hours of the morning in Australia, which can result in additional delays in securing the necessary authorisation.

Item 1 - Paragraph 8(1)(a)

20. This item reflects the inclusion of new section 9D which permits IS Act Agency heads or their delegates to make a decision to produce intelligence on an Australian person, without first obtaining authorisation from a Minister, where there is an imminent risk to the safety of an Australian person.

Item 2 - After section 9C

21. This item inserts section 9D, entitled 'Authorisations in an emergency - imminent risk to safety of an Australian person'.

When this section applies

22. Subsection 9D(1) sets out the circumstances in which the section can apply. Under this subsection, the agency head must be satisfied that:

there is, or is likely to be, an imminent risk to the safety of an Australian person who is outside of Australia. An imminent risk may arise in situations where, for example, an Australian person is involved in a hostage or kidnap situation, an ongoing terrorist attack or a mass casualty attack
it is necessary or desirable to undertake an activity, or series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on the Australian person
it is not reasonably practicable to obtain the person's consent to the agency producing that intelligence, for example, because: the person is uncontactable; delaying the production of intelligence to obtain the person's consent would result in an unacceptable risk of the harm crystallising; the process of obtaining the consent would compromise the operational security of the agency, and
having regard to the nature and gravity of the risk, it is reasonable to believe that the person would consent to the agency producing that intelligence if the person were able to do so.

Authorisation

23. Subsection 9D(2) sets out the circumstances in which the agency head can give an authorisation for the activity or series of activities, including that it may be given orally or in writing. Paragraph 9D(2)(a) requires the agency head to be satisfied that the facts of the case would justify the responsible Minister giving an authorisation under section 9 because the agency head is satisfied that the conditions in subsections 9(1) and 9(1A) (apart from paragraph 9(1A)(b)) are met.[9]

24. The requirement in paragraph 9D(2)(a) for the agency head to be satisfied that the conditions in subsection 9(1) and paragraph 9(1A)(a)[10] are met qualifies the circumstances in which an authorisation can be given under section 9D.

25. Paragraph 9D(2)(b) requires the agency head to be satisfied that the responsible Minister would have given the authorisation.

Conditions on authorisation

26. Subsection 9D(3) provides that an emergency authorisation is subject to any conditions specified by the agency head. Where an authorisation is given orally, the agency head may also specify conditions orally.

Agency head to record and notify

27. By virtue of subsection 9D(4), as soon as practicable after giving the authorisation, and within 8 hours, the agency must notify the responsible Minister of the authorisation, either orally or in writing. The 2017 Review recommended that the agency head be required to advise the responsible Minister within 48 hours,[11] but this notification timeframe has been reduced to within 8 hours after giving the authorisation, as an additional safeguard. This timeframe is also consistent with the 8 hour notification requirement for emergency authorisations made by agency heads where the Ministers specified in subsection 9A(3) are unavailable.

28. The agency head must also comply with the requirements in subsection 9D(5) as soon as practicable after giving the authorisation, and no later than 48 hours after the authorisation is given. Subsection 9D(5) requires the agency head to:

ensure that any oral authorisation is recorded in writing
ensure that a summary of the facts of the case that the agency head was satisfied justified giving the authorisation is recorded in writing
give the responsible Minister a copy of the authorisation, a summary of the facts of the case that the agency head was satisfied justified giving the authorisation, and an explanation of the Minister's responsibility under subsection (6) to consider whether to cancel the authorisation
give the IGIS a copy of the authorisation and a summary of the facts of the case that the agency head was satisfied justified giving the authorisation, and
if the Australian person is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, give to the ASIO Minister and the Attorney-General a copy of the authorisation and a summary of the facts of the case that the agency head was satisfied justified giving the authorisation.

29. The requirement to comply 'as soon as practicable' denotes an intention that requirements in subsection 9D(5) must be satisfied as soon as possible after the authorisation is given, unless the first (or subsequent) available opportunity is not feasible or viable in the circumstances of the particular case.

30. These requirements ensure that records are made of emergency authorisations, while accommodating the legitimate operational need for flexibility in the form in which such authorisations are issued. The ministerial and IGIS notification requirements ensure that the responsible Minister, the IGIS and, in cases involving a threat to security, the Attorney-General and the ASIO Minister, are afforded an opportunity to exercise their statutory oversight powers in relation to an emergency authorisation, and the activities carried out in reliance upon it.

31. These requirements apply even if an emergency authorisation is cancelled by the agency head under subsection 9D(12) before the responsible Minister has been notified.

Role of responsible Minister

32. Subsection 9D(6) requires that the Minister, after being notified under paragraph (5)(c), must as soon as practicable consider whether to cancel the authorisation. The purpose of this requirement is to ensure that the Minister considers whether the authorisation given by the agency head under section 9D should continue to have effect.

33. Subsection 9D(7) requires that if the Attorney-General is notified under paragraph 5(e) (that an Australian person is, or is likely to be, involved in activities that are, or are likely to be, a threat to security), the responsible Minister must have regard to any advice given by the Attorney-General when making the decision whether to cancel the authorisation under subsection (6).

Role of IGIS

34. Subsection 9D(8) requires that within 30 days of the IGIS being given documents by the agency head under subsection 9D(5), the IGIS must consider whether the agency head complied with the requirements of the section, provide the responsible Minister with a report on the IGIS's views on the extent of the agency head's compliance, and give the PJCIS a copy of the conclusions in the report.

35. Under the IGIS Act, the functions of the IGIS include ensuring that the agencies act legally and with propriety, comply with ministerial guidelines and directives, and respect human rights. The requirement for the IGIS to provide the responsible Minister with a copy of its report, and the PJCIS with a copy of the conclusions in the report, supports and facilitates appropriate ministerial control and parliamentary oversight of the agencies under this provision.

Period of effect of authorisation

36. Subsection 9D(9) provides that the authorisation ceases to have effect at the earliest of the circumstances specified in paragraphs (a)-(e). Paragraph (a) provides that the authorisation ceases to have effect at the end of six months, starting on the day the authorisation is given. Paragraph (b) provides that the authorisation ceases to have effect after a period specified in the authorisation. Paragraph (c) provides that the authorisation ceases at the time that the responsible Minister cancels it under subsection 9D(10). Paragraph (d) provides that the authorisation ceases to have effect at the time that the agency head cancels it under subsection 9D(12).

37. Paragraph (e) provides that an authorisation under section 9D ceases to have effect if a ministerial authorisation or emergency authorisation, under section 9, 9A or 9B, is given for the same activity or series of activities. Paragraph (e) facilitates the transition of authority for activities from a section 9D authorisation to a more regular authorisation under sections 9, 9A or 9B.

Cancellation by responsible Minister

38. Subsection 9D(10) provides that the responsible Minister may, in writing, cancel the authorisation. Subsection (11) provides that, should the responsible Minister cancel the authorisation under subsection (10), the Minister must as soon as practicable give written notice of the cancellation to the IGIS, and the ASIO Minister and Attorney-General if applicable under paragraph (5)(e). This ensures that the power to cancel the authorisation can be exercised at any time, and allows the Minister to exercise oversight and control as appropriate.

Cancellation by agency head

39. Subsection 9D(12) provides that the agency head must, in writing, cancel the authorisation if satisfied that there is not, and is not likely to be, a significant risk to the safety of the Australian person. The requirement for the agency head to cancel the authorisation where that risk has subsided is an important safeguard to protect the privacy of Australian persons.

40. The distinction between the threshold for giving the authorisation (that the risk to the safety of the Australian person be 'imminent') and the requirement for cancelling the authorisation (where the risk is no longer, and is not likely to be, 'significant') reflects that there may be situations where it is important that intelligence continue to be gathered while the risk remains significant, even if, in the circumstances, that risk may no longer be imminent.

41. For example, where an Australian person has been taken hostage overseas, the agency head may be satisfied that there is an imminent risk to the safety of that person (and of the other statutory criteria) and issue a section 9D authorisation. Should a ransom demand be received, it is arguable that the imminence of the risk to the person's safety has receded while the request remains outstanding. However, the risk may remain significant, and it is entirely possible that the risk may again become imminent at any moment. In such a case, it would be appropriate for the agency to continue to provide intelligence on the Australian person throughout the chain of events, to maximise the ability of the Australian Government to ensure the person's safety.

42. The note at the end of subsection (12) provides that the agency head may cancel the authorisation in other circumstances in accordance with subsection 33(3) of the Acts Interpretation Act 1901.

43. Subsection 9D(13) sets out oversight arrangements for cancellations by an agency head under subsection 9D(12). It provides that the agency head must, as soon as practicable, give written notice of the cancellation to the responsible Minister, the IGIS, and, if required under paragraph (5)(e), the ASIO Minister and Attorney-General, if relevant.

Delegation

44. Subsection 9D(14) provides that an agency head may delegate, in writing, to a staff member (other than a consultant or contractor), all or any of the powers, functions or duties of the agency head under section 9D. Subsection (15) provides that in exercising any power or function when discharging a duty under a delegation, the delegate must comply with any written direction of the agency head.

45. ASIS, ASD and AGO operate in a range of operational environments, including overseas. The ability for the heads of these agencies to delegate their powers to staff members is necessary to ensure that each agency is able to act swiftly to protect Australian persons who are at imminent risk of harm overseas. The fact that this power must be expressly delegated, rather than given to all staff members, ensures that only those staff members that the agency head considers to be appropriately qualified to make such a significant decision will be authorised.

Relationship with the Acts Interpretation Act 1901

46. Subsection 9D(16) clarifies that section 9D does not limit subsection 33(3) of the Acts Interpretation Act 1901 to the extent that it applies to an authorisation given under section 9D. Subsection 33(3) provides that where an Act confers a power to make, grant or issue any instrument of a legislative or administrative character (including rules, regulations or by-laws) the power shall be construed as including a power exercisable in the same manner and subject to the same conditions (if any) to repeal, rescind, revoke, amend, or vary that instrument.

Status of instruments

47. Subsection 9D(17) provides that the following are not legislative instruments within the meaning of section 8 of the Legislation Act 2003:

an authorisation given in writing under subsection 9D(2)
a written notice given under subsection (4) (an agency head notification of the authorisation to the responsible Minister), (5) (record made, or summary, or explanation given), (11) (notice of the cancellation by the Minister) or (13) (notice of the cancellation by the agency head)
a cancellation under subsections (10) or (12) (a cancellation by the responsible Minister or agency head, respectively), and
a report by the IGIS under subsection 9D(8).

Item 3 - Subsections 10A(1) and (4)

48. This item amends subsections 10A(1) and (4) to include activities carried out in relation to an authorisation under section 9D. This ensures that an agency head must give the responsible Minister a written report in respect of each activity or series of activities carried out by the agency in relation to an authorisation under section 9, 9A, 9B or section 9D, and that any report must be provided to the Minister as soon as practicable, but no later than one month after the day the authorisation ceases to have effect.

Item 4 - Application of amendments

49. This item provides that the amendments made by this Schedule apply in relation to activities or a series of activities undertaken after the commencement of this Schedule.

Schedule 2 - Authorisations relating to counter-terrorism

Intelligence Services Act 2001

Overview

50. This Schedule amends the IS Act to enable ASIS, AGO and ASD to apply for a ministerial authorisation to produce intelligence on a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation. This extends the current provisions which allow those agencies to apply for a ministerial authorisation to produce intelligence on an Australian person, but not a class of Australian persons.

51. This Schedule implements recommendation 45 of the Comprehensive Review. Consistent with recommendation 16(a) of the IIR, the Comprehensive Review found that existing provisions of the IS Act do not meet contemporary security needs given the seriousness of the international terrorism threat and the number of Australians with connections to terrorist groups. As both Reviews recognised, counter-terrorism class ministerial authorisations will allow IS Act Agencies to respond expeditiously to threats from previously unidentifiable individuals, such as lone-actor attackers.

52. The Comprehensive Review recommended that the class ministerial authorisation regime apply to persons involved with a 'proscribed' terrorist organisation, being an organisation that is specified in regulations for the purposes of paragraph (b) of the definition of 'terrorist organisation' in subsection 102.1(1) of the Criminal Code. This is also known as a 'listed terrorist organisation', as defined in section 100.1(1) of the Criminal Code. Specifically defining the class with reference to listed terrorist organisations ensures that individuals who are identified as falling within the class are relevant to security.

Item 1 - Section 3

53. This item inserts definitions of 'listed terrorist organisation' and 'involved with a listed terrorist organisation'.

54. 'Involved with a terrorist organisation' has a meaning affected by new subsection 9(1AAB). New subsection 9(1AAB) lists particular activities in which a person is taken to be involved with a listed terrorist organisation, but does not limit the circumstances in which a person is involved with a listed terrorist organisation.

55. 'Listed terrorist organisation' has the same meaning as in subsection 100.1(1) of the Criminal Code. That is, an organisation that is specified by the regulations for the purposes of paragraph (b) of the definition of terrorist organisation in section 102.1 of the Criminal Code.

Item 2 - After subparagraph 8(1)(a)(i)

56. This item inserts new subparagraph 8(1)(a)(iaa) to require the Ministers responsible for ASIS, ASD and AGO to direct those agencies to obtain an authorisation before undertaking an activity, or a series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on one or more members of a class of Australian persons. This extends the current provisions, which enable the agencies to obtain an authorisation to produce intelligence on an Australian person, but not a class of Australian persons.

57. Before giving the new class authorisation, the preconditions in existing subsection 9(1) (ministerial authorisation) of the IS Act must be satisfied, in addition to the new requirements in subsection 9(1AAA) set out in item 3 below. The matters listed in subsection 9(1) include, amongst other things:

that the activities will be necessary for the proper performance of the agency's functions, and
that there are satisfactory arrangements in place to ensure that nothing will be done beyond what is necessary for the proper performance of the agency's functions.

Item 3 - After subsection 9(1A)

58. This item inserts new subsection 9(1AAA) after subsection 9(1A) to provide the two additional requirements that must be met before a Minister can give an authorisation for an activity, or series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) (see item 2 above). These requirements are that the Minister must:

be satisfied that the class of Australian persons is, or is likely to be, involved with a listed terrorist organisation, and
obtain the agreement of the Attorney-General.

