Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2022-2023
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
HOUSE OF REPRESENTATIVES
AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION AMENDMENT
BILL 2023
REPLACEMENT EXPLANATORY MEMORANDUM
(Circulated by authority of the Minister for Home Affairs,
the Honourable Clare O'Neil MP)
THIS MEMORANDUM REPLACES THE EXPLANATORY MEMORANDUM
PRESENTED TO THE HOUSE OF REPRESENTATIVES ON 29 MARCH 2023
AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION AMENDMENT
BILL 2023
This replacement Explanatory Memorandum:
• implements recommendations of the Parliamentary Joint Committee on
Intelligence and Security's Advisory Report on the Bill tabled on 13 June 2023;
• responds to concerns raised by the Senate Standing Committee for the Scrutiny of
Bills in Scrutiny Digest No. 5 of 2023, dated 10 May 2023;
• includes a range of other updates for clarity and accuracy.
GENERAL OUTLINE
The Australian Security Intelligence Organisation Amendment Bill 2023 (the Bill)
contains a suite of amendments to:
• uplift and harden Australia's highest-level of security clearance in response to the
unprecedented threat from espionage and foreign interference confronting
Australia, and
• drive shared initiatives and investments that improve interoperability and burden
sharing as the Australian Government delivers critical national security
capabilities.
The Bill would enable the Australian Security Intelligence Organisation (ASIO) to
implement a consistent approach to issuing, maintaining and revoking Australia's
highest-level security clearances that ensures Australia's most sensitive information,
capability and secrets remain protected. This would reduce the risk of compromise of
trusted insiders, maximise the utility derived from shared services, improve the mobility
and agility of our highest-cleared workforce and ensure the ongoing confidence of our
most trusted allies.
ASIO would become centrally responsible for issuing and maintaining Australia's
highest-level security clearances. Over time, those security clearances would replace
Positive Vetting (PV) security clearances, and the PV operations of those vetting agencies
presently authorised under the Commonwealth's Protective Security Policy Framework
(PSPF) would be transitioned to ASIO.
Centralising Australia's highest-level clearance in ASIO would leverage ASIO's security
intelligence functions, holdings and capabilities to allow a holistic assessment of a
person's suitability to hold a security clearance, having regard to the most current and
accurate information about the security threats confronting Australia. ASIO's analysts
assess all available information, and use structured analytical techniques to test, retest and
contest their assumptions - providing an integrated, single repository of information about
security clearance holders and therefore better enabling sponsors to responsibly manage
their clearance holders.
2
The Bill would enable the operations of the Quality Assurance Office (QAO) in the Office
of National Intelligence (ONI) that independently assures the quality, consistency and
transferability of Australia's highest-level security clearances, and drives the uplift of the
insider threat capability for the sponsors of such security clearances across the
Commonwealth.
Oversight and accountability are critical. The Bill would introduce an internal and external
merits review framework, as well as an independent review mechanism, that would
provide affected persons with an avenue to appeal security clearance decisions and
security clearance suitability assessments made by ASIO. The protection of sensitive
capabilities and operations is also critical. For this reason, the Bill includes exceptions to
the review rights proposed to balance safeguards for individuals with security
considerations, as ASIO assesses that espionage and foreign interference is Australia's
principal security concern.
In his 2023 Annual Threat Assessment, the Director-General of Security noted that more
Australians are being targeted for espionage and foreign interference than at any time in
Australia's history. It is critically important that in this context we ensure the
Commonwealth's most privileged information, capabilities and secrets are protected. This
recognises the importance of putting in place sufficient controls for the highest-level of
security clearances that ensures sophisticated adversaries do not gain insights into the
policies, procedures and thresholds used to determine an individual's suitability to access
Australia's most privileged information, capabilities and secrets.
ASIO would continue to be overseen by the Inspector-General of Intelligence and Security
(IGIS), who has powers akin to a Royal Commission. The IGIS reviews ASIO's activities
to ensure the Organisation acts legally and with propriety, complies with ministerial
guidelines and directives and respects human rights.
New security vetting and clearance functions for ASIO
The Bill would amend the Australian Security Intelligence Organisation Act 1979 (ASIO
Act) to introduce a new function and a new Part IVA into the ASIO Act, providing ASIO
with new security vetting and security clearance functions, including:
• to make security clearance decisions for ASIO and non-ASIO personnel alike;
• to undertake security vetting to assess a person's suitability to hold a security
clearance, and vetting and assessing suitability on an ongoing basis;
• to communicate with a sponsoring agency for a security clearance in relation to the
ongoing suitability of a person to hold the security clearance - this would enable a
free flow of information to enable a stronger and more effective partnership and
shared responsibility between the vetting authority and the insider threat
capabilities of the agencies that sponsor clearance holders;
• to furnish security clearance suitability assessments (SCSA)--this replaces, but is
consistent with, the existing framework in Part IV of the ASIO Act whereby ASIO
currently provides security assessments to inform other vetting agencies for the
purposes of those agencies making security clearance decisions at any level; and
3
• to assume responsibility for a security clearance that has been granted to a person
by another security vetting agency.
These reforms are necessary as ASIO's current functions in subsection 17(1) of the ASIO
Act are limited to providing advice, and do not extend to making security clearance
decisions for non-ASIO employees. In providing ASIO with these new functions, the Bill
would not limit the capacity of any other authority of the Commonwealth to undertake
such activities.
Facilitating information sharing and the maintenance of security clearance holders
The reforms in the Bill would enable ASIO and security clearance sponsors to share
information more freely about a person's suitability to hold a security clearance. This in
turn would enable an integrated, single repository of information about security clearance
holders, freeing sponsors to responsibly manage their clearance holders. This is critical to
enabling the ongoing, rather than point-in-time, validation of an individual's suitability for
a security clearance.
Part IV of the ASIO Act prohibits Commonwealth agencies from taking permanent
prescribed administrative action (e.g. taking action involving restricting access to
information or places controlled on security grounds) on the basis of ASIO advice, unless
that advice is a security assessment (section 39 of the ASIO Act). Subject to limited
exceptions, prejudicial security assessments are reviewable in the Administrative Appeals
Tribunal (AAT).
The restrictions in Part IV affect a clearance sponsors' ability to rely on advice from ASIO
to proactively manage insider threats and other risks. This makes it more difficult for
ASIO and clearance sponsors to deal with security threats as and when they arise. As
changes in an individual's suitability go unreported risks accumulate. Periodic revalidation
not supported by a continuous exchange of clearance suitability information makes the
aggregate of individual unreported changes more difficult to manage, and may in extreme
cases result in a clearance subject being found no longer suitable only after a significant
risk has materialised.
For this reason, new section 36A would disapply the operation of Part IV of the ASIO Act,
to the extent it relates to the exercise or performance of a power or function under
Part IVA. This section makes it clear that ASIO's communications under the new
Part IVA would not be subject to the security assessment regime in Part IV of the ASIO
Act, and Commonwealth agencies would not be subject to the prescribed administrative
action prohibition in section 39.
The removal of the current Part IV prohibition on taking prescribed administrative action
reflects the consent-based nature of the security clearance process - that is, applications
for a security clearance are voluntary, and applicants give clear and informed consent to
the collection and use of personal information by the Commonwealth to determine
individual suitability to hold a security clearance and to maintain that clearance over time.
4
The Bill also makes clear that it is ASIO's responsibility to determine a person's
suitability to hold a security clearance on security grounds in respect of information
communicated by ASIO under Part IVA, which would advise on a clearance holder's
suitability to hold a security clearance not their employment suitability. It is the
responsibility of a Commonwealth agency to determine the suitability, on employment
grounds, of a person to be employed by that agency. Clearance holders may have recourse
against their Commonwealth security clearance sponsor, should that employer act against
the clearance holder on the basis of ASIO advice under the new Part IVA. Such sponsors
would still be required to follow the usual requirements of procedural fairness, and could
be subject to unfair dismissal or other causes of action were they to take unlawful action
based on ASIO's advice.
Critically, the Bill would also introduce a wholly new review framework for persons
adversely affected by a prejudicial SCSA (PSCSA) or security clearance decision, as
described below.
Internal, independent and external merits review for ASIO assessments and decisions
While the Bill would disapply the operation of Part IV, including review rights for
prejudicial security assessments, the Bill would also introduce a new framework providing
for review of ASIO SCSAs and ASIO security clearance decisions.
Part IVA of the Bill would introduce a right to external merits review for the subject of a
PSCSA furnished to a security vetting agency subject to limited exceptions. A PSCSA is
an SCSA that contains information about a person that would or could be prejudicial to a
security clearance decision about the person. PSCSAs from ASIO to other authorised
vetting agencies will be reviewable in the AAT. This means PSCSAs relating to
Australian Intelligence Community (AIC) staff would (unless an exception applied) be
reviewable in the AAT, which is not presently the case in relation to Part IV security
assessments.
Exceptions to review rights for PSCSAs apply to persons engaged, or proposed to be
engaged, for employment outside Australia for duties outside Australia, who are either not
Australian citizens, or (regardless of whether they are Australian citizens) not normally
resident in Australia, similar to the existing exception in s 36(1)(a) of the ASIO Act. In
addition, persons subject to a conclusive certificate issued by the Minister for Home
Affairs will also not be able to seek external merits review.
