13 February 2018

Our reference: D2018/001492

Mr Andrew Hastie MP
Chair
Parliamentary Joint Committee on Intelligence and Security
Parliament House
Canberra ACT 2600

Dear Mr Hastie

Parliamentary Joint Committee on Intelligence and Security review of National Security Amendment (Espionage and Foreign Interference) Bill 2017

I welcome the opportunity to provide additional comments to the Parliamentary Joint Committee on Intelligence and Security (the Committee) during its public consultation on the National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017 and the Foreign Influence Transparency Scheme Bill 2017.

My comments in this supplementary submission relate to the secrecy of information offences in Schedule 2 of the National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017 (the Bill). These additional comments arise from evidence provided to the Committee by the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman that raise similar issues for my Office.

Specifically, I am uncertain whether the proposed secrecy offences and defences in Schedule 2 will impact the performance of my functions, as Australian Information Commissioner.[1] To avoid uncertainty about the intended interaction between the proposed secrecy framework and the oversight functions of my Office, I suggest that the proposed defences in section 122.5 of the Bill should include an express reference to the Information Commissioner.

Information Commissioner functions — interaction with the proposed secrecy provisions

I understand that the proposed secrecy offences would make it an offence to communicate, deal with or improperly hold ‘inherently harmful information’ or information that ‘causes harm to Australia’s interests.’[2]

The information that I receive, hold and deal with as Australian Information Commissioner in the course of my functions may include information that is within the definition of ‘inherently harmful information’ and conduct that ‘causes harm to Australia’s interests’. The functions that may be impacted by the proposed secrecy framework in Schedule 2 of the Bill include, but are not limited to:

  • review of Freedom of Information Act 1982 (FOI Act) decisions of agencies and ministers[3]
  • investigate FOI Act complaints[4]
  • investigate acts or practices of entities (including Commonwealth government agencies) that may be an interference with the privacy of an individual[5]
  • receive mandatory notification from entities (including Commonwealth government agencies) about data breaches likely to cause serious harm to individuals[6]
  • conduct assessments of entities’ compliance with requirements for protecting personal information under the Privacy Act 1988 (Privacy Act)[7]
  • do all things necessary or convenient to be done for, or in connection with, the performance of the Commissioner’s functions under the Privacy Act[8]
  • conduct assessments of telecommunications carriers and carriage service providers’ compliance with record keeping requirements under the Telecommunications Act 1997.[9]

To ensure that my Office can continue to exercise its oversight functions under the FOI Act, the Privacy Act and other laws, the Bill should make clear that the proposed secrecy offences in Schedule 2 do not apply in circumstances involving the exercise of my functions, duties or powers.

Proposed defence — limited scope of ‘in the course of officer duties’

I am unsure whether the defence proposed in section 122.5(1) — available to Commonwealth officers and others performing work for Commonwealth entities — will enable the proper exercise of my functions, duties and powers. I understand that the proposed defence, ‘is narrow and only applies to conduct that is specifically justified or excused by a law’.[10]

The application of the proposed defence in section 125.5(1) to the exercise of my functions is made more uncertain by inclusion of a proposed defence in section 122.5(3),[11] relating to communication of information to certain oversight bodies. As the Explanatory Memorandum states:

It is intended that the general secrecy offences should in no way impinge on the ability of the Inspector-General, the Ombudsman, or the Integrity Commissioner, or their staff, to exercise their powers, or to perform their functions or duties. These officials are typically entitled to access any information in the course of performing their functions and duties, reflecting the paramount importance of effective oversight of the intelligence community, law enforcement agencies and the public service.[12]

I suggest that a similar defence be included in the Bill to ensure that my Office can continue to exercise its important oversight responsibilities. However, I note that in submissions to the Committee, the Inspector-General of Intelligence and Security[13] and the Commonwealth Ombudsman[14] raised some concerns about the scope of the proposed defence in section 122.5(3). I understand that these concerns relate to whether the proposed defence provides adequate protection to persons who communicate information to an oversight body in good faith, including when handling information prior to ‘communicating’ the information, and I share these concerns.

If you wish to discuss any of these matters further, please contact Sophie Higgins, Director, Regulation and Strategy, on [contact details removed].

Yours sincerely

Timothy Pilgrim PSM
Australian Information Commissioner
Australian Privacy Commissioner

13 February 2018

Footnotes

[1] The Information Commissioner’s functions are set in the previous submission to the Committee dated 23 January 2018.

[2] See s 121.1 (Definitions), s 122.1 (Inherently harmful information), and s 122.2 (Conduct causing harm to Australia’s interests) of the Bill.

[3] See ss 8(h), 10(2), 11(3) and 12(3) of the Australian Information Commissioner Act 2010 (AIC Act).

[4] See ss 8(i), 10(2), 11(3) and 12(3) of the AIC Act.

[5] See s 9 of the AIC Act and s 40 of the Privacy Act 1988 (Privacy Act).

[6] Part IIIC of the Privacy Act (commencing from 22 February 2018).

[7] See s 9 of the AIC Act and s 33C of the Privacy Act.

[8] See s 27(2) of the Privacy Act.

[9] See s 309 of the Telecommunications Act.

[10] Explanatory memorandum at paragraph 1612.

[11] Proposed section 122.5(3) provides:

It is a defence to a prosecution for an offence by a person against this Division relating to the communication of information that the person communicated the information:
  1. to any of the following:
    1. the Inspector-General of Intelligence and Security, or a person engaged or employed to assist the Inspector-General as described in subsection 32(1) of the Inspector-General of Intelligence and Security Act 1986;
    2. the Commonwealth Ombudsman, or another officer within the meaning of subsection 35(1) of the Ombudsman Act 1976
    3. the Law Enforcement Integrity Commissioner, a staff member of ACLEI, or a consultant to, or a person made available to, the Integrity Commissioner under the Law Enforcement Integrity Commissioner Act 2006; and
  2. for the purpose of the Inspector-General, the Ombudsman or the Law Enforcement Integrity Commissioner (as the case requires) exercising a power, or performing a function or duty

[12] At paragraph 1625.

[13] Submission of the Inspector General of Intelligence and Security dated 22 January 2017 (pp3-4), available at https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/EspionageFInterference/Submissions

[14] Submission of the Commonwealth Ombudsman dated 22 January 2017 at pp3-4, available at https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/EspionageFInterference/Submissions