59. The agreement of the Attorney-General is subject to subsection 9(1AA) of the IS Act. As amended by item 5 below, subsection 9(1AA), will provide that the Attorney-General may, in writing:

specify classes of Australian persons who are, or are likely to be:

o
involved in an activity or activities that are, or are likely to be, a threat to security, or
o
involved with a listed terrorist organisation, and

give his or her agreement in relation to any Australian person in that specified class.

60. This item also inserts new subsection 9(1AAB) which provides guidance on the meaning of 'involved with a listed terrorist organisation', but does not limit the circumstances in which a person is involved with a listed terrorist organisation. A person is taken to be involved in a listed terrorist organisation if the person:

directs, or participates in the activities of, the organisation
recruits a person to join, or participate in the activities of, the organisation
provides training to, receives training from, or participates in training with, the organisation
is a member of the organisation (within the meaning of subsection 102.1(1) of the Criminal Code)
provides financial or other support to the organisation, or
advocates for, or on behalf of, the organisation.

61. Some examples of activities that would be captured under the concept of providing 'support' include logistical support, or actively engaging in advocacy for, or on behalf of, a terrorist organisation. The concept is not intended to capture mere sympathy for the general aims or ideology of an organisation.

62. Subsection 9(1AAB) does not set a minimum threshold for the degree to which a person must be 'involved with' a terrorist organisation. For example, paragraph 9(1AAB)(e) does not specify a minimum quantum of financial support or the level of non-financial support that a person must provide before they may be considered to be 'involved with' a listed terrorist organisation, such that ASIS, ASD or AGO may obtain ministerial authorisation. It is appropriate that the IS Act Agencies be permitted to obtain a ministerial authorisation in order to investigate intelligence, leads, tip-offs, or indications that a person may be providing a small amount of support to a listed terrorist organisation.

63. Similarly, the categories in subsection 9(1AAB) provide guidance on, but do not limit, the circumstances in which a person will be taken to be involved with a listed terrorist organisation. There may be unique situations where, considering all of the facts and circumstances, a person could be involved with a listed terrorist organisation even if their activities do not fall within those listed in subsection 9(1AAB).

64. Pursuant to subsection 11(1) of the IS Act, the functions of the agencies are to be performed only in the interests of Australia's national security, Australia's foreign relations or Australia's national economic well-being and only to the extent that those matters are affected by the capabilities, intentions or activities of people or organisations outside Australia.

65. The exercise of this new ability for IS Act Agencies to apply for class authorisations with respect to Australians involved with a listed terrorist organisation is subject to independent oversight. Pursuant to section 8 of the IGIS Act, the functions of the IGIS include inquiring into any matter that relates to the compliance of an agency with the laws of the Commonwealth (including subsection 11(1) of the IS Act) and the propriety of particular activities of an agency.

Item 4 - Subsection 9(1AA)

66. This item amends subsection 9(1AA) to ensure that the Attorney-General's agreement under that subsection does not limit new paragraph 9(1AAA)(b) which requires the Minister to obtain the agreement of the Attorney-General before a Minister may give a class authorisation in relation to persons who are, or likely to be, involved in a listed terrorist organisation.

Item 5 - Paragraph 9(1AA)(a)

67. This item repeals paragraph 9(1AA)(a) and substitutes it with a new paragraph. The new paragraph will enable the Attorney-General to specify classes of Australian persons who are, or are likely to be, involved with a listed terrorist organisation. The Attorney-General's existing ability in paragraph 9(1AA)(a), to specify classes of Australian persons who are, or are likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, will be retained in the new paragraph (a).

Item 6 - Paragraph 9(1AB)(a)

68. This item amends paragraph 9(1AB)(a) to extend the provision enabling the Attorney-General to give his or her agreement in accordance with subsection 9(1AA), to relate to an authorisation for an activity, or a series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) - the new counter-terrorism class authorisation.

Item 7 - Subsection 9(4)

69. This item amends subsection 9(4) by inserting a reference to subparagraph 8(1)(a)(iaa) (see item 2 above). It requires that the period of effect specified in the new counter-terrorism class authorisation must not exceed six months, consistent with the period of effect for other ministerial authorisations for producing intelligence on Australian persons.

Item 8 - Paragraph 9(5)(b)

70. Paragraph 9(5)(b) requires an agency head to ensure that any record or copy of an agreement given by the Attorney-General under paragraph 9(1A)(b) (including any agreement given in accordance with subsection (1AA)), in respect of activities which involve the Australian person, or the class of Australian persons, who is or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, is kept by the agency and available for inspection on request by the IGIS.

71. This item amends paragraph 9(5)(b) to also require an agency head to ensure that any record or copy of an agreement given by the Attorney-General under new paragraph (1AAA)(b) (see item 3 above), with respect to a class of Australian persons involved, or likely to be involved, with a listed terrorist organisations, is kept by the agency and made available to the IGIS on request.

Item 9 - Subsection 9(6)

72. Existing subsection 9(6) provides that a request under paragraph (1)(d), an agreement under paragraph (1A)(b) (if in writing), a request under subsection (5) (if in writing), and an authorisation under this section, are not legislative instruments.

73. This item provides amends subsection (6) to also provides that agreement of the Attorney-General under paragraph 9(1AAA)(b) is not a legislative instrument. That agreement is administrative in character as it outlines how the law has been applied rather than the content of the law itself. The provision is merely declaratory of the law, rather than prescribing substantive exemptions from the requirements of the Legislation Act 2003.

Item 10 - Paragraph 9A(1)(a)

74. Existing sections 9A, 9B and 9C of the IS Act enable authorisations to be given in an emergency by Ministers and agency heads. However, emergency authorisations are not available for an activity or a series of activities of a kind mentioned in subparagraph 8(1)(a)(ia) or (ib), which relate to class authorisations to provide assistance to the Defence Force.

75. This item amends paragraph 9A(1)(a) to exclude the new counter-terrorism class authorisation from the emergency authorisation framework in sections 9A, 9B and 9C. Neither Ministers nor the heads of agencies will be able to give an emergency class authorisation to produce intelligence on a class of Australian persons involved, or likely to be involved, in a listed terrorist organisation.

76. Excluding the new counter-terrorism class authorisation from the emergency authorisation framework is an additional safeguard to ensure the responsible Minister considers class ministerial authorisations in all cases.

Item 11 - Subsection 10(1A)

77. Existing subsection 10(1A) limits renewal of certain ministerial authorisations under the IS Act to a period not exceeding six months.

78. This item amends subsection 10(1A) to include the new counter-terrorism class authorisation. It will ensure that the renewal or any subsequent renewal of any authorisation given under section 9 in relation to subparagraph 8(1)(a)(iii) allowing an agency to produce intelligence on a class of Australian persons involved with a listed terrorist organisation must be for a period not exceeding six months. This is consistent with other ministerial authorisations for producing intelligence.

Item 12 - After section 10

79. This item inserts new section 10AA to impose additional oversight and reporting requirements.

80. Subsection (1) provides that new section 10AA applies to the new counter-terrorism class ministerial authorisation under subparagraph 8(1)(a)(iaa) and the existing class authorisations to provide assistance to the Defence Force in subparagraphs 8(1)(a)(ia) and (ib).

81. Subsection (2) requires the agency head to ensure that a list is kept that:

identifies each Australian person in relation to whom the agency intends to undertake activities, or a series of activities under the authorisation,
gives an explanation of the reasons why the agency believes the person is a member of the class, and
includes any other information that the agency head considers appropriate.

82. The agency head is not personally required to keep the list but is responsible for ensuring that the list is maintained.

83. Subsection (3) requires that, where the Attorney-General's agreement is obtained in relation to a relevant class authorisation, the agency head must ensure that the Director-General of Security is provided with a copy of the list and written notice when any additional Australian person is added to the list. This subsection recognises the role of ASIO in conducting security intelligence operations and ensures that ASIO has visibility of individuals who have been identified as relevant to security.

84. Subsection (4) requires the agency head to ensure that the list is available for inspection by the IGIS on request.

85. Subsection (5) provides that the list is not a legislative instrument within the meaning of section 8 of the Legislation Act 2003. The list is administrative in character as it outlines how the law has been applied rather than the content of the law itself. These subsections are merely declaratory of the law, rather than prescribing substantive exemptions from the requirements of the Legislation Act 2003.

Item 13 - Subsection 10A(3)

86. This item repeals existing subsection 10A(3) and substitutes it with a new subsection 10A(3). The subsection adds activities, or a series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) - relating to the new counter-terrorism class authorisation - to the list of activities, or series of activities, that an agency head is required to report on to the Minister. Currently, the reporting requirement applies to activities undertaken under subparagraph 8(1)(a)(ia) and (ib), which relate to the existing class authorisations to provide assistance to the Defence Force.

87. Consistent with current arrangements, subsection 10A(3) requires the report to be provided to the Minister no later than three months after the day on which the relevant authorisation ceased to have effect and the day on which the relevant authorisation was renewed.

88. The Comprehensive Review and IIR recommended that agencies should have to report to the responsible Minister within six months of the original counter-terrorism class authorisation. As ministerial authorisations may remain in force for up to six months, in some circumstances this would amount to a requirement for agencies to provide a report to the Minister on activities undertaken before the authorisation has ceased to have effect. The requirement to provide the report within three months after the day on which the relevant authorisation ceased to have effect, or was renewed, will allow agencies to report on the whole period during which activities may have been undertaken.

89. This item also creates a new requirement for the report to be accompanied with a statement identifying each Australian person who was included on the list (referred to in section 10AA), and therefore subject to the relevant class authorisation.

Schedule 3 - Authorisations for activities in support of the Australian Defence Force

Intelligence Services Act 2001

Overview

90. This Schedule amends section 8 of the IS Act by enabling ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on one or more members of a class of Australian persons when the agencies are operating in the course of providing assistance to the ADF in support of military operations and when cooperating with the ADF on intelligence matters.

91. This Schedule implements recommendation 46 of the Comprehensive Review. Consistent with recommendation 16(b) of the IIR, the Comprehensive Review identified that, under the existing legislation, class authorisations for activities in support of the ADF can only be issued by the Minister for Foreign Affairs in respect of ASIS. There are no corresponding provisions enabling ASD and AGO to seek authorisation to produce intelligence on a class of Australian persons. This is despite the IS Act explicitly providing that it is a function of both agencies to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters (see sections 6B(1)(g) and 7(1)(d) of the IS Act).

92. The Comprehensive Review and IIR recommended that all IS Act Agencies be able to obtain an authorisation to produce intelligence on one or more members of a class of Australian persons when providing assistance to the ADF in support of military operations.

93. The Comprehensive Review also stated that additional safeguards should apply to class authorisations in support of the ADF. Schedule 2 (Authorisations relating to counter-terrorism) inserts additional safeguards for all class authorisations in the IS Act. This means that, consistent with other class authorisations, class authorisations in support of the ADF will have:

a maximum duration of six months
a requirement for the IS Act Agency to maintain a current list of all individuals on whom it sought to produce intelligence under the class authorisation with reasons why it believed the individual to be part of the class
a requirement for the IS Act Agency to make the list available for inspection and review by the IGIS, who may provide advice to the agency head and responsible minister, and
a requirement for the IS Act Agency to report to its responsible minister within three months of the authorisation ceasing.

Item 1 - Subparagraph 8(1)(a)(ia)

94. This item amends subparagraph 8(1)(a)(ia) to include activities undertaken by AGO and ASD in accordance with their functions in paragraph 6B(1)(g) and paragraph 7(1)(d) in the ministerial directions framework for producing intelligence on one or more members of a class of Australian persons.

95. Paragraph 6B(1)(g) provides that it is a function of AGO to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters.

96. Likewise, paragraph 7(1)(d) provides that it is a function of ASD to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters.

97. The ministerial directions framework in section 8 of the IS Act requires agencies to obtain an authorisation under section 9, 9A or 9B before undertaking activities referred to in subparagraph 8(1)(a)(ia). The effect of amending subparagraph 8(1)(a)(ia) by including reference to paragraphs 6B(1)(g) and 7(1)(d) is to require the Ministers responsible for ASIS, ASD and AGO to direct those agencies to obtain authorisation before undertaking activities for the purpose of producing intelligence on one or more members of a class of Australian persons in the course of providing assistance to the ADF in support of military operations and when cooperating with the ADF on intelligence matters.

Schedule 4 - Authorisations for producing intelligence on Australians

Intelligence Services Act 2001

Overview

98. This Schedule implements recommendation 41 of the Comprehensive Review by inserting a definition of 'prescribed activity' and providing a new section which outlines what it means to 'produce intelligence' on an Australian person, or one or more members of a class of Australian persons.

99. Under section 8 of the IS Act, IS Act Agencies are required to obtain ministerial authorisation prior to undertaking an activity, or series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person.

100. Currently, the term 'producing intelligence' is not defined in the IS Act. However, in practice, it has been taken to encompass a wider range of activities than those which would require ASIO to obtain a warrant under the ASIO Act.

101. The Comprehensive Review, consistent with recommendation 16(d) of the IIR, identified that the original intention of the ministerial authorisation regime in the IS Act was to require IS Act Agencies to obtain a ministerial authorisation to use covert and intrusive intelligence collection capabilities in relation to an Australian person overseas, particularly where that collection method would require a warrant if conducted in Australia. However, in its current form, agencies are required to seek ministerial authorisations in broader circumstances than originally envisaged. Providing an appropriate definition of what is meant by 'producing intelligence' ensures that ministerial authorisations relate only to the use of covert and intrusive intelligence collection capabilities.

102. Consistent with recommendation 16(d) of the 2017 Review, this Schedule also amends the definition of 'intelligence information'.

