As the Abbott Government prepares to enact sweeping changes to Australia’s national security laws, with the co-operation of the Labor Opposition and only weak recommendations from the Parliamentary Joint Committee on Intelligence and Security to amend the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill, it is worth remembering that this nation’s intelligence agencies already often fail to comply with safeguards built into existing legislation.
It is also worth noting that compliance oversight of these agencies does not involve inspecting all agency activities/warrants and relies heavily on voluntary self-reporting by these same agencies.
In 2013–14 we reviewed approximately half of the warrants obtained by ASIO. These inspections occur after the Attorney-General has authorised the warrant and usually after ASIO has completed the operation and reported back to the Attorney-General.
During 2013–14 our inspection program identified four errors in ASIO’s execution of warrant powers, each of which constituted a breach of either the ASIO Act or the TIA Act.
My office identified one breach under the ASIO Act relating to delay by ASIO in revoking a warrant. The ASIO Act requires ASIO to inform the minister ‘forthwith’ once the grounds on which the warrant was issued cease to exist. For the warrant in question there was a considerable delay in providing the relevant notification to the Attorney-General.
As noted in previous annual reports, I have a particular interest in ASIO’s use of B-Party warrants because of the potential for intrusive collection of material that is not relevant to security. In 2013–14 there was a modest increase in the use of such warrants following a decrease the previous year. This increase was due to a growth in the number of Australians involved in foreign conflicts. Most of these warrants are reviewed by my office. I am currently consulting with the Attorney-General’s Department about ASIO’s interpretation of the provisions in the TIA that restrict the availability of B-party warrant.
My office identified one instance when ASIO communicated information on Australian persons to a non-approved foreign authority responsible for issuing passports for that country. The case raised complex legal issues and at the end of the reporting period I had not formed a final view on whether approval from the Attorney-General was strictly legally required; however, my view is that at least as a matter of propriety and compliance with the intention of the restrictions the matter should have gone to the Attorney-General.
In one case I questioned whether the justification given for the internal security investigation was sufficient or reasonable, having regard to all of the circumstances. In particular I questioned whether it was appropriate for personal information about a member of the public to be passed to an ASIO officer who had expressed concerns that the individual might pose a risk to the officer’s own personal safety. I was advised at the time that all ASIO staff members could access some ASIO holdings to perform checks on individuals, including neighbours and social contacts that might relate to personal security or safety. I expressed concern that ASIO did not have formal processes in place to ensure that personal information in ASIO’s holdings about a member of the public could not be released to a staff member or accessed directly by the staff member. In my view, this is out of step with community expectations in respect of privacy.
In one instance ASIS had been aware that the person was Australian but this had not been well documented or communicated. This was a breach of the privacy rules. It was subsequently found that there was also a breach of the requirement that ASIS only communicate intelligence in accordance with government requirements and the requirement for ministerial authorisation before taking action to produce intelligence on an Australian person. There is further information on this case below….there had been unauthorised collection against the individual breaching the ISA’s requirement that ASIS ‘obtain ministerial authorisation before undertaking any activity to produce intelligence on an Australian person’ (s.8) after ASIS first became aware of the individual’s dual nationality in July 2012. ASIS investigated the case further. I received a copy of the final report from the Director-General in June 2014, which confirmed there had been a breach of both section 6(1)(b) and section 8 of the ISA, as well as a breach of the privacy rules.
ASIS reported two breaches because the privacy rules were not applied to reporting on a person known to be an Australian person. Inspections by my office identified an additional two breaches where the privacy rules had not been applied. ASIS subsequently amended all four reports and applied the privacy rules retrospectively.
The May 2014 inspection confirmed one breach of the ISA, where an ASIS officer who had not been approved for training in or the use of weapons discharged a firearm in a skills maintenance session in March 2014….. a further two breaches of the ISA relating to the unapproved use of weapons by ASIS officers during the reporting period: one at a skills maintenance session in September 2013 and one at a firing range in December 2013.
In January 2014, DSD separately provided to me their final report on a breach of the ISA which occurred during October 2013, where incomplete records had resulted in DSD conducting intelligence collection activity on a person known to be Australian. During the reporting period I continued to inspect cancellations of ministerial authorisations and non-renewal reports to the Minister for Defence under sections 10 and 10A of the ISA. In September 2013, as part of our regular inspection of DSD activities, I asked DSD to confirm that intelligence collection against several subjects had ceased (as had been advised by DSD to the Minister for Defence). DSD advised that collection against one subject had continued for several months beyond the expiry of the ministerial authorisation, in breach of the requirements specified in the ISA.
In two cases there were breaches of the privacy rules as the presumption of nationality was not applied reasonably by DSD. In both cases, intelligence collection activity occurred against Australian persons in circumstances where DSD already had information indicating that the individuals concerned were Australian persons, but in each case members of staff had failed to make appropriate inquiries of existing DSD records. In addition to these cases being breaches of the presumption rule in the privacy rules, the action taken to produce intelligence on an Australian person was inconsistent with the ministerial authorisation requirement in the ISA. During 2013–14, I assessed two instances where DSD communicated information about an Australian person not in accordance with the privacy rules. Both incidents resulted from a failure to follow established compliance processes.
During my 2013–14 inspection program, a breach of Section 133(1) of the AML/CTF Act was identified whereby ASIO communicated AUSTRAC information to a foreign intelligence agency without first receiving appropriate undertakings for the protection and use of the information.