Legal database - View: Extrinsic Materials: National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2022 - Explanatory Memorandum

Back to browse

View full document Previous section | Next section

House of Representatives

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021

National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2022

Explanatory Memorandum

(Circulated by authority of the Minister for Home Affairs, the Honourable Karen Andrews MP)

Notes on Clauses

Preliminary

Clause 1 - Short title

1. This clause provides for the short title of the Act to be the National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Act 2021.

Clause 2 - Commencement

2. This clause provides for the commencement of each provision in the Bill, as set out in the table. Schedules 1-8 and 11-14 will commence the day after the Act receives the Royal Assent.

3. Schedule 9 will commence at the later of:

•: the day after the Act receives the Royal Assent, or
•: the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021.

4. The provisions in Schedule 9 do not commence at all if the commencement of Schedule 2 to the Security Legislation Amendment (Critical Infrastructure) Act 2021 does not occur.

5. Part 1 of Schedule 10 will commence the day after the Act receives the Royal Assent.

6. Each of Parts 2 and 3 of Schedule 10 will commence on a single day to be fixed by Proclamation. However, if the provisions do not commence within the period of 6 months beginning on the day after the Act receives the Royal Assent, they commence on the day after the end of that period.

7. Part 4 of Schedule 10 will commence at the later of:

•: the commencement of the provisions at Part 2 of Schedule 10, or
•: the commencement of item 136 of Schedule 1 to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Act 2021.

8. The provisions in Part 4 of Schedule 10 do not commence at all if the commencement of item 136 of Schedule 1 to the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Act 2021 does not occur.

Clause 3 - Schedules

9. Each Act specified in a Schedule to this Act is amended or repealed as is set out in the applicable items in the Schedule. Any other item in a Schedule to this Act has effect according to its terms.

Schedule 1 - Emergency authorisations

Intelligence Services Act 2001

Overview

10. This Schedule implements recommendation 52 of the Comprehensive Review. Consistent with recommendation 16(e) of the IIR, the Comprehensive Review identified that the emergency authorisation provisions in the IS Act require amendment to address situations where it is reasonable to believe that an Australian person consents to the production of intelligence by an IS Act Agency on that person. The IIR described the issue in the following terms: These are operations where it is in the interests of the Australian person that the capabilities of the [IS Act] agencies be used to produce intelligence about their activities or whereabouts. The clearest example is where an Australian is kidnapped or taken hostage, and could also include situations where an Australian person is in arbitrary detention overseas. At present ASIS and ASD are required to seek [ministerial authorisation] before undertaking any activity to produce intelligence which may, for example, help identify where that person may be, who may have kidnapped them and what intermediaries may be involved. In these types of circumstances, time can be of the essence and the [ministerial authorisation] process, including the emergency authorisation provisions, can be an unnecessary delay. ^[8]

11. Both Reviews recommended permitting IS Act Agencies to act immediately and without a ministerial authorisation in situations where it is reasonable to believe that an Australian person consents to the IS Act Agency producing intelligence on that person.

12. Currently, section 8 of the IS Act provides that the Ministers responsible for ASIS, ASD and AGO must issue a written direction requiring the respective agency to obtain an authorisation from the responsible Minister before undertaking certain activities, including activities for the specific purpose of producing intelligence on an Australian person. Ministerial authorisations are an exercise of a Minister's supervisory responsibilities for an agency. In an emergency, agencies may obtain an authorisation from one of several Ministers listed in the IS Act, or if none of the listed Ministers are readily available or contactable, from the agency head.

13. Subsection 9(1) of the IS Act provides preconditions which a Minister must be satisfied of prior to giving an authorisation. Subsection 9(1A) provides additional considerations for activities regarding Australian persons. Additional requirements apply, under paragraph 9(1A)(b), if the Australian person, or class of Australian persons, is or is likely to be involved in an activity or activities that are or are likely to be a threat to security. Sections 9A to 9C contain a series of additional legal frameworks under which authorisation may be given in an emergency.

14. The Intelligence Services Legislation Amendment Act 2005 inserted section 9A to the IS Act to address circumstances where there is a need for an agency to undertake activities concerning an Australian person in an emergency and the responsible Minister for the agency is not readily contactable or available. Section 9A in its current form provides that the Prime Minister, Minister for Defence, Minister for Foreign Affairs, the Attorney-General or the Minister (ASIO Minister) responsible for administering the Australian Security Intelligence Organisation Act 1979 (ASIO Act) may give a ministerial authorisation in these circumstances.

15. Section 9A was amended, and sections 9B and 9C were inserted, by the Counter-Terrorism Legislation Amendment Act (No 1) 2014. The amendment to section 9A enabled the authorisation to be issued orally, in line with a number of other emergency authorisation or warrant based provisions, including those applicable to law enforcement warrants authorising the searching of premises, the interception of telecommunications and the use of surveillance devices.

16. Section 9B was designed to provide contingency arrangements, in the event that none of the relevant Ministers are readily available or contactable, and there is an urgent need to collect intelligence. It enables an agency head to give an authorisation where necessary or desirable, and where failure to undertake the relevant activities is likely to have serious adverse consequences for security or the life or safety of a person. Specifically, the agency head is required to be satisfied that if the activity or series of activities is not undertaken before an authorisation is given under sections 9 or 9A, security (within the meaning of the ASIO Act) will be or is likely to be prejudiced or there will be, or is likely to be, a serious risk to a person's safety.

17. Section 9C was inserted in the IS Act to apply to emergency authorisations under both section 9A and section 9B, where agreement of the Attorney-General is required to be obtained. This was to address circumstances where the Attorney-General may not be readily available or contactable to provide his or her agreement to the making of an authorisation in cases involving a threat to security. Section 9C enabled an authorisation to be given without obtaining the agreement of the Attorney-General where the agency head obtains the agreement of the Director-General of Security to the authorisation being given without the agreement of the Attorney-General. The only exception to this requirement is where the agency head is satisfied that the Director-General of Security is not readily available or contactable. Notification of the Attorney-General and the ASIO Minister is required before the end of eight hours after an authorisation is given under sections 9A or 9B. Notification of the Inspector-General of Intelligence and Security (IGIS) is to occur as soon as practicable, and no later than 3 days after an authorisation is given under sections 9A or 9B. The IGIS is required to consider compliance with section 9C, provide the responsible Minister with a report on the agency head's compliance with the section and provide a copy of the conclusions of the report to the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

18. For example, in a hostage situation in certain overseas locations, a close foreign partner may have the capability to react quickly to locate and seek to effect the release of the Australian person. It is likely, in such a situation, the foreign partner will contact one or more Australian intelligence agencies seeking information to assist in locating the Australian person. The activity required to locate the person is likely to be an activity to produce intelligence on the person for the purposes of the agency Minister's direction under subsection 8(1) of the IS Act, which would require the Minister's prior written authorisation. In such a situation, time is of the essence, and a delay of even 30 minutes could be the difference between the opportunity arising and being lost.

19. The emergency arrangements in sections 9A and 9B do not necessarily lend themselves to action within such a timeframe, particularly where the need for the authorisation arises overseas. As the IS Act Agencies respond to emergencies overseas, the requirement for ministerial or emergency authorisation often arises late at night or in the early hours of the morning in Australia, which can result in additional delays in securing the necessary authorisation.

Item 1 - Paragraph 8(1)(a)

20. This item reflects the inclusion of new section 9D which permits IS Act Agency heads or their delegates to make a decision to produce intelligence on an Australian person, without first obtaining authorisation from a Minister, where there is an imminent risk to the safety of an Australian person.

Item 2 - After section 9C

21. This item inserts section 9D, entitled 'Authorisations in an emergency - imminent risk to safety of an Australian person'.

When this section applies

22. Subsection 9D(1) sets out the circumstances in which the section can apply. Under this subsection, the agency head must be satisfied that:

•: there is, or is likely to be, an imminent risk to the safety of an Australian person who is outside of Australia. An imminent risk may arise in situations where, for example, an Australian person is involved in a hostage or kidnap situation, an ongoing terrorist attack or a mass casualty attack
•: it is necessary or desirable to undertake an activity, or series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on the Australian person
•: it is not reasonably practicable to obtain the person's consent to the agency producing that intelligence, for example, because: the person is uncontactable; delaying the production of intelligence to obtain the person's consent would result in an unacceptable risk of the harm crystallising; the process of obtaining the consent would compromise the operational security of the agency, and
•: having regard to the nature and gravity of the risk, it is reasonable to believe that the person would consent to the agency producing that intelligence if the person were able to do so.

Authorisation

23. Subsection 9D(2) sets out the circumstances in which the agency head can give an authorisation for the activity or series of activities, including that it may be given orally or in writing. Paragraph 9D(2)(a) requires the agency head to be satisfied that the facts of the case would justify the responsible Minister giving an authorisation under section 9 because the agency head is satisfied that the conditions in subsections 9(1) and 9(1A) (apart from paragraph 9(1A)(b)) are met. ^[9]

24. The requirement in paragraph 9D(2)(a) for the agency head to be satisfied that the conditions in subsection 9(1) and paragraph 9(1A)(a) ^[10] are met qualifies the circumstances in which an authorisation can be given under section 9D.

25. Paragraph 9D(2)(b) requires the agency head to be satisfied that the responsible Minister would have given the authorisation.

Conditions on authorisation

26. Subsection 9D(3) provides that an emergency authorisation is subject to any conditions specified by the agency head. Where an authorisation is given orally, the agency head may also specify conditions orally.

Agency head to record and notify

27. By virtue of subsection 9D(4), as soon as practicable after giving the authorisation, and within 8 hours, the agency must notify the responsible Minister of the authorisation, either orally or in writing. The 2017 Review recommended that the agency head be required to advise the responsible Minister within 48 hours, ^[11] but this notification timeframe has been reduced to within 8 hours after giving the authorisation, as an additional safeguard. This timeframe is also consistent with the 8 hour notification requirement for emergency authorisations made by agency heads where the Ministers specified in subsection 9A(3) are unavailable.

28. The agency head must also comply with the requirements in subsection 9D(5) as soon as practicable after giving the authorisation, and no later than 48 hours after the authorisation is given. Subsection 9D(5) requires the agency head to:

•: ensure that any oral authorisation is recorded in writing
•: ensure that a summary of the facts of the case that the agency head was satisfied justified giving the authorisation is recorded in writing
•: give the responsible Minister a copy of the authorisation, a summary of the facts of the case that the agency head was satisfied justified giving the authorisation, and an explanation of the Minister's responsibility under subsection (6) to consider whether to cancel the authorisation
•: give the IGIS a copy of the authorisation and a summary of the facts of the case that the agency head was satisfied justified giving the authorisation, and
•: if the Australian person is, or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, give to the ASIO Minister and the Attorney-General a copy of the authorisation and a summary of the facts of the case that the agency head was satisfied justified giving the authorisation.

29. The requirement to comply 'as soon as practicable' denotes an intention that requirements in subsection 9D(5) must be satisfied as soon as possible after the authorisation is given, unless the first (or subsequent) available opportunity is not feasible or viable in the circumstances of the particular case.

30. These requirements ensure that records are made of emergency authorisations, while accommodating the legitimate operational need for flexibility in the form in which such authorisations are issued. The ministerial and IGIS notification requirements ensure that the responsible Minister, the IGIS and, in cases involving a threat to security, the Attorney-General and the ASIO Minister, are afforded an opportunity to exercise their statutory oversight powers in relation to an emergency authorisation, and the activities carried out in reliance upon it.

31. These requirements apply even if an emergency authorisation is cancelled by the agency head under subsection 9D(12) before the responsible Minister has been notified.

Role of responsible Minister

32. Subsection 9D(6) requires that the Minister, after being notified under paragraph (5)(c), must as soon as practicable consider whether to cancel the authorisation. The purpose of this requirement is to ensure that the Minister considers whether the authorisation given by the agency head under section 9D should continue to have effect.

33. Subsection 9D(7) requires that if the Attorney-General is notified under paragraph 5(e) (that an Australian person is, or is likely to be, involved in activities that are, or are likely to be, a threat to security), the responsible Minister must have regard to any advice given by the Attorney-General when making the decision whether to cancel the authorisation under subsection (6).

Role of IGIS

34. Subsection 9D(8) requires that within 30 days of the IGIS being given documents by the agency head under subsection 9D(5), the IGIS must consider whether the agency head complied with the requirements of the section, provide the responsible Minister with a report on the IGIS's views on the extent of the agency head's compliance, and give the PJCIS a copy of the conclusions in the report.

35. Under the IGIS Act, the functions of the IGIS include ensuring that the agencies act legally and with propriety, comply with ministerial guidelines and directives, and respect human rights. The requirement for the IGIS to provide the responsible Minister with a copy of its report, and the PJCIS with a copy of the conclusions in the report, supports and facilitates appropriate ministerial control and parliamentary oversight of the agencies under this provision.

Period of effect of authorisation

36. Subsection 9D(9) provides that the authorisation ceases to have effect at the earliest of the circumstances specified in paragraphs (a)-(e). Paragraph (a) provides that the authorisation ceases to have effect at the end of six months, starting on the day the authorisation is given. Paragraph (b) provides that the authorisation ceases to have effect after a period specified in the authorisation. Paragraph (c) provides that the authorisation ceases at the time that the responsible Minister cancels it under subsection 9D(10). Paragraph (d) provides that the authorisation ceases to have effect at the time that the agency head cancels it under subsection 9D(12).

37. Paragraph (e) provides that an authorisation under section 9D ceases to have effect if a ministerial authorisation or emergency authorisation, under section 9, 9A or 9B, is given for the same activity or series of activities. Paragraph (e) facilitates the transition of authority for activities from a section 9D authorisation to a more regular authorisation under sections 9, 9A or 9B.

Cancellation by responsible Minister

38. Subsection 9D(10) provides that the responsible Minister may, in writing, cancel the authorisation. Subsection (11) provides that, should the responsible Minister cancel the authorisation under subsection (10), the Minister must as soon as practicable give written notice of the cancellation to the IGIS, and the ASIO Minister and Attorney-General if applicable under paragraph (5)(e). This ensures that the power to cancel the authorisation can be exercised at any time, and allows the Minister to exercise oversight and control as appropriate.

Cancellation by agency head

39. Subsection 9D(12) provides that the agency head must, in writing, cancel the authorisation if satisfied that there is not, and is not likely to be, a significant risk to the safety of the Australian person. The requirement for the agency head to cancel the authorisation where that risk has subsided is an important safeguard to protect the privacy of Australian persons.

40. The distinction between the threshold for giving the authorisation (that the risk to the safety of the Australian person be 'imminent') and the requirement for cancelling the authorisation (where the risk is no longer, and is not likely to be, 'significant') reflects that there may be situations where it is important that intelligence continue to be gathered while the risk remains significant, even if, in the circumstances, that risk may no longer be imminent.