The Bill would also introduce a safeguard to ensure that other Commonwealth security
vetting agencies can only make security clearance decisions on the basis of ASIO
information if it is in the form of a SCSA, which is externally merits reviewable if it
would or could be prejudicial to a security clearance decision in respect of a person.
For ASIO's new function of issuing security clearance decisions for both ASIO and
non-ASIO personnel, the Bill would introduce a new framework providing for both
internal and external merits review as follows:
5
1. Internal review: all affected persons would have access to a new statutory framework
for internal merits review within ASIO of security clearance decisions to deny, revoke,
or impose or vary certain conditions upon, a security clearance, except for persons
engaged, or proposed to be engaged, for employment outside Australia for duties
outside Australia, who are either not Australian citizens, or (regardless of whether they
are Australian citizens) not normally resident in Australia.
2. Independent review: a person may seek review of a decision made on internal review
by an independent person appointed by the Attorney-General, if the person is not
eligible for external merits review in the AAT because they are not an existing security
clearance holder or Commonwealth employee.
3. External review: all existing security clearance holders and Commonwealth employees
as defined in the Bill, including AIC staff members, would have access to external
merits review in the AAT except for:
• persons engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia, who are either not Australian citizens, or (regardless of
whether they are Australian citizens) not normally resident in Australia. This
reflects the existing exception in s 36(1)(a) of the ASIO Act; and
• persons subject to a conclusive certificate issued by the Minister for Home Affairs
preventing external merits review.
In practice, this means that individuals who do not already hold a security clearance, and
who are not already Commonwealth employees as defined in the Bill, would not have
rights to seek external merits review, but would instead have access to an alternative
independent review mechanism.
The rationale for limiting external review rights to existing security clearance holders or
Commonwealth employees as defined in the Bill is in response to the complex,
challenging and changing security environment that is confronting Australia. The threat to
Australians from espionage and foreign interference is higher than at any time in
Australia's history. In this context, the threats posed are higher for new applicants who do
not yet have a sufficient understanding of their security obligations or have not
participated in security awareness training and are therefore less able to manage these
threats. New applicants also bring a lower level of assurance, in that do not have an
existing track record as a Commonwealth employee. It is therefore appropriate that these
applicants instead have access to independent review of prejudicial security clearance
decisions by a reviewer engaged by the Attorney-General, where the risks associated with
threat posed by espionage and foreign interference can be mitigated.
The Bill would also provide a power allowing the Minister for Home Affairs to issue a
conclusive certificate preventing external merits review in respect of a person in
exceptional circumstances, if it would be prejudicial to security to change a security
clearance decision or security clearance suitability assessment, or for the decision or
SCSA to be reviewed.
6
Changes to ONI's functions
The Bill would amend the Office of National Intelligence Act 2018 (ONI Act) to enable
the QAO in ONI to independently assess the quality, consistency, and transferability of the
highest-level of security clearances, and drive the uplift of the insider threat capability of
agencies that sponsor these clearances.
Other amendments
The Bill would amend the Administrative Appeals Tribunal Act 1974 to enable the new
AAT review framework described above. It also makes consequential amendments to the
Inspector-General of Intelligence and Security Act 1986, updating a cross reference to
reflect a change to the ASIO Act.
FINANCIAL IMPACT STATEMENT
No financial impact is expected during the initial operation phase of the National TS-PA
Capability to 30 June 2025. Future financial impacts would be a matter for Government.
COMMON ABBREVIATIONS AND ACRONYMS
Abbreviation or acronym Meaning
AAT Administrative Appeals Tribunal
AAT Act Administrative Appeals Tribunal Act 1975
AFP Australian Federal Police
AGSVA Australian Government Security Vetting Agency
ASIO Australian Security Intelligence Organisation
ASIO Act Australian Security Intelligence Organisation Act 1979
ASIS Australian Secret Intelligence Service
DFAT Department of Foreign Affairs and Trade
IGIS Act Inspector General of Intelligence and Security Act 1986
ONI Office of National Intelligence
ONI Act Office of National Intelligence Act 2018
PSCSA Prejudicial security clearance suitability assessment
QAO Quality Assurance Office
SCSA Security clearance suitability assessment
TS-PA TOP SECRET-Privileged Access
7
Abbreviation or acronym Meaning
TS-PA Authority TS-PA Authority
8
Statement of Compatibility with Human Rights
Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act
2011
Australian Security Intelligence Organisation Act Amendment Bill 2023
This Bill is compatible with the human rights and freedoms recognised or declared in the
international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny)
Act 2011.
Part 1 Overview of the Bill
1. The Australian Security Intelligence Organisation Amendment Bill 2023 (the Bill) amends
the Australian Security Intelligence Organisation Act 1979 (ASIO Act), the Office of
National Intelligence Act 2018 (ONI Act), the Administrative Appeals Tribunal Act 1975
(AAT Act) and the Inspector-General of Intelligence and Security Act 1986 (IGIS Act).
The Bill contains a suite of amendments to uplift and harden Australia's highest-level of
security clearance in response to the unprecedented threat from espionage and foreign
interference confronting Australia.
2. Australia's security environment is complex, challenging and changing. As threats to
Australia evolve, so must Australia's response. In his 2023 Annual Threat Assessment, the
Director-General of Security noted that more Australians are being targeted for espionage
and foreign interference than at any time in Australia's history. It is critically important
that the Australian Government ensures the Commonwealth's most privileged
information, capabilities and secrets are protected. This requires the Australian
Government to out-think and out-manoeuvre its adversaries, expand its capabilities and
sharpen its responses. The Australian Security Intelligence Organisation (ASIO) assesses
that espionage and foreign interference is Australia's principal security concern.
3. The Bill would introduce a new security vetting and security clearance framework into the
ASIO Act. This framework would enable ASIO to become centrally responsible for the
issuing, maintaining and revoking of Australia's highest-level of security clearance (a
function currently performed by the Australian Government Security Vetting Agency,
ASIO, Australian Secret Intelligence Service, Australian Federal Police and Office of
National Intelligence). It would also enable the implementation of a consistent approach
across the Australian Government, which would reduce the risk of compromise of trusted
insiders, maximise the utility derived from shared services in a fiscally constrained
environment, improve the mobility and agility of our highest-security cleared workforce
and ensure the ongoing confidence of our most trusted allies.
4. The Bill would also enable the operations of a Quality Assurance Office (QAO) in the
Office of National Intelligence (ONI), which would be responsible for independently
assuring the quality, consistency and transferability of Australia's highest level security
clearances. The QAO would also drive the uplift of a sponsoring agency's insider threat
capability.
9
5. The key measures in the Bill include:
• a new function and a new Part IVA setting out new security vetting and security
clearance related functions for ASIO, including:
o a new function for ASIO to make security clearance decisions for ASIO and
non-ASIO personnel alike, and conduct security vetting and assessment on
an ongoing basis;
o a new function enabling ASIO as the vetting authority to communicate with
sponsoring agencies in respect of a person who has applied for, or holds, a
security clearance, to enable a stronger and more effective partnership
between ASIO and the sponsoring agencies to enhance their insider threat
capability;
o a new function for ASIO to furnish security clearance suitability
assessments (SCSAs), which may be used by other authorised vetting
agencies to inform their security clearance decisions. This replaces, but is
largely similar to, the existing framework in Part IV of the ASIO Act
whereby ASIO may provide security assessments to security vetting
agencies to inform security clearance decisions by those agencies;
• a safeguard to ensure that other Commonwealth security vetting agencies can only
make a security clearance decision on the basis of ASIO advice that is an SCSA
which, subject to the exceptions set out below, is externally merits reviewable if it
would or could be prejudicial to a security clearance decision in respect of the
person;
• a statutory framework to provide internal merits review of prejudicial security
clearance decisions (i.e. a decision to deny or revoke a security clearance, or to
impose or vary a condition on a security clearance) by ASIO involving a decision-
maker different to the original and, for those persons neither existing clearance
holders nor Commonwealth employees, a further statutory pathway for review by
an independent person appointed by the Attorney-General where external merits
review in the Administrative Appeals Tribunal (AAT) is not available;
• providing consistent rights for external merits review in the AAT to any person
subject to a prejudicial security clearance decision or prejudicial SCSA (PSCSA)
furnished to a security vetting agency, except for:
o persons engaged, or proposed to be engaged, for employment outside
Australia for duties outside Australia, who are either not Australian citizens,
or (regardless of whether they are Australian citizens) not normally resident
in Australia;
o ASIO security clearance decisions in respect of persons who are not
existing security clearance holders or Commonwealth employees; and
o persons subject to a conclusive certificate issued by the Minister for Home
Affairs, which would prevent external merits review in exceptional
circumstances, if it would be prejudicial to security to change a security
clearance decision or SCSA, or for the decision or assessment to be
reviewed.
10
• a new function in the ONI Act to enable a QAO in ONI to independently assess the
quality, consistency, and transferability of the highest-level of security clearances,
and drive the uplift of the insider threat capability of agencies that sponsor these
clearances. ASIO would continue to be overseen by the Inspector-General of
Intelligence and Security (IGIS), which reviews ASIO's activities to ensure it acts
legally and with propriety, complies with ministerial guidelines and directives and
respects human rights.