103. Subsection 15(5) of the IS Act provides that IS Act Agencies must not communicate 'intelligence information' concerning Australian persons, except in accordance with the Privacy Rules issued by their responsible Minister. When the IS Act was enacted, the definition of 'intelligence information' meant information obtained by ASIS or ASD under those agencies' intelligence collection functions. This definition was then amended by the Intelligence Services Legislation Amendment Act 2005, which extended the definition in respect of ASIS to include all information obtained by ASIS in the performance of its functions. This amendment had the unintended consequence of extending the application of the Privacy Rules to a wide range of routine information obtained by ASIS, for example, the sharing of media articles about Australians, or the curricula vitae of visiting Australians to partner agencies.

104. Providing an appropriate definition of 'intelligence information' ensures that the Privacy Rules apply only to intelligence produced via agencies' intelligence collection capabilities and not to routine, publicly available information.

Item 1 - Section 3 (paragraphs (a), (b) and (c) of the definition of intelligence information )

105. This item removes the word "information" (wherever occurring) in the definition of 'intelligence information' and substitutes "intelligence". This clarifies that the definition is only intended to apply to intelligence obtained by agencies and not to routine, publicly available information. Consequently, the responsible Minister's rules to protect the privacy of Australians, made under section 15, regulate the communication and retention of 'intelligence', as opposed to 'information'.

Item 2 - Section 3

106. This item inserts a definition for the term 'prescribed activity.' The definition is that provided for at the new subsection 8(1B).

Item 3 - After subsection 8(1)

107. This item introduces new subsections 8(1A) and 8(1B). These subsections provide the meaning of 'producing intelligence,' in the sense of an agency undertaking an activity, or a series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person within the parameters of paragraph 8(1)(a) (ministerial directions).

108. Subsection 8(1A) provides that an agency is producing intelligence on an Australian person or a class of Australian persons only if:

the agency undertakes a 'prescribed activity' (defined in subsection 8(1B)) to obtain that intelligence, or
the agency expressly or impliedly requests an authority referred to in paragraph 13(1)(c) (authorities of other countries) to undertake a prescribed activity to obtain that intelligence.

109. The effect of paragraph 8(1A)(a) is that an agency produces intelligence by undertaking a covert and intrusive activity. An agency does not produce intelligence merely by reviewing its own existing holdings of intelligence, or undertaking overt collection methods or requesting another Australian agency to undertake lawful collection.

110. The effect of paragraph 8(1A)(b) is that an agency produces intelligence where it expressly or impliedly requests an authority referred to in paragraph 13(1)(c) with which it is cooperating to obtain intelligence through covert and intrusive means. This makes explicit the long-standing requirement for IS Act Agencies to obtain ministerial authorisation before requesting an authority of another country to obtain intelligence on their behalf.

111. Subsection 8(1A) ensures that an agency does not 'produce intelligence' if it receives unsolicited intelligence from another body or group. This means that an agency will not be placed in the impossible situation whereby, if that intelligence is related to an Australian person, the agency would have been required to obtain ministerial authorisation before obtaining that intelligence, notwithstanding that the intelligence was unsolicited.

112. Subsection 8(1A) is consistent with the Comprehensive Review, which recommended that an agency should be taken to produce intelligence if the agency requests a foreign partner to undertake a covert and intrusive activity.

113. Subsection 8(1B) provides that a prescribed activity means a covert and intrusive activity, or a series of covert and intrusive activities and, to avoid doubt, includes those activities that ASIO could not undertake in at least one state or territory without it being authorised by warrant under the ASIO Act or Telecommunications (Interception and Access) Act 1979 (TIA Act).

114. It is intended that activities do not fall within the definition of 'prescribed activity' unless they are both covert and intrusive. An IS Act Agency might conduct an activity overtly, for example by conducting an interview where the interviewee knows they are dealing with the Australian Government. This activity is not covert, so it would not be a prescribed activity. Similarly, an agency could conduct an activity that is covert but not intrusive, such as observing a person in a public place where there is no legitimate expectation of privacy. In these cases, the requirement to seek ministerial authorisation would be disproportionate to the nature of the activity.

115. Prescribed activities would include, for example, asking a covert human intelligence source to obtain intelligence. This is consistent with the IIR which recommended that ASIS continue to be required to obtain a ministerial authorisation for the tasking of agents to produce intelligence on an Australian person or class of Australian persons.

116. ASIO's warrant powers are another example of a category of activities that would be considered covert and intrusive for the purposes of this definition. Those activities are independently specified in paragraph 8(1B)(a) and (b) for clarity. It is intended that an IS Act Agency would require a ministerial authorisation to perform a similar activity overseas in the context of producing intelligence on an Australian.

Schedule 5 - ASIS cooperating with ASIO

Intelligence Services Act 2001

Overview

117. The arrangements under Division 3 of Part 2 of the IS Act (Activities undertaken in relation to ASIO) permit ASIS, subject to limits in section 13D, to undertake an activity or a series of activities for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person or a class of Australian persons where the Director-General of Security or a senior ASIO position holder authorised by the Director-General has notified ASIS in writing that it requires the production of intelligence on the Australian person or class of Australian persons.

118. The effect of Division 3 is that ASIS may undertake the activity or series of activities to produce intelligence on an Australian person, or class of Australian persons, without a ministerial authorisation, where it is done at the request of ASIO.

119. The limits in section 13D provide that ASIS cannot undertake the activity under the cooperation arrangements if ASIO could not undertake the activity in at least one state or territory, without it being authorised by a warrant issued under Division 2 of Part III of the ASIO Act or under Part 2-2 of the TIA Act.

120. Division 3 provides a consistent and coherent framework for cooperation between ASIS and ASIO. The framework is a useful tool that assists ASIS and ASIO to work together and allows ASIS to undertake 'less intrusive' activities in support of ASIO, specifically activities for which ASIO would not need a warrant if they were done within Australia.

121. However, the framework is limited, as it only applies to cooperation outside of Australia. This Schedule amends section 13B to allow ASIS to cooperate with ASIO both inside and outside Australia. An extension of the framework to enable ASIS to conduct activities under a section 13B notice which have an onshore element will enhance intelligence outcomes and cooperation between the agencies.

122. Such an extension implements recommendation 18(b) of the IIR with respect to ASIS. The IIR found the geographic limitation in section 13B restricts cooperation and that cooperation is essential to maximise the likelihood of Australia's success in thwarting attacks and defeating other threats to security.

123. The changes were not recommended by the Comprehensive Review (recommendation 57). As noted in the Government response, however, the imperatives identified in the IIR remain and there is likely to be an enhanced operational need to foster improved cooperation in the future.

124. At present, ASIS may only undertake activities under Division 3 of Part 2 of the IS Act outside Australia if ASIO has issued ASIS with a written notice that ASIO requires the production of intelligence on the Australian person or class of Australian persons (unless exceptional circumstances covered by subsection 13B(3) exist). The requirement for ASIO to issue ASIS with a written notice will continue to apply for activities inside Australia.

125. At present, subsection 13B(3) allows an ASIS staff member to undertake activities outside Australia under Division 3 of Part 2 in the absence of a written notice from ASIO in exceptional circumstances. This provision will not be extended to apply to activities undertaken inside Australia. Accordingly, ASIS will always require either a ministerial authorisation or a written notice from ASIO to undertake activities to produce intelligence on an Australian person inside Australia. This ensures ASIO always has awareness of the activities ASIS is undertaking onshore in support of ASIO and the implications for security. This is appropriate given the barriers to communicate offshore are less likely to be present within Australia.

Item 1 - Paragraph 13B(1)(b)

126. This item repeals paragraph 13B(1)(b) to remove the geographic limit requiring that ASIS activities undertaken to support ASIO in the performance of its functions be conducted outside Australia.

127. A number of safeguards remain in place, including:

Section 13D of the IS Act continues to limit the activities that ASIS may undertake in accordance with this framework to activities which ASIO could undertake without a warrant, that is, that would not otherwise be unlawful
ASIS has only limited immunity, under section 14 of the IS Act, for acts done inside Australia, and under section 476.5 of the Criminal Code as amended by Schedule 9 to this Bill, for conduct engaged in on the reasonable belief that the conduct is likely to cause a computer-related act, event, circumstance or result to take place outside Australia, and
ASIS is only entitled to act under section 13B where the Director-General of Security (or an authorised person) has notified ASIS that ASIO requires the production of intelligence.

Item 2 - Subsection 13B(3)

128. This item repeals and replaces subsection 13B(3) to ensure that ASIS may only conduct activities onshore under section 13B once it has received notification from ASIO (per paragraph 13B(1)(d)). The exception in subsection 13B(3), which provides that notices are not required in exceptional circumstances, continues to only apply to activities undertaken outside Australia, not inside Australia. As noted above, this ensures ASIO always has awareness of the activities ASIS is undertaking onshore in support of ASIO and the implications for security. This is appropriate given the barriers to communicate offshore are less likely to be present within Australia.

Schedule 6 - AGO Cooperating with authorities of other countries

Intelligence Services Act 2001

Overview

129. Section 13 of the IS Act establishes a legal framework under which IS Act Agencies may cooperate with Commonwealth authorities, State authorities and authorities of other countries in the performance of the agencies' own functions.

130. In the case of cooperation with an authority of another country, under paragraph 13(1)(c), IS Act Agencies may cooperate only where those authorities are approved by the responsible Minister as being capable of assisting the agency in the performance of its functions.

131. This Schedule amends section 13 of the IS Act to provide that AGO is not required to seek ministerial approval under paragraph 13(1)(c) where cooperation with an authority of another country is for the purpose of performing AGO's function under paragraphs 6B(1)(e), (ea) or (h). AGO's functions under paragraphs 6B(1)(e), (ea) and (h) are non-intelligence functions and do not involve covert or intrusive activities.

132. AGO's function under paragraph 6B(1)(e) is to provide certain bodies and persons, which includes authorities of other countries, with imagery and other geospatial, hydrographic, meteorological and oceanographic products where those products are not intelligence, and to provide assistance in relation to the production and use of such products and related technologies.

133. AGO's function under paragraph 6B(1)(ea) is to provide certain bodies and persons, which includes authorities of other countries, with assistance in relation to the performance of emergency response, safety, scientific research, economic development, cultural and environmental protection functions, where the provision of such assistance is incidental to the performance by AGO of its other functions.

134. AGO's function under paragraph 6B(1)(h) is to carry out the functions of the Australian Hydrographic Office (AHO), which is part of AGO. The primary role of the AHO is to provide products such as nautical maps and surveys to support maritime safety, and contribute to the coordination, exchange and standards related to hydrographic and maritime production policy, and maritime geospatial data in general

135. AGO's functions under 6B(1)(e), (ea) and (h) require cooperation with a range of government and non-government partners. For example, the AHO performs its role by cooperating with universities, international organisations, and foreign governments. The AHO's primary customers are the Australian public, civilian shipping, local and international port authorities, the Australian Government and the Australian Defence Force.

136. The purpose of ministerial approval for cooperation with authorities of other countries is to provide an additional layer of oversight where that cooperation, by virtue of involving potentially sensitive, covert or intrusive activities, carries particular foreign relations and other risks.

137. The practical effect of the requirement to seek ministerial approval for cooperation under paragraph 13(1)(c) has been, in certain circumstances, to hinder AGO's ability to effectively carry out these non-intelligence functions. The exemption from the requirement to seek ministerial approval for cooperation with authorities of other countries with respect to these functions is a necessary and proportionate measure. The AGO functions exempt from the approval framework do not fall within the intended scope of functions envisaged by the requirement for approval under paragraph 13(1)(c) of the IS Act, which are typically higher risk activities, involving potentially sensitive, covert or intrusive intelligence capabilities.

138. Ensuring that AGO is able to freely cooperate with authorities of other countries in the performance of its functions under 6B(1)(e), (ea) and (h) will ensure that AGO is able to continue to provide essential maritime and geospatial services to its partners in the international community.

Item 1 - After subsection 13(3)

139. This item inserts new subheading 'Cooperating with authorities of other countries-AGO' and new subsections 13(3A) and 13(3B) under this subheading.

140. Subsection 13(3A) provides that AGO, subject to any arrangements made or directions given by the responsible Minister, is not required to obtain ministerial approval for cooperation with an authority of another country where the cooperation is for the purposes of performing its functions under paragraph 6B(1)(e), (ea) or (h).

141. Subsection 13(3B) requires that the Director of AGO must, as soon as practicable after each year ending on 30 June, provide to the responsible Minister and the IGIS a report about any significant cooperation under 13(3A) undertaken by AGO with authorities of other countries during the reporting period.

Item 2 - Before subsection 13(6)

142. This item inserts the subheading 'Reports by AGO and ASD' immediately prior to subsection 13(6).

Item 3 - Subsection 13(6)

143. This item amends subsection 13(6) to require that a report prepared under subsection 13(3B), as introduced by item 1 of this Schedule, must be in writing and is not a legislative instrument. This is consistent with Item 12 of section 6 of Part 2 of the Legislation (Exemptions and Other Matters) Regulation 2015, which provides that a report or review, including an annual or periodic report or review, is a class of instrument that is not a legislative instrument.

Schedule 7 - ONI cooperating with other entities

Office of National Intelligence Act 2018

Overview

144. Section 13 of the ONI Act establishes a legal framework under which ONI may cooperate with an authority of another country, and any other person or entity in connection with the performance of ONI's functions and exercise of its powers.

145. Subsection 13(1) provides ONI with a broad ability to cooperate with entities and people both inside and outside Australia. Additional requirements in section 13 must be met for ONI to cooperate with the authorities of other countries.

146. Before ONI is able to cooperate with an authority of another country in the performance of its functions and exercise of its powers, subsection 13(2) requires the Director-General of ONI to approve the cooperation. The ONI Director-General must also notify the Prime Minister of the approval. Once an authorisation under subsection 13(2) has been given, it remains in place until amended or revoked by the ONI Director-General or cancelled by the Prime Minister under subsection 13(5). This approval regime is broadly based on requirements that apply to agencies under the IS Act and ASIO under the ASIO Act in respect of their cooperation with foreign authorities, with some modification to reflect that ONI's cooperation is likely to be less operational in nature than is the case with these other agencies. As noted in the Comprehensive Review, in contrast to intelligence collection agencies that "generally deal with information at a level of detail which allows for operational decision-making on the subjects of their reporting", ONI's assessments address broader strategic trends based on aggregation of a variety of sources. In some circumstances, "[s]pecific identifying information about individuals is unnecessary to convey and support assessments about strategic trends and global events".[12]

147. This Schedule amends section 13 of the ONI Act to extend the approval regime that applies to cooperation with the authorities of other countries to cooperation with public international organisations. This requires the ONI Director-General to approve cooperation with public international organisations, thereby expressly considering any risks in ONI undertaking the cooperation. Similar risks apply to cooperation with public international organisations (which are comprised of states) as to cooperation with the authorities of other countries. Therefore the ONI Director-General's approval should be required in both cases, and the Prime Minister should have the opportunity to cancel such an approval, consistent with section 13(5) of the ONI Act.