41. For example, where an Australian person has been taken hostage overseas, the agency head may be satisfied that there is an imminent risk to the safety of that person (and of the other statutory criteria) and issue a section 9D authorisation. Should a ransom demand be received, it is arguable that the imminence of the risk to the person's safety has receded while the request remains outstanding. However, the risk may remain significant, and it is entirely possible that the risk may again become imminent at any moment. In such a case, it would be appropriate for the agency to continue to provide intelligence on the Australian person throughout the chain of events, to maximise the ability of the Australian Government to ensure the person's safety.

42. The note at the end of subsection (12) provides that the agency head may cancel the authorisation in other circumstances in accordance with subsection 33(3) of the Acts Interpretation Act 1901.

43. Subsection 9D(13) sets out oversight arrangements for cancellations by an agency head under subsection 9D(12). It provides that the agency head must, as soon as practicable, give written notice of the cancellation to the responsible Minister, the IGIS, and, if required under paragraph (5)(e), the ASIO Minister and Attorney-General, if relevant.

Delegation

44. Subsection 9D(14) provides that an agency head may delegate, in writing, to a staff member (other than a consultant or contractor), all or any of the powers, functions or duties of the agency head under section 9D. Subsection (15) provides that in exercising any power or function when discharging a duty under a delegation, the delegate must comply with any written direction of the agency head.

45. ASIS, ASD and AGO operate in a range of operational environments, including overseas. The ability for the heads of these agencies to delegate their powers to staff members is necessary to ensure that each agency is able to act swiftly to protect Australian persons who are at imminent risk of harm overseas. The fact that this power must be expressly delegated, rather than given to all staff members, ensures that only those staff members that the agency head considers to be appropriately qualified to make such a significant decision will be authorised.

Relationship with the Acts Interpretation Act 1901

46. Subsection 9D(16) clarifies that section 9D does not limit subsection 33(3) of the Acts Interpretation Act 1901 to the extent that it applies to an authorisation given under section 9D. Subsection 33(3) provides that where an Act confers a power to make, grant or issue any instrument of a legislative or administrative character (including rules, regulations or by-laws) the power shall be construed as including a power exercisable in the same manner and subject to the same conditions (if any) to repeal, rescind, revoke, amend, or vary that instrument.

Status of instruments

47. Subsection 9D(17) provides that the following are not legislative instruments within the meaning of section 8 of the Legislation Act 2003:

•: an authorisation given in writing under subsection 9D(2)
•: a written notice given under subsection (4) (an agency head notification of the authorisation to the responsible Minister), (5) (record made, or summary, or explanation given), (11) (notice of the cancellation by the Minister) or (13) (notice of the cancellation by the agency head)
•: a cancellation under subsections (10) or (12) (a cancellation by the responsible Minister or agency head, respectively), and
•: a report by the IGIS under subsection 9D(8).

Item 3 - Subsections 10A(1) and (4)

48. This item amends subsections 10A(1) and (4) to include activities carried out in relation to an authorisation under section 9D. This ensures that an agency head must give the responsible Minister a written report in respect of each activity or series of activities carried out by the agency in relation to an authorisation under section 9, 9A, 9B or section 9D, and that any report must be provided to the Minister as soon as practicable, but no later than one month after the day the authorisation ceases to have effect.

Item 4 - Application of amendments

49. This item provides that the amendments made by this Schedule apply in relation to activities or a series of activities undertaken after the commencement of this Schedule.

Schedule 2 - Authorisations relating to counter-terrorism

Intelligence Services Act 2001

Overview

50. This Schedule amends the IS Act to enable ASIS, AGO and ASD to apply for a ministerial authorisation to produce intelligence on a class of Australian persons who are, or are likely to be, involved with a listed terrorist organisation. This extends the current provisions which allow those agencies to apply for a ministerial authorisation to produce intelligence on an Australian person, but not a class of Australian persons.

51. This Schedule implements recommendation 45 of the Comprehensive Review. Consistent with recommendation 16(a) of the IIR, the Comprehensive Review found that existing provisions of the IS Act do not meet contemporary security needs given the seriousness of the international terrorism threat and the number of Australians with connections to terrorist groups. As both Reviews recognised, counter-terrorism class ministerial authorisations will allow IS Act Agencies to respond expeditiously to threats from previously unidentifiable individuals, such as lone-actor attackers.

52. The Comprehensive Review recommended that the class ministerial authorisation regime apply to persons involved with a 'proscribed' terrorist organisation, being an organisation that is specified in regulations for the purposes of paragraph (b) of the definition of 'terrorist organisation' in subsection 102.1(1) of the Criminal Code. This is also known as a 'listed terrorist organisation', as defined in section 100.1(1) of the Criminal Code. Specifically defining the class with reference to listed terrorist organisations ensures that individuals who are identified as falling within the class are relevant to security.

Item 1 - Section 3

53. This item inserts definitions of 'listed terrorist organisation' and 'involved with a listed terrorist organisation'.

54. 'Involved with a terrorist organisation' has a meaning affected by new subsection 9(1AAB). New subsection 9(1AAB) lists particular activities in which a person is taken to be involved with a listed terrorist organisation, but does not limit the circumstances in which a person is involved with a listed terrorist organisation.

55. 'Listed terrorist organisation' has the same meaning as in subsection 100.1(1) of the Criminal Code. That is, an organisation that is specified by the regulations for the purposes of paragraph (b) of the definition of terrorist organisation in section 102.1 of the Criminal Code.

Item 2 - After subparagraph 8(1)(a)(i)

56. This item inserts new subparagraph 8(1)(a)(iaa) to require the Ministers responsible for ASIS, ASD and AGO to direct those agencies to obtain an authorisation before undertaking an activity, or a series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on one or more members of a class of Australian persons. This extends the current provisions, which enable the agencies to obtain an authorisation to produce intelligence on an Australian person, but not a class of Australian persons.

57. Before giving the new class authorisation, the preconditions in existing subsection 9(1) (ministerial authorisation) of the IS Act must be satisfied, in addition to the new requirements in subsection 9(1AAA) set out in item 3 below. The matters listed in subsection 9(1) include, amongst other things:

•: that the activities will be necessary for the proper performance of the agency's functions, and
•: that there are satisfactory arrangements in place to ensure that nothing will be done beyond what is necessary for the proper performance of the agency's functions.

Item 3 - After subsection 9(1A)

58. This item inserts new subsection 9(1AAA) after subsection 9(1A) to provide the two additional requirements that must be met before a Minister can give an authorisation for an activity, or series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) (see item 2 above). These requirements are that the Minister must:

•: be satisfied that the class of Australian persons is, or is likely to be, involved with a listed terrorist organisation, and
•: obtain the agreement of the Attorney-General.

59. The agreement of the Attorney-General is subject to subsection 9(1AA) of the IS Act. As amended by item 5 below, subsection 9(1AA), will provide that the Attorney-General may, in writing:

•

specify classes of Australian persons who are, or are likely to be:

o: involved in an activity or activities that are, or are likely to be, a threat to security, or
o: involved with a listed terrorist organisation, and

•

give his or her agreement in relation to any Australian person in that specified class.

60. This item also inserts new subsection 9(1AAB) which provides guidance on the meaning of 'involved with a listed terrorist organisation', but does not limit the circumstances in which a person is involved with a listed terrorist organisation. A person is taken to be involved in a listed terrorist organisation if the person:

•: directs, or participates in the activities of, the organisation
•: recruits a person to join, or participate in the activities of, the organisation
•: provides training to, receives training from, or participates in training with, the organisation
•: is a member of the organisation (within the meaning of subsection 102.1(1) of the Criminal Code)
•: provides financial or other support to the organisation, or
•: advocates for, or on behalf of, the organisation.

61. Some examples of activities that would be captured under the concept of providing 'support' include logistical support, or actively engaging in advocacy for, or on behalf of, a terrorist organisation. The concept is not intended to capture mere sympathy for the general aims or ideology of an organisation.

62. Subsection 9(1AAB) does not set a minimum threshold for the degree to which a person must be 'involved with' a terrorist organisation. For example, paragraph 9(1AAB)(e) does not specify a minimum quantum of financial support or the level of non-financial support that a person must provide before they may be considered to be 'involved with' a listed terrorist organisation, such that ASIS, ASD or AGO may obtain ministerial authorisation. It is appropriate that the IS Act Agencies be permitted to obtain a ministerial authorisation in order to investigate intelligence, leads, tip-offs, or indications that a person may be providing a small amount of support to a listed terrorist organisation.

63. Similarly, the categories in subsection 9(1AAB) provide guidance on, but do not limit, the circumstances in which a person will be taken to be involved with a listed terrorist organisation. There may be unique situations where, considering all of the facts and circumstances, a person could be involved with a listed terrorist organisation even if their activities do not fall within those listed in subsection 9(1AAB).

64. Pursuant to subsection 11(1) of the IS Act, the functions of the agencies are to be performed only in the interests of Australia's national security, Australia's foreign relations or Australia's national economic well-being and only to the extent that those matters are affected by the capabilities, intentions or activities of people or organisations outside Australia.

65. The exercise of this new ability for IS Act Agencies to apply for class authorisations with respect to Australians involved with a listed terrorist organisation is subject to independent oversight. Pursuant to section 8 of the IGIS Act, the functions of the IGIS include inquiring into any matter that relates to the compliance of an agency with the laws of the Commonwealth (including subsection 11(1) of the IS Act) and the propriety of particular activities of an agency.

Item 4 - Subsection 9(1AA)

66. This item amends subsection 9(1AA) to ensure that the Attorney-General's agreement under that subsection does not limit new paragraph 9(1AAA)(b) which requires the Minister to obtain the agreement of the Attorney-General before a Minister may give a class authorisation in relation to persons who are, or likely to be, involved in a listed terrorist organisation.

Item 5 - Paragraph 9(1AA)(a)

67. This item repeals paragraph 9(1AA)(a) and substitutes it with a new paragraph. The new paragraph will enable the Attorney-General to specify classes of Australian persons who are, or are likely to be, involved with a listed terrorist organisation. The Attorney-General's existing ability in paragraph 9(1AA)(a), to specify classes of Australian persons who are, or are likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, will be retained in the new paragraph (a).

Item 6 - Paragraph 9(1AB)(a)

68. This item amends paragraph 9(1AB)(a) to extend the provision enabling the Attorney-General to give his or her agreement in accordance with subsection 9(1AA), to relate to an authorisation for an activity, or a series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) - the new counter-terrorism class authorisation.

Item 7 - Subsection 9(4)

69. This item amends subsection 9(4) by inserting a reference to subparagraph 8(1)(a)(iaa) (see item 2 above). It requires that the period of effect specified in the new counter-terrorism class authorisation must not exceed six months, consistent with the period of effect for other ministerial authorisations for producing intelligence on Australian persons.

Item 8 - Paragraph 9(5)(b)

70. Paragraph 9(5)(b) requires an agency head to ensure that any record or copy of an agreement given by the Attorney-General under paragraph 9(1A)(b) (including any agreement given in accordance with subsection (1AA)), in respect of activities which involve the Australian person, or the class of Australian persons, who is or is likely to be, involved in an activity or activities that are, or are likely to be, a threat to security, is kept by the agency and available for inspection on request by the IGIS.

71. This item amends paragraph 9(5)(b) to also require an agency head to ensure that any record or copy of an agreement given by the Attorney-General under new paragraph (1AAA)(b) (see item 3 above), with respect to a class of Australian persons involved, or likely to be involved, with a listed terrorist organisations, is kept by the agency and made available to the IGIS on request.

Item 9 - Subsection 9(6)

72. Existing subsection 9(6) provides that a request under paragraph (1)(d), an agreement under paragraph (1A)(b) (if in writing), a request under subsection (5) (if in writing), and an authorisation under this section, are not legislative instruments.

73. This item provides amends subsection (6) to also provides that agreement of the Attorney-General under paragraph 9(1AAA)(b) is not a legislative instrument. That agreement is administrative in character as it outlines how the law has been applied rather than the content of the law itself. The provision is merely declaratory of the law, rather than prescribing substantive exemptions from the requirements of the Legislation Act 2003.

Item 10 - Paragraph 9A(1)(a)

74. Existing sections 9A, 9B and 9C of the IS Act enable authorisations to be given in an emergency by Ministers and agency heads. However, emergency authorisations are not available for an activity or a series of activities of a kind mentioned in subparagraph 8(1)(a)(ia) or (ib), which relate to class authorisations to provide assistance to the Defence Force.

75. This item amends paragraph 9A(1)(a) to exclude the new counter-terrorism class authorisation from the emergency authorisation framework in sections 9A, 9B and 9C. Neither Ministers nor the heads of agencies will be able to give an emergency class authorisation to produce intelligence on a class of Australian persons involved, or likely to be involved, in a listed terrorist organisation.

76. Excluding the new counter-terrorism class authorisation from the emergency authorisation framework is an additional safeguard to ensure the responsible Minister considers class ministerial authorisations in all cases.

Item 11 - Subsection 10(1A)

77. Existing subsection 10(1A) limits renewal of certain ministerial authorisations under the IS Act to a period not exceeding six months.

78. This item amends subsection 10(1A) to include the new counter-terrorism class authorisation. It will ensure that the renewal or any subsequent renewal of any authorisation given under section 9 in relation to subparagraph 8(1)(a)(iii) allowing an agency to produce intelligence on a class of Australian persons involved with a listed terrorist organisation must be for a period not exceeding six months. This is consistent with other ministerial authorisations for producing intelligence.

Item 12 - After section 10

79. This item inserts new section 10AA to impose additional oversight and reporting requirements.

80. Subsection (1) provides that new section 10AA applies to the new counter-terrorism class ministerial authorisation under subparagraph 8(1)(a)(iaa) and the existing class authorisations to provide assistance to the Defence Force in subparagraphs 8(1)(a)(ia) and (ib).

81. Subsection (2) requires the agency head to ensure that a list is kept that:

•: identifies each Australian person in relation to whom the agency intends to undertake activities, or a series of activities under the authorisation,
•: gives an explanation of the reasons why the agency believes the person is a member of the class, and
•: includes any other information that the agency head considers appropriate.

82. The agency head is not personally required to keep the list but is responsible for ensuring that the list is maintained.

83. Subsection (3) requires that, where the Attorney-General's agreement is obtained in relation to a relevant class authorisation, the agency head must ensure that the Director-General of Security is provided with a copy of the list and written notice when any additional Australian person is added to the list. This subsection recognises the role of ASIO in conducting security intelligence operations and ensures that ASIO has visibility of individuals who have been identified as relevant to security.

84. Subsection (4) requires the agency head to ensure that the list is available for inspection by the IGIS on request.

85. Subsection (5) provides that the list is not a legislative instrument within the meaning of section 8 of the Legislation Act 2003. The list is administrative in character as it outlines how the law has been applied rather than the content of the law itself. These subsections are merely declaratory of the law, rather than prescribing substantive exemptions from the requirements of the Legislation Act 2003.