6. The Bill would also amend the AAT Act to enable the new external merits review
framework described above, and make consequential amendments to the IGIS Act
addressing a cross reference to reflect a change to the ASIO Act.
Part 2 Human rights implications
7. This Bill would engage the following rights under the International Covenant on Civil and
Political Rights (ICCPR):
• the right to a fair hearing in Article 14(1)
• the prohibition on interference with privacy in Article 17
• the right to freedom of expression in Article 19(2)
• the right to equality and non-discrimination in Article 26.
8. The Bill engages the right to work in Article 6 of the International Covenant on
Economic, Social and Cultural Rights (ICESCR).
9. While the Bill would engage a number of rights, the measures in the Bill are all
fundamentally predicated on the consent of the affected persons. That is, applications for a
security clearance are voluntary, and applicants give clear and informed consent to the
collection and use of personal information by the Commonwealth to determine individual
suitability to hold a security clearance and to maintain that clearance over time. The
framework under which those clearance holders would be managed, as set out in the Bill,
would be made publicly available as this legislation would be passed by the Australian
Parliament, providing affected persons with a clear understanding of their rights and
obligations before deciding whether to engage in a security clearance process.
Accordingly, to the extent that the Bill would limit rights, it only does so in respect of
persons who have consented to and voluntarily engaged in the process that so affects them.
The right to a fair hearing
10. Article 14(1) of the ICCPR relevantly provides that all individuals are equal before the
courts and tribunals and, in the determination of their rights and obligations in a suit at
law, for the right to a fair and public hearing before a competent, independent and
impartial court or tribunal established by law.
11
How the ASIO Act currently operates
11. Under existing provisions in Part IV of the ASIO Act, Commonwealth agencies are
prohibited from taking permanent prescribed administrative action - which includes
preventing access to information or places, or performing certain activities, on security
grounds - on the basis of ASIO advice, unless that advice is a security assessment (section
39 of the ASIO Act). Qualified and adverse security assessments are reviewable in the
AAT subject to limited exceptions, including if they relate to:
• the engagement of a non-Australian citizen or a person who does not normally
reside in Australia for duties outside Australia (section 36(1)(a) of the ASIO Act);
or
• the engagement, or proposed engagement, of a person by agencies covered by
section 36(1)(c) of the ASIO Act - ASIO, the Australian Secret Intelligence
Service (ASIS), the Australian Geospatial-Intelligence Organisation (AGO), the
Australian Signals Directorate (ASD), the Defence Intelligence Organisation (DIO)
and ONI.
12. Under the Part IV framework, ASIO may contribute to personnel security vetting relating
to security clearances issued by authorised security vetting agencies by furnishing security
assessments. ASIO may also furnish security assessments unrelated to security vetting and
security clearances, which would not be affected by the reforms proposed in the Bill.
What the Bill would do
13. Proposed section 36A of the Bill would have the effect that Part IV would not apply to
ASIO's new security vetting and security clearance powers and functions under new Part
IVA (with the exception of section 81 of the ASIO Act). This, in conjunction with the new
functions that would be conferred upon ASIO under proposed Part IVA, would enable
ASIO and security clearance sponsors to share information more freely about a person's
suitability to hold a security clearance. This in turn would enable an integrated set of
information about security clearance holders, freeing sponsors to responsibly manage their
clearance holders without the need for a security assessment under Part IV. This is critical
to enabling continuous, rather than point-in-time, validation of an individual's suitability
for a security clearance, and is fundamental to hardening Australia's security clearance
process.
14. Proposed new Part IVA would introduce the ability for ASIO to make security clearance
decisions for ASIO and non-ASIO staff alike, and furnish SCSAs to inform security
clearance decisions by other authorised security vetting agencies.
15. The Bill would establish a right to internal review for ASIO's prejudicial security
clearance decisions (i.e. decisions to deny or revoke a security clearance, or to impose or
vary certain conditions upon a security clearance). Where internal merits review is
available, it must be sought by an affected person before the affected person can seek
external merits review or independent review (for non-Commonwealth employees or
persons who do not hold a security clearance). The Bill would not establish rights to
internal review of SCSAs.
16. The Bill would establish rights to external merits review in the AAT, with limited
exceptions, for both ASIO's:
• PSCSAs (prejudicial SCSAs that contain information that would or could be
prejudicial to a security clearance decision in respect of the person), and
12
• prejudicial security clearance decisions.
17. The Bill would also establish a mechanism for persons who are not Commonwealth
employees and/or who do not hold a security clearance, who would otherwise not have
access to external merits review in the AAT to request review of a prejudicial security
clearance decision by an independent reviewer.
Notification and statements of grounds - security clearance suitability assessments
18. Under Part IVA of the Bill, a person eligible for external merits review in the AAT of a
PSCSA or a prejudicial security clearance decision (to deny or revoke a security clearance,
or to impose conditions on a security clearance) would have certain rights to receive a
statement of grounds (proposed sections 82G, 83A and 83C). The statement of grounds
must include all information relied upon by ASIO in making the PSCSA or prejudicial
security clearance decision. For statements of grounds relating to PSCSAs, the statement
of grounds may exclude information which would, in the opinion of the Director-General
of Security or a person authorised by the Director General, be prejudicial to security
(proposed section 82G) - this reflects existing section 38 of the ASIO Act upon which the
proposed provision is based. The Minister for Home Affairs also has the ability to
withhold from an applicant all or part of the statement of grounds, where disclosure could
prejudice security. The Minister's power to withhold all or part of a statement of grounds
may be delegated, in writing, to an ASIO employee or affiliate who holds or is acting in a
position equivalent or higher than an SES employee.
19. Proposed section 83A would require a security vetting agency to which ASIO has
furnished a PSCSA, to give an affected person notice of the PSCSA and a copy of the
PSCSA. This notice must be accompanied by a statement of grounds. This would assist
the affected person to make an informed decision as to whether to pursue external merits
review and would assist them to support their application in the AAT, or to seek judicial
review. These provisions therefore promote the right to a fair hearing by giving the
affected person an opportunity to respond in the AAT to the facts and information
underpinning the PSCSA, or to inform relevant grounds of judicial review.
20. In the case of external review of a PSCSA, an individual's right to a fair hearing is limited
by proposed section 83A, as a notice of the PSCSA could be withheld from the affected
person if the Minister for Home Affairs or their delegate is satisfied that it is essential to
the security of the nation to do so. Furthermore, under proposed section 83A, if the
Minister considers that it is prejudicial to the interests of security, the Minister would be
able to certify that the statement of grounds for the PSCSA, in full or in part, not be
disclosed to the affected person.
21. While the right to receive notice and the statement of grounds promotes an individual's
ability to support an application to the AAT and judicial review (if this is sought), this
measure limits the right to a fair hearing for those affected persons that only receive a
statement of grounds in part or do not receive a statement of grounds on the basis of
information withheld by the Director-General (under proposed section 82G) or in
accordance with a certificate issued by the Minister for Home Affairs (under proposed
section 83A). However this is necessary in order to protect Australia's national security.
13
22. Preventing an affected person from receiving notice of a PSCSA would impact their
ability to pursue external merits or judicial review to which they are otherwise entitled as
they would not be aware that such an SCSA had been furnished by ASIO. Similarly,
preventing disclosure in full or in part of a statement of grounds in relation to a PSCSA to
an affected person would limit their ability to respond to the claims and findings made in
an assessment in respect of their suitability to hold a security clearance.
23. It is reasonable and necessary to limit rights to a fair hearing by placing limitations on the
right to receive notice of a PSCSA, on information provided in the statement of grounds,
or by withholding the statement of grounds entirely, to ensure that where there are
pressing and substantial national security concerns about the affected person, sensitive
information is not disclosed and able to be used by persons identified as a national security
risk, such as foreign intelligence actors seeking to exploit sensitive information from
Australia's security clearance processes.
Notification and statements of grounds - security clearance decisions
24. The Bill would provide that a person the subject of a prejudicial security clearance
decision (i.e. a decision to deny or revoke a security clearance, or to impose or vary a
condition on a security clearance) must undergo an internal review process within ASIO
before being eligible for external merits review in the AAT.
25. Proposed section 82J would require ASIO to notify an affected person and the sponsoring
agency of a security clearance decision to deny or revoke a security clearance, or to
impose or vary a condition on a security clearance (referred to as an internally reviewable
decision). The notice must provide reasons for the decision and contain prescribed
information concerning the person's right to apply to ASIO for internal review of the
decision. Following notification of an internally reviewable decision, an affected person
can make an application for review of the decision by ASIO under proposed section 82K.
26. Proposed section 82J would further provide that section 25D of the Acts Interpretation Act
1901 does not apply in relation to reasons under proposed subsection 82J(1). Further, the
Director-General may exclude from the reasons material that would be prejudicial to
security or contrary to the public interest. The Director-General may authorise in writing
an ASIO employee or affiliate who holds or is acting in a position equivalent to or higher
than an SES employee to exercise their authority to exclude information from a
notification of reasons.
27. Proposed section 82L would require ASIO to notify a person in writing within 14 days of
an internal reviewer's decision and reasons for the decision so that the affected person
may consider whether to pursue external merits review in a timely manner. If the internal
reviewer's decision is an externally reviewable decision (i.e. a decision to affirm or vary
an internally reviewable decision that would result in a clearance being denied, revoked or
have conditions imposed or varied on the security clearance), the notice must also contain
prescribed information concerning the affected person's right to apply to the AAT for
review of the decision. If the internal reviewer's decision is an independently reviewable
decision under Subdivision C, the notice must also contain prescribed information
concerning the affected person's right to apply to an independent reviewer under that
Subdivision for review of the decision.