148. While the Comprehensive Review recommended that section 13 does not require amendment to allow ONI to cooperate with public international organisations (recommendation 24), it did so on the basis that ONI already has the ability to cooperate with these organisations due to the meaning of 'entity' in paragraph 13(1)(b), and not in consideration of potential safeguards that ought to apply.

149. However, the Government response to the Comprehensive Review noted the amendments were necessary to place additional safeguards on cooperation with public international organisations, in the same way these provisions currently apply to authorities of another country in section 13.

150. The inclusion of 'public international organisations' in section 13 will not change the arrangements in the ONI Act for cooperation with other entities or persons within or outside Australia.

151. The amendments place no limits on the geographic location of cooperative arrangements.

Item 1 - Subsection 4(1)

152. This item inserts a definition of 'public international organisation', with the same meaning as in section 70.1 of the Criminal Code. The purpose of this change is to support the amendment to section 13 to require ONI to seek the ONI Director-General's approval to cooperate with public international organisations in connection with the performance of its functions.

153. Section 70.1 of the Criminal Code defines 'public international organisation' as meaning, in broad terms: organisations of which two or more countries are members or the governments of two or more countries are members; organs or committees of such organisations; or other organisations or bodies established by such organisations. The reference to section 70.1 of the Criminal Code is consistent with the definition of 'public international organisation' in the Australian Border Force Act 2015, the Autonomous Sanctions Act 2011, the Charter of the United Nations Act 1945, and, following commencement of this Bill (see Schedule 6), the IS Act.

154. This definition is intended to include international bodies (such as the UN or NATO), organs of such bodies (such as UN peacekeeping missions), related organisations and agencies, and intergovernmental bodies. The definition is not limited to organisations with legal personality.

Item 2 - Paragraph 13(1)(a)

155. This item repeals and replaces paragraph 13(1)(a) of the ONI Act to enable the ONI Director-General to provide approval under subsection 13(2) for ONI to cooperate with public international organisations in the performance of its functions.

156. Under subsection 13(3), every month, the ONI Director-General must notify the Prime Minister in writing of any new approvals and/or any variation or revocation of an approval given under subsection 13(2). The Prime Minister may at any time cancel such an approval (subsection 13(5)). Cancellation must be given in writing and, unless specified in writing, has immediate effect.

Item 3 - Subsection 13(2)

157. This item inserts public international organisations for the purposes of paragraph 13(1)(a), to enable the ONI Director-General to approve a public international organisation, in addition to authorities, as being capable of assisting ONI in the performance of its functions.

Item 4 - Paragraph 54(2)(aa)

158. This amends paragraph 54(2)(aa) to provide that, in addition to cooperation with the authorities of other countries, the ONI Director-General may not delegate his or her power to approve cooperation with public international organisations under subsection 13(2).

Item 5 - Application and savings provisions

159. This item provides that the requirement to seek ONI Director-General approval for cooperation with a public international organisation under subsection 13(1) of the ONI Act applies only where a cooperative arrangement is entered into after commencement of this Schedule. It is not intended to apply retrospectively to cooperative arrangements entered into before commencement.

160. An approval given for the purposes of subsection 13(2) and in force immediately before the commencement of this Schedule, will remain in force, as if it had been given under that subsection as amended by this Schedule.

Schedule 8 - Suspension of travel documents

Australian Passports Act 2005 and Foreign Passports (Law Enforcement and Security) Act 2005

Overview

161. The Counter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Foreign Fighters Act) amended the Passports Act and the Foreign Passports Act to enable the Minister for Foreign Affairs to suspend a person's travel documents (such as passports) for a period of 14 days if requested by the Director-General of Security. The Director-General of Security can make such a request if he or she suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person's travel documents should be suspended or surrendered temporarily in order to prevent the person from engaging in that conduct.

162. Suspension or short-term surrender of travel documents is intended to be a temporary measure that allows the Minister to take swift action to mitigate the security risk posed by people seeking to leave Australia to engage in activities of security concern. Given that people seeking to leave Australia to travel overseas to engage in activities of security concern may only come to the attention of authorities shortly before they seek to travel, the temporary nature of the suspension is intended as a proactive, swift and proportionate action to prevent the person from travelling for a finite period and mitigate the security risk relating to Australians travelling overseas who may be planning to engage in activities of security concern.

163. After requesting a person's Australian travel document be suspended, or a foreign travel document be temporarily surrendered, ASIO may then need to compile a full security assessment to support a recommendation for permanent cancellation (where appropriate). It is vital that a security assessment recommending cancellation or long term surrender of a person's travel documents be given thorough attention and be of a high quality, taking into account all relevant and appropriate information. Operational experience has shown that the 14 day suspension period currently available for ASIO to prepare a full security assessment can be insufficient to enable ASIO to resolve all appropriate investigative activities and prepare a properly considered security assessment, without diverting resources from other priority investigations.

164. The purpose of this Schedule is to extend the period for which travel documents may be suspended or temporarily surrendered from 14 to 28 days, in order to afford ASIO sufficient time, and with minimal disruption to other priority investigations, to prepare a thorough security assessment considering whether permanent action is appropriate. This is intended to strike an appropriate balance between ensuring that a person's travel documents are only permanently cancelled or subject to long-term surrender when supported by a full and thorough ASIO security assessment, and the need to facilitate temporary, urgent action to prevent people from leaving Australia to engage in activities of security concern while a security assessment is being prepared.

Australian Passports Act 2005

Item 1 - Subsection 22A(1)

165. This item amends subsection 22A(1) to extend the period for which the Minister may suspend an Australian travel document upon request by the Director-General of Security from 14 days to 28 days.

166. Currently, section 22A of the Passports Act enables the Minister for Foreign Affairs to suspend a person's Australian travel documents (including passports) for a period of 14 days if asked to do so by the Director-General of Security. A request can be made if the Director-General suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person's Australian travel documents should be suspended in order to prevent the person from engaging in the conduct.

167. The aim of the provisions is to seek to prevent persons from travelling overseas to engage in activities of security concern (for example, training for, or participating in, terrorist activities in a foreign country), which harm the security of the foreign country and also increase a person's ability to conduct attacks inside Australia after their return. Often, a person may not come to ASIO's attention until shortly before they seek to travel overseas. In those circumstances, it is necessary to prevent the person from leaving Australia in the short term, since Australia's ability to prevent people from travelling to a conflict zone or engaging in activities of security concern is limited once they have left Australia.

168. The purpose of this item is to extend the period for suspension, to ensure that ASIO can resolve all appropriate investigative activities and that a full security assessment can be prepared to consider whether cancellation is appropriate, but at the same time ensure that a person who the Director-General suspects may leave Australia to engage in harmful conduct is prevented from doing so in the meantime. Cancelling a person's passport is a significant decision with serious ramifications for the individual involved, and it should not be made lightly. That is why the temporary suspension power is appropriate.

169. If following a request for suspension, ASIO wishes to request permanent cancellation, ASIO must compile a new security assessment to support the request. This assessment is subject to merits review. Extending the period to 28 days ensures ASIO is not required to divert resources from other priority investigations to complete a security assessment supporting cancellation or form an assessment before all appropriate investigative activities are resolved. A 28 day period is also consistent with the emergency visa cancellation provisions under the Migration Act 1958.

170. Operational requirements have evolved since the amendments conferring the ability to suspend or temporarily surrender travel documents were introduced via the Foreign Fighters Act. In particular, the conflict in Syria and Iraq has demonstrated that events overseas can drive significant and sustained increases in the number of people who may seek to leave Australia to engage in harmful conduct overseas. The suspension and cancellation powers are used only where necessary, and in a relatively small proportion of all passport matters. Since the commencement of the powers in December 2014, around 190 Australian passports have been cancelled or refused in relation to the conflict in Syria and Iraq, while in the same period around 40 passports were subject to temporary suspension. On a number of occasions, the first time a person has come to ASIO's attention has been as they are preparing to travel overseas to a conflict zone. It has therefore been necessary to take action in a very short timeframe to prevent them from leaving Australia. A security assessment must be prepared by officers who may also be involved in other (or related) priority investigations.

Item 2 - Application of amendment

171. This item provides that the 28 day period for passport suspension applies only where the Director-General of Security makes the request for the suspension of the passport pursuant to section 22A(2) of the Passports Act after commencement of this Schedule. It is not intended to apply where the request was made before commencement, even if the Minister does not suspend the passport until after commencement.

Foreign Passports (Law Enforcement and Security) Act 2005

Item 3 - Section 15A (heading)

172. This item amends the heading of section 15A to reflect the new 28 day period for Australian travel document suspension, which is '15A Request for 28 day surrender relating to security risk'.

Item 4 - Subsection 15A(2)

173. This item amends subsection 15A(2) to extend the period for which the Minister may order the temporary surrender of a foreign travel document upon request by the Director-General of Security from 14 days to 28 days.

174. Currently, section 15A of the Foreign Passports Act allows the Director-General of Security to request the Minister for Foreign Affairs to order the temporary surrender of a person's foreign travel documents (including passports) for a period of 14 days. A request can be made if the Director-General suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person should be required to surrender their foreign travel documents in order to prevent the person from engaging in the conduct.

175. The aim of the provisions is to prevent persons from travelling overseas to engage in activities of security concern (for example, training for, or participating in, terrorist activities in a foreign country) which harm the security of the foreign country and also increase a person's ability to conduct attacks inside Australia after their return. Often, a person may not come to ASIO's attention until shortly before they seek to travel overseas. In those circumstances, it is necessary to prevent the person from leaving Australia in the short term, since Australia's ability to prevent people from travelling to a conflict zone or engaging in activities of security concern is limited once they have left Australia.

176. The purpose of this item is to extend the period for temporary surrender, to ensure that a request for long-term surrender can be prepared if appropriate, but at the same time ensure that a person who the Director-General of Security suspects may leave Australia to engage in conduct prejudicial to security is prevented from doing so in the meantime. Ordering the long-term surrender of a person's travel documents is a significant decision with serious ramifications for the individual involved, and it should not be made lightly. That is why the temporary surrender power is appropriate.

177. If following a request for a temporary surrender, ASIO wishes to request a long term surrender, ASIO must compile a new security assessment to support the request. Extending the period to 28 days ensures ASIO is not required to divert resources from other priority investigations to resolve appropriate investigative activities and prepare a request supporting long term surrender. A 28 day period is also consistent with the emergency visa cancellation provisions under the Migration Act 1958.

Item 5 - Subsection 16A (heading)

178. This item amends the heading to section 16A, which is'16A Demand for 28 days surrender of foreign travel document ordered by Minister on request under section 15A', to reflect the new 28 day period for the Minister to order foreign travel documents to be surrendered.

Item 6 - Subsections 16A(6) and (7)

179. This item provides that, where the Minister has ordered the surrender of foreign travel documents under subsection 16A(1), any foreign travel document that has been surrendered or seized must be returned 28 days later. This ensures that the foreign travel document cannot be withheld any longer than the surrender period, unless the Minister has ordered a long-term surrender under section 16.

Item 7 - Application of amendments

180. This item provides that the 28 day period for surrender of a foreign travel document applies only where the Director-General of Security makes the request for surrender under section 15A of the Foreign Passports Act after commencement of this Schedule. It is not intended to apply where the request was made before commencement, even if the Minister makes the order for surrender after commencement.

Schedule 9 - Online activities

Criminal Code Act 1995

Overview

181. The amendments in this Schedule are contingent upon the commencement of the Security Legislation Amendment (Critical Infrastructure) Bill 2021 (as currently named).

182. This Schedule implements recommendation 74 of the Comprehensive Review to the extent it relates to ASIS and AGO. The Comprehensive Review recommended the immunity for certain computer offences for ASIS, AGO and ASD be extended to apply where a staff member or agent of the relevant agency acted on a reasonable belief that the computer-related activities occurred outside Australia, even if that activity actually occurred inside Australia.

183. Upon commencement of the Security Legislation Amendment (Critical Infrastructure) Bill 2021, sections 476.5 and 476.6 of the Criminal Code currently provide immunity to ASIS, AGO and ASD for certain computer-related acts. Section 476.5(1) provides that staff members and agents of ASIS and AGO are not subject to any civil or criminal liability for computer-related acts done outside of Australia if the act is done in the proper performance of a function of the agency. The Security Legislation Amendment (Critical Infrastructure) Bill 2021 introduces section 476.6(1), which implements recommendation 74 of the Comprehensive Review for ASD. It mirrors the immunity in section 476.5, requiring the act to be done in the proper performance of a function of the agency, but also extends the immunity to circumstances where the staff member or agent of ASD acted on a reasonable belief that that computer-related activity occurred outside Australia, even where that activity actually occurred inside Australia.

184. Section 476.5 of the Criminal Code was introduced by the Cybercrime Act 2001. As originally introduced, subsection 476.5(1) provided immunity from civil and criminal liability for the staff members and agents of ASIS and ASD (then Defence Signals Directorate (DSD)) whose computer-related activities done outside Australia, in the proper performance of their functions, were intended and required by Government. The Intelligence Services Legislation Amendment Act 2005 extended the immunity to apply to the then Defence Imagery and Geospatial Organisation (now the AGO).

185. Subsection 476.5(2) provides immunity from civil and criminal liability for persons who engage in activities, inside Australia, that are preparatory to, in support of, or otherwise directly connected with overseas activities of the agency concerned (either ASIS or AGO). Essentially, this provision provides immunity from extended liability (for example, for aiding, abetting, counselling or procuring a computer-related act) for persons who may assist either ASIS or AGO in the performance of its overseas activities.