Item 13 - Subsection 10A(3)

86. This item repeals existing subsection 10A(3) and substitutes it with a new subsection 10A(3). The subsection adds activities, or a series of activities, of a kind mentioned in new subparagraph 8(1)(a)(iaa) - relating to the new counter-terrorism class authorisation - to the list of activities, or series of activities, that an agency head is required to report on to the Minister. Currently, the reporting requirement applies to activities undertaken under subparagraph 8(1)(a)(ia) and (ib), which relate to the existing class authorisations to provide assistance to the Defence Force.

87. Consistent with current arrangements, subsection 10A(3) requires the report to be provided to the Minister no later than three months after the day on which the relevant authorisation ceased to have effect and the day on which the relevant authorisation was renewed.

88. The Comprehensive Review and IIR recommended that agencies should have to report to the responsible Minister within six months of the original counter-terrorism class authorisation. As ministerial authorisations may remain in force for up to six months, in some circumstances this would amount to a requirement for agencies to provide a report to the Minister on activities undertaken before the authorisation has ceased to have effect. The requirement to provide the report within three months after the day on which the relevant authorisation ceased to have effect, or was renewed, will allow agencies to report on the whole period during which activities may have been undertaken.

89. This item also creates a new requirement for the report to be accompanied with a statement identifying each Australian person who was included on the list (referred to in section 10AA), and therefore subject to the relevant class authorisation.

Schedule 3 - Authorisations for activities in support of the Australian Defence Force

Intelligence Services Act 2001

Overview

90. This Schedule amends section 8 of the IS Act by enabling ASD and AGO to seek ministerial authorisation to undertake activities to produce intelligence on one or more members of a class of Australian persons when the agencies are operating in the course of providing assistance to the ADF in support of military operations and when cooperating with the ADF on intelligence matters.

91. This Schedule implements recommendation 46 of the Comprehensive Review. Consistent with recommendation 16(b) of the IIR, the Comprehensive Review identified that, under the existing legislation, class authorisations for activities in support of the ADF can only be issued by the Minister for Foreign Affairs in respect of ASIS. There are no corresponding provisions enabling ASD and AGO to seek authorisation to produce intelligence on a class of Australian persons. This is despite the IS Act explicitly providing that it is a function of both agencies to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters (see sections 6B(1)(g) and 7(1)(d) of the IS Act).

92. The Comprehensive Review and IIR recommended that all IS Act Agencies be able to obtain an authorisation to produce intelligence on one or more members of a class of Australian persons when providing assistance to the ADF in support of military operations.

93. The Comprehensive Review also stated that additional safeguards should apply to class authorisations in support of the ADF. Schedule 2 (Authorisations relating to counter-terrorism) inserts additional safeguards for all class authorisations in the IS Act. This means that, consistent with other class authorisations, class authorisations in support of the ADF will have:

•: a maximum duration of six months
•: a requirement for the IS Act Agency to maintain a current list of all individuals on whom it sought to produce intelligence under the class authorisation with reasons why it believed the individual to be part of the class
•: a requirement for the IS Act Agency to make the list available for inspection and review by the IGIS, who may provide advice to the agency head and responsible minister, and
•: a requirement for the IS Act Agency to report to its responsible minister within three months of the authorisation ceasing.

Item 1 - Subparagraph 8(1)(a)(ia)

94. This item amends subparagraph 8(1)(a)(ia) to include activities undertaken by AGO and ASD in accordance with their functions in paragraph 6B(1)(g) and paragraph 7(1)(d) in the ministerial directions framework for producing intelligence on one or more members of a class of Australian persons.

95. Paragraph 6B(1)(g) provides that it is a function of AGO to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters.

96. Likewise, paragraph 7(1)(d) provides that it is a function of ASD to provide assistance to the ADF in support of military operations and to cooperate with the ADF on intelligence matters.

97. The ministerial directions framework in section 8 of the IS Act requires agencies to obtain an authorisation under section 9, 9A or 9B before undertaking activities referred to in subparagraph 8(1)(a)(ia). The effect of amending subparagraph 8(1)(a)(ia) by including reference to paragraphs 6B(1)(g) and 7(1)(d) is to require the Ministers responsible for ASIS, ASD and AGO to direct those agencies to obtain authorisation before undertaking activities for the purpose of producing intelligence on one or more members of a class of Australian persons in the course of providing assistance to the ADF in support of military operations and when cooperating with the ADF on intelligence matters.

Schedule 4 - Authorisations for producing intelligence on Australians

Intelligence Services Act 2001

Overview

98. This Schedule implements recommendation 41 of the Comprehensive Review by inserting a definition of 'prescribed activity' and providing a new section which outlines what it means to 'produce intelligence' on an Australian person, or one or more members of a class of Australian persons.

99. Under section 8 of the IS Act, IS Act Agencies are required to obtain ministerial authorisation prior to undertaking an activity, or series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person.

100. Currently, the term 'producing intelligence' is not defined in the IS Act. However, in practice, it has been taken to encompass a wider range of activities than those which would require ASIO to obtain a warrant under the ASIO Act.

101. The Comprehensive Review, consistent with recommendation 16(d) of the IIR, identified that the original intention of the ministerial authorisation regime in the IS Act was to require IS Act Agencies to obtain a ministerial authorisation to use covert and intrusive intelligence collection capabilities in relation to an Australian person overseas, particularly where that collection method would require a warrant if conducted in Australia. However, in its current form, agencies are required to seek ministerial authorisations in broader circumstances than originally envisaged. Providing an appropriate definition of what is meant by 'producing intelligence' ensures that ministerial authorisations relate only to the use of covert and intrusive intelligence collection capabilities.

102. Consistent with recommendation 16(d) of the 2017 Review, this Schedule also amends the definition of 'intelligence information'.

103. Subsection 15(5) of the IS Act provides that IS Act Agencies must not communicate 'intelligence information' concerning Australian persons, except in accordance with the Privacy Rules issued by their responsible Minister. When the IS Act was enacted, the definition of 'intelligence information' meant information obtained by ASIS or ASD under those agencies' intelligence collection functions. This definition was then amended by the Intelligence Services Legislation Amendment Act 2005, which extended the definition in respect of ASIS to include all information obtained by ASIS in the performance of its functions. This amendment had the unintended consequence of extending the application of the Privacy Rules to a wide range of routine information obtained by ASIS, for example, the sharing of media articles about Australians, or the curricula vitae of visiting Australians to partner agencies.

104. Providing an appropriate definition of 'intelligence information' ensures that the Privacy Rules apply only to intelligence produced via agencies' intelligence collection capabilities and not to routine, publicly available information.

Item 1 - Section 3 (paragraphs (a), (b) and (c) of the definition of intelligence information )

105. This item removes the word "information" (wherever occurring) in the definition of 'intelligence information' and substitutes "intelligence". This clarifies that the definition is only intended to apply to intelligence obtained by agencies and not to routine, publicly available information. Consequently, the responsible Minister's rules to protect the privacy of Australians, made under section 15, regulate the communication and retention of 'intelligence', as opposed to 'information'.

Item 2 - Section 3

106. This item inserts a definition for the term 'prescribed activity.' The definition is that provided for at the new subsection 8(1B).

Item 3 - After subsection 8(1)

107. This item introduces new subsections 8(1A) and 8(1B). These subsections provide the meaning of 'producing intelligence,' in the sense of an agency undertaking an activity, or a series of activities, for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person within the parameters of paragraph 8(1)(a) (ministerial directions).

108. Subsection 8(1A) provides that an agency is producing intelligence on an Australian person or a class of Australian persons only if:

•: the agency undertakes a 'prescribed activity' (defined in subsection 8(1B)) to obtain that intelligence, or
•: the agency expressly or impliedly requests an authority referred to in paragraph 13(1)(c) (authorities of other countries) to undertake a prescribed activity to obtain that intelligence.

109. The effect of paragraph 8(1A)(a) is that an agency produces intelligence by undertaking a covert and intrusive activity. An agency does not produce intelligence merely by reviewing its own existing holdings of intelligence, or undertaking overt collection methods or requesting another Australian agency to undertake lawful collection.

110. The effect of paragraph 8(1A)(b) is that an agency produces intelligence where it expressly or impliedly requests an authority referred to in paragraph 13(1)(c) with which it is cooperating to obtain intelligence through covert and intrusive means. This makes explicit the long-standing requirement for IS Act Agencies to obtain ministerial authorisation before requesting an authority of another country to obtain intelligence on their behalf.

111. Subsection 8(1A) ensures that an agency does not 'produce intelligence' if it receives unsolicited intelligence from another body or group. This means that an agency will not be placed in the impossible situation whereby, if that intelligence is related to an Australian person, the agency would have been required to obtain ministerial authorisation before obtaining that intelligence, notwithstanding that the intelligence was unsolicited.

112. Subsection 8(1A) is consistent with the Comprehensive Review, which recommended that an agency should be taken to produce intelligence if the agency requests a foreign partner to undertake a covert and intrusive activity.

113. Subsection 8(1B) provides that a prescribed activity means a covert and intrusive activity, or a series of covert and intrusive activities and, to avoid doubt, includes those activities that ASIO could not undertake in at least one state or territory without it being authorised by warrant under the ASIO Act or Telecommunications (Interception and Access) Act 1979 (TIA Act).

114. It is intended that activities do not fall within the definition of 'prescribed activity' unless they are both covert and intrusive. An IS Act Agency might conduct an activity overtly, for example by conducting an interview where the interviewee knows they are dealing with the Australian Government. This activity is not covert, so it would not be a prescribed activity. Similarly, an agency could conduct an activity that is covert but not intrusive, such as observing a person in a public place where there is no legitimate expectation of privacy. In these cases, the requirement to seek ministerial authorisation would be disproportionate to the nature of the activity.

115. Prescribed activities would include, for example, asking a covert human intelligence source to obtain intelligence. This is consistent with the IIR which recommended that ASIS continue to be required to obtain a ministerial authorisation for the tasking of agents to produce intelligence on an Australian person or class of Australian persons.

116. ASIO's warrant powers are another example of a category of activities that would be considered covert and intrusive for the purposes of this definition. Those activities are independently specified in paragraph 8(1B)(a) and (b) for clarity. It is intended that an IS Act Agency would require a ministerial authorisation to perform a similar activity overseas in the context of producing intelligence on an Australian.

Schedule 5 - ASIS cooperating with ASIO

Intelligence Services Act 2001

Overview

117. The arrangements under Division 3 of Part 2 of the IS Act (Activities undertaken in relation to ASIO) permit ASIS, subject to limits in section 13D, to undertake an activity or a series of activities for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person or a class of Australian persons where the Director-General of Security or a senior ASIO position holder authorised by the Director-General has notified ASIS in writing that it requires the production of intelligence on the Australian person or class of Australian persons.

118. The effect of Division 3 is that ASIS may undertake the activity or series of activities to produce intelligence on an Australian person, or class of Australian persons, without a ministerial authorisation, where it is done at the request of ASIO.

119. The limits in section 13D provide that ASIS cannot undertake the activity under the cooperation arrangements if ASIO could not undertake the activity in at least one state or territory, without it being authorised by a warrant issued under Division 2 of Part III of the ASIO Act or under Part 2-2 of the TIA Act.

120. Division 3 provides a consistent and coherent framework for cooperation between ASIS and ASIO. The framework is a useful tool that assists ASIS and ASIO to work together and allows ASIS to undertake 'less intrusive' activities in support of ASIO, specifically activities for which ASIO would not need a warrant if they were done within Australia.

121. However, the framework is limited, as it only applies to cooperation outside of Australia. This Schedule amends section 13B to allow ASIS to cooperate with ASIO both inside and outside Australia. An extension of the framework to enable ASIS to conduct activities under a section 13B notice which have an onshore element will enhance intelligence outcomes and cooperation between the agencies.

122. Such an extension implements recommendation 18(b) of the IIR with respect to ASIS. The IIR found the geographic limitation in section 13B restricts cooperation and that cooperation is essential to maximise the likelihood of Australia's success in thwarting attacks and defeating other threats to security.

123. The changes were not recommended by the Comprehensive Review (recommendation 57). As noted in the Government response, however, the imperatives identified in the IIR remain and there is likely to be an enhanced operational need to foster improved cooperation in the future.

124. At present, ASIS may only undertake activities under Division 3 of Part 2 of the IS Act outside Australia if ASIO has issued ASIS with a written notice that ASIO requires the production of intelligence on the Australian person or class of Australian persons (unless exceptional circumstances covered by subsection 13B(3) exist). The requirement for ASIO to issue ASIS with a written notice will continue to apply for activities inside Australia.

125. At present, subsection 13B(3) allows an ASIS staff member to undertake activities outside Australia under Division 3 of Part 2 in the absence of a written notice from ASIO in exceptional circumstances. This provision will not be extended to apply to activities undertaken inside Australia. Accordingly, ASIS will always require either a ministerial authorisation or a written notice from ASIO to undertake activities to produce intelligence on an Australian person inside Australia. This ensures ASIO always has awareness of the activities ASIS is undertaking onshore in support of ASIO and the implications for security. This is appropriate given the barriers to communicate offshore are less likely to be present within Australia.

Item 1 - Paragraph 13B(1)(b)

126. This item repeals paragraph 13B(1)(b) to remove the geographic limit requiring that ASIS activities undertaken to support ASIO in the performance of its functions be conducted outside Australia.

127. A number of safeguards remain in place, including:

•: Section 13D of the IS Act continues to limit the activities that ASIS may undertake in accordance with this framework to activities which ASIO could undertake without a warrant, that is, that would not otherwise be unlawful
•: ASIS has only limited immunity, under section 14 of the IS Act, for acts done inside Australia, and under section 476.5 of the Criminal Code as amended by Schedule 9 to this Bill, for conduct engaged in on the reasonable belief that the conduct is likely to cause a computer-related act, event, circumstance or result to take place outside Australia, and
•: ASIS is only entitled to act under section 13B where the Director-General of Security (or an authorised person) has notified ASIS that ASIO requires the production of intelligence.

Item 2 - Subsection 13B(3)

128. This item repeals and replaces subsection 13B(3) to ensure that ASIS may only conduct activities onshore under section 13B once it has received notification from ASIO (per paragraph 13B(1)(d)). The exception in subsection 13B(3), which provides that notices are not required in exceptional circumstances, continues to only apply to activities undertaken outside Australia, not inside Australia. As noted above, this ensures ASIO always has awareness of the activities ASIS is undertaking onshore in support of ASIO and the implications for security. This is appropriate given the barriers to communicate offshore are less likely to be present within Australia.

Schedule 6 - AGO Cooperating with authorities of other countries

Intelligence Services Act 2001

Overview

129. Section 13 of the IS Act establishes a legal framework under which IS Act Agencies may cooperate with Commonwealth authorities, State authorities and authorities of other countries in the performance of the agencies' own functions.