14
28. Proposed section 82L would also provide that section 25D of the Acts Interpretation Act
1901 does not apply in relation to reasons under proposed subsection and 82L(5). Further,
the Director-General may exclude from the reasons material that would be prejudicial to
security or contrary to the public interest. The Director-General may authorise in writing
an ASIO employee or affiliate who holds or is acting in a position equivalent to or higher
than an SES employee to exercise their authority to exclude information from a
notification of reasons.
29. Following internal review, if an affected person has made an application for external
merits review of the decision in the AAT and the AAT has given the Director-General of
Security notice of the application (noting that under proposed section 29B of the AAT Act,
the AAT must notify the Director-General when an application is lodged), the Director-
General must provide the affected person with a copy of a statement of grounds as soon as
practicable.
30. Unlike a person the subject of a PSCSA who may receive a statement of grounds when a
PSCSA is furnished, a person the subject of a prejudicial security clearance decision
would only receive a statement of grounds should they make an application to the AAT for
external review. This is because, unlike for PSCSAs, the Bill introduces rights to internal
merits review for prejudicial security clearance decisions which need to be exhausted
before proceeding to external merits review.
31. Proposed section 82J would provide that an affected person in relation to a prejudicial
security clearance decision would always be notified of the decision and their right to seek
internal review by ASIO. However, should the affected person, following internal review,
apply for external review in the AAT, proposed section 83C allows the Director-General
to exclude from the statement of grounds any information relating to the standard for the
highest level of security clearance or any information that in the opinion of the Director-
General would be contrary to the public interest. The Director-General may authorise in
writing an ASIO employee or affiliate who holds or is acting in a position equivalent or
higher than an SES employee to exercise their authority to exclude information from a
notification of reasons. The Australian Government's framework of protective security
policy sets the standard relating to the Commonwealth's highest level of security
clearances which can be contained in more than one standard. During the transition phase,
the highest-level security clearances issued by ASIO and positive vetting (PV) security
clearances will be the Commonwealth's highest level of security clearances. As such, the
standard for either of these clearances would constitute the standard for the highest level
of security clearance. In due course, once PV security clearances have been replaced
entirely, there may be a circumstance where there will only be one standard.
32. Proposed section 83C also allows the Minister for Home Affairs to certify that a statement
of grounds for the security clearance decision not be disclosed to the affected person in
full or in part if the Minister considers it would be prejudicial to the interests of security to
do so. The Minister's power to withhold all or part of a statement of grounds may be
delegated, in writing, to an ASIO employee or affiliate who holds or is acting in a position
equivalent or higher than an SES employee.
15
33. While the Bill would establish access to internal and external merits review, any
certification by the Minister for Home Affairs or their delegate under proposed section
83C would necessarily limit the right to a fair hearing by affecting a person's capacity to
effectively respond to prejudicial findings about them and make meaningful submissions
to the AAT. Withholding notice of a statement of grounds in full or in part is necessary
and proportionate to achieving the legitimate objective of preventing the disclosure of
highly sensitive information, the disclosure of which would be prejudicial to security.
34. It is reasonable and necessary to limit rights to a fair hearing by placing limitations on the
right to receive notice of a security clearance decision, on information provided in the
statement of grounds, or by withholding the statement of grounds entirely, to ensure that
where there are pressing and substantial national security concerns about the affected
person, sensitive information is not disclosed and able to be used by foreign intelligence
actors seeking to exploit sensitive information from Australia's security clearance
processes.
External merits review
35. Proposed section 83D would ensure that every Commonwealth agency, State or authority
of a State for which a security clearance decision or SCSA has been reviewed by the AAT
must treat the findings of the AAT, to the extent that they do not confirm the security
clearance decision or SCSA, as superseding that decision or assessment. Furthermore,
ASIO cannot make any further decisions or assessments in respect of an affected person
that are not in accordance with the AAT's findings, except on the basis of matters
occurring after the review or where evidence was not available at the time of the review.
However, the AAT can only make findings that are binding under proposed section 83D if
they state that, in the AAT's opinion, the information is incorrect, is incorrectly
represented or could not reasonably be relevant to the requirements of security. Therefore,
proposed section 83D promotes the right to a fair hearing by ensuring that the findings of
the AAT are binding (subject to matters which arise following an AAT review or where
evidence was not available at the time of the review) and subject to any subsequent
judicial review.
36. Proposed section 83F applies to SCSAs furnished to security vetting agencies that have
not been given to the affected person, and to ASIO's security clearance decisions that are
not subject to internal or external review. The section introduces an overview review
mechanism which acts as a safeguard whereby the Attorney-General can, if they are
satisfied that it is desirable to do so by reason of special circumstances, require the AAT to
inquire into and report to the Attorney-General and the Minister for Home Affairs on any
question concerning the furnishing of such an assessment or making of such a decision by
ASIO, or to review such an assessment or such a decision along with any information or
matter on which it is based. This would provide a mechanism for the Attorney-General to
seek independent advice regarding the appropriateness of an ASIO security clearance
decision or SCSA that would not otherwise be subject to external merits review in the
AAT.
16
Adducing evidence and making submissions by the Director-General or other relevant
bodies
37. Under proposed section 39BA of the AAT Act the Director-General must present the AAT
with all information available (whether favourable or unfavourable to the affected person)
that is relevant to the findings made in a statement of grounds for a PSCSA or prejudicial
security clearance decision, regardless of whether the statement of grounds has been
provided to the applicant in part or in full. The Director-General may also present the
AAT with a copy of any standard (or part thereof) including both the current standard and
the standard that was used to make a security clearance decision.
38. The requirement for the Director-General to present the AAT with all information
(whether favourable or unfavourable to the affected person) that is relevant to the findings
made in the statement of grounds promotes an affected person's right to a fair hearing by
ensuring the AAT has access to evidence and facts relied upon by ASIO with regard to a
PSCSA or prejudicial security clearance decision.
39. If the Director-General presents the AAT with a copy of a standard (or part thereof) as the
standard for the highest level security clearance, proposed section 39C of the AAT Act
would require the AAT to apply the standard in its review of a security clearance decision.
40. If the Director-General has presented more than one certified copy of a standard (or part
thereof), the proposed section 39C would require the AAT to apply the standard certified
by the Director-General as being the most current version standard. This is intended to
ensure the AAT can conduct a review according to the most current standard applying to
the security clearance decision and therefore engages the right to a fair hearing by placing
a limitation on the AAT's ability to conduct a review independently. This limitation is
reasonable, necessary and proportionate as it ensures that the AAT applies the same
security vetting standards as ASIO in considering a security clearance application, which
is necessary to protect access to Australia's most privileged information, capabilities and
secrets.
41. Proposed section 39C of the AAT Act would require the AAT to do all things necessary to
ensure that a copy of a standard (or part thereof) certified by the Director-General or any
information contained within a standard certified by the Director-General, is not disclosed
to an applicant, their representative or any person other than an AAT member for the
purposes of the proceeding, or the Director-General or a representative of the Director-
General. This acts as a limitation on the right to a fair hearing by withholding certain
information from an applicant. This limitation is reasonable, necessary and proportionate
to prevent the disclosure of highly-sensitive information about security clearance vetting
techniques and methodologies, or other national security information, which if disclosed
would have a grave impact on Australia's national security by enabling the exploitation of
the security clearance process.
17
42. Under proposed section 39BA of the AAT Act the Minister for Home Affairs would be
able to certify that evidence proposed to be adduced or submissions proposed to be made
by or on behalf of the Director-General, or a relevant body to the proceedings, are of such
a nature that the disclosure of such evidence or submissions would be contrary to the
public interest because it would prejudice security or the defence of Australia. The
Minister's power to certify that disclosure of evidence proposed to be adduced or
submissions proposed to be made on behalf of the Director-General would be contrary to
the public interest may be delegated, in writing, to an ASIO employee or affiliate who
holds or is acting in a position equivalent to or higher than an SES employee. A 'relevant
body' is defined in the Bill for the purposes of section 39BA of the AAT Act as the
sponsoring agency for the clearance in relation to which the security clearance decision
subject to review was made, or as the security vetting agency or sponsoring agency to
which a SCSA was given in respect of a person.
43. If such a certificate were to be given by the Minister for Home Affairs, an applicant must
not be present when the evidence is adduced or the submissions are made by the Director-
General. An affected person's representative must also not be present when the evidence is
adduced or the submissions are made unless the Minister for Home Affairs consents. This
would limit the right to a fair hearing by limiting an applicant's effective capacity to
respond to evidence and submissions by excluding them and their representative from
certain parts of proceedings. An applicant impacted by a certificate given by the Minister
for Home Affairs may seek judicial review of that decision.