186. Paragraph 476.5(2)(b) and subsection 476.5(2A) place important limits on the scope of the immunity for preparatory and supporting activities. Paragraph 476.5(2)(b) provides that the immunity does not apply to preparatory or supporting conduct that would constitute a criminal offence in its own right. Subsection 476.5(2A) provides that the immunity does not permit any conduct undertaken in Australia for which ASIO would:

require a warrant issued under Division 2 of Part III of the ASIO Act or Part 2-2 of the TIA Act to do, or
be required to do in accordance with Division 3 of Part 4-1 of the TIA Act, which deals with access to telecommunications data.

187. In combination, these limits ensure that the immunity for preparatory and supporting activities does not undermine the warrant frameworks under the ASIO Act and TIA Act by authorising persons to commit acts in Australia that would otherwise be unlawful without obtaining a warrant.

188. Similarly, subsections 476.6(2)(a) and (2)(c) provide the same immunity and limits as explained above for persons who engage in activities that are preparatory to, or in support of, or otherwise directly connected with overseas activities of ASIS and AGO. The only difference is that the person has immunity for engaging in conduct both inside and outside Australia, as opposed to just conduct inside Australia.

189. The immunities for computer-related acts under sections 476.5 and 476.6 of the Criminal Code supplement the general immunities for ASIS, ASD and AGO under subsection 14(1) of the IS Act, to ensure Australian law, including the computer offences in Part 10.7 of the Criminal Code, does not prohibit these agencies from doing computer-related acts outside Australia in the proper performance of their functions.

190. The purpose of this Schedule is to update the existing, limited immunities afforded to staff members and agents of ASIS and AGO to ensure they remain effective in light of technological change. These updates bring the immunities for staff members and agents of ASIS and AGO to that of staff members and agents of ASD in respect of computer offences. These amendments are required as it is not always possible to determine with certainty the geographic location of computer-related activity. Criminal liability should not apply when a staff member or agent of ASIS, AGO or ASD acts in the genuine belief that the activity is outside Australia. These amendments will protect staff from criminal liability only where they have acted in good faith in the proper performance of the agency's (ASIS, AGO, ASD) functions.

Item 1 - Subsection 476.4(2) of the Criminal Code

191. This item updates the section reference by removing the reference to section 476.5. Subsection 476.4(2) currently refers to subsection 476.5, which is repealed in Item 2.

Item 2 - Section 476.5 of the Criminal Code

192. This item repeals section 476.5 which contains the current immunity for staff members and agents of ASIS and AGO for computer-related acts. The immunity has been redrafted in section 476.6, which consolidates the immunities for ASIS, AGO and ASD.

Item 3 - Section 476.6 of the Criminal Code (heading)

193. This item omits the reference 'ASD' in the heading and replaces it with 'ASIS, ASD or AGO'. This indicates in the heading that the immunities contained in section 476.6 will apply to all three agencies. This reflects the intention that section 476.6 will no longer apply only to ASD, and instead will apply to 'the agencies'. Item 11 defines 'the agencies' in subsection 476.6(10), as being ASIS, ASD and AGO.

Items 4 and 5 - Subsection 476.6(1) of the Criminal Code

194. Item 4 omits 'ASD' in subsection 476.6(1) and substitutes it with "an agency (within the meaning of subsection (10))." This extends the immunity to ASIS and AGO, while ensuring it still applies to ASD.

195. Item 5 omits 'ASD' in paragraph 476.6(1)(b) and substitutes it with 'the agency'. This reflects the intention for the immunity in section 476.6 to apply to ASIS and AGO, as well as ASD.

196. Subsection (1) provides that a staff member or agent of an agency (being ASIS, AGO or ASD) is not subject to any civil or criminal liability for engaging in conduct inside or outside Australia if both of the following apply:

the conduct is engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia (whether or not it in fact takes place outside Australia), and
the conduct is engaged in the proper performance of a function of the agency.

197. This largely replicates the limitations on liability that exist in the current section 476.5 of the Criminal Code for ASIS and AGO (which is repealed in Item 2), with the notable inclusion of conduct that is engaged in inside Australia and that the conduct is engaged in on the 'reasonable belief that it is likely' to take place outside Australia.

198. This amendment is intended to ensure that staff members and agents of ASIS, ASD and AGO are protected from liability for conduct done in the proper performance of the functions of an agency inside or outside of Australia, where they reasonably believe that the conduct will take effect outside Australia.

199. The amendment is required in order to respond to technological changes, in particular due to the increasing prevalence of online, internet-based communications, which obscure the geographic location of parties to communications. The amendments ensure ASIS and AGO, like ASD, can continue to operate efficiently in an increasingly challenging online environment, where it is not always possible to reliably determine the geographic location of a device or computer. This challenge is exacerbated where adversaries (including foreign intelligence services, persons engaged in proliferation-related activities and terrorist organisations) take active steps to obfuscate their physical location. For agencies to be able to effectively perform their functions in such an environment, it is necessary to protect staff members and agents from liability if they inadvertently affect a computer or device located inside Australia.

200. The amendment will not provide staff members or agents with immunity from liability in circumstances where they know or believe a target computer or device to be located inside Australia. Nor will it provide such persons with immunity where their belief that a target computer or device is located outside Australia is not reasonable. The immunity will also no longer apply once it is known to the staff member or agent that the target is not outside Australia. Any continued targeting in Australia once a staff member or agent is aware that it is within Australia would not attract the immunity and would remain criminal.

201. Consistent with current subsection 476.5(1), the immunity will continue to apply only where a staff member or agent's conduct is done in the proper performance of a function of the agency concerned.

Items 6 and 7 - Paragraphs 476.6(2)(a) and (2)(c)

202. Item 6 omits 'ASD' in paragraph 476.6(2)(a) and substitutes it with 'an agency'. Item 7 omits 'ASD' in paragraph 476.6(2)(c) and substitutes it with 'the agency'. These amendments reflect that subsection 476.6 should apply to ASIS and AGO, as well as ASD.

203. Subsection (2) provides that a person is not subject to any civil or criminal liability for engaging in conduct inside or outside Australia if all of the following apply:

the conduct is preparatory to, in support of, or otherwise directly connected with, overseas activities of an agency (being ASIS, AGO and ASD)
the conduct, including the computer-related act, that took place (or was intended to take place) outside of Australia, would have amounted to an offence, but if the computer-related act didn't happen, it would not have amounted to an offence, and
the conduct is engaged in the proper performance of a function of the agency (being ASIS, AGO or ASD).

204. These amendments ensure that the current immunity for preparatory conduct in subsection 476.5(2) and current limitations on that immunity in subsection 476.5(2A) continue to apply to ASIS and AGO, despite the repeal of section 476.5 in item 2.

205. As mentioned above, the purpose of this provision is to provide immunity from extended liability (for example, for aiding, abetting, counselling or procuring a computer-related act) for persons who may assist either ASIS, AGO or ASD in the performance of its overseas activities.

206. The immunity will contain the same limitations as the current immunity in subsection 476.6(3). That is, the immunity does not permit any conduct in relation to premises, persons, computers, things or carriage services in Australia being:

conduct which ASIO could not engage in without a Minister authorising it by warrant issued under Division 2 of Part III of the ASIO Act or under Part 2-2 of the TIA Act, or
conduct engaged in to obtain information that ASIO could not obtain other than in accordance with Division 3 of Part 4-1 of the TIA Act.

Item 8 - Subsection 476.6(6)

207. This item omits 'ASD' in subsection 476.6(6) and substitutes it with 'an agency'. This reflects the change in section 476.6 for the relevant immunity provisions to apply to ASIS and AGO, as well as ASD.

208. Subsection (6) provides that the IGIS may give a certificate in writing certifying any fact relevant to the question of whether conduct was engaged in, in the proper performance of a function of the agency (being ASIS, AGO or ASD).

209. Evidentiary certificates are intended to streamline the court process by reducing the need to contact numerous officers and experts to give evidence. Evidentiary certificates also assist with maintaining the confidentiality of the sensitive methodologies and capability of the authorised agency.

Items 9 and 10 - Paragraph 476.6(8)(a) and Subsection 476.6(8)

210. Item 9 omits 'ASD' in paragraph 476.6(8)(a) and substitutes it with 'an agency'. Item 10 omits 'ASD' in subsection 476.6(8) and substitutes it with 'the agency'. These amendments reflect that section 476.6 should apply to ASIS and AGO, as well as ASD.

211. Subsection (8) applies if all of the following apply:

a person engaged in conduct referred to in subsection 476.6(1) or (2) in relation to an agency
the conduct causes material damage, material interference or material obstruction to a computer (within the meaning of section 4 of the ASIO Act) in Australia, and
apart from this section, the person would commit an offence against Part 10.7 of the Criminal Code.

212. If subsection (8) applies, the agency head of the relevant agency must, as soon as practicable, give a written notice to the IGIS that:

informs the IGIS of the fact, and
provides details about the conduct that caused the damage, interference or obstruction to the computer.

213. While this limitation on liability only applies where the conduct was engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia, should it later be determined that a computer in Australia was impacted, it is important that the IGIS is made aware of the matter given its significance. This allows the IGIS to, should they wish, investigate the actions taken to ensure they were lawful.

Item 11 - Subsection 476.6(10)

214. This item inserts the following definitions into subsection 476.6(10):

'agency' means ASIS, ASD or AGO
'AGO' means the part of the Defence Department known as the Australian Geospatial-Intelligence Organisation, and
'ASIS' means the Australian Secret Intelligence Service.

Item 12 - Subsection 476.6(10) (definition of 'staff member')

215. This item repeals the current definition of 'staff member' and provides the following definitions of 'staff member', which references ASIS and AGO in addition to ASD, to apply in section 476.6:

in relation to ASIS, 'staff member' means the Director-General of ASIS, or a member of the staff of ASIS (whether an employee of ASIS, a consultant or contractor to ASIS, or a person who is made available by another Commonwealth or State authority or other person to perform services for ASIS),
in relation to ASD, 'staff member' means the Director-General of ASD, or a member of the staff of ASD (whether an employee of ASD, a consultant or contractor to ASD, or a person who is made available by another Commonwealth or State authority or other person to perform services for ASD), and
in relation to AGO, 'staff member' means the Director-General of AGO, or a member of the staff of AGO (whether an employee of AGO, a consultant or contractor to AGO, or a person who is made available by another Commonwealth or State authority or other person to perform services for AGO).

Item 13 - Application of amendments

216. This item provides that the amendments made by this Schedule apply in relation to conduct engaged in after the commencement of this Schedule. This item is required to ensure that the amendments do not inadvertently create uncertainty about the legality of conduct of ASIS and AGO engaged in before the commencement of this Schedule in reliance on the current immunities.

Schedule 10 - Privacy

Part 1 - Privacy rules of ASIS, AGO and ASD

Overview

217. Part 1 of Schedule 10 implements recommendation 189 of the Comprehensive Review, which found that ASIS, ASD and AGO should be required, in legislation, to have legally binding, publicly available privacy rules.

218. In order to perform their functions effectively, intelligence agencies must be able to protect sensitive sources, techniques and capabilities. Consequently, ASIS and ASD are fully exempt from the operation of the Privacy Act 1988 (Privacy Act), and AGO is exempt where the acts and practices that impact on privacy relate to its functions.[13] Instead, these agencies maintain their own set of privacy rules that regulate the communication and retention of intelligence information concerning Australian persons.

219. ASIS, ASD and AGO are currently required by legislation to have legally-binding privacy rules made by their responsible Minister. ASIS, ASD and AGO's privacy rules are publicly available on their respective websites. However, there is no current legislative requirement for them to be publicly available.

220. The Comprehensive Review concluded that while ASIS, ASD and AGO continue to meet the relevant criteria justifying their exemption from the Privacy Act, and that their current privacy regimes are adequate, minor changes should be made to improve transparency. Specifically, the Comprehensive Review considered that it should be required by law, that these agencies maintain and publish their legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

221. Part 1 of Schedule 10 amends section 15 of the IS Act to formalise in legislation the requirement that the responsible Ministers for ASIS, ASD and AGO must, as soon as is practicable after making their respective agencies' privacy rules, ensure those rules are published on the agency's website.

222. Part 1 of Schedule 10 also amends section 29 of the IS Act to provide that it is a function of the PJCIS to review ASIS, ASD and AGO's privacy rules, as made by the relevant responsible Minister. The amendments provide that it is not a function of the PJCIS to review agencies' compliance with their respective privacy rules. These amendments are consistent with the Government response to recommendation 183 of the Comprehensive Review.

Intelligence Services Act 2001

Item 1 - After subsection 15(1)

223. This item inserts new subsection 15(1A) to replace subsection 15(5) as repealed by Item 2 of this Schedule. The meaning of this subsection remains the same. The new positioning of the content in this subsection is to give greater prominence to the subsection, consistent with the approach being taken in Part 3 of this Schedule for section 53 of the ONI Act. The amended order will also avoid any confusion as to the meaning of 'agencies' in the following item (new subsection 15(5)).

Item 2 - Subsection 15(5)

224. This item repeals subsection 15(5) and replaces it with new subsection 15(5) to introduce a requirement that, as soon as practicable after the privacy rules are made, the responsible Minister must ensure that those rules are published on the relevant agency's website.

225. Any parts of the privacy rules, which contain operationally sensitive information, information that might prejudice Australia's national security, the conduct of Australia's foreign relations, or the performance by the relevant agency of its functions, are not required to be published. Typically, the decision to exempt certain parts of the privacy rules from publication would be made by the responsible Minister on the advice of the agency head.

226. 'Operationally sensitive information' is defined in Section 1A of Schedule 1 of the IS Act.

Item 3 - After paragraph 29(1)(cf)

227. This item introduces new paragraph 29(1)(cg) to provide that it is a function of the PJCIS to review the privacy rules made under section 15 of the IS Act

Item 4 - Paragraph 29(3)(f)

228. This item repeals and replaces paragraph 29(3)(f) to provide that it is not a function of the PJCIS to review compliance by ASIS, ASD or AGO, with their respective privacy rules made under section 15 of the IS Act.

