The 2017 review of intelligence: the legislative angle
5 Aug 2017|

In my previous post on the recently released 2017 Independent Intelligence Review, I promised to come back to the subject of oversight. But before we get to that, it’s important to understand the legislative framework under which oversight will take place. (Thus this series of posts now becomes a trilogy.)

As I noted earlier, implementing the organisational changes recommended by the review will entail making a number of legislative changes. In particular, the Office of National Intelligence will require a new legislative instrument in order to subsume the Office of National Assessments, which currently operates under the ONA Act. And putting the Australian Signals Directorate on a statutory footing will require—at least—a modification to the Intelligence Services Act.

But the review has much more to say about the legislative basis for the activities of the Australian intelligence community (AIC). In particular, there’s an entire long and thoughtful chapter devoted to the subject. I’ll try to summarise what I see as the most important points, as well as discussing some questions that it raised in my mind, but I’d encourage interested readers to take the time to read chapters 6 and 7 of the review in full.

Chapter 6 of the review begins with a survey of the existing raft of legislative instruments. It observes that the current framework has evolved over time, and that the net result is a less than cohesive combination of enduring principles and ad hoc provisions that cater for changes in the composition of the AIC and the external threat environment. The authors ultimately recommend an end-to-end review of the legislative basis for the AIC:

We recommend a comprehensive review of the Acts governing Australia’s intelligence community be undertaken to ensure agencies operate under a legislative framework which is clear, coherent and contains consistent protections for Australians.

That’s a sensible recommendation, and it’s something that should probably happen every 20 years or so. There are enduring principles that should always be reflected in a democracy’s intelligence-related legislation, but technological and societal changes can render the specifics of even well-crafted legislation unworkable over time. The difficulties of dealing with modern encryption technologies under an interception framework based on the 1970s-vintage Telecommunications Interception Act are a case in point (here and here).

A review of nine major pieces of interrelated legislation won’t be something that happens on a timescale of weeks or even months. So the review also makes some recommendations about changes that could be made to existing laws to streamline processes and remove unnecessary (and often unanticipated) impediments to AIC activities. Most of the recommendations are sensible and unremarkable. For example, when two AIC agencies are cooperating on an activity, the review recommends that they be authorised to raise a joint request for a ministerial authorisation, rather than one each, as is currently the case—even when the requests go to the same minister (paragraph 6.60).

Less uncontroversial are some of the proposals for changes to the ability of AIC agencies to collect intelligence related to Australians. That is the essential tension in the practice of intelligence in a democracy, and so any proposals for change require rigorous justification, and the public is owed a clear explanation. That said, I don’t think too many people would object to the notion of ‘inferred consent’ (paragraph 6.46) of Australians in extremis. For example, I think most of us would want Australian authorities to act without delay if we were kidnapped by pirates or a terrorist group. The proposed change would allow the AIC to get to work immediately, without going through an authorisation process.

I’m less convinced of the review’s argument that no authorisation should be needed retrospectively in cases of inferred consent. After all, the case ought to be a slam dunk, and I don’t think there’s any reason not to keep the bar high for protecting Australians’ rights.

In fact, the review shows a commendable respect for existing protections of Australians. For example, it considers the proposition that the degree of intrusiveness of AIC activity on individuals could form the basis for deciding whether a ministerial authorisation is needed. The authors rightly conclude that it should not (paragraph 6.39):

Using intrusiveness as a defining principle could basically limit [Ministerial authorisations] to activities overseas that would require a warrant if conducted in Australia. This would mean most of ASIS’s current activities to produce intelligence against an Australian would not need an authorisation at the Ministerial level. We are of the view that this approach would diminish the rights of Australian persons in an unacceptable way.

One point on which I’m not entirely convinced (at least based on the detail provided in the unclassified review report) is the section titled ‘Class Authorisations – Australians Involved with Terrorist Groups’ (paragraphs 6.30–6.35). The proposed change concerns Australians ‘whose involvement with terrorist organisations proscribed by the Attorney-General under the Criminal Code constitutes a threat to national security’. So far, so good, but what does ‘involvement with’ mean? That’s important, because we are told that class authorisations are needed because they ‘would allow the [Intelligence Services Act] agencies to respond quickly to developing threats from previously unidentified individuals, a more common occurrence now with the emergence of “lone wolf” attackers’.

But ‘lone wolf’ attackers have only loose affiliations with terrorist groups, almost by definition. To sign up to such a proposal, I’d want to know where the threshold for involvement is set—does someone have to self-identify as a member of ISIS, for example, or would visiting an ISIS website be enough for inclusion in the class? What if someone posts online supports for the religio-political ideal of a caliphate, but gives no indication of crossing the line into violent activity?

All changes to intelligence-related legislation inevitably involve balancing freedoms and security. The devil is always in the detail, and the review’s recommendations are yet to be translated into draft laws. Regardless of whether the proposed major review takes place, the Independent National Security Legislation Monitor is going to have a lot of work to do!