130. In the case of cooperation with an authority of another country, under paragraph 13(1)(c), IS Act Agencies may cooperate only where those authorities are approved by the responsible Minister as being capable of assisting the agency in the performance of its functions.

131. This Schedule amends section 13 of the IS Act to provide that AGO is not required to seek ministerial approval under paragraph 13(1)(c) where cooperation with an authority of another country is for the purpose of performing AGO's function under paragraphs 6B(1)(e), (ea) or (h). AGO's functions under paragraphs 6B(1)(e), (ea) and (h) are non-intelligence functions and do not involve covert or intrusive activities.

132. AGO's function under paragraph 6B(1)(e) is to provide certain bodies and persons, which includes authorities of other countries, with imagery and other geospatial, hydrographic, meteorological and oceanographic products where those products are not intelligence, and to provide assistance in relation to the production and use of such products and related technologies.

133. AGO's function under paragraph 6B(1)(ea) is to provide certain bodies and persons, which includes authorities of other countries, with assistance in relation to the performance of emergency response, safety, scientific research, economic development, cultural and environmental protection functions, where the provision of such assistance is incidental to the performance by AGO of its other functions.

134. AGO's function under paragraph 6B(1)(h) is to carry out the functions of the Australian Hydrographic Office (AHO), which is part of AGO. The primary role of the AHO is to provide products such as nautical maps and surveys to support maritime safety, and contribute to the coordination, exchange and standards related to hydrographic and maritime production policy, and maritime geospatial data in general

135. AGO's functions under 6B(1)(e), (ea) and (h) require cooperation with a range of government and non-government partners. For example, the AHO performs its role by cooperating with universities, international organisations, and foreign governments. The AHO's primary customers are the Australian public, civilian shipping, local and international port authorities, the Australian Government and the Australian Defence Force.

136. The purpose of ministerial approval for cooperation with authorities of other countries is to provide an additional layer of oversight where that cooperation, by virtue of involving potentially sensitive, covert or intrusive activities, carries particular foreign relations and other risks.

137. The practical effect of the requirement to seek ministerial approval for cooperation under paragraph 13(1)(c) has been, in certain circumstances, to hinder AGO's ability to effectively carry out these non-intelligence functions. The exemption from the requirement to seek ministerial approval for cooperation with authorities of other countries with respect to these functions is a necessary and proportionate measure. The AGO functions exempt from the approval framework do not fall within the intended scope of functions envisaged by the requirement for approval under paragraph 13(1)(c) of the IS Act, which are typically higher risk activities, involving potentially sensitive, covert or intrusive intelligence capabilities.

138. Ensuring that AGO is able to freely cooperate with authorities of other countries in the performance of its functions under 6B(1)(e), (ea) and (h) will ensure that AGO is able to continue to provide essential maritime and geospatial services to its partners in the international community.

Item 1 - After subsection 13(3)

139. This item inserts new subheading 'Cooperating with authorities of other countries-AGO' and new subsections 13(3A) and 13(3B) under this subheading.

140. Subsection 13(3A) provides that AGO, subject to any arrangements made or directions given by the responsible Minister, is not required to obtain ministerial approval for cooperation with an authority of another country where the cooperation is for the purposes of performing its functions under paragraph 6B(1)(e), (ea) or (h).

141. Subsection 13(3B) requires that the Director of AGO must, as soon as practicable after each year ending on 30 June, provide to the responsible Minister and the IGIS a report about any significant cooperation under 13(3A) undertaken by AGO with authorities of other countries during the reporting period.

Item 2 - Before subsection 13(6)

142. This item inserts the subheading 'Reports by AGO and ASD' immediately prior to subsection 13(6).

Item 3 - Subsection 13(6)

143. This item amends subsection 13(6) to require that a report prepared under subsection 13(3B), as introduced by item 1 of this Schedule, must be in writing and is not a legislative instrument. This is consistent with Item 12 of section 6 of Part 2 of the Legislation (Exemptions and Other Matters) Regulation 2015, which provides that a report or review, including an annual or periodic report or review, is a class of instrument that is not a legislative instrument.

Schedule 7 - ONI cooperating with other entities

Office of National Intelligence Act 2018

Overview

144. Section 13 of the ONI Act establishes a legal framework under which ONI may cooperate with an authority of another country, and any other person or entity in connection with the performance of ONI's functions and exercise of its powers.

145. Subsection 13(1) provides ONI with a broad ability to cooperate with entities and people both inside and outside Australia. Additional requirements in section 13 must be met for ONI to cooperate with the authorities of other countries.

146. Before ONI is able to cooperate with an authority of another country in the performance of its functions and exercise of its powers, subsection 13(2) requires the Director-General of ONI to approve the cooperation. The ONI Director-General must also notify the Prime Minister of the approval. Once an authorisation under subsection 13(2) has been given, it remains in place until amended or revoked by the ONI Director-General or cancelled by the Prime Minister under subsection 13(5). This approval regime is broadly based on requirements that apply to agencies under the IS Act and ASIO under the ASIO Act in respect of their cooperation with foreign authorities, with some modification to reflect that ONI's cooperation is likely to be less operational in nature than is the case with these other agencies. As noted in the Comprehensive Review, in contrast to intelligence collection agencies that "generally deal with information at a level of detail which allows for operational decision-making on the subjects of their reporting", ONI's assessments address broader strategic trends based on aggregation of a variety of sources. In some circumstances, "[s]pecific identifying information about individuals is unnecessary to convey and support assessments about strategic trends and global events". ^[12]

147. This Schedule amends section 13 of the ONI Act to extend the approval regime that applies to cooperation with the authorities of other countries to cooperation with public international organisations. This requires the ONI Director-General to approve cooperation with public international organisations, thereby expressly considering any risks in ONI undertaking the cooperation. Similar risks apply to cooperation with public international organisations (which are comprised of states) as to cooperation with the authorities of other countries. Therefore the ONI Director-General's approval should be required in both cases, and the Prime Minister should have the opportunity to cancel such an approval, consistent with section 13(5) of the ONI Act.

148. While the Comprehensive Review recommended that section 13 does not require amendment to allow ONI to cooperate with public international organisations (recommendation 24), it did so on the basis that ONI already has the ability to cooperate with these organisations due to the meaning of 'entity' in paragraph 13(1)(b), and not in consideration of potential safeguards that ought to apply.

149. However, the Government response to the Comprehensive Review noted the amendments were necessary to place additional safeguards on cooperation with public international organisations, in the same way these provisions currently apply to authorities of another country in section 13.

150. The inclusion of 'public international organisations' in section 13 will not change the arrangements in the ONI Act for cooperation with other entities or persons within or outside Australia.

151. The amendments place no limits on the geographic location of cooperative arrangements.

Item 1 - Subsection 4(1)

152. This item inserts a definition of 'public international organisation', with the same meaning as in section 70.1 of the Criminal Code. The purpose of this change is to support the amendment to section 13 to require ONI to seek the ONI Director-General's approval to cooperate with public international organisations in connection with the performance of its functions.

153. Section 70.1 of the Criminal Code defines 'public international organisation' as meaning, in broad terms: organisations of which two or more countries are members or the governments of two or more countries are members; organs or committees of such organisations; or other organisations or bodies established by such organisations. The reference to section 70.1 of the Criminal Code is consistent with the definition of 'public international organisation' in the Australian Border Force Act 2015, the Autonomous Sanctions Act 2011, the Charter of the United Nations Act 1945, and, following commencement of this Bill (see Schedule 6), the IS Act.

154. This definition is intended to include international bodies (such as the UN or NATO), organs of such bodies (such as UN peacekeeping missions), related organisations and agencies, and intergovernmental bodies. The definition is not limited to organisations with legal personality.

Item 2 - Paragraph 13(1)(a)

155. This item repeals and replaces paragraph 13(1)(a) of the ONI Act to enable the ONI Director-General to provide approval under subsection 13(2) for ONI to cooperate with public international organisations in the performance of its functions.

156. Under subsection 13(3), every month, the ONI Director-General must notify the Prime Minister in writing of any new approvals and/or any variation or revocation of an approval given under subsection 13(2). The Prime Minister may at any time cancel such an approval (subsection 13(5)). Cancellation must be given in writing and, unless specified in writing, has immediate effect.

Item 3 - Subsection 13(2)

157. This item inserts public international organisations for the purposes of paragraph 13(1)(a), to enable the ONI Director-General to approve a public international organisation, in addition to authorities, as being capable of assisting ONI in the performance of its functions.

Item 4 - Paragraph 54(2)(aa)

158. This amends paragraph 54(2)(aa) to provide that, in addition to cooperation with the authorities of other countries, the ONI Director-General may not delegate his or her power to approve cooperation with public international organisations under subsection 13(2).

Item 5 - Application and savings provisions

159. This item provides that the requirement to seek ONI Director-General approval for cooperation with a public international organisation under subsection 13(1) of the ONI Act applies only where a cooperative arrangement is entered into after commencement of this Schedule. It is not intended to apply retrospectively to cooperative arrangements entered into before commencement.

160. An approval given for the purposes of subsection 13(2) and in force immediately before the commencement of this Schedule, will remain in force, as if it had been given under that subsection as amended by this Schedule.

Schedule 8 - Suspension of travel documents

Australian Passports Act 2005 and Foreign Passports (Law Enforcement and Security) Act 2005

Overview

161. The Counter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Foreign Fighters Act) amended the Passports Act and the Foreign Passports Act to enable the Minister for Foreign Affairs to suspend a person's travel documents (such as passports) for a period of 14 days if requested by the Director-General of Security. The Director-General of Security can make such a request if he or she suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person's travel documents should be suspended or surrendered temporarily in order to prevent the person from engaging in that conduct.

162. Suspension or short-term surrender of travel documents is intended to be a temporary measure that allows the Minister to take swift action to mitigate the security risk posed by people seeking to leave Australia to engage in activities of security concern. Given that people seeking to leave Australia to travel overseas to engage in activities of security concern may only come to the attention of authorities shortly before they seek to travel, the temporary nature of the suspension is intended as a proactive, swift and proportionate action to prevent the person from travelling for a finite period and mitigate the security risk relating to Australians travelling overseas who may be planning to engage in activities of security concern.

163. After requesting a person's Australian travel document be suspended, or a foreign travel document be temporarily surrendered, ASIO may then need to compile a full security assessment to support a recommendation for permanent cancellation (where appropriate). It is vital that a security assessment recommending cancellation or long term surrender of a person's travel documents be given thorough attention and be of a high quality, taking into account all relevant and appropriate information. Operational experience has shown that the 14 day suspension period currently available for ASIO to prepare a full security assessment can be insufficient to enable ASIO to resolve all appropriate investigative activities and prepare a properly considered security assessment, without diverting resources from other priority investigations.

164. The purpose of this Schedule is to extend the period for which travel documents may be suspended or temporarily surrendered from 14 to 28 days, in order to afford ASIO sufficient time, and with minimal disruption to other priority investigations, to prepare a thorough security assessment considering whether permanent action is appropriate. This is intended to strike an appropriate balance between ensuring that a person's travel documents are only permanently cancelled or subject to long-term surrender when supported by a full and thorough ASIO security assessment, and the need to facilitate temporary, urgent action to prevent people from leaving Australia to engage in activities of security concern while a security assessment is being prepared.

Australian Passports Act 2005

Item 1 - Subsection 22A(1)

165. This item amends subsection 22A(1) to extend the period for which the Minister may suspend an Australian travel document upon request by the Director-General of Security from 14 days to 28 days.

166. Currently, section 22A of the Passports Act enables the Minister for Foreign Affairs to suspend a person's Australian travel documents (including passports) for a period of 14 days if asked to do so by the Director-General of Security. A request can be made if the Director-General suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person's Australian travel documents should be suspended in order to prevent the person from engaging in the conduct.

167. The aim of the provisions is to seek to prevent persons from travelling overseas to engage in activities of security concern (for example, training for, or participating in, terrorist activities in a foreign country), which harm the security of the foreign country and also increase a person's ability to conduct attacks inside Australia after their return. Often, a person may not come to ASIO's attention until shortly before they seek to travel overseas. In those circumstances, it is necessary to prevent the person from leaving Australia in the short term, since Australia's ability to prevent people from travelling to a conflict zone or engaging in activities of security concern is limited once they have left Australia.

168. The purpose of this item is to extend the period for suspension, to ensure that ASIO can resolve all appropriate investigative activities and that a full security assessment can be prepared to consider whether cancellation is appropriate, but at the same time ensure that a person who the Director-General suspects may leave Australia to engage in harmful conduct is prevented from doing so in the meantime. Cancelling a person's passport is a significant decision with serious ramifications for the individual involved, and it should not be made lightly. That is why the temporary suspension power is appropriate.

169. If following a request for suspension, ASIO wishes to request permanent cancellation, ASIO must compile a new security assessment to support the request. This assessment is subject to merits review. Extending the period to 28 days ensures ASIO is not required to divert resources from other priority investigations to complete a security assessment supporting cancellation or form an assessment before all appropriate investigative activities are resolved. A 28 day period is also consistent with the emergency visa cancellation provisions under the Migration Act 1958.

170. Operational requirements have evolved since the amendments conferring the ability to suspend or temporarily surrender travel documents were introduced via the Foreign Fighters Act. In particular, the conflict in Syria and Iraq has demonstrated that events overseas can drive significant and sustained increases in the number of people who may seek to leave Australia to engage in harmful conduct overseas. The suspension and cancellation powers are used only where necessary, and in a relatively small proportion of all passport matters. Since the commencement of the powers in December 2014, around 190 Australian passports have been cancelled or refused in relation to the conflict in Syria and Iraq, while in the same period around 40 passports were subject to temporary suspension. On a number of occasions, the first time a person has come to ASIO's attention has been as they are preparing to travel overseas to a conflict zone. It has therefore been necessary to take action in a very short timeframe to prevent them from leaving Australia. A security assessment must be prepared by officers who may also be involved in other (or related) priority investigations.

Item 2 - Application of amendment

171. This item provides that the 28 day period for passport suspension applies only where the Director-General of Security makes the request for the suspension of the passport pursuant to section 22A(2) of the Passports Act after commencement of this Schedule. It is not intended to apply where the request was made before commencement, even if the Minister does not suspend the passport until after commencement.

Foreign Passports (Law Enforcement and Security) Act 2005

Item 3 - Section 15A (heading)

172. This item amends the heading of section 15A to reflect the new 28 day period for Australian travel document suspension, which is '15A Request for 28 day surrender relating to security risk'.

Item 4 - Subsection 15A(2)

173. This item amends subsection 15A(2) to extend the period for which the Minister may order the temporary surrender of a foreign travel document upon request by the Director-General of Security from 14 days to 28 days.

174. Currently, section 15A of the Foreign Passports Act allows the Director-General of Security to request the Minister for Foreign Affairs to order the temporary surrender of a person's foreign travel documents (including passports) for a period of 14 days. A request can be made if the Director-General suspects on reasonable grounds that the person may leave Australia to engage in conduct that might prejudice the security of Australia or a foreign country, and the person should be required to surrender their foreign travel documents in order to prevent the person from engaging in the conduct.