Item 5 - Application of amendments

229. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 1 of this Schedule apply to privacy rules made on or after the commencement of this part. This item also provides that amendments to the IS Act made by Part 1 of this Schedule apply to the communication and retention of intelligence information that occurs after the commencement of this Schedule, regardless of whether the intelligence information was obtained before or after that commencement.

Part 2 - Privacy rules of DIO

Overview

230. Part 2 of Schedule 10 implements recommendation 189 of the Comprehensive Review, which found that DIO should be required, in legislation, to have legally binding, publicly available privacy rules.

231. In order to perform their functions effectively, intelligence agencies must be able to protect sensitive sources, techniques and capabilities. Consequently, DIO is exempt where its acts and practices that impact on privacy relate to its functions.[14] Instead, DIO maintains its own set of privacy rules that regulate the communication and retention of intelligence information concerning Australian persons.

232. DIO has publicly available privacy rules approved by the Minister for Defence. However, these are not currently mandated by legislation.

233. The Comprehensive Review concluded that, while DIO continues to meet the relevant criteria justifying its exemption from the Privacy Act, and that its current privacy regime is adequate, minor changes should be made to its privacy arrangements to improve transparency. Specifically, the Comprehensive Review considered that it should be required by law, that DIO maintain and publish its legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

234. While DIO, unlike ASIS, ASD and AGO, is not established under an Act, the Comprehensive Review considered that it would be legislatively possible to require it to have privacy rules, as has been done in relation to other matters in the IS Act that relate to DIO, such as secrecy.

235. Part 2 of Schedule 10 amends the IS Act to introduce new section 41C. Section 41C formalises in legislation the requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons. Section 41C also introduces the requirement that the responsible Minister in relation to DIO must ensure, as soon as is practicable, that DIO's privacy rules be published on DIO's website.

236. Part 2 of Schedule 10 also amends section 29 of the IS Act to provide that it is a function of the PJCIS to review DIO's privacy rules, as made by the responsible Minister. The amendments provide that it is not a function of the PJCIS to review DIO's compliance with its privacy rules. These amendments are consistent with the Government response to recommendation 183 of the Comprehensive Review.

237. Part 2 of Schedule 10 also makes minor amendments to the IGIS Act to reflect new reporting requirements concerning DIO's privacy rules, as introduced by new section 41C in the IS Act.

Inspector-General of Intelligence and Security Act 1986

Items 6 and 7 - Subsection 35(2B)

238. These items amend subsection 35(2B) of the IGIS Act to include DIO in the list of agencies that the IGIS must include in its annual report with regard to compliance with privacy rules.

Item 8 - Subsection 35(2B) (note)

239. This item replaces the note in subsection 35(2B) to provide that the rules referred to in the subsection regulate the communication and retention of intelligence information concerning Australian persons, within the meaning of the IS Act. This reflects amendments to the IS Act privacy rules as part of this Schedule and Schedule 4 of this Bill.

Intelligence Services Act 2001

Item 9 - Section 3 (after paragraph (c) of the definition of intelligence information)

240. This item amends the definition of intelligence information in section 3 to include intelligence obtained or produced by DIO in the performance of its intelligence functions. Defining intelligence information in terms of DIO's 'intelligence functions' is consistent with the definitions (in paragraphs 3(a), (b) and (c)) for ASIS, AGO and ASD, whose definitions of 'intelligence information' are defined in terms of their respective intelligence functions).

Item 10 - After paragraph 29(1)(cg)

241. This item introduces new paragraph 29(1)(ch) to provide that it is a function of the PJCIS to review the privacy rules made under section 41C of the IS Act.

Item 11 - After paragraph 29(3)(f)

242. This item introduces new paragraph 29(3)(faa) to provide that it is not a function of the PJCIS to review compliance by DIO with its privacy rules.

Item 12 - Before section 42

243. This item inserts new section 41C to introduce a legislative requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons.

244. Subsection 41C(2) places a positive obligation on DIO to not communicate intelligence information concerning Australian persons except in accordance with the privacy rules.

245. Subsection 41C(3) requires that, in making the rules, the responsible Minister must have regard to the need to ensure that the privacy of Australian persons is preserved as far as is consistent with the proper performance by DIO of its functions. That is, while the right to privacy may be subject to certain permissible limitations for the purpose of DIO performing its intelligence functions, the rules must ensure that to the maximum extent possible, the privacy of Australian persons is maintained.

246. Subsection 41C(4) requires that, before making the privacy rules, the responsible Minister must consult with the Director of DIO, the IGIS and the Attorney-General. Subsection 41C(5) requires that, for the purpose of the consultation, the responsible Minister must provide a written copy of the proposed privacy rules to the persons consulted.

247. Subsection 41C(6) requires that, as soon as practicable after the privacy rules have been made, the responsible Minister must ensure that those rules are published on DIO's website. Consistent with the privacy rules for IS Act Agencies in section 15, any parts of the privacy rules that contain operationally sensitive information, or information that might prejudice Australia's national security, the conduct of Australia's foreign relations, or the performance by DIO of its functions, are not required to be published.

248. Subsection 41C(7) is intended to operate as a substantive exemption from the legislative instrument requirements of the Legislation Act 2003. Although the privacy rules issued by the responsible Minister under subsection 41C(1) are required to be made public, subsection 41C(5) recognises that such rules may contain operationally sensitive information or information relating to Australia's national security or the conduct of Australia's foreign relations that is not suitable for public dissemination. An exemption for this reason is consistent with the privacy rules issued under section 15 of the IS Act and section 53 of the ONI Act.

249. Subsection 41C(8) requires that the IGIS must brief the PJCIS on the content and effect of the privacy rules if the committee requests the IGIS to do so, or if the privacy rules change.

Item 13 - Application of amendments

250. This item provides that in relation to an annual report prepared under section 46 of the PGPA Act, the amendments made by Part 2 of this Schedule apply to both the reporting period in which they commenced and all subsequent reporting periods.

251. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 2 of this Schedule apply to privacy rules made on or after the commencement of this part. This item also provides that amendments to the IS Act made by Part 2 of this Schedule apply to the communication and retention of intelligence information that occurs after the commencement of this Schedule, regardless of whether the intelligence information was obtained before or after that commencement.

Part 3 - Privacy rules of ONI

Overview

252. To perform their functions effectively, Australia's intelligence agencies must be able to protect sensitive sources, techniques and capabilities. For this reason, intelligence agencies are either exempt or partially exempt from the provisions of the Privacy Act.

253. ONI is fully exempt from the operation of the Privacy Act. Instead, ONI is subject to direct ministerial control, IGIS oversight, and importantly, privacy rules issued by the Prime Minister that regulate ONI's collection of information mentioned in paragraph 7(1)(g) to the extent that information is identifiable information, and the communication, retention and handling of identifiable information concerning Australian persons.

254. Under section 53 of the ONI Act the Prime Minister must make privacy rules which regulate the collection of identifiable information under ONI's open source information function (paragraph 7(1)(g)), and communication, handling and retention of identifiable information by ONI more generally. Identifiable information is personal information about Australian citizens or residents. Section 53 applies to personal information about Australian citizens or permanent residents, regardless of how it was obtained. Before making the privacy rules the Prime Minister must consult with the Attorney-General, the IGIS, the Privacy Commissioner and the Director-General of ONI.

255. Currently, section 53(5) prohibits ONI from collecting or communicating information concerning Australian persons, except in accordance with the privacy rules.

256. The privacy rules currently cover all of ONI's functions, analytical or otherwise. This encompasses a broad range of scenarios, including where the information concerned is either routine or administrative in nature, or, in the case of ONI's open source function (paragraph 7(1)(g)), already in the public domain - for example, contained in a news article. The effect of this has been, particularly in relation to ONI's open source function, to hinder ONI from contributing valuable insights to NIC and other government forums.

257. The purpose of the privacy rules is to provide a necessary and important protection for the privacy of Australian persons, given the nature of ONI's analytical functions, which in certain circumstances, may impinge upon the right to privacy. It is necessary that the privacy rules continue to apply to the communication of information concerning Australian persons where such information is for the purposes of ONI's analytical functions - that is, where intelligence analysis is applied to that information.

258. However, it is both impractical and unnecessarily burdensome for the privacy rules to apply to administrative, staffing or publicly available information where the privacy risk associated with communicating that information is low, because that information is either voluntarily provided to the agency, or is already in the public domain. Unlike other NIC agencies, ONI does not have covert or intrusive powers to collect intelligence (such as the ability to obtain warrants or conduct compulsory questioning), and ONI's functions do not include directing an NIC agency to carry out operational activities. Personal information that is obtained for the purposes of ONI's non-analytical functions is unlikely to impact on the right to privacy and is therefore outside the intended purpose of the privacy rules. ONI deals with such information separately by ensuring that its internal policies and practices provide appropriate privacy protections as far as is consistent with the proper performance of ONI's functions.

259. Part 3 of Schedule 10 implements recommendation 12 of the Comprehensive Review, which found that the ONI Act should be amended to provide that the privacy rules apply to the communication of information under ONI's open source function, only where analysis has been applied to that information. It does so by amending section 53 of the ONI Act to make a distinction between 'personal information' and 'intelligence information'. The effect of this is to exclude the communication of non-intelligence open source products from the privacy rules regime. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to the communication of personal information where that personal information is not also intelligence information. The privacy rules apply in circumstances where the personal information provided to or collected by ONI is evaluated, analysed, interpreted, integrated and/or tested such that it becomes intelligence. The privacy rules continue to regulate the collection of information concerning Australian persons by ONI performing its open source function under section 7(1)(g).

260. This difference between 'information' and 'intelligence' is consistent with the meanings of 'intelligence' and 'uses of intelligence' set out in the third report of the 1974-77 Royal Commission on Intelligence and Security:

Intelligence is, to some degree, processed information. It is processed information in the sense that a lot of different items of knowledge have been put together, tested against each other for credibility and a judgement made on balance as to the truth, or at least the greatest degree of probability of the truth about some particular situation. It is also assessed as relevant to the consumer. ... Intelligence is information gathered for policy makers in government which illuminates the range of choices available to them and enables them to exercise judgment.[15]

261. Currently the ONI privacy rules do not make this distinction between information and intelligence that is derived from the interpretation of analysis of that information, nor between the different functions for ONI set out in section 7 of the ONI Act.

262. Consistent with the Government response to recommendation 12 of the Comprehensive Review, Part 3 of Schedule 10 further amends section 53 of the ONI Act to provide that the privacy rules apply only to personal information about an Australian citizen or permanent resident where that information is also intelligence information under ONI's two other analytical functions (paragraphs 7(1)(c) and (d)). This aligns with the approach described above for the treatment of personal information for ONI's open source function. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to, for example, the communication of administrative and staffing information. This is consistent with the approach taken currently by the IS Act and as amended by Schedule 4 of this Bill (Authorisations for producing intelligence on Australians).

263. Part 3 of Schedule 10 includes an additional provision in section 7 of the ONI Act to clarify that one of ONI's functions is to communicate, in accordance with the Government's requirements, intelligence that is produced under ONI's analytical functions through evaluation, analysis, interpretation and integration.

264. Part 3 of Schedule 10 also makes minor amendments to a note in the IGIS Act to reflect the amendments to ONI's privacy rules.

Inspector-General of Intelligence and Security Act 1986

Item 14 - Subsection 35(2C) (note)

265. This item replaces the note in subsection 35(2C) to provide that the rules referred to in the subsection regulate the communication, handling and retention of certain information that is personal information concerning Australian citizens or permanent residents, within the meaning of the ONI Act. This reflects amendments to the ONI privacy rules made as Part 3 of this Schedule.

Intelligence Services Act 2001

Item 15 - Before paragraph 29(1)(c)

266. This item introduces new paragraph 29(1)(ci) to provide that it is a function of the PJCIS to review the privacy rules made under section 53 of the ONI Act.

Item 16 - Paragraphs 29(3)(fa)

267. This item repeals and replaces paragraph 29(3)(fa) to provide that it is not a function of the PJCIS to review compliance by ONI with its respective privacy rules.

Office of National Intelligence Act 2018

Item 17 - Section 3 (paragraph beginning "This Act also deals with")

268. This item deletes the term 'identifiable information and' in the final paragraph of section 3 and replaces it with 'certain personal information about an Australian citizen or permanent resident, as well as'. This reflects the new terminology regarding the scope of ONI's privacy rules, as amended by this Schedule.

Item 18 - Subsection 4(1) (definition of identifiable information)

269. This item repeals the definition of 'identifiable information' in section 4. This is to reflect that 'identifiable information' is no longer referred to in section 53, as amended by this Schedule. The term is not used in any other part of the ONI Act.

Item 19 - Subsection 4(1)

270. This item inserts a definition of 'intelligence information' and 'personal information about an Australian citizen or permanent resident'. These two definitions have the meanings given by new subsection 53(1C) and new subsection 53(1B), respectively. The new terminology is for the purposes of explaining the scope and application of ONI's privacy rules in section 53.

Item 20 - After paragraph 7(1)(g)

271. This item inserts new paragraph 7(1)(ga) to clarify ONI's functions. 7(1)(ga) ensures that ONI is able to communicate, in accordance with Government's requirements, intelligence that is produced under 7(1)(c), (d) or (g). In its unamended form, section 7 does not provide sufficient clarity concerning ONI's ability communicate some of its analysis and analytical products.

Item 21 - Paragraph 53(1)(a)

272. This item replaces the term 'identifiable information' with the term 'personal information about an Australian citizen or permanent resident'. This has the effect that the Prime Minister must make privacy rules regulating the collection of personal information about Australian citizens or permanent residents for the purposes of ONI's open source function under paragraph 7(1)(g), as per the new definition of 'personal information about an Australian citizen or permanent resident' at subsection 53(1B).