44. Despite this limitation, there are some safeguards for an affected person. Proposed section
39BA of the AAT Act would require the AAT to provide the applicant an opportunity to
adduce evidence or make submissions following evidence adduced or submissions made
by the Director-General. Each party would then be conferred a right to reply. The
requirement for all relevant parties to be afforded an opportunity to adduce evidence and
make submissions ensures that the limitation on the right to a fair hearing is proportionate
and the least rights restrictive means of achieving the legitimate objective. However, an
affected person's right to reply would be limited in some cases where they are prevented
from being present for some or all of the proceedings, or prevented from receiving any
particulars of any evidence to which a certificate has been issued by the Minister for Home
Affairs or their delegate (under subsection 39BA(19) of the AAT Act).
45. Limitations on an affected person's right to a fair hearing by preventing them or their
representative from being present when evidence is adduced or submissions are made by
the Director-General, disclosure of which would be prejudicial to security or Australia's
defence, are aimed at the legitimate objective of protecting Australia's national security.
Disclosure of information regarding vetting standards, methodologies, techniques or
activities, or other national security information, would severely undermine the
effectiveness of the Commonwealth's security clearance regime with the potential to
render it ineffective. Such information must be protected from disclosure within public
hearings. It must be protected from disclosure to an applicant or a person representing the
applicant, unless the Minister consents to disclosure to an applicant or a person
representing the applicant, to prevent the risk of the representative deliberately or
inadvertently disclosing such information to their client.
18
Process review through the Quality Assurance Office (QAO)
46. Proposed paragraph 7(1)(ba) complements internal and external review for clearance
subjects in relation to the highest level of security clearance issued by the Commonwealth
in that it would allow the QAO in ONI to conduct a process review of ASIO's new vetting
and security clearance functions. For example, the QAO may make findings if relevant
standards have been satisfied in the vetting process or may recommend that ASIO
reconsider a decision or assessment based on the correct procedure. This acts as an
additional safeguard in relation to the limitation on rights by these measures, by ensuring
independent oversight of the quality and appropriateness of security clearance decisions
made by and SCSAs furnished by ASIO.
Judicial review
47. All security clearance applicants would continue to have rights to seek judicial review of a
security clearance decision made or a SCSA furnished by ASIO, in the Federal Court of
Australia under section 39B of the Judiciary Act 1903, or the High Court of Australia
under section 75(v) of the Constitution.
The prohibition on interference with privacy
48. Article 17 of the ICCPR states that no one shall be subjected to arbitrary or unlawful
interference with his or her privacy, family, home or correspondence. The UN Human
Rights Committee has interpreted the right to privacy as comprising freedom from
unwarranted and unreasonable intrusions into activities that society recognises as falling
within the sphere of individual autonomy.
49. The existing restrictions in Part IV of the ASIO Act inhibit a Commonwealth agency's
ability to respond to advice from ASIO provided as part of a continuous assessment
process regarding a person's suitability to hold the highest-level of security clearance, and
inhibit a clearance sponsors' ability to proactively manage insider threats and other
security risks. This increases the risk of ASIO and clearance sponsors being unable to deal
with security threats as and when they arise. As changes in an individual's suitability go
unreported risks accumulate. The current practice of periodic revalidation every 7 years
makes the aggregate of unreported changes more difficult for vetting agencies to manage,
and may in extreme cases result in a clearance subject being found no longer suitable only
after a significant risk has materialised.
50. For this reason, proposed section 36A would disapply the operation of Part IV of the
ASIO Act, to the extent it relates to the exercise or performance of a power or function
under Part IVA. This extends to communications made by ASIO under the new Part IVA,
which would no longer be subject to the security assessment regime in Part IV of the
ASIO Act, and in respect of which Commonwealth agencies would not be subject to the
prescribed administrative action prohibition in section 39 of the ASIO Act, nor would
ASIO be subject to the restriction on communication with States in section 40.
51. The measure in the Bill to remove the current Part IV prohibition on taking prescribed
administrative action is appropriate due to the consent-based nature of the security
clearance process. Under Part IV, an individual may be the subject of a security
assessment furnished by ASIO with no knowledge that an assessment has been requested
of ASIO (and thus no knowledge of ASIO's activities or assessment). However, as
consent from clearance subjects would be sought as part of the security clearance process,
they would inherently be aware that an SCSA and other relevant advice from ASIO may
be furnished to a security vetting agency.
19
Information sharing
52. The Bill would limit the right to privacy in that it removes existing Part IV restrictions to
enable ASIO to share more freely personal and sensitive information pertaining to the
applicant's suitability to a hold a security clearance, including with security vetting
agencies, sponsors and employers.
53. While this measure would place a limitation on a person's right to privacy, the limitation
is necessary as the disclosure of this information would support:
• security vetting agencies to make informed decisions as to whether an applicant is
suitable to hold a security clearance issued by them on the basis of an SCSA
furnished by ASIO; and
• assist sponsors or employers to proactively manage security risks and insider
threats through rapid and responsive management of their security clearance
holders in response to ASIO advice.
54. Although the prohibition on taking permanent prescribed administrative action would be
disapplied by the Bill, Part IVA introduces alternative safeguards to restrict action that can
be taken on the basis of ASIO communications by Commonwealth security vetting
agencies. Proposed section 82E would restrict a Commonwealth security vetting agency
from making a security clearance decision on the basis of ASIO advice unless that advice
is an SCSA. This ensures that such decisions are subject to accountability through the
Bill's external merits review framework. An exception applies that would enable a
security vetting agency to make a temporary security clearance decision to suspend a
security clearance or, impose or vary a condition on a security clearance, if the
requirements of security make it necessary as a matter of urgency.
55. Part IVA would not include the broader restriction in section 39 of the ASIO Act on
Commonwealth agencies taking permanent prescribed administrative action. Removal of
this restriction would allow Commonwealth agencies to act on information from ASIO to
address urgent and serious risks to security identified through a continuous assessment
process. This is necessary to protect access to Australia's most privileged information,
capabilities and secrets in a complex, challenging and changing threat environment, which
is not possible under the current Part IV framework.
56. Proposed section 82F would have a similar outcome to section 82E, but in respect of
security vetting agencies that are States or authorities of States. Proposed section 82F
would prohibit ASIO from communicating with a State security vetting agency where
ASIO knows a communication is intended or likely to be used to by the agency to make a
security clearance decision, unless that communication is an SCSA. An exception applies
if the Director-General considers it a matter of urgency to communicate the information to
make a temporary security clearance decision to suspend, impose or vary conditions upon
a security clearance.
20
57. As proposed section 82E and proposed section 82F would enable ASIO to more freely
share information with a broader range of organisations without first notifying a person, or
being subject to external merits review rights under Part IV, these amendments limit the
right to privacy. However, this limitation on the right to privacy is reasonable, necessary
and proportionate in that information to be collected would be limited to that which is
essential to enable decision-makers to make a determination as to a person's suitability to
hold a security clearance, and only in circumstances where the affected person has
consented to the use and disclosure of their information in this way. Collection of this
information, including on an ongoing basis as part of continuous assessment, is essential
to enable an integrated set of information about a security clearance subject's suitability to
hold a security clearance. This is in turn linked to the legitimate objective of protecting
Australia's most privileged information, capabilities and secrets, and therefore national
security.
The right to freedom of expression
58. Article 19(2) of the ICCPR relevantly provides for the right to freedom of expression and
includes the right to freedom to seek, receive and impart information and ideas of all
kinds. This extends to a right of access to information held by public bodies.
59. This Bill would engage the right to freedom of expression by limiting the information that
is accessible to a person (or their representative) in relation to a PSCSA and a prejudicial
security clearance decision. Article 19(3) relevantly states that the exercise of the right to
freedom of expression carries with it special duties and responsibilities, and may therefore
be subject to certain restrictions but only where these are provided by law and are
necessary, for the protection of national security or public order.
Ministerial certificates in relation to SCSAs and security clearance decisions
60. The Bill would limit the information accessible to a person in relation to certain PSCSAs
or prejudicial security decisions through:
• the ability of the Director-General of Security or a person authorised by the
Director-General and the Minister for Home Affairs or their delegate to withhold
certain information from the statement of grounds provided to the applicant in
proposed sections 82G, 83A and 83C (described above);
• the ability for certain information to be withheld from the applicant and their legal
representative in AAT proceedings in proposed sections 39BA and 39C of the
AAT Act.
61. These limitations are reasonable, necessary and proportionate to achieve the legitimate
objective of protecting Australia's national security. These measures would only apply
after a person has voluntarily applied for a security clearance and consented to ASIO
collecting, using and disclosing information about them in accordance with its statutory
functions and subject to the internal and/or external merits review frameworks. The extent
and limits of these functions and the review framework are clearly set out in legislation to
ensure that affected persons would know precisely what their rights would be, and the
limits of those rights, before they seek a security clearance that would engage the
measures proposed in the Bill.
21
62. The restrictions on providing information to applicants and their legal representatives are
reasonable, necessary and proportionate to achieve the legitimate objective of protecting
Australia's national security by protecting:
• sensitive information, methodologies and capabilities used in the vetting process;
and
• where relevant to the assessments that led to the PSCSA or security clearance
decision, Australia's most privileged information, capabilities and secrets, the
protection of which is critical to Australia's national security.
63. These limitations would ensure that persons in these circumstances are not able to access
sensitive information about Australia's security clearance processes by engaging in merits
review in order to exploit potential vulnerabilities. Compromise of this information could
adversely impact Australia's national security by undermining the quality and
effectiveness of ASIO's vetting functions, and risk directly harming Australia's national
security through the disclosure of highly sensitive information.