175. The aim of the provisions is to prevent persons from travelling overseas to engage in activities of security concern (for example, training for, or participating in, terrorist activities in a foreign country) which harm the security of the foreign country and also increase a person's ability to conduct attacks inside Australia after their return. Often, a person may not come to ASIO's attention until shortly before they seek to travel overseas. In those circumstances, it is necessary to prevent the person from leaving Australia in the short term, since Australia's ability to prevent people from travelling to a conflict zone or engaging in activities of security concern is limited once they have left Australia.

176. The purpose of this item is to extend the period for temporary surrender, to ensure that a request for long-term surrender can be prepared if appropriate, but at the same time ensure that a person who the Director-General of Security suspects may leave Australia to engage in conduct prejudicial to security is prevented from doing so in the meantime. Ordering the long-term surrender of a person's travel documents is a significant decision with serious ramifications for the individual involved, and it should not be made lightly. That is why the temporary surrender power is appropriate.

177. If following a request for a temporary surrender, ASIO wishes to request a long term surrender, ASIO must compile a new security assessment to support the request. Extending the period to 28 days ensures ASIO is not required to divert resources from other priority investigations to resolve appropriate investigative activities and prepare a request supporting long term surrender. A 28 day period is also consistent with the emergency visa cancellation provisions under the Migration Act 1958.

Item 5 - Subsection 16A (heading)

178. This item amends the heading to section 16A, which is'16A Demand for 28 days surrender of foreign travel document ordered by Minister on request under section 15A', to reflect the new 28 day period for the Minister to order foreign travel documents to be surrendered.

Item 6 - Subsections 16A(6) and (7)

179. This item provides that, where the Minister has ordered the surrender of foreign travel documents under subsection 16A(1), any foreign travel document that has been surrendered or seized must be returned 28 days later. This ensures that the foreign travel document cannot be withheld any longer than the surrender period, unless the Minister has ordered a long-term surrender under section 16.

Item 7 - Application of amendments

180. This item provides that the 28 day period for surrender of a foreign travel document applies only where the Director-General of Security makes the request for surrender under section 15A of the Foreign Passports Act after commencement of this Schedule. It is not intended to apply where the request was made before commencement, even if the Minister makes the order for surrender after commencement.

Schedule 9 - Online activities

Criminal Code Act 1995

Overview

181. The amendments in this Schedule are contingent upon the commencement of the Security Legislation Amendment (Critical Infrastructure) Bill 2021 (as currently named).

182. This Schedule implements recommendation 74 of the Comprehensive Review to the extent it relates to ASIS and AGO. The Comprehensive Review recommended the immunity for certain computer offences for ASIS, AGO and ASD be extended to apply where a staff member or agent of the relevant agency acted on a reasonable belief that the computer-related activities occurred outside Australia, even if that activity actually occurred inside Australia.

183. Upon commencement of the Security Legislation Amendment (Critical Infrastructure) Bill 2021, sections 476.5 and 476.6 of the Criminal Code currently provide immunity to ASIS, AGO and ASD for certain computer-related acts. Section 476.5(1) provides that staff members and agents of ASIS and AGO are not subject to any civil or criminal liability for computer-related acts done outside of Australia if the act is done in the proper performance of a function of the agency. The Security Legislation Amendment (Critical Infrastructure) Bill 2021 introduces section 476.6(1), which implements recommendation 74 of the Comprehensive Review for ASD. It mirrors the immunity in section 476.5, requiring the act to be done in the proper performance of a function of the agency, but also extends the immunity to circumstances where the staff member or agent of ASD acted on a reasonable belief that that computer-related activity occurred outside Australia, even where that activity actually occurred inside Australia.

184. Section 476.5 of the Criminal Code was introduced by the Cybercrime Act 2001. As originally introduced, subsection 476.5(1) provided immunity from civil and criminal liability for the staff members and agents of ASIS and ASD (then Defence Signals Directorate (DSD)) whose computer-related activities done outside Australia, in the proper performance of their functions, were intended and required by Government. The Intelligence Services Legislation Amendment Act 2005 extended the immunity to apply to the then Defence Imagery and Geospatial Organisation (now the AGO).

185. Subsection 476.5(2) provides immunity from civil and criminal liability for persons who engage in activities, inside Australia, that are preparatory to, in support of, or otherwise directly connected with overseas activities of the agency concerned (either ASIS or AGO). Essentially, this provision provides immunity from extended liability (for example, for aiding, abetting, counselling or procuring a computer-related act) for persons who may assist either ASIS or AGO in the performance of its overseas activities.

186. Paragraph 476.5(2)(b) and subsection 476.5(2A) place important limits on the scope of the immunity for preparatory and supporting activities. Paragraph 476.5(2)(b) provides that the immunity does not apply to preparatory or supporting conduct that would constitute a criminal offence in its own right. Subsection 476.5(2A) provides that the immunity does not permit any conduct undertaken in Australia for which ASIO would:

•: require a warrant issued under Division 2 of Part III of the ASIO Act or Part 2-2 of the TIA Act to do, or
•: be required to do in accordance with Division 3 of Part 4-1 of the TIA Act, which deals with access to telecommunications data.

187. In combination, these limits ensure that the immunity for preparatory and supporting activities does not undermine the warrant frameworks under the ASIO Act and TIA Act by authorising persons to commit acts in Australia that would otherwise be unlawful without obtaining a warrant.

188. Similarly, subsections 476.6(2)(a) and (2)(c) provide the same immunity and limits as explained above for persons who engage in activities that are preparatory to, or in support of, or otherwise directly connected with overseas activities of ASIS and AGO. The only difference is that the person has immunity for engaging in conduct both inside and outside Australia, as opposed to just conduct inside Australia.

189. The immunities for computer-related acts under sections 476.5 and 476.6 of the Criminal Code supplement the general immunities for ASIS, ASD and AGO under subsection 14(1) of the IS Act, to ensure Australian law, including the computer offences in Part 10.7 of the Criminal Code, does not prohibit these agencies from doing computer-related acts outside Australia in the proper performance of their functions.

190. The purpose of this Schedule is to update the existing, limited immunities afforded to staff members and agents of ASIS and AGO to ensure they remain effective in light of technological change. These updates bring the immunities for staff members and agents of ASIS and AGO to that of staff members and agents of ASD in respect of computer offences. These amendments are required as it is not always possible to determine with certainty the geographic location of computer-related activity. Criminal liability should not apply when a staff member or agent of ASIS, AGO or ASD acts in the genuine belief that the activity is outside Australia. These amendments will protect staff from criminal liability only where they have acted in good faith in the proper performance of the agency's (ASIS, AGO, ASD) functions.

Item 1 - Subsection 476.4(2) of the Criminal Code

191. This item updates the section reference by removing the reference to section 476.5. Subsection 476.4(2) currently refers to subsection 476.5, which is repealed in Item 2.

Item 2 - Section 476.5 of the Criminal Code

192. This item repeals section 476.5 which contains the current immunity for staff members and agents of ASIS and AGO for computer-related acts. The immunity has been redrafted in section 476.6, which consolidates the immunities for ASIS, AGO and ASD.

Item 3 - Section 476.6 of the Criminal Code (heading)

193. This item omits the reference 'ASD' in the heading and replaces it with 'ASIS, ASD or AGO'. This indicates in the heading that the immunities contained in section 476.6 will apply to all three agencies. This reflects the intention that section 476.6 will no longer apply only to ASD, and instead will apply to 'the agencies'. Item 11 defines 'the agencies' in subsection 476.6(10), as being ASIS, ASD and AGO.

Items 4 and 5 - Subsection 476.6(1) of the Criminal Code

194. Item 4 omits 'ASD' in subsection 476.6(1) and substitutes it with "an agency (within the meaning of subsection (10))." This extends the immunity to ASIS and AGO, while ensuring it still applies to ASD.

195. Item 5 omits 'ASD' in paragraph 476.6(1)(b) and substitutes it with 'the agency'. This reflects the intention for the immunity in section 476.6 to apply to ASIS and AGO, as well as ASD.

196. Subsection (1) provides that a staff member or agent of an agency (being ASIS, AGO or ASD) is not subject to any civil or criminal liability for engaging in conduct inside or outside Australia if both of the following apply:

•: the conduct is engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia (whether or not it in fact takes place outside Australia), and
•: the conduct is engaged in the proper performance of a function of the agency.

197. This largely replicates the limitations on liability that exist in the current section 476.5 of the Criminal Code for ASIS and AGO (which is repealed in Item 2), with the notable inclusion of conduct that is engaged in inside Australia and that the conduct is engaged in on the 'reasonable belief that it is likely' to take place outside Australia.

198. This amendment is intended to ensure that staff members and agents of ASIS, ASD and AGO are protected from liability for conduct done in the proper performance of the functions of an agency inside or outside of Australia, where they reasonably believe that the conduct will take effect outside Australia.

199. The amendment is required in order to respond to technological changes, in particular due to the increasing prevalence of online, internet-based communications, which obscure the geographic location of parties to communications. The amendments ensure ASIS and AGO, like ASD, can continue to operate efficiently in an increasingly challenging online environment, where it is not always possible to reliably determine the geographic location of a device or computer. This challenge is exacerbated where adversaries (including foreign intelligence services, persons engaged in proliferation-related activities and terrorist organisations) take active steps to obfuscate their physical location. For agencies to be able to effectively perform their functions in such an environment, it is necessary to protect staff members and agents from liability if they inadvertently affect a computer or device located inside Australia.

200. The amendment will not provide staff members or agents with immunity from liability in circumstances where they know or believe a target computer or device to be located inside Australia. Nor will it provide such persons with immunity where their belief that a target computer or device is located outside Australia is not reasonable. The immunity will also no longer apply once it is known to the staff member or agent that the target is not outside Australia. Any continued targeting in Australia once a staff member or agent is aware that it is within Australia would not attract the immunity and would remain criminal.

201. Consistent with current subsection 476.5(1), the immunity will continue to apply only where a staff member or agent's conduct is done in the proper performance of a function of the agency concerned.

Items 6 and 7 - Paragraphs 476.6(2)(a) and (2)(c)

202. Item 6 omits 'ASD' in paragraph 476.6(2)(a) and substitutes it with 'an agency'. Item 7 omits 'ASD' in paragraph 476.6(2)(c) and substitutes it with 'the agency'. These amendments reflect that subsection 476.6 should apply to ASIS and AGO, as well as ASD.

203. Subsection (2) provides that a person is not subject to any civil or criminal liability for engaging in conduct inside or outside Australia if all of the following apply:

•: the conduct is preparatory to, in support of, or otherwise directly connected with, overseas activities of an agency (being ASIS, AGO and ASD)
•: the conduct, including the computer-related act, that took place (or was intended to take place) outside of Australia, would have amounted to an offence, but if the computer-related act didn't happen, it would not have amounted to an offence, and
•: the conduct is engaged in the proper performance of a function of the agency (being ASIS, AGO or ASD).

204. These amendments ensure that the current immunity for preparatory conduct in subsection 476.5(2) and current limitations on that immunity in subsection 476.5(2A) continue to apply to ASIS and AGO, despite the repeal of section 476.5 in item 2.

205. As mentioned above, the purpose of this provision is to provide immunity from extended liability (for example, for aiding, abetting, counselling or procuring a computer-related act) for persons who may assist either ASIS, AGO or ASD in the performance of its overseas activities.

206. The immunity will contain the same limitations as the current immunity in subsection 476.6(3). That is, the immunity does not permit any conduct in relation to premises, persons, computers, things or carriage services in Australia being:

•: conduct which ASIO could not engage in without a Minister authorising it by warrant issued under Division 2 of Part III of the ASIO Act or under Part 2-2 of the TIA Act, or
•: conduct engaged in to obtain information that ASIO could not obtain other than in accordance with Division 3 of Part 4-1 of the TIA Act.

Item 8 - Subsection 476.6(6)

207. This item omits 'ASD' in subsection 476.6(6) and substitutes it with 'an agency'. This reflects the change in section 476.6 for the relevant immunity provisions to apply to ASIS and AGO, as well as ASD.

208. Subsection (6) provides that the IGIS may give a certificate in writing certifying any fact relevant to the question of whether conduct was engaged in, in the proper performance of a function of the agency (being ASIS, AGO or ASD).

209. Evidentiary certificates are intended to streamline the court process by reducing the need to contact numerous officers and experts to give evidence. Evidentiary certificates also assist with maintaining the confidentiality of the sensitive methodologies and capability of the authorised agency.

Items 9 and 10 - Paragraph 476.6(8)(a) and Subsection 476.6(8)

210. Item 9 omits 'ASD' in paragraph 476.6(8)(a) and substitutes it with 'an agency'. Item 10 omits 'ASD' in subsection 476.6(8) and substitutes it with 'the agency'. These amendments reflect that section 476.6 should apply to ASIS and AGO, as well as ASD.

211. Subsection (8) applies if all of the following apply:

•: a person engaged in conduct referred to in subsection 476.6(1) or (2) in relation to an agency
•: the conduct causes material damage, material interference or material obstruction to a computer (within the meaning of section 4 of the ASIO Act) in Australia, and
•: apart from this section, the person would commit an offence against Part 10.7 of the Criminal Code.

212. If subsection (8) applies, the agency head of the relevant agency must, as soon as practicable, give a written notice to the IGIS that:

•: informs the IGIS of the fact, and
•: provides details about the conduct that caused the damage, interference or obstruction to the computer.

213. While this limitation on liability only applies where the conduct was engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside Australia, should it later be determined that a computer in Australia was impacted, it is important that the IGIS is made aware of the matter given its significance. This allows the IGIS to, should they wish, investigate the actions taken to ensure they were lawful.

Item 11 - Subsection 476.6(10)

214. This item inserts the following definitions into subsection 476.6(10):

•: 'agency' means ASIS, ASD or AGO
•: 'AGO' means the part of the Defence Department known as the Australian Geospatial-Intelligence Organisation, and
•: 'ASIS' means the Australian Secret Intelligence Service.

Item 12 - Subsection 476.6(10) (definition of 'staff member')

215. This item repeals the current definition of 'staff member' and provides the following definitions of 'staff member', which references ASIS and AGO in addition to ASD, to apply in section 476.6:

•: in relation to ASIS, 'staff member' means the Director-General of ASIS, or a member of the staff of ASIS (whether an employee of ASIS, a consultant or contractor to ASIS, or a person who is made available by another Commonwealth or State authority or other person to perform services for ASIS),
•: in relation to ASD, 'staff member' means the Director-General of ASD, or a member of the staff of ASD (whether an employee of ASD, a consultant or contractor to ASD, or a person who is made available by another Commonwealth or State authority or other person to perform services for ASD), and
•: in relation to AGO, 'staff member' means the Director-General of AGO, or a member of the staff of AGO (whether an employee of AGO, a consultant or contractor to AGO, or a person who is made available by another Commonwealth or State authority or other person to perform services for AGO).