273. As per new paragraph 53(1A)(a), ONI must abide by the privacy rules when collecting such information.

274. It remains the case that in making the privacy rules under paragraph 53(1)(a), the Prime Minister must have regard to the need to ensure that the privacy of Australian citizens and permanent residents is preserved so far as is consistent with the proper performance by ONI of its functions.

Item 22 - Paragraph 53(1)(b)

275. This item replaces the term 'identifiable information' with the term 'intelligence information that is personal information about an Australian citizen or permanent resident'. This has the effect that the Prime Minister must make privacy rules regulating the communication, handling and retention of intelligence information concerning Australians for the purposes of ONI's intelligence functions under paragraphs 7(1)(c),(d) and (g), as per the new definition of 'intelligence information' at section 53(1C).

276. As per new paragraph 53(1A)(b), ONI must abide by the privacy rules when communicating such information.

277. It remains the case that in making the privacy rules under paragraph 53(1)(b), the Prime Minister must have regard to the need to ensure that the privacy of Australian citizens and permanent residents is preserved so far as is consistent with the proper performance by ONI of its functions.

Item 23 - After subsection 53(1)

278. This item inserts a definition of 'personal information about an Australian citizen or permanent resident', a definition of 'intelligence information', and clarifies the circumstances in which ONI must act in accordance the privacy rules.

279. New subsection 53(1A) replaces section 53(5), which is repealed by Item 8 of this Schedule. Paragraph 53(1A)(a) requires that ONI must not collect personal information about an Australian citizen or permanent resident under the function set out in paragraph 7(1)(g), except in accordance with the privacy rules. Paragraph 7(1)(g) is ONI's open source function and is concerned with the collection, interpretation and dissemination of publicly available information. Paragraph 53(1A)(b) requires that ONI must not communicate intelligence information that is personal information about an Australian citizen or permanent resident except in accordance with the privacy rules.

280. Section 53(1B) inserts a definition of 'personal information about an Australian citizen or permanent resident' and section 53(1C) introduces a definition of 'intelligence information'. The purpose of these new definitions is to redefine the types of information that are subject to the privacy rules. This ensures that the privacy rules do not apply to information that is administrative in nature, or already in the public domain, while still protecting the personal information of Australians.

281. The definition of 'personal information about an Australian citizen or permanent resident' under section 53(1B) is defined in similar terms to the definition of 'personal information' in the Privacy Act. Noting however, the definition in section 53(1B) is limited to Australian citizens and permanent residents only. As was the case with the former definition of 'identifiable information' in section 4, as repealed by item 8 of this Schedule, the definition of an Australian citizen or permanent resident includes both natural persons and bodies corporate.

282. The definition of 'intelligence information' in section 53(1C) means intelligence that is produced by ONI under its analytical functions, those being the functions set out in paragraphs 7(1)(c), (d) and (g). Consistent with the meaning of intelligence expressed in the Hope Royal Commission report, the definition of intelligence information is concerned with intelligence that is produced by the evaluation, analysis, interpretation, integration and/or testing of information collected or assembled by or otherwise provided to ONI.

Item 24 - Subsection 53(5)

283. This item repeals subsection 53(5) which is replaced by new subsection 53(1A).

Item 25 - Application of amendments

284. This item provides that in relation to an annual report prepared under section 46 of the PGPA Act, the amendments made by Part 3 of this Schedule apply both to the reporting period in which they commenced, and all subsequent reporting periods.

285. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 3 of this Schedule apply privacy rules made on or after the commencement of this part.

286. This item also states that the new provisions concerning ONI's privacy rules apply in relation to information collected under paragraph 7(1)(g) after the commencement of the Schedule. For the communication, handling and retention of intelligence information under paragraphs 7(1)(c), (d) and (g), the rules apply from the commencement of this schedule regardless of when that intelligence was produced. That is to say, the new provisions apply to all of the intelligence produced by ONI.

Part 4 - Contingent amendments

Intelligence Services Act 2001

Item 22 - Section 3 (definition of intelligence information )

287. This item makes a minor contingent amendment to section 3 of the IS Act to clarify that the definition of 'intelligence function' (contingent upon passage of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020) is in relation to AUSTRAC only.

Schedule 11 - Assumed identities

Crimes Act 1914

Overview

288. This Schedule amends the Crimes Act to include ASD in the Assumed Identities scheme set out in Part IAC of that Act. However, while the Director-General of ASD will be able to authorise the use of an assumed identity, the acquisition of evidence of an assumed identity will be authorised and performed on ASD's behalf by either ASIO or ASIS.

289. Part IAC of the Crimes Act sets out a regime for the acquisition and use of assumed identities by law enforcement and intelligence agencies. The scheme allows authorised officers of law enforcement and intelligence agencies to act under false identities, enabling them to obscure sensitive activities that would be undermined if they were to be connected with a law enforcement or intelligence agency, and protecting the true identity of individual officers.

290. Under subsection 15KB(2), the authority to acquire or use an assumed identity can only be granted in connection with one or more specific purposes, which include 'the exercise of powers and performance of functions of an intelligence agency'. Currently, the only intelligence agencies included in the scheme are ASIO, ASIS and ONI. In the law enforcement space, the regime is available to law enforcement agencies, including the Australian Federal Police, the Australian Criminal Intelligence Commission, the Australian Commission for Law Enforcement Integrity, the Australian Taxation Office, and the then Department of Immigration and Border Protection (which is now taken to be the Department of Home Affairs).

291. ASD, in accordance with its functions under the IS Act, relies on the use of assumed identities to perform activities related to its functions in circumstances where ASD's operations would be compromised were the activities to be connected to ASD. Currently, ASIS and ASIO operate assumed identities on ASD's behalf, in accordance with the Crimes Act and other legislation governing the activities of these agencies.

292. This means that it is the chief officer (the Director-General) of ASIO or ASIS who is required to approve a request from ASD to acquire and use an assumed identity. In addition, a supervisor from either ASIO or ASIS must be appointed to oversee ASD's use of the assumed identity, even where ASIO or ASIS has no involvement in the activities or operations requiring the assumed identity. These arrangements are necessary because ASD is not included as an intelligence agency in Part IAC of the Crimes Act. This is less efficient than if ASD operated its own assumed identities, and is proving unsustainable in the current operational environment.

Items 1 to 4 - Section 15K (Definitions)

293. Item 1 makes a consequential amendment to the definition of 'chief officer' to reflect the inclusion of the Director-General of ASD in the definition at item 2.

294. Item 2 includes the Director-General of ASD in the definition of 'chief officer'. The chief officer of an agency has a range of responsibilities under the Assumed Identities scheme in Part IAC, including making authorisations for assumed identities, and significant record keeping and auditing requirements under Subdivision B of Division 6 of Part IAC.

295. Item 3 includes ASD as an 'intelligence agency' for the purposes of Part IAC. Part IAC allows intelligence agencies and law enforcement agencies to participate in the Assumed Identities scheme. Therefore, this amendment will allow ASD to participate in the regime.

296. Item 4 repeals the definition of an 'intelligence officer' and replaces it with a new definition that incorporates the meaning of 'staff member' from the IS Act and, for ONI, within the meaning of the ONI Act. The IS Act definition includes people made available to perform services for the agency, such as contractors or secondees. The use of this definition in Part IAC reflects the fact that agencies are likely to structure their operations and approvals processes using the definition of 'staff member' set out in the relevant Acts, so requiring an officer to also fall within a separate definition solely for the purposes of Part IAC could create unnecessary complications.

297. The purpose of these changes to the definitions of 'chief officer', intelligence agency', and 'intelligence officer' is to allow ASD to participate in the Assumed Identities scheme.

Item 5 - At the end of subsection 15KB(4)

298. This item adds paragraph 15KB(4)(i) to include that the chief officer of ASD can appoint a supervisor who holds the position, or performs the duties of an APS Executive Officer Level 1 position, or an equivalent or higher position, in ASD.

Item 6 - Paragraph 15KG(b)

299. This item amends paragraph 15KG(b) to provide that ASD is not an intelligence agency that may apply to the Supreme Court of a State or Territory for an order that an entry be made in a register of births, deaths or marriages in relation to acquiring evidence of an assumed identity.

300. While these amendments include ASD in the Assumed Identities scheme, ASD does not have the ability to undertake the acquisition of evidence of an assumed identity. Instead, this continues to be done on ASD's behalf by ASIO and ASIS, which are the agencies with relevant experience in acquiring evidence of assumed identities.

301. This item provides that a chief officer may only make a request for an entry in a register of births, deaths or marriages under an authority to acquire evidence of an assumed identity, and not under an authority to use an assumed identity. Since ASD has no ability to acquire evidence, this means in effect that only the chief officer of ASIO or ASIS is able to make a request for an entry in a register of births, deaths or marriages. If such a request is operationally necessary for ASD, it is intended that an authority to acquire evidence be issued by either ASIO or ASIS, and the chief officer of ASIO or ASIS is able to make a request on ASD's behalf.

Item 7 - Subsection 15KH(2)

302. This item provides that the chief officer of ASD may not apply for the cancellation of an entry in a register of births, deaths or marriages. Instead, this request must be made on ASD's behalf by the chief officer of the agency that made the application for the entry into the register (either ASIO or ASIS). The intention of this is that ASD is able to use assumed identities, but all external engagement in respect of evidence of an assumed identity is done by ASIO or ASIS.

Items 8 to 13 - Paragraph 15KI(2A)(b), section 15KI(2A)(c), at the end of subsection 15KI(2A), paragraph 15KX(2A)(b), paragraph 15KX(2A)(c), and after subsection 15KX(2A)(c)

303. Items 8 to 13 provide that requests for evidence of an assumed identity cannot be made by the chief officer of ASD and can only be made by ASIO or ASIS. This gives effect to the intention that ASIO and ASIS retain responsibility for acquiring the evidence of an assumed identity on behalf of ASD. Items 8, 9 and 10 refer to requests made to Commonwealth issuing authorities, while items 11, 12 and 13 relate to requests made to participating jurisdictions (e.g. state and territory authorities).

Item 14 - Paragraph 15KY(3)(b)

304. This item makes a technical amendment to reflect the inclusion of the Director-General of ASD in the term 'chief officer of an intelligence agency'. ASD is not required to comply with a request from a participating jurisdiction for evidence of an assumed identity.

Items 15 and 16 - Subsection 15LH(3) (paragraph (g) and after paragraph (ga) of the definition of senior officer )

305. Items 15 and 16 amend the definition of 'senior officer' in relation to delegation of an ASIS or ASD chief officer's functions. This allows the chief officer of ASIS or ASD to delegate his or her functions to an intelligence officer who holds a position equivalent to or higher than a Senior Executive Service employee. This amendment ensures that functions may only be delegated to very senior officers within ASD, and clarifies the position in relation to ASIS.

Schedule 12 - Authorities of other countries

Intelligence Services Act 2001

Overview

306. The IS Act currently includes the term 'authority of other country' which is not defined.

307. This Schedule provides that for a body to be an 'authority, of another country' for the purposes of the IS Act, it is not required that the body be established by a law of the country or be connected with an internationally recognised government of a country. This amendment does not introduce a comprehensive definition of the term; whether a body is an authority of another country will still need to be considered on a case-by-case basis.

308. This amendment is designed to displace any assumption that for a body to be an 'authority' it would need to be established by a law of the country or be connected to, or controlled by, the internationally recognised government of the country. It clarifies that bodies can be authorities of other countries where they are, or are connected to, bodies that have effective control over all or part of another country. This could occur in situations where the internationally recognised government of a country is disputed, disrupted or not in control of the whole of its territory.

309. For a body to be an 'authority', a body generally needs to be performing or purporting to perform one or more traditional functions of government, and exercising its powers for a public, rather than private purpose. It is unnecessary for the body in question to possess coercive powers, whether of an administrative or legislative character. For example, law enforcement, immigration control, the maintenance of security and intelligence gathering are functions that are traditionally performed by governments. This means that agencies can cooperate with bodies who are themselves performing those functions (such as a security agencies), and bodies who are directing the performance of those functions (such as a government or governing authority). This also means that, in a circumstance where a government may have temporarily lost power in its country (for example, where a government has been removed by a coup) agencies can continue to cooperate with authorities of that country, provided that the authority is still capable of performing a relevant governmental function, such as an intelligence or security function.

310. The amendment affects the interpretation of the term as it appears throughout the IS Act, such as at paragraph 6(1)(d), subsection 11(2AA), paragraph 13(1)(c) and subsection 42(2).

Item 1 - Section 3

311. This item inserts "(1)" before "In this Act" at the beginning of section 3. The effect of this is to split existing section 3 into two subsections 3(1) and 3(2). Subsection 3(2) is introduced by Item 3 of this Schedule.

Item 2 - Subsection 3(1)

312. This item provides that the term 'authority, of another country' has a meaning affected by subsection 3(2) as introduced by Item 3 of this Schedule.

Item 3 - At the end of section 3

313. This item inserts new subsection 3(2). Subsection 3(2) provides that, for the purposes of determining whether a body is an authority of another country, as defined in subsection 3(1), it does not matter whether the body is established by a law of the country, or whether the body is connected with an internationally recognised government of the country. This clarifies that authorities of other countries includes authorities in circumstances where the traditionally recognised government of the country is disputed, disrupted or not in control of the whole of its territory.

Schedule 13 - ASIO authorisations

Australian Security Intelligence Organisation Act 1979

Telecommunications (Interception and Access) Act 1979

Overview

314. This Schedule implements recommendations 36, 37 and (as it pertains to ASIO warrants) 103 of the Comprehensive Review, which found that:

the ASIO Act should be amended to clarify the permissible scope of a class of persons approved to exercise the authority conferred by a warrant, and that additional record keeping requirements should apply to the exercise of that authority, and
that similar provisions should be contained in a new electronic surveillance act, including in relation to ASIO's telecommunication interception powers. This schedule amends the corresponding provisions in the TIA Act to allow for consistency in approach for ASIO warrants across the ASIO Act and TIA Act and to improve administrative efficiency in relation to the exercise of authority conferred by a warrant.

315. Under subsection 24(2) of the ASIO Act, the Director-General of Security, or a senior position-holder appointed by the Director-General of Security under subsection 24(3), may approve a person or class of persons to exercise the authority conferred by a relevant warrant or relevant device recovery provision under the ASIO Act. A relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.