The right to equality and non-discrimination
64. Article 26 of the ICCPR provides that all persons are equal before the law and are entitled
without any discrimination to the protection of the law. Laws, policies and programs
should not discriminate on the basis of any grounds such as race, colour, sex, language,
religion, political or other opinion, national or social origin, property, birth or other status.
65. However, not all treatment that differs among individuals or groups on any of the grounds
mentioned in article 26 will amount to prohibited discrimination. The UN Human Rights
Committee has recognised that "not every differentiation of treatment will constitute
discrimination, if the criteria for such differentiation are reasonable and objective and if
the aim is to achieve a purpose which is legitimate under the Covenant".
Internal merits review
66. Under proposed section 82H, the Bill would establish new rights to internal merits review
in respect of certain ASIO security clearance decisions where there would otherwise be no
such right.
67. However, proposed section 82H has the effect that internal review is not available in
relation to security clearance decisions in respect of a persons engaged, or proposed to be
engaged, for employment outside Australia for duties outside Australia, who are either not
Australian citizens, or (regardless of whether they are Australian citizens) not normally
resident in Australia. It therefore engages the right to equality and non-discrimination by
excluding access to internal review mechanisms for such affected persons. This limitation
on the right to equality and non-discrimination is necessary, reasonable and proportionate
to achieve the legitimate objective of protecting Australia's national security by ensuring
that persons in these circumstances, noting the heightened risk that persons engaged in
these circumstances may pose in relation to espionage, are not able to access sensitive
information about Australia's security clearance processes by engaging in merits review to
exploit potential vulnerabilities.
22
68. As it is limited to security clearance decisions, proposed section 82H also has the effect
that internal review is not available for SCSAs or PSCSAs provided to other security
vetting agencies. As ASIO is not responsible for the security clearance decisions made by
other agencies, relevant review processes of those other vetting agencies are a more
appropriate mechanism for seeking review of a decision that may be informed by an
SCSA or PSCSA. It is important to note that other vetting agencies are not bound by
advice and information provided in an SCSA or PSCSA and may rely on information
other than information provided by ASIO. To the extent advice in a PSCSA provided by
ASIO adversely affected a person, that person would have access to external merits review
of the PSCSA in the AAT unless an exception applied.
Independent review by an independent reviewer of prejudicial security clearance
decisions
69. Subdivision C of Division 3 of Part IVA of the Bill would establish a framework for
independent review of security clearance decisions relating to non-Commonwealth
employees who do not hold security clearances, and which are therefore not externally
reviewable by the AAT. Independent review would not be available to persons engaged, or
proposed to be engaged, for employment outside Australia for duties outside Australia,
who are either not Australian citizens, or (regardless of whether they are Australian
citizens) not normally resident in Australia.
70. The Attorney-General would be empowered to engage one or more independent reviewers
who would have the discretion to review or decline to review a security clearance decision
made by an internal reviewer following a request by an affected person. The Bill does not
stipulate criteria that the independent reviewer must consider when deciding whether to
conduct a review of a security clearance decision in order to provide them with complete
discretion in determining the value in undertaking a review on a case-by-case basis. This
discretion will allow an independent reviewer to consider a wide range of factors when
considering whether to undertake a review.
71. The Director-General must provide an independent reviewer with a copy of material used
in the making of a security clearance decision or a copy of a standard relating to the
Commonwealth's highest level of security clearance. An independent reviewer may also
request that the Director-General seek information from an affected person for the
purposes of independent review.
72. An independent reviewer must give the Director-General, in writing, the independent
reviewer's opinion as to whether the independently reviewable decision was reasonably
open to have been made by the internal reviewer who made the decision and must also
give a copy to the IGIS. Within 14-days of an independent reviewer giving the Director-
General an opinion, the Director-General must notify the affected person that an opinion
has been given, and must also give a copy of the notification to the IGIS.
73. Section 83EE provides that if an independent reviewer has given the Director-General an
opinion relating to an independently reviewable decision, the Director-General must, as
soon as practicable, consider the opinion and decide whether to take any action. If the
Director-General decides to cause ASIO to make a new security clearance decision in
respect of an affected person, the Director-General must ensure that the new decision is
not made by either the internal reviewer or person who made the original security
clearance decision.
23
74. The proposed model for independent review mechanism ensures that those persons who
do not have access to external merits review in the AAT because they are not
Commonwealth employees and do not have security clearances may seek further recourse
independent of ASIO in respect of decisions made by an internal reviewer within ASIO.
External merits review
75. The Bill would provide, with exceptions, that persons subject to a prejudicial security
clearance decision made by ASIO or a PSCSA furnished by ASIO to a security vetting
agency, would have access to external merits review. Part IV of the ASIO Act currently
provides external merits review in the AAT for a person subject to an adverse or qualified
security assessment, including those used to inform a security clearance decision by other
security vetting agencies, other than in relation to a security clearance subject from an
Australian Intelligence Community (AIC) agency or where another exception applies.
Proposed section 83 would significantly increase access to external merits review in the
AAT for existing employees of AIC agencies, who would now have access to notice and
review rights, unless another exception applied.
76. Proposed section 83 would create an exception to access to external merits review in the
AAT for persons engaged, or proposed to be engaged, for employment outside Australia
for duties outside Australia, who are either not Australian citizens, or (regardless of
whether they are Australian citizens) not normally resident in Australia. This reflects the
existing exception in the current paragraph 36(1)(a) in Part IV of the ASIO Act in relation
to security assessments. This limitation on the right to equality and non-discrimination is
necessary, reasonable and proportionate to achieve the legitimate objective of protecting
Australia's national security by ensuring that persons in these circumstances, noting the
heightened risk that persons engaged in these circumstances may pose in relation to
espionage, are not able to access sensitive information about Australia's security clearance
processes by engaging in merits review to exploit potential vulnerabilities.
77. Proposed section 83 would limit external merits review of a prejudicial security clearance
decision by ASIO to persons who are existing security clearance holders or existing
Commonwealth employees. This has the effect that new applicants for security clearances,
who do not hold a current Commonwealth security clearance, and who are not currently
Commonwealth employees, would not have access to external merits review. However,
new applicants who do not hold a current Commonwealth security clearance and who are
not currently Commonwealth employees would have a right to seek independent review of
a prejudicial security clearance decision by an independent reviewer engaged by the
Attorney-General, except for persons engaged, or proposed to be engaged, for
employment outside Australia for duties outside Australia, who are either not Australian
citizens, or (regardless of whether they are Australian citizens) not normally resident in
Australia. As noted above, this is reflective of the heightened risk that persons engaged in
these circumstances may pose.
78. By limiting access to external merits review of security clearance decisions made by ASIO
to existing Commonwealth security clearance holders and employees, this measure
engages the right to equality and non-discrimination. However, this limitation is
reasonable and necessary to achieve the legitimate objective of protecting Australia's
national security, and reflects that information relating to security clearance processes
would be highly sought after by criminal actors or foreign intelligence services.
24
79. This limitation would apply in circumstances where the threat to Australia and Australians
from espionage and foreign interference is higher than at any time in Australia's history.
In this context, the threats posed are higher for new applicants who bring a lower existing
level of assurance, in that they have not previously undergone an organisational suitability
assessment and do not have an existing track record as a Commonwealth employee.
80. The measure is also proportionate, as it only relates to new applicants, who are otherwise
unknown to the Commonwealth or vetting agencies, and are therefore considered to be a
higher risk in relation to espionage and foreign intelligence activity. Current
Commonwealth employees or existing clearance holders (e.g. those undergoing an
upgrade) would have access to external merits review. This amendment would not impact
existing judicial review avenues available to any affected applicant.
81. While the exceptions to external merits review would limit the right to equality and
non-discrimination, these measures are reasonable, necessary and proportionate to achieve
the legitimate objective of protecting Australia's national security as they relate to
categories of persons in respect of which there are higher risks relating to espionage,
foreign interference, or other security grounds.
Conclusive certificates to exclude external merits review
82. Proposed section 83E would introduce a power enabling the Minister for Home Affairs, in
exceptional circumstances, to issue a conclusive certificate that would prevent the review
by the AAT of an externally reviewable security clearance decision or PSCSA if the
Minister believes it would be prejudicial to security to change or review the decision or
SCSA. This measure engages the right to equality and non-discrimination to the extent
that certain persons would be excluded from access to external merits review. However,
this measure is proportionate, as the Minister is only permitted to issue a conclusive
certificate in exceptional circumstances and where a prejudice to security would arise, not
as a matter of routine or convenience. Such a belief could be informed by a range of
information and agencies, including for example advice from ASIO, in order to satisfy the
Minister that exceptional circumstances exist. Conclusive certificates issued by the
Minister would be subject to judicial review in the Federal Court of Australia and High
Court of Australia.
83. A conclusive certificate would prevent the AAT from undertaking a review in relation to a
particular person to which the certificate applies. This differential treatment in exceptional
circumstances is necessary to achieve the legitimate objective of protecting Australia's
national security by protecting sensitive information, methodologies and capabilities used
in the vetting process. Compromise of this information could adversely impact Australia's
national security by undermining the quality and effectiveness of ASIO's vetting
functions, and risks, directly harming Australia's national security through the disclosure
of highly sensitive information.