Item 13 - Application of amendments

216. This item provides that the amendments made by this Schedule apply in relation to conduct engaged in after the commencement of this Schedule. This item is required to ensure that the amendments do not inadvertently create uncertainty about the legality of conduct of ASIS and AGO engaged in before the commencement of this Schedule in reliance on the current immunities.

Schedule 10 - Privacy

Part 1 - Privacy rules of ASIS, AGO and ASD

Overview

217. Part 1 of Schedule 10 implements recommendation 189 of the Comprehensive Review, which found that ASIS, ASD and AGO should be required, in legislation, to have legally binding, publicly available privacy rules.

218. In order to perform their functions effectively, intelligence agencies must be able to protect sensitive sources, techniques and capabilities. Consequently, ASIS and ASD are fully exempt from the operation of the Privacy Act 1988 (Privacy Act), and AGO is exempt where the acts and practices that impact on privacy relate to its functions. ^[13] Instead, these agencies maintain their own set of privacy rules that regulate the communication and retention of intelligence information concerning Australian persons.

219. ASIS, ASD and AGO are currently required by legislation to have legally-binding privacy rules made by their responsible Minister. ASIS, ASD and AGO's privacy rules are publicly available on their respective websites. However, there is no current legislative requirement for them to be publicly available.

220. The Comprehensive Review concluded that while ASIS, ASD and AGO continue to meet the relevant criteria justifying their exemption from the Privacy Act, and that their current privacy regimes are adequate, minor changes should be made to improve transparency. Specifically, the Comprehensive Review considered that it should be required by law, that these agencies maintain and publish their legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

221. Part 1 of Schedule 10 amends section 15 of the IS Act to formalise in legislation the requirement that the responsible Ministers for ASIS, ASD and AGO must, as soon as is practicable after making their respective agencies' privacy rules, ensure those rules are published on the agency's website.

222. Part 1 of Schedule 10 also amends section 29 of the IS Act to provide that it is a function of the PJCIS to review ASIS, ASD and AGO's privacy rules, as made by the relevant responsible Minister. The amendments provide that it is not a function of the PJCIS to review agencies' compliance with their respective privacy rules. These amendments are consistent with the Government response to recommendation 183 of the Comprehensive Review.

Intelligence Services Act 2001

Item 1 - After subsection 15(1)

223. This item inserts new subsection 15(1A) to replace subsection 15(5) as repealed by Item 2 of this Schedule. The meaning of this subsection remains the same. The new positioning of the content in this subsection is to give greater prominence to the subsection, consistent with the approach being taken in Part 3 of this Schedule for section 53 of the ONI Act. The amended order will also avoid any confusion as to the meaning of 'agencies' in the following item (new subsection 15(5)).

Item 2 - Subsection 15(5)

224. This item repeals subsection 15(5) and replaces it with new subsection 15(5) to introduce a requirement that, as soon as practicable after the privacy rules are made, the responsible Minister must ensure that those rules are published on the relevant agency's website.

225. Any parts of the privacy rules, which contain operationally sensitive information, information that might prejudice Australia's national security, the conduct of Australia's foreign relations, or the performance by the relevant agency of its functions, are not required to be published. Typically, the decision to exempt certain parts of the privacy rules from publication would be made by the responsible Minister on the advice of the agency head.

226. 'Operationally sensitive information' is defined in Section 1A of Schedule 1 of the IS Act.

Item 3 - After paragraph 29(1)(cf)

227. This item introduces new paragraph 29(1)(cg) to provide that it is a function of the PJCIS to review the privacy rules made under section 15 of the IS Act

Item 4 - Paragraph 29(3)(f)

228. This item repeals and replaces paragraph 29(3)(f) to provide that it is not a function of the PJCIS to review compliance by ASIS, ASD or AGO, with their respective privacy rules made under section 15 of the IS Act.

Item 5 - Application of amendments

229. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 1 of this Schedule apply to privacy rules made on or after the commencement of this part. This item also provides that amendments to the IS Act made by Part 1 of this Schedule apply to the communication and retention of intelligence information that occurs after the commencement of this Schedule, regardless of whether the intelligence information was obtained before or after that commencement.

Part 2 - Privacy rules of DIO

Overview

230. Part 2 of Schedule 10 implements recommendation 189 of the Comprehensive Review, which found that DIO should be required, in legislation, to have legally binding, publicly available privacy rules.

231. In order to perform their functions effectively, intelligence agencies must be able to protect sensitive sources, techniques and capabilities. Consequently, DIO is exempt where its acts and practices that impact on privacy relate to its functions. ^[14] Instead, DIO maintains its own set of privacy rules that regulate the communication and retention of intelligence information concerning Australian persons.

232. DIO has publicly available privacy rules approved by the Minister for Defence. However, these are not currently mandated by legislation.

233. The Comprehensive Review concluded that, while DIO continues to meet the relevant criteria justifying its exemption from the Privacy Act, and that its current privacy regime is adequate, minor changes should be made to its privacy arrangements to improve transparency. Specifically, the Comprehensive Review considered that it should be required by law, that DIO maintain and publish its legally binding privacy rules, and that these rules should be required to be made by the relevant Minister.

234. While DIO, unlike ASIS, ASD and AGO, is not established under an Act, the Comprehensive Review considered that it would be legislatively possible to require it to have privacy rules, as has been done in relation to other matters in the IS Act that relate to DIO, such as secrecy.

235. Part 2 of Schedule 10 amends the IS Act to introduce new section 41C. Section 41C formalises in legislation the requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons. Section 41C also introduces the requirement that the responsible Minister in relation to DIO must ensure, as soon as is practicable, that DIO's privacy rules be published on DIO's website.

236. Part 2 of Schedule 10 also amends section 29 of the IS Act to provide that it is a function of the PJCIS to review DIO's privacy rules, as made by the responsible Minister. The amendments provide that it is not a function of the PJCIS to review DIO's compliance with its privacy rules. These amendments are consistent with the Government response to recommendation 183 of the Comprehensive Review.

237. Part 2 of Schedule 10 also makes minor amendments to the IGIS Act to reflect new reporting requirements concerning DIO's privacy rules, as introduced by new section 41C in the IS Act.

Inspector-General of Intelligence and Security Act 1986

Items 6 and 7 - Subsection 35(2B)

238. These items amend subsection 35(2B) of the IGIS Act to include DIO in the list of agencies that the IGIS must include in its annual report with regard to compliance with privacy rules.

Item 8 - Subsection 35(2B) (note)

239. This item replaces the note in subsection 35(2B) to provide that the rules referred to in the subsection regulate the communication and retention of intelligence information concerning Australian persons, within the meaning of the IS Act. This reflects amendments to the IS Act privacy rules as part of this Schedule and Schedule 4 of this Bill.

Intelligence Services Act 2001

Item 9 - Section 3 (after paragraph (c) of the definition of intelligence information)

240. This item amends the definition of intelligence information in section 3 to include intelligence obtained or produced by DIO in the performance of its intelligence functions. Defining intelligence information in terms of DIO's 'intelligence functions' is consistent with the definitions (in paragraphs 3(a), (b) and (c)) for ASIS, AGO and ASD, whose definitions of 'intelligence information' are defined in terms of their respective intelligence functions).

Item 10 - After paragraph 29(1)(cg)

241. This item introduces new paragraph 29(1)(ch) to provide that it is a function of the PJCIS to review the privacy rules made under section 41C of the IS Act.

Item 11 - After paragraph 29(3)(f)

242. This item introduces new paragraph 29(3)(faa) to provide that it is not a function of the PJCIS to review compliance by DIO with its privacy rules.

Item 12 - Before section 42

243. This item inserts new section 41C to introduce a legislative requirement for the responsible Minister in relation to DIO to make written rules regulating the communication and retention by DIO of intelligence information concerning Australian persons.

244. Subsection 41C(2) places a positive obligation on DIO to not communicate intelligence information concerning Australian persons except in accordance with the privacy rules.

245. Subsection 41C(3) requires that, in making the rules, the responsible Minister must have regard to the need to ensure that the privacy of Australian persons is preserved as far as is consistent with the proper performance by DIO of its functions. That is, while the right to privacy may be subject to certain permissible limitations for the purpose of DIO performing its intelligence functions, the rules must ensure that to the maximum extent possible, the privacy of Australian persons is maintained.

246. Subsection 41C(4) requires that, before making the privacy rules, the responsible Minister must consult with the Director of DIO, the IGIS and the Attorney-General. Subsection 41C(5) requires that, for the purpose of the consultation, the responsible Minister must provide a written copy of the proposed privacy rules to the persons consulted.

247. Subsection 41C(6) requires that, as soon as practicable after the privacy rules have been made, the responsible Minister must ensure that those rules are published on DIO's website. Consistent with the privacy rules for IS Act Agencies in section 15, any parts of the privacy rules that contain operationally sensitive information, or information that might prejudice Australia's national security, the conduct of Australia's foreign relations, or the performance by DIO of its functions, are not required to be published.

248. Subsection 41C(7) is intended to operate as a substantive exemption from the legislative instrument requirements of the Legislation Act 2003. Although the privacy rules issued by the responsible Minister under subsection 41C(1) are required to be made public, subsection 41C(5) recognises that such rules may contain operationally sensitive information or information relating to Australia's national security or the conduct of Australia's foreign relations that is not suitable for public dissemination. An exemption for this reason is consistent with the privacy rules issued under section 15 of the IS Act and section 53 of the ONI Act.

249. Subsection 41C(8) requires that the IGIS must brief the PJCIS on the content and effect of the privacy rules if the committee requests the IGIS to do so, or if the privacy rules change.

Item 13 - Application of amendments

250. This item provides that in relation to an annual report prepared under section 46 of the PGPA Act, the amendments made by Part 2 of this Schedule apply to both the reporting period in which they commenced and all subsequent reporting periods.

251. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 2 of this Schedule apply to privacy rules made on or after the commencement of this part. This item also provides that amendments to the IS Act made by Part 2 of this Schedule apply to the communication and retention of intelligence information that occurs after the commencement of this Schedule, regardless of whether the intelligence information was obtained before or after that commencement.

Part 3 - Privacy rules of ONI

Overview

252. To perform their functions effectively, Australia's intelligence agencies must be able to protect sensitive sources, techniques and capabilities. For this reason, intelligence agencies are either exempt or partially exempt from the provisions of the Privacy Act.

253. ONI is fully exempt from the operation of the Privacy Act. Instead, ONI is subject to direct ministerial control, IGIS oversight, and importantly, privacy rules issued by the Prime Minister that regulate ONI's collection of information mentioned in paragraph 7(1)(g) to the extent that information is identifiable information, and the communication, retention and handling of identifiable information concerning Australian persons.

254. Under section 53 of the ONI Act the Prime Minister must make privacy rules which regulate the collection of identifiable information under ONI's open source information function (paragraph 7(1)(g)), and communication, handling and retention of identifiable information by ONI more generally. Identifiable information is personal information about Australian citizens or residents. Section 53 applies to personal information about Australian citizens or permanent residents, regardless of how it was obtained. Before making the privacy rules the Prime Minister must consult with the Attorney-General, the IGIS, the Privacy Commissioner and the Director-General of ONI.

255. Currently, section 53(5) prohibits ONI from collecting or communicating information concerning Australian persons, except in accordance with the privacy rules.

256. The privacy rules currently cover all of ONI's functions, analytical or otherwise. This encompasses a broad range of scenarios, including where the information concerned is either routine or administrative in nature, or, in the case of ONI's open source function (paragraph 7(1)(g)), already in the public domain - for example, contained in a news article. The effect of this has been, particularly in relation to ONI's open source function, to hinder ONI from contributing valuable insights to NIC and other government forums.

257. The purpose of the privacy rules is to provide a necessary and important protection for the privacy of Australian persons, given the nature of ONI's analytical functions, which in certain circumstances, may impinge upon the right to privacy. It is necessary that the privacy rules continue to apply to the communication of information concerning Australian persons where such information is for the purposes of ONI's analytical functions - that is, where intelligence analysis is applied to that information.

258. However, it is both impractical and unnecessarily burdensome for the privacy rules to apply to administrative, staffing or publicly available information where the privacy risk associated with communicating that information is low, because that information is either voluntarily provided to the agency, or is already in the public domain. Unlike other NIC agencies, ONI does not have covert or intrusive powers to collect intelligence (such as the ability to obtain warrants or conduct compulsory questioning), and ONI's functions do not include directing an NIC agency to carry out operational activities. Personal information that is obtained for the purposes of ONI's non-analytical functions is unlikely to impact on the right to privacy and is therefore outside the intended purpose of the privacy rules. ONI deals with such information separately by ensuring that its internal policies and practices provide appropriate privacy protections as far as is consistent with the proper performance of ONI's functions.

259. Part 3 of Schedule 10 implements recommendation 12 of the Comprehensive Review, which found that the ONI Act should be amended to provide that the privacy rules apply to the communication of information under ONI's open source function, only where analysis has been applied to that information. It does so by amending section 53 of the ONI Act to make a distinction between 'personal information' and 'intelligence information'. The effect of this is to exclude the communication of non-intelligence open source products from the privacy rules regime. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to the communication of personal information where that personal information is not also intelligence information. The privacy rules apply in circumstances where the personal information provided to or collected by ONI is evaluated, analysed, interpreted, integrated and/or tested such that it becomes intelligence. The privacy rules continue to regulate the collection of information concerning Australian persons by ONI performing its open source function under section 7(1)(g).

260. This difference between 'information' and 'intelligence' is consistent with the meanings of 'intelligence' and 'uses of intelligence' set out in the third report of the 1974-77 Royal Commission on Intelligence and Security:

Intelligence is, to some degree, processed information. It is processed information in the sense that a lot of different items of knowledge have been put together, tested against each other for credibility and a judgement made on balance as to the truth, or at least the greatest degree of probability of the truth about some particular situation. It is also assessed as relevant to the consumer. ... Intelligence is information gathered for policy makers in government which illuminates the range of choices available to them and enables them to exercise judgment. ^[15]

261. Currently the ONI privacy rules do not make this distinction between information and intelligence that is derived from the interpretation of analysis of that information, nor between the different functions for ONI set out in section 7 of the ONI Act.

262. Consistent with the Government response to recommendation 12 of the Comprehensive Review, Part 3 of Schedule 10 further amends section 53 of the ONI Act to provide that the privacy rules apply only to personal information about an Australian citizen or permanent resident where that information is also intelligence information under ONI's two other analytical functions (paragraphs 7(1)(c) and (d)). This aligns with the approach described above for the treatment of personal information for ONI's open source function. This means that, under the amended privacy provisions, ONI's privacy rules do not apply to, for example, the communication of administrative and staffing information. This is consistent with the approach taken currently by the IS Act and as amended by Schedule 4 of this Bill (Authorisations for producing intelligence on Australians).