316. The ASIO Act does not specify whether subsection 24(2) accommodates an expansion to a class of persons subsequent to such an approval being made. Such a situation may arise if, for example, the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular computer access warrant and, subsequent to that approval being given, an additional position is created in that Branch-the Act does not specify whether that additional position, which would fall within the scope of the class approved by the Director-General of Security, may exercise the authority conferred by the warrant.

317. The Schedule amends section 24 of the ASIO Act to clarify that where the Director-General of Security, or a senior position-holder appointed by the Director-General of Security, approves a person or class of persons occupying, holding or performing the duties of an office or position to exercise the authority of a relevant warrant or relevant device recovery provision, the approval extends to an office or position that comes into existence after the approval is given. This means that new staff members who join an approved class, after the moment of approval, will be able to exercise the authority conferred by the warrant or provision.

318. Section 12 of the TIA Act provides that the Director-General of Security, or an 'authorising officer' appointed by the Director-General of Security, may approve persons to exercise the authority, on behalf of ASIO, conferred by a Part 2-2 warrant. An 'authorising officer' is an ASIO employee or ASIO affiliate appointed by the Director-General of Security.

319. The Schedule also amends section 12 of the TIA Act to make clear the Director-General of Security, or an 'authorising officer', can approve a class of persons to exercise the authority conferred by a Part 2-2 warrant. As with section 24 of the ASIO Act, the amendments clarify that, under section 12 of the TIA Act, where the Director-General of Security, or an 'authorising officer', approves a person or a class of persons holding, occupying or performing the duties of an office or position to exercise the authority conferred by a warrant, the approval extends to an office or position that come into existence after the approval is given. The amendments will not enable the approval of a 'self-executing' class, such as approving 'any officer working on Operation A from time to time'.

320. The Schedule also introduces a requirement that the Director-General of Security must cause records to be kept of the person or persons who exercise authority under a relevant warrant or relevant device recovery provision under the ASIO Act and a Part 2-2 warrant under the TIA Act.

Item 1 - After subsection 24(2)

321. Item 1 adds new subsections 24(2A) and 24(2B) to section 24 of the ASIO Act to clarify the permissible scope of a class of persons approved by the Director-General of Security, or a senior position-holder appointed by the Director-General of Security under subsection 23(3), to exercise the authority conferred by a relevant ASIO warrant or relevant device recovery provisions.

322. New subsection 24(2A) clarifies that where the Director-General of Security, or a senior position-holder appointed by the Director-General of Security, approves a person or class of persons, holding, occupying or performing the duties of an office or position, to exercise the authority conferred by a relevant warrant or relevant device recovery provision, such an approval extends to such an office or position that comes into existence after the approval is made.

323. This amendment is intended to clarify, for the avoidance of doubt, that where the Director-General of Security has approved a person or a class of persons to exercise the authority conferred by the relevant warrant or relevant provision by reference to particular offices or positions and, subsequent to the giving of that approval, a new office or position comes into existence that falls within the description of the approved person or class, the approval extends to that new office or position. For example, if the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular computer access warrant and, subsequent to that approval being given, an additional position is created in that Branch, the approval would extend to that additional position.

324. This would also apply where the approval was for a person in a position where that position was anticipated but not yet created. For example, if a new taskforce was being established, and it was intended to give the head of the taskforce the authority to execute the authority conferred by a warrant, this would enable the authorisation to be given before the taskforce was formally established.

325. New subsection 24(2B) provides that new subsection 24(2A) does not, by implication, affect the interpretation of any other provision of the ASIO Act.

Item 2 - After subsection 24(3)

326. Item 2 adds new subsection 24(3A) to section 24 of the ASIO Act to introduce a record keeping requirement concerning all persons who exercise the authority conferred by a relevant warrant or relevant device recovery provision. A relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.

327. The provision requires that the Director-General of Security must, as soon as is practicable after authority is exercised under a relevant warrant or relevant device recovery provision, cause one or more written records to be made identifying each person who exercised that authority.

328. The record keeping requirement captures those people who actually exercise the authority conferred by a relevant warrant or relevant device recovery provision, rather than all persons who are approved to exercise authority under the warrant or provision. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or persons who undertake activities that exercise the authority of the warrant and not the particular power that was exercised by the person pursuant to the warrant. The written record or records, which may be automatically generated, must carry the name of each person or persons who exercises the authority of the warrant, or identifiers which enable the Director-General of Security to identify each person who exercises the authority of the warrant (or some combination of both). Identifiers may include position numbers, job titles, government identification numbers or other unique descriptors from which the Director-General of Security could positively identify a person.

Item 3 - Section 12

329. Item 3 amends section 12 of the TIA Act by inserting "(1)" before the wording "The Director-General". The effect of this is to convert section 12 into subsection 12(1) in order to allow for the addition of new subsections 12(2) to 12(4) as introduced by Item 5 of this Schedule.

Item 4 - Subsection 12(1)

330. Item 4 amends subsection 12(1) of the TIA Act, as amended by Item 3 of this Schedule, by inserting ", or class of persons" after the wording "approve any persons". The effect of this is to make clear the Director-General of Security, or an 'authorising officer', can approve a class of persons to exercise the authority, on behalf of ASIO, conferred by a Part 2-2 warrant. An 'authorising officer' is an ASIO employee or ASIO affiliate appointed by the Director-General of Security.

Item 5 - At the end of section 12

331. Item 5 adds new subsections 12(2), (3) and (4) to section 12 of the TIA Act to clarify the permissible scope of a class of persons approved by the Director-General of Security, or an 'authorising officer' appointed by the Director-General of Security, to exercise the authority conferred by a Part 2-2 warrant, and to introduce a record keeping requirement concerning all persons who exercise the authority of such a warrant.

332. New subsection 12(2) clarifies that where the Director-General of Security, or an 'authorising officer', approves a person or a class of persons, holding, occupying or performing the duties of an office or position, to exercise the authority conferred by a Part 2-2 warrant, such an approval extends to such an office or position that comes into existence after the approval is made.

333. This amendment is intended to clarify, for the avoidance of doubt, that where the Director-General of Security has approved a person or a class of persons to exercise the authority conferred by a warrant by reference to particular offices or positions and, subsequent to the giving of that approval, a new office or position comes into existence that falls within the description of the approved person or class, the approval extends to that new office or position. For example, if the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular Part 2-2 warrant and, subsequent to that approval being given, an additional position is created in that Branch, the approval would extend to that additional position.

334. This would also apply where the approval was for a person in a position where that position was anticipated but not yet created. For example, if a new taskforce was being established, and it was intended to give the head of the taskforce the authority to execute the authority conferred by a warrant, this would enable the authorisation to be given before the taskforce was formally established.

335. New subsection 12(3) provides that new subsection 12(2) does not, by implication, affect the interpretation any other provision of the TIA Act.

336. New subsection 12(4) introduces a record keeping requirement concerning all persons who exercise the authority conferred by a Part 2-2 warrant. The provision requires that the Director-General of Security, as soon as is practicable after authority is exercised under a Part 2-2 warrant, cause one or more written records to be made, identifying each person who exercised that authority.

337. The record keeping requirement captures those people who actually exercise the authority conferred by a warrant, rather than all persons who are approved to exercise the authority conferred by the warrant. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or people who undertake activities that exercise the authority conferred by the warrant and not the particular power that was exercised by the person pursuant to the warrant. The written record or records, which may be automatically generated, must carry the name of each person or persons who exercises the authority of the warrant, or identifiers which enable the Director-General of Security to identify each person who exercise the authority of the warrant (or some combination of both). Identifiers may include position numbers, job titles, government identification numbers or other unique descriptors from which the Director-General of Security could positively identify a person.

338. The amendments in items 3 to 5 are consistent with the amendments to the ASIO Act in items 1 and 2.

Item 6 - Application of amendments

339. Item 6 provides the application and saving provisions for subsections 24(2A) and 24(3A) of the ASIO Act, as introduced by items 1 and 2 of this Schedule, subsection 12(1) of the TIA Act, as amended by items 3 and 4 of this Schedule, and subsections 12(2) and 12(3) of the TIA Act, as introduced by item 5 of this Schedule.

340. New subsection 24(2A) of the ASIO Act applies to approvals given after the commencement of this Schedule to exercise authority conferred by a relevant warrant or relevant device recovery provision relating to a warrant issued before or after that commencement. That is, the clarified interpretation of the permissible scope of a class of persons approved to exercise the authority conferred by a relevant warrant or relevant device recovery provision applies only to approvals made after the commencement of this Schedule. However, such an approval can be made in relation to a relevant warrant, or relevant device recovery provision relating to a relevant warrant, issued before or after the commencement of this Schedule.

341. New subsection 24(3A) of the ASIO Act applies in relation to the exercise by a person, after the commencement of this Schedule, of authority conferred by a relevant warrant or relevant device recovery provision, whether or not approval for the person to exercise the authority was given before or after that commencement, or whether the warrant or provision to which the authority relates was issued before or after that commencement. That is, the new record keeping requirement capturing those persons who exercise authority under a relevant warrant or relevant device recovery provision applies only to authority exercised after the commencement of this Schedule. However, the requirement applies in relation to warrants, or relevant device recovery provisions relating to a relevant warrant, issued, and approvals to exercise authority that are given, before or after the commencement of this Schedule.

342. Amended subsection 12(1) and new subsection 12(2) of the TIA Act apply to approvals given after the commencement of this Schedule, to exercise authority conferred by a warrant issued before or after that commencement. That is, the ability of the Director-General of Security, or an 'authorising officer', to approve a class of persons to exercise the authority of under a Part 2-2 warrant and the interpretation of the permissible scope of that class of persons apply only to approvals made after the commencement of this Schedule. However, such an approval can be made in relation to a warrant issued before or after the commencement of this Schedule.

343. New subsection 12(3) of the TIA Act applies in relation to the exercise by a person, after the commencement of this Schedule, of authority conferred by a warrant, whether or not approval for the person to exercise the authority was given before or after that commencement, or whether the warrant to which the authority relates was issued before or after that commencement. That is, the new record keeping requirement capturing those persons who exercise the authority conferred by a Part 2-2 warrant applies only to authority exercised after the commencement of this Schedule. However, the requirement applies in relation to warrants that are issued, and approvals to exercise authority that are given, before or after the commencement of this Schedule.

Schedule 14 - Amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018

Intelligence Services Act 2001

Overview

344. This Schedule makes several technical amendments to correct a referencing error and a minor omission in the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.

Item 1 - Subsections 9(4) and 10(1A)

345. This item makes a minor amendment to correct an omission in the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018 to ensure that there is an appropriate time limit on all ministerial authorisations issued under section 9 of the IS Act or renewed under section 10 of the IS Act. This ensures consistency with the ministerial authorisation framework under the IS Act.

Items 2 and 3 - Subsection 13(5)

346. These items amend subsection 13(5) of the IS Act by substituting 'this section' with 'subsection (4)' and substituting 'section (4)' with 'that subsection'. This is to correct a referencing error. The Director-General of ASD is required to provide a report about any significant cooperation occurring under subsection 13(4).

At present, paragraph 9(1A)(b) imposes a requirement that the agreement of the ASIO Minister be obtained if the Australian person or class of Australian persons is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security. As this amendment relates to circumstances in which ministerial authorisation need not be obtained, the requirement to obtain the agreement of the ASIO Minister would be inconsistent with the purpose of the amendment.

There are limited exceptions to this requirement, including where the IGIS is satisfied that the complainant became aware of the action more than 12 months before making the complaint, or that the complaint is vexatious, frivolous or otherwise not made in good faith. In such circumstances, the IGIS has discretion to not inquire into the complaint.

The exemptions from the Privacy Act are referenced from the Freedom of Information Act 1982. AGO is not listed as an exempt agency, as it is not an independent statutory agencies-rather it is an entity that is part of the Department of Defence. AGO is exempt where the acts and practices that impact on privacy relate to is functions. This includes all operational documents. Accordingly, AGO is considered to be 'fully exempt'.

Commonwealth of Australia, 2017 Independent Intelligence Review, p. 36.

Commonwealth of Australia, Comprehensive Review of the Legal Framework of the National Intelligence Community, p. 39.

Wood Royal Commission into the New South Wales Police Service - Final Report Volume II: Reform, p. 412.

See section 85ZL of Part VIIC, Pardons, quashed convictions and spent convictions.

2017 Independent Intelligence Review, Paragraph 6.45.

Paragraph 9(1A)(b) imposes a requirement that the agreement of the Attorney-General be obtained if the person or class of persons is, or is likely to be, a threat to security. As the amendments relate to circumstances in which ministerial approval need not be obtained before the authorisation is made, the requirement that agreement of the Attorney-General be obtained in circumstances relating to threats to security would be inconsistent with the purpose of the amendment.

For clarity, in circumstances in which an Australian person has been taken hostage, it is intended that the conditions in paragraph 9(1A)(a) will be met in that the Australian person will be involved in an activity that presents a significant risk to the Australian person's safety.

2017 Independent Intelligence Review, Recommendation 16(e).

Comprehensive Review, Paragraph 15.91.

The exemptions from the Privacy Act are referenced from the Freedom of Information Act 1982. AGO is not listed as an exempt agency, as it is not independent statutory agencies-rather AGO is part of the Department of Defence. AGO is exempt where the acts and practices that impact on privacy relate to its functions. This includes all operational documents. Accordingly, it is considered to be 'fully exempt'.

The exemptions from the Privacy Act are referenced from the Freedom of Information Act 1982. DIO is not listed as an exempt agency, as it is not independent statutory agencies-rather DIO is part of the Department of Defence. DIO is exempt where the acts and practices that impact on privacy relate to its functions. This includes all operational documents. Accordingly, it is considered to be 'fully exempt'.

Parliament of the Commonwealth of Australia, Parliamentary Paper No. 92/1977, Royal Commission on Intelligence and Security, Third Report, Abridged Findings and Recommendations, pp. 1-2.


View full documentView full documentBack to top