25
Security clearance decisions and security clearance suitability assessments
84. The Bill engages the right to equality and non-discrimination as it enables ASIO to make a
security clearance decision or furnish a SCSA regarding an individual's suitability to hold
a security clearance on the basis of a range of factors relating to that individual - where
the complete basis for the decision or SCSA may not be disclosed to the individual in the
interests of national security, and may relate to their political or other opinion, national or
social origin, or 'other' status such as national security related concerns. For example, for
Australia's highest level of security clearance, amongst other factors ASIO would assess a
person's trustworthiness and commitment to Australia, its values, and its democratic
system of government.
85. Proposed section 82D would require the Director-General to ensure that ASIO has policies
and procedures in place in relation to the exercise of a power or performance of a function
in Part IVA, including for the undertaking of security vetting of a person and the making
of SCSAs and security clearance decisions. In practice, this would require the Director-
General to establish an objective set of requirements for the performance of security
vetting, including the requirements for granting, revoking, denying, and maintaining
security clearances (including continuous assessment of an individual's suitability to hold
a clearance). In the sense that there would be criteria outlined and consistently applied
equally to all applicants, security vetting is non-discriminatory. Proposed section 82D(3)
is declaratory of the fact that such a policy or procedure is not a legislative instrument
within the meaning of the Legislation Act 2003. It is included to assist readers, as the
policies and procedures referred to in subsection 82D(2) are not legislative instruments
within the meaning of subsection 8(1) of the Legislation Act 2003.
86. However, to ensure that persons who access the Commonwealth's most sensitive
information, capabilities and secrets are suitable to do so on an ongoing basis, the Bill
enables a comprehensive, robust and reliable security clearance vetting process. This
process must, by nature, be discriminatory - it must discriminate on the basis of a number
of factors, including 'other statuses'.
87. Where a qualified vetting officer determines that a person's characteristics call into
question their suitability to hold a security clearance, that person may either not be granted
a security clearance or may have particular conditions imposed on their clearance.
88. This limitation is reasonable, proportionate and necessary and is rationally connected to
the legitimate objective of maintaining a robust and secure vetting process. It is reasonable
that security vetting, which is discriminatory in nature, establishes a person's suitability to
hold a security clearance and establishes an understanding of any risks and mitigations
relating to potential unauthorised disclosure of sensitive information that would be
harmful to the public interest and national security. Security clearance decisions and
vetting are designed to protect and harden Australia's security environment by ensuring
only suitable individuals are able to receive and maintain the highest security clearances,
therefore limiting the likelihood of espionage by individuals who would use or
communicate highly classified information inappropriately, and limiting the ability of
hostile adversaries from engaging in foreign interference.
The right to work
89. The right to work is contained in Article 6 the ICESCR. The right to work includes the
right of everyone to the opportunity to gain his or her living by work which he or she
freely chooses or accepts.
26
90. The right also encompasses the right not to be unjustly deprived of work, requiring
security against unfair dismissal. However, the right to work in Article 6 of the ICESCR
does not equate to a guarantee of full employment.
Communications to security vetting agencies
91. Proposed sections 82E and 82F, are key safeguards that engage the right to work by
ensuring that security clearance decisions could not be made by other security vetting
agencies on the basis of advice or communications from ASIO, other than in the form of a
SCSA. In turn, unless an exception applies, a person can apply for external merits review
in the AAT of a PSCSA.
92. The only actions that can be taken by security vetting agencies on the basis of a
communication falling short of a SCSA, are temporary actions to suspend a clearance, or
revoke a suspension of a security clearance, or impose or vary a condition on a security
clearance, where the requirements of security make it necessary as a matter of urgency to
do so pending the furnishing of a SCSA (proposed sections 82E and 82F).. This
appropriately ensures that only in limited security circumstances can a security vetting
agency take action that is temporary to proactively manage security risks. This balances an
individual's right to work with the need for security vetting agencies be able to take urgent
and temporary actions required to protect national security through the management of
their employees.
93. However, unlike in Part IV, there is no broader restriction in proposed Part IVA on other
Commonwealth agencies acting to restrict access to information or places, or a person's
ability to perform an activity on security grounds on the basis of advice from ASIO,
including preliminary communications, or making decisions unrelated to security
clearances. Proposed sections 82E and 82F instead would enable sponsors and employers
to act upon that information in order proactively manage security risks or insider threats
without the need for ASIO to furnish a SCSA, thus limiting the right to work or fair
conditions in work.
94. Enabling other Commonwealth and State agencies (e.g. sponsoring and/or employing
agencies) to be able to proactively manage insider risks and their staff achieves the
legitimate objective of reducing the risk of compromise of trusted insiders, managing the
risk that foreign interference and espionage poses on the Commonwealth's security
cleared workforce and, in this way, protecting national security.
95. Employment decisions that do not amount to what would have been prescribed
administrative action under Part IV - that is, that they do not relate to access by a person
to any information or places controlled or limited on security grounds or a person's ability
to perform an activity that is controlled or limited on security grounds currently -
currently fall outside the scope of Part IV of the ASIO Act. For example, an employment
decision made by the sponsor or the employer to terminate or suspend a person's
employment is not a prescribed administrative action as it does not relate to access to
information or a place controlled or limited on security grounds. As such, employment
decisions not on those grounds do not require a security assessment, as these decisions
remain the responsibility and remit of the employing agency. Therefore, while proposed
sections 82E and 82F depart from Part IV of the ASIO Act in some respects they maintain
the status quo in relation to information communicated by ASIO to other Commonwealth
and State agencies that is subsequently used to make an employment decision that is not in
relation to access to information or places, or the performance of activities, controlled or
limited on security grounds.
27
96. If an employer were to take permanent action based on a communication made by ASIO
that was unlawful or in breach of contract (for example, unfairly dismissing an employee),
the affected person would have rights to commence legal proceedings against the
employer, which could include under the Fair Work Act 2009.
97. Proposed section 82F is analogous with the current section 40 of the ASIO Act and
prevents ASIO from making a preliminary communication to a State or authority of a
State where ASIO knows it is intended or likely to be used by the State security vetting
agency to make a security clearance decision. However, proposed section 82F differs from
the existing section 40 by enabling ASIO to directly make a preliminary communication to
a State security vetting agency where the requirements of security make it necessary, as a
matter of urgency, to take action of a temporary nature pending furnishing of a SCSA.
98. The right to work is engaged to the extent that the person may be subject to permanent or
temporary decisions by State security vetting agencies relating to security clearances. This
would only mean that they would not be able to perform functions that require a security
clearance.
99. If an employer takes permanent action in response to a communication from ASIO, the
affected person has recourse to existing employment or other laws. This ensures the
measure is reasonable and proportionate, because an affected person would still have
recourse under law for actions that would otherwise be unlawful or in breach of contract.
Employment in roles that require security clearances
100. Proposed section 82C would engage the right to work by enabling ASIO to grant, revoke
or deny a person a security clearance or impose, vary or remove conditions on an
individual's security clearance in order for that individual to maintain or hold a security
clearance. These security clearance decisions would enable an individual to work in areas
or access information, or perform activities, that are controlled or limited on security
grounds. Furthermore, proposed section 82C would also enable ASIO to furnish a SCSA
to another security vetting agency in its consideration of making a security clearance
decision in respect of the person. The note in proposed section 82C is intended make clear
that in respect of communications made by ASIO under proposed Part IVA, it is ASIO's
responsibility to determine a person's suitability on security grounds to hold a security
clearance. In respect of a person employed, or proposed to be employed, by a
Commonwealth agency or other body, it is the responsibility of that agency or body to
determine the person's suitability on employment grounds to be employed by that agency
or body.
101. A security clearance sponsor and/or employer would also be able to take employment
actions on the basis of a communication from ASIO not amounting to a SCSA under Part
IVA or a security assessment under Part IV.
28
102. The security vetting and security clearance functions enabled by Part IVA may limit an
individual's ability to freely work in an area that requires a security clearance. Where
conditions are imposed or varied in relation to a security clearance, this may limit an
affected person's access to professional development or career opportunities. However,
any limitation only applies to a person's ability to work in employment that requires a
security clearance or particular level of security clearance. It does not directly affect the
person's right to employment that does not require a security clearance or particular level
of security clearance. To the extent that not being granted a security clearance limits the
right to work, the limitation is reasonable, necessary and proportionate as persons who
require clearance to this level have access to material which, if compromised, would cause
grave damage to Australia's national interest and security.
103. The legitimate objective of this limitation is to ensure the security and secrecy of
Australia's most sensitive information is protected. Actions to deny, revoke or suspend a
security clearance, or to impose conditions on a person's clearance limit and mitigate risks
associated with insider threats related to the person's access to classified information or
secure areas.
104. Remedies are available to persons who may be impacted, through existing procedural
fairness obligations associated with adverse employment decisions and the Bill's
framework for internal and external merits review. The Bill does not seek to limit a
person's ability to seek remedies under applicable employment law, including the Fair
Work Act 2009, where an employer has taken an action or made a decision on the basis of
information provided by ASIO or relating to a requirement imposed by an employer
requiring a person to hold a particular security clearance.