263. Part 3 of Schedule 10 includes an additional provision in section 7 of the ONI Act to clarify that one of ONI's functions is to communicate, in accordance with the Government's requirements, intelligence that is produced under ONI's analytical functions through evaluation, analysis, interpretation and integration.

264. Part 3 of Schedule 10 also makes minor amendments to a note in the IGIS Act to reflect the amendments to ONI's privacy rules.

Inspector-General of Intelligence and Security Act 1986

Item 14 - Subsection 35(2C) (note)

265. This item replaces the note in subsection 35(2C) to provide that the rules referred to in the subsection regulate the communication, handling and retention of certain information that is personal information concerning Australian citizens or permanent residents, within the meaning of the ONI Act. This reflects amendments to the ONI privacy rules made as Part 3 of this Schedule.

Intelligence Services Act 2001

Item 15 - Before paragraph 29(1)(c)

266. This item introduces new paragraph 29(1)(ci) to provide that it is a function of the PJCIS to review the privacy rules made under section 53 of the ONI Act.

Item 16 - Paragraphs 29(3)(fa)

267. This item repeals and replaces paragraph 29(3)(fa) to provide that it is not a function of the PJCIS to review compliance by ONI with its respective privacy rules.

Office of National Intelligence Act 2018

Item 17 - Section 3 (paragraph beginning "This Act also deals with")

268. This item deletes the term 'identifiable information and' in the final paragraph of section 3 and replaces it with 'certain personal information about an Australian citizen or permanent resident, as well as'. This reflects the new terminology regarding the scope of ONI's privacy rules, as amended by this Schedule.

Item 18 - Subsection 4(1) (definition of identifiable information)

269. This item repeals the definition of 'identifiable information' in section 4. This is to reflect that 'identifiable information' is no longer referred to in section 53, as amended by this Schedule. The term is not used in any other part of the ONI Act.

Item 19 - Subsection 4(1)

270. This item inserts a definition of 'intelligence information' and 'personal information about an Australian citizen or permanent resident'. These two definitions have the meanings given by new subsection 53(1C) and new subsection 53(1B), respectively. The new terminology is for the purposes of explaining the scope and application of ONI's privacy rules in section 53.

Item 20 - After paragraph 7(1)(g)

271. This item inserts new paragraph 7(1)(ga) to clarify ONI's functions. 7(1)(ga) ensures that ONI is able to communicate, in accordance with Government's requirements, intelligence that is produced under 7(1)(c), (d) or (g). In its unamended form, section 7 does not provide sufficient clarity concerning ONI's ability communicate some of its analysis and analytical products.

Item 21 - Paragraph 53(1)(a)

272. This item replaces the term 'identifiable information' with the term 'personal information about an Australian citizen or permanent resident'. This has the effect that the Prime Minister must make privacy rules regulating the collection of personal information about Australian citizens or permanent residents for the purposes of ONI's open source function under paragraph 7(1)(g), as per the new definition of 'personal information about an Australian citizen or permanent resident' at subsection 53(1B).

273. As per new paragraph 53(1A)(a), ONI must abide by the privacy rules when collecting such information.

274. It remains the case that in making the privacy rules under paragraph 53(1)(a), the Prime Minister must have regard to the need to ensure that the privacy of Australian citizens and permanent residents is preserved so far as is consistent with the proper performance by ONI of its functions.

Item 22 - Paragraph 53(1)(b)

275. This item replaces the term 'identifiable information' with the term 'intelligence information that is personal information about an Australian citizen or permanent resident'. This has the effect that the Prime Minister must make privacy rules regulating the communication, handling and retention of intelligence information concerning Australians for the purposes of ONI's intelligence functions under paragraphs 7(1)(c),(d) and (g), as per the new definition of 'intelligence information' at section 53(1C).

276. As per new paragraph 53(1A)(b), ONI must abide by the privacy rules when communicating such information.

277. It remains the case that in making the privacy rules under paragraph 53(1)(b), the Prime Minister must have regard to the need to ensure that the privacy of Australian citizens and permanent residents is preserved so far as is consistent with the proper performance by ONI of its functions.

Item 23 - After subsection 53(1)

278. This item inserts a definition of 'personal information about an Australian citizen or permanent resident', a definition of 'intelligence information', and clarifies the circumstances in which ONI must act in accordance the privacy rules.

279. New subsection 53(1A) replaces section 53(5), which is repealed by Item 8 of this Schedule. Paragraph 53(1A)(a) requires that ONI must not collect personal information about an Australian citizen or permanent resident under the function set out in paragraph 7(1)(g), except in accordance with the privacy rules. Paragraph 7(1)(g) is ONI's open source function and is concerned with the collection, interpretation and dissemination of publicly available information. Paragraph 53(1A)(b) requires that ONI must not communicate intelligence information that is personal information about an Australian citizen or permanent resident except in accordance with the privacy rules.

280. Section 53(1B) inserts a definition of 'personal information about an Australian citizen or permanent resident' and section 53(1C) introduces a definition of 'intelligence information'. The purpose of these new definitions is to redefine the types of information that are subject to the privacy rules. This ensures that the privacy rules do not apply to information that is administrative in nature, or already in the public domain, while still protecting the personal information of Australians.

281. The definition of 'personal information about an Australian citizen or permanent resident' under section 53(1B) is defined in similar terms to the definition of 'personal information' in the Privacy Act. Noting however, the definition in section 53(1B) is limited to Australian citizens and permanent residents only. As was the case with the former definition of 'identifiable information' in section 4, as repealed by item 8 of this Schedule, the definition of an Australian citizen or permanent resident includes both natural persons and bodies corporate.

282. The definition of 'intelligence information' in section 53(1C) means intelligence that is produced by ONI under its analytical functions, those being the functions set out in paragraphs 7(1)(c), (d) and (g). Consistent with the meaning of intelligence expressed in the Hope Royal Commission report, the definition of intelligence information is concerned with intelligence that is produced by the evaluation, analysis, interpretation, integration and/or testing of information collected or assembled by or otherwise provided to ONI.

Item 24 - Subsection 53(5)

283. This item repeals subsection 53(5) which is replaced by new subsection 53(1A).

Item 25 - Application of amendments

284. This item provides that in relation to an annual report prepared under section 46 of the PGPA Act, the amendments made by Part 3 of this Schedule apply both to the reporting period in which they commenced, and all subsequent reporting periods.

285. This item provides that the amendments to subsection 29(1) of the IS Act made by Part 3 of this Schedule apply privacy rules made on or after the commencement of this part.

286. This item also states that the new provisions concerning ONI's privacy rules apply in relation to information collected under paragraph 7(1)(g) after the commencement of the Schedule. For the communication, handling and retention of intelligence information under paragraphs 7(1)(c), (d) and (g), the rules apply from the commencement of this schedule regardless of when that intelligence was produced. That is to say, the new provisions apply to all of the intelligence produced by ONI.

Part 4 - Contingent amendments

Intelligence Services Act 2001

Item 22 - Section 3 (definition of intelligence information )

287. This item makes a minor contingent amendment to section 3 of the IS Act to clarify that the definition of 'intelligence function' (contingent upon passage of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020) is in relation to AUSTRAC only.

Schedule 11 - Assumed identities

Crimes Act 1914

Overview

288. This Schedule amends the Crimes Act to include ASD in the Assumed Identities scheme set out in Part IAC of that Act. However, while the Director-General of ASD will be able to authorise the use of an assumed identity, the acquisition of evidence of an assumed identity will be authorised and performed on ASD's behalf by either ASIO or ASIS.

289. Part IAC of the Crimes Act sets out a regime for the acquisition and use of assumed identities by law enforcement and intelligence agencies. The scheme allows authorised officers of law enforcement and intelligence agencies to act under false identities, enabling them to obscure sensitive activities that would be undermined if they were to be connected with a law enforcement or intelligence agency, and protecting the true identity of individual officers.

290. Under subsection 15KB(2), the authority to acquire or use an assumed identity can only be granted in connection with one or more specific purposes, which include 'the exercise of powers and performance of functions of an intelligence agency'. Currently, the only intelligence agencies included in the scheme are ASIO, ASIS and ONI. In the law enforcement space, the regime is available to law enforcement agencies, including the Australian Federal Police, the Australian Criminal Intelligence Commission, the Australian Commission for Law Enforcement Integrity, the Australian Taxation Office, and the then Department of Immigration and Border Protection (which is now taken to be the Department of Home Affairs).

291. ASD, in accordance with its functions under the IS Act, relies on the use of assumed identities to perform activities related to its functions in circumstances where ASD's operations would be compromised were the activities to be connected to ASD. Currently, ASIS and ASIO operate assumed identities on ASD's behalf, in accordance with the Crimes Act and other legislation governing the activities of these agencies.

292. This means that it is the chief officer (the Director-General) of ASIO or ASIS who is required to approve a request from ASD to acquire and use an assumed identity. In addition, a supervisor from either ASIO or ASIS must be appointed to oversee ASD's use of the assumed identity, even where ASIO or ASIS has no involvement in the activities or operations requiring the assumed identity. These arrangements are necessary because ASD is not included as an intelligence agency in Part IAC of the Crimes Act. This is less efficient than if ASD operated its own assumed identities, and is proving unsustainable in the current operational environment.

Items 1 to 4 - Section 15K (Definitions)

293. Item 1 makes a consequential amendment to the definition of 'chief officer' to reflect the inclusion of the Director-General of ASD in the definition at item 2.

294. Item 2 includes the Director-General of ASD in the definition of 'chief officer'. The chief officer of an agency has a range of responsibilities under the Assumed Identities scheme in Part IAC, including making authorisations for assumed identities, and significant record keeping and auditing requirements under Subdivision B of Division 6 of Part IAC.

295. Item 3 includes ASD as an 'intelligence agency' for the purposes of Part IAC. Part IAC allows intelligence agencies and law enforcement agencies to participate in the Assumed Identities scheme. Therefore, this amendment will allow ASD to participate in the regime.

296. Item 4 repeals the definition of an 'intelligence officer' and replaces it with a new definition that incorporates the meaning of 'staff member' from the IS Act and, for ONI, within the meaning of the ONI Act. The IS Act definition includes people made available to perform services for the agency, such as contractors or secondees. The use of this definition in Part IAC reflects the fact that agencies are likely to structure their operations and approvals processes using the definition of 'staff member' set out in the relevant Acts, so requiring an officer to also fall within a separate definition solely for the purposes of Part IAC could create unnecessary complications.

297. The purpose of these changes to the definitions of 'chief officer', intelligence agency', and 'intelligence officer' is to allow ASD to participate in the Assumed Identities scheme.

Item 5 - At the end of subsection 15KB(4)

298. This item adds paragraph 15KB(4)(i) to include that the chief officer of ASD can appoint a supervisor who holds the position, or performs the duties of an APS Executive Officer Level 1 position, or an equivalent or higher position, in ASD.

Item 6 - Paragraph 15KG(b)

299. This item amends paragraph 15KG(b) to provide that ASD is not an intelligence agency that may apply to the Supreme Court of a State or Territory for an order that an entry be made in a register of births, deaths or marriages in relation to acquiring evidence of an assumed identity.

300. While these amendments include ASD in the Assumed Identities scheme, ASD does not have the ability to undertake the acquisition of evidence of an assumed identity. Instead, this continues to be done on ASD's behalf by ASIO and ASIS, which are the agencies with relevant experience in acquiring evidence of assumed identities.

301. This item provides that a chief officer may only make a request for an entry in a register of births, deaths or marriages under an authority to acquire evidence of an assumed identity, and not under an authority to use an assumed identity. Since ASD has no ability to acquire evidence, this means in effect that only the chief officer of ASIO or ASIS is able to make a request for an entry in a register of births, deaths or marriages. If such a request is operationally necessary for ASD, it is intended that an authority to acquire evidence be issued by either ASIO or ASIS, and the chief officer of ASIO or ASIS is able to make a request on ASD's behalf.

Item 7 - Subsection 15KH(2)

302. This item provides that the chief officer of ASD may not apply for the cancellation of an entry in a register of births, deaths or marriages. Instead, this request must be made on ASD's behalf by the chief officer of the agency that made the application for the entry into the register (either ASIO or ASIS). The intention of this is that ASD is able to use assumed identities, but all external engagement in respect of evidence of an assumed identity is done by ASIO or ASIS.

Items 8 to 13 - Paragraph 15KI(2A)(b), section 15KI(2A)(c), at the end of subsection 15KI(2A), paragraph 15KX(2A)(b), paragraph 15KX(2A)(c), and after subsection 15KX(2A)(c)

303. Items 8 to 13 provide that requests for evidence of an assumed identity cannot be made by the chief officer of ASD and can only be made by ASIO or ASIS. This gives effect to the intention that ASIO and ASIS retain responsibility for acquiring the evidence of an assumed identity on behalf of ASD. Items 8, 9 and 10 refer to requests made to Commonwealth issuing authorities, while items 11, 12 and 13 relate to requests made to participating jurisdictions (e.g. state and territory authorities).

Item 14 - Paragraph 15KY(3)(b)

304. This item makes a technical amendment to reflect the inclusion of the Director-General of ASD in the term 'chief officer of an intelligence agency'. ASD is not required to comply with a request from a participating jurisdiction for evidence of an assumed identity.

Items 15 and 16 - Subsection 15LH(3) (paragraph (g) and after paragraph (ga) of the definition of senior officer )

305. Items 15 and 16 amend the definition of 'senior officer' in relation to delegation of an ASIS or ASD chief officer's functions. This allows the chief officer of ASIS or ASD to delegate his or her functions to an intelligence officer who holds a position equivalent to or higher than a Senior Executive Service employee. This amendment ensures that functions may only be delegated to very senior officers within ASD, and clarifies the position in relation to ASIS.

Schedule 12 - Authorities of other countries

Intelligence Services Act 2001

Overview

306. The IS Act currently includes the term 'authority of other country' which is not defined.

307. This Schedule provides that for a body to be an 'authority, of another country' for the purposes of the IS Act, it is not required that the body be established by a law of the country or be connected with an internationally recognised government of a country. This amendment does not introduce a comprehensive definition of the term; whether a body is an authority of another country will still need to be considered on a case-by-case basis.

308. This amendment is designed to displace any assumption that for a body to be an 'authority' it would need to be established by a law of the country or be connected to, or controlled by, the internationally recognised government of the country. It clarifies that bodies can be authorities of other countries where they are, or are connected to, bodies that have effective control over all or part of another country. This could occur in situations where the internationally recognised government of a country is disputed, disrupted or not in control of the whole of its territory.

309. For a body to be an 'authority', a body generally needs to be performing or purporting to perform one or more traditional functions of government, and exercising its powers for a public, rather than private purpose. It is unnecessary for the body in question to possess coercive powers, whether of an administrative or legislative character. For example, law enforcement, immigration control, the maintenance of security and intelligence gathering are functions that are traditionally performed by governments. This means that agencies can cooperate with bodies who are themselves performing those functions (such as a security agencies), and bodies who are directing the performance of those functions (such as a government or governing authority). This also means that, in a circumstance where a government may have temporarily lost power in its country (for example, where a government has been removed by a coup) agencies can continue to cooperate with authorities of that country, provided that the authority is still capable of performing a relevant governmental function, such as an intelligence or security function.

310. The amendment affects the interpretation of the term as it appears throughout the IS Act, such as at paragraph 6(1)(d), subsection 11(2AA), paragraph 13(1)(c) and subsection 42(2).

Item 1 - Section 3

311. This item inserts "(1)" before "In this Act" at the beginning of section 3. The effect of this is to split existing section 3 into two subsections 3(1) and 3(2). Subsection 3(2) is introduced by Item 3 of this Schedule.

Item 2 - Subsection 3(1)

312. This item provides that the term 'authority, of another country' has a meaning affected by subsection 3(2) as introduced by Item 3 of this Schedule.

Item 3 - At the end of section 3

313. This item inserts new subsection 3(2). Subsection 3(2) provides that, for the purposes of determining whether a body is an authority of another country, as defined in subsection 3(1), it does not matter whether the body is established by a law of the country, or whether the body is connected with an internationally recognised government of the country. This clarifies that authorities of other countries includes authorities in circumstances where the traditionally recognised government of the country is disputed, disrupted or not in control of the whole of its territory.

Schedule 13 - ASIO authorisations

Australian Security Intelligence Organisation Act 1979

Telecommunications (Interception and Access) Act 1979

Overview

314. This Schedule implements recommendations 36, 37 and (as it pertains to ASIO warrants) 103 of the Comprehensive Review, which found that:

•: the ASIO Act should be amended to clarify the permissible scope of a class of persons approved to exercise the authority conferred by a warrant, and that additional record keeping requirements should apply to the exercise of that authority, and
•: that similar provisions should be contained in a new electronic surveillance act, including in relation to ASIO's telecommunication interception powers. This schedule amends the corresponding provisions in the TIA Act to allow for consistency in approach for ASIO warrants across the ASIO Act and TIA Act and to improve administrative efficiency in relation to the exercise of authority conferred by a warrant.

315. Under subsection 24(2) of the ASIO Act, the Director-General of Security, or a senior position-holder appointed by the Director-General of Security under subsection 24(3), may approve a person or class of persons to exercise the authority conferred by a relevant warrant or relevant device recovery provision under the ASIO Act. A relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.

316. The ASIO Act does not specify whether subsection 24(2) accommodates an expansion to a class of persons subsequent to such an approval being made. Such a situation may arise if, for example, the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular computer access warrant and, subsequent to that approval being given, an additional position is created in that Branch-the Act does not specify whether that additional position, which would fall within the scope of the class approved by the Director-General of Security, may exercise the authority conferred by the warrant.

317. The Schedule amends section 24 of the ASIO Act to clarify that where the Director-General of Security, or a senior position-holder appointed by the Director-General of Security, approves a person or class of persons occupying, holding or performing the duties of an office or position to exercise the authority of a relevant warrant or relevant device recovery provision, the approval extends to an office or position that comes into existence after the approval is given. This means that new staff members who join an approved class, after the moment of approval, will be able to exercise the authority conferred by the warrant or provision.

318. Section 12 of the TIA Act provides that the Director-General of Security, or an 'authorising officer' appointed by the Director-General of Security, may approve persons to exercise the authority, on behalf of ASIO, conferred by a Part 2-2 warrant. An 'authorising officer' is an ASIO employee or ASIO affiliate appointed by the Director-General of Security.

319. The Schedule also amends section 12 of the TIA Act to make clear the Director-General of Security, or an 'authorising officer', can approve a class of persons to exercise the authority conferred by a Part 2-2 warrant. As with section 24 of the ASIO Act, the amendments clarify that, under section 12 of the TIA Act, where the Director-General of Security, or an 'authorising officer', approves a person or a class of persons holding, occupying or performing the duties of an office or position to exercise the authority conferred by a warrant, the approval extends to an office or position that come into existence after the approval is given. The amendments will not enable the approval of a 'self-executing' class, such as approving 'any officer working on Operation A from time to time'.

320. The Schedule also introduces a requirement that the Director-General of Security must cause records to be kept of the person or persons who exercise authority under a relevant warrant or relevant device recovery provision under the ASIO Act and a Part 2-2 warrant under the TIA Act.

Item 1 - After subsection 24(2)

321. Item 1 adds new subsections 24(2A) and 24(2B) to section 24 of the ASIO Act to clarify the permissible scope of a class of persons approved by the Director-General of Security, or a senior position-holder appointed by the Director-General of Security under subsection 23(3), to exercise the authority conferred by a relevant ASIO warrant or relevant device recovery provisions.

322. New subsection 24(2A) clarifies that where the Director-General of Security, or a senior position-holder appointed by the Director-General of Security, approves a person or class of persons, holding, occupying or performing the duties of an office or position, to exercise the authority conferred by a relevant warrant or relevant device recovery provision, such an approval extends to such an office or position that comes into existence after the approval is made.

323. This amendment is intended to clarify, for the avoidance of doubt, that where the Director-General of Security has approved a person or a class of persons to exercise the authority conferred by the relevant warrant or relevant provision by reference to particular offices or positions and, subsequent to the giving of that approval, a new office or position comes into existence that falls within the description of the approved person or class, the approval extends to that new office or position. For example, if the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular computer access warrant and, subsequent to that approval being given, an additional position is created in that Branch, the approval would extend to that additional position.

324. This would also apply where the approval was for a person in a position where that position was anticipated but not yet created. For example, if a new taskforce was being established, and it was intended to give the head of the taskforce the authority to execute the authority conferred by a warrant, this would enable the authorisation to be given before the taskforce was formally established.

325. New subsection 24(2B) provides that new subsection 24(2A) does not, by implication, affect the interpretation of any other provision of the ASIO Act.

Item 2 - After subsection 24(3)

326. Item 2 adds new subsection 24(3A) to section 24 of the ASIO Act to introduce a record keeping requirement concerning all persons who exercise the authority conferred by a relevant warrant or relevant device recovery provision. A relevant warrant is a warrant issued under Division 2 or Division 3 of the ASIO Act. A relevant device recovery provision is a provision listed in section 24(4) of the ASIO Act.

327. The provision requires that the Director-General of Security must, as soon as is practicable after authority is exercised under a relevant warrant or relevant device recovery provision, cause one or more written records to be made identifying each person who exercised that authority.

328. The record keeping requirement captures those people who actually exercise the authority conferred by a relevant warrant or relevant device recovery provision, rather than all persons who are approved to exercise authority under the warrant or provision. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or persons who undertake activities that exercise the authority of the warrant and not the particular power that was exercised by the person pursuant to the warrant. The written record or records, which may be automatically generated, must carry the name of each person or persons who exercises the authority of the warrant, or identifiers which enable the Director-General of Security to identify each person who exercises the authority of the warrant (or some combination of both). Identifiers may include position numbers, job titles, government identification numbers or other unique descriptors from which the Director-General of Security could positively identify a person.

Item 3 - Section 12

329. Item 3 amends section 12 of the TIA Act by inserting "(1)" before the wording "The Director-General". The effect of this is to convert section 12 into subsection 12(1) in order to allow for the addition of new subsections 12(2) to 12(4) as introduced by Item 5 of this Schedule.

Item 4 - Subsection 12(1)

330. Item 4 amends subsection 12(1) of the TIA Act, as amended by Item 3 of this Schedule, by inserting ", or class of persons" after the wording "approve any persons". The effect of this is to make clear the Director-General of Security, or an 'authorising officer', can approve a class of persons to exercise the authority, on behalf of ASIO, conferred by a Part 2-2 warrant. An 'authorising officer' is an ASIO employee or ASIO affiliate appointed by the Director-General of Security.

Item 5 - At the end of section 12

331. Item 5 adds new subsections 12(2), (3) and (4) to section 12 of the TIA Act to clarify the permissible scope of a class of persons approved by the Director-General of Security, or an 'authorising officer' appointed by the Director-General of Security, to exercise the authority conferred by a Part 2-2 warrant, and to introduce a record keeping requirement concerning all persons who exercise the authority of such a warrant.

332. New subsection 12(2) clarifies that where the Director-General of Security, or an 'authorising officer', approves a person or a class of persons, holding, occupying or performing the duties of an office or position, to exercise the authority conferred by a Part 2-2 warrant, such an approval extends to such an office or position that comes into existence after the approval is made.

333. This amendment is intended to clarify, for the avoidance of doubt, that where the Director-General of Security has approved a person or a class of persons to exercise the authority conferred by a warrant by reference to particular offices or positions and, subsequent to the giving of that approval, a new office or position comes into existence that falls within the description of the approved person or class, the approval extends to that new office or position. For example, if the Director-General of Security has approved ASIO employees and ASIO affiliates in a particular Branch to exercise the authority conferred by a particular Part 2-2 warrant and, subsequent to that approval being given, an additional position is created in that Branch, the approval would extend to that additional position.

334. This would also apply where the approval was for a person in a position where that position was anticipated but not yet created. For example, if a new taskforce was being established, and it was intended to give the head of the taskforce the authority to execute the authority conferred by a warrant, this would enable the authorisation to be given before the taskforce was formally established.

335. New subsection 12(3) provides that new subsection 12(2) does not, by implication, affect the interpretation any other provision of the TIA Act.

336. New subsection 12(4) introduces a record keeping requirement concerning all persons who exercise the authority conferred by a Part 2-2 warrant. The provision requires that the Director-General of Security, as soon as is practicable after authority is exercised under a Part 2-2 warrant, cause one or more written records to be made, identifying each person who exercised that authority.

337. The record keeping requirement captures those people who actually exercise the authority conferred by a warrant, rather than all persons who are approved to exercise the authority conferred by the warrant. That is, there is no requirement to record who is in an approved class, beyond making the approval itself. Further, the record keeping requirement only captures the person or people who undertake activities that exercise the authority conferred by the warrant and not the particular power that was exercised by the person pursuant to the warrant. The written record or records, which may be automatically generated, must carry the name of each person or persons who exercises the authority of the warrant, or identifiers which enable the Director-General of Security to identify each person who exercise the authority of the warrant (or some combination of both). Identifiers may include position numbers, job titles, government identification numbers or other unique descriptors from which the Director-General of Security could positively identify a person.

338. The amendments in items 3 to 5 are consistent with the amendments to the ASIO Act in items 1 and 2.

Item 6 - Application of amendments

339. Item 6 provides the application and saving provisions for subsections 24(2A) and 24(3A) of the ASIO Act, as introduced by items 1 and 2 of this Schedule, subsection 12(1) of the TIA Act, as amended by items 3 and 4 of this Schedule, and subsections 12(2) and 12(3) of the TIA Act, as introduced by item 5 of this Schedule.

340. New subsection 24(2A) of the ASIO Act applies to approvals given after the commencement of this Schedule to exercise authority conferred by a relevant warrant or relevant device recovery provision relating to a warrant issued before or after that commencement. That is, the clarified interpretation of the permissible scope of a class of persons approved to exercise the authority conferred by a relevant warrant or relevant device recovery provision applies only to approvals made after the commencement of this Schedule. However, such an approval can be made in relation to a relevant warrant, or relevant device recovery provision relating to a relevant warrant, issued before or after the commencement of this Schedule.

341. New subsection 24(3A) of the ASIO Act applies in relation to the exercise by a person, after the commencement of this Schedule, of authority conferred by a relevant warrant or relevant device recovery provision, whether or not approval for the person to exercise the authority was given before or after that commencement, or whether the warrant or provision to which the authority relates was issued before or after that commencement. That is, the new record keeping requirement capturing those persons who exercise authority under a relevant warrant or relevant device recovery provision applies only to authority exercised after the commencement of this Schedule. However, the requirement applies in relation to warrants, or relevant device recovery provisions relating to a relevant warrant, issued, and approvals to exercise authority that are given, before or after the commencement of this Schedule.

342. Amended subsection 12(1) and new subsection 12(2) of the TIA Act apply to approvals given after the commencement of this Schedule, to exercise authority conferred by a warrant issued before or after that commencement. That is, the ability of the Director-General of Security, or an 'authorising officer', to approve a class of persons to exercise the authority of under a Part 2-2 warrant and the interpretation of the permissible scope of that class of persons apply only to approvals made after the commencement of this Schedule. However, such an approval can be made in relation to a warrant issued before or after the commencement of this Schedule.

343. New subsection 12(3) of the TIA Act applies in relation to the exercise by a person, after the commencement of this Schedule, of authority conferred by a warrant, whether or not approval for the person to exercise the authority was given before or after that commencement, or whether the warrant to which the authority relates was issued before or after that commencement. That is, the new record keeping requirement capturing those persons who exercise the authority conferred by a Part 2-2 warrant applies only to authority exercised after the commencement of this Schedule. However, the requirement applies in relation to warrants that are issued, and approvals to exercise authority that are given, before or after the commencement of this Schedule.

Schedule 14 - Amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018

Intelligence Services Act 2001

Overview

344. This Schedule makes several technical amendments to correct a referencing error and a minor omission in the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018.

Item 1 - Subsections 9(4) and 10(1A)

345. This item makes a minor amendment to correct an omission in the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018 to ensure that there is an appropriate time limit on all ministerial authorisations issued under section 9 of the IS Act or renewed under section 10 of the IS Act. This ensures consistency with the ministerial authorisation framework under the IS Act.

Items 2 and 3 - Subsection 13(5)

346. These items amend subsection 13(5) of the IS Act by substituting 'this section' with 'subsection (4)' and substituting 'section (4)' with 'that subsection'. This is to correct a referencing error. The Director-General of ASD is required to provide a report about any significant cooperation occurring under subsection 13(4).

View full documentBack to top

Individuals online services

Business online services

Agents online services

Non-residents online services

Foreign Investor

Notes on Clauses

Preliminary

Schedule 1 - Emergency authorisations

Schedule 2 - Authorisations relating to counter-terrorism

Schedule 3 - Authorisations for activities in support of the Australian Defence Force

Schedule 4 - Authorisations for producing intelligence on Australians

Schedule 5 - ASIS cooperating with ASIO

Schedule 6 - AGO Cooperating with authorities of other countries

Schedule 7 - ONI cooperating with other entities

Schedule 8 - Suspension of travel documents

Schedule 9 - Online activities

Schedule 10 - Privacy

Part 1 - Privacy rules of ASIS, AGO and ASD

Part 2 - Privacy rules of DIO

Part 3 - Privacy rules of ONI

Part 4 - Contingent amendments

Schedule 11 - Assumed identities

Schedule 12 - Authorities of other countries

Schedule 13 - ASIO authorisations

Schedule 14 - Amendments related to the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018

Tools

Tax information for

Help and support