105. To the extent that the measures limit the right to work, the limitation is reasonable,
necessary and proportionate because it contributes to the legitimate objective of protecting
Australia's national security by ensuring only those persons who are suitable to access
information the compromise of which would cause grave harm to Australian interests are
allowed to do so.
Part 3 Conclusion
106. The Bill is compatible with human rights because, to the extent that it may limit human
rights, those limitations are reasonable, necessary and proportionate to achieve the
legitimate objective of reducing the risk of compromise by trusted insiders, managing the
risk that foreign interference and espionage pose on the Commonwealth's security cleared
workforce and in this way, protect national security.
The Honourable Clare O'Neil MP, Minister for Home Affairs
29
AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION AMENDMENT
BILL 2023
NOTES ON INDIVIDUAL CLAUSES
Section 1 Short title
This clause would provide for the short title of the Act enacted by the Bill to be the
Australian Security Intelligence Organisation Amendment Bill 2023.
Section 2 Commencement
This clause would provide for the commencement of each provision in the Bill, as set out
in the table. Item 1 to the table in subsection 2(1) of the Bill would provide that the whole
of the Act would commence on 1 July 2023.
Section 3 Schedules
This clause would provide that legislation specified in a Schedule to the Act is amended or
repealed as set out in the applicable items in the Schedule. Any other item in a Schedule to
the Act has effect according to its terms.
30
SCHEDULE 1 Amendments
Part 1 Main Amendments
Australian Security Intelligence Organisation Act 1979
Overview
1. The Australian Security Intelligence Organisation Amendment Bill 2023 (the Bill) amends
the Australian Security Intelligence Organisation Act 1979 (ASIO Act), the Office of
National Intelligence Act 2018 (ONI Act), the Administrative Appeals Tribunal Act 1975
(AAT Act) and the Inspector-General of Intelligence and Security Act 1986 (IGIS Act).
The Bill contains a suite of amendments to uplift and harden Australia's highest-level of
security clearance in response to the unprecedented threat from espionage and foreign
interference confronting Australia.
2. Australia's security environment is complex, challenging and changing. As threats to
Australia evolve, so must Australia's response. In his 2023 Annual Threat Assessment, the
Director-General of Security noted that more Australians are being targeted for espionage
and foreign interference than at any time in Australia's history. It is critically important
that the Australian Government ensures the Commonwealth's most privileged
information, capabilities and secrets are protected. This requires the Australian
Government to out-think and out-manoeuvre its adversaries, expand its capabilities and
sharpen its responses. The Australian Security Intelligence Organisation (ASIO) assesses
that espionage and foreign interference is Australia's principal security concern.
3. The Bill would introduce a new security vetting and security clearance framework into the
ASIO Act. This framework would enable ASIO to become centrally responsible for the
issuing, maintaining and revoking of Australia's highest-level of security clearance, and
the implementation of a consistent approach across the Australian Government. A
consistent approach would reduce the risk of compromise of trusted insiders, maximise the
utility derived from shared services in a fiscally constrained environment, improve the
mobility and agility of our highest-security cleared workforce and ensure the ongoing
confidence of our most trusted allies.
4. The Bill would also enable the operations of a Quality Assurance Office (QAO) in the
Office of National Intelligence (ONI), which would be responsible for independently
assuring the quality, consistency and transferability of Australia's highest level security
clearances. The QAO would also drive the uplift of a sponsoring agency's insider threat
capability.
5. The key measures in the Bill include:
• a new function and a new Part IVA setting out new security vetting and security
clearance related functions for ASIO, including:
o a new function for ASIO to make security clearance decisions for ASIO and
non-ASIO personnel alike, and conduct security vetting and assessment on
an ongoing basis;
31
o a new function enabling ASIO as the vetting authority to communicate with
sponsoring agencies in respect of a person who has applied for, or holds, a
security clearance, to enable a stronger and more effective partnership
between ASIO and the sponsoring agencies to enhance their insider threat
capability;
o a new function for ASIO to furnish security clearance suitability
assessments (SCSAs), which may be used by other authorised vetting
agencies to inform their security clearance decisions. This replaces, but is
largely similar to, the existing framework in Part IV of the ASIO Act
whereby ASIO may provide security assessments to security vetting
agencies to inform security clearance decisions by those agencies;
• a safeguard to ensure that other Commonwealth security vetting agencies can only
make a security clearance decision on the basis of ASIO advice that is an SCSA
which, subject to the exceptions set out below, is externally merits reviewable if it
would or could be prejudicial to a security clearance decision in respect of the
person;
• a statutory framework to provide internal merits review of prejudicial security
clearance decisions (i.e. a decision to deny or revoke a security clearance, or to
impose or vary certain conditions on a security clearance) by ASIO involving a
decision-maker different to the original and, for those persons neither existing
clearance holders nor Commonwealth employees, a further statutory pathway for
review by an independent person appointed by the Attorney-General where
external merits review in the Administrative Appeals Tribunal (AAT) is not
available;
• providing consistent rights for external merits review in the AAT to any person
subject to a prejudicial security clearance decision or PSCSA furnished to a
security vetting agency, except for:
o persons engaged, or proposed to be engaged, for employment outside
Australia for duties outside Australia, who are either not Australian citizens,
or (regardless of whether they are Australian citizens) not normally resident
in Australia;
o for ASIO security clearance decisions, a person who at the relevant time
neither held a security clearance or was a Commonwealth employee as
broadly defined in section 83; and
o persons subject to a conclusive certificate issued by the Minister for Home
Affairs, which would prevent external merits review in exceptional
circumstances, if it would be prejudicial to security to change a security
clearance decision or SCSA, or for the decision or assessment to be
reviewed; and
• a new function in the ONI Act to enable a QAO in ONI to independently assess the
quality, consistency, and transferability of the highest-level of security clearances,
and drive the uplift of the insider threat capability of agencies that sponsor these
clearances. ASIO would continue to be overseen by the IGIS, which reviews
ASIO's activities to ensure it acts legally and with propriety, complies with
ministerial guidelines and directives and respects human rights.
32
6. The Bill would also amend the AAT Act to enable the new external merits review
framework described above, and make consequential amendments to the IGIS Act
addressing a cross reference to reflect a change to the ASIO Act.
Item 1 Section 4 (after paragraph (a) of the definition of authority of a
State
7. This item would insert new paragraph (aa) into the definition of 'authority of a State' in
section 4 of the ASIO Act. It would provide that, in new Part IVA of the ASIO Act,
'authority of a State' has the meaning given by new section 82A. This definition is
outlined in detail at Item 12.
Item 2 Section 4
8. This item would insert into section 4 of the ASIO Act definitions of 'Commonwealth
agency', 'security clearance decision' and 'security clearance suitability assessment'
(SCSA).
9. It would define 'Commonwealth agency' as a Minister or an authority of the
Commonwealth. The ASIO Act defines an 'authority of the Commonwealth' to include,
amongst other things, a Department of State, the Australian Defence Force, and bodies, or
holders of offices, established for public purposes under a law of the Commonwealth or of
a Territory. This is not a new definition. Instead, it reflects that the Bill would delete the
existing definition from subsection 35(1) in Part IV of the ASIO Act, and move it to the
general definitions in section 4 of the ASIO Act. This is because, following passage of the
Bill, the definition would also be used in new Part IVA to which Part IV would not apply
(with the exception of section 81 of the ASIO Act).
10. It would define 'security clearance decision' as a decision to do any of the following:
• grant a security clearance to a person;
• deny a security clearance in respect of a person;
• impose, vary or remove conditions on a security clearance in respect of a person;
• suspend a security clearance, or revoke a suspension of a security clearance, held
by a person;
• revoke a security clearance held by a person.
11. This definition is relevant to the new security vetting and security clearance functions that
would be introduced by the Bill, including for ASIO to make security clearance decisions
in proposed section 82C. It is also used in the safeguard provisions relating to ASIO's
communications in proposed new sections 82E and 82F, and in the provisions relating to
internal and external merits review.
12. It would define 'security clearance suitability assessment' as meaning a statement in
writing that:
• is furnished by the Organisation; and
• is about a person's suitability to hold a security clearance (with or without
conditions imposed in respect of the security clearance) that has been, or may
be, granted by another security vetting agency; and
33
• expressly states that it is a security clearance suitability assessment for the
purposes of paragraph 82C(1)(d).
13. This definition is relevant to the new security vetting and security clearance functions that
would be introduced by the Bill, including for ASIO to furnish SCSAs in proposed
section 82C. It is also used in the safeguard provisions relating to ASIO's communications
in proposed new sections 82E and 82F, and in the provisions relating to internal and
external merits review. The last limb, which would provide that an SCSA must state that it
is an SCSA for the purposes of paragraph 82C(1)(d), would ensure that an ASIO
communication could not inadvertently be taken to be such an assessment merely by
satisfying the other elements of the definition.
14. The requirement for an SCSA to be furnished means that a statement in writing satisfies
the last two elements of the definition would still not be an SCSA until it has been
furnished externally, for example, to a security vetting agency.
Item 3 Subsection 16(1) (note)
15. This item would amend the note to subsection 16(1) of the ASIO Act to include a
reference to 34AA of the Acts Interpretation Act 1901. Subsection 16(1) enables the
Director-General to delegate to a person their powers, functions or duties under or for the
purposes of the ASIO Act relating to the management of ASIO employees or ASIO
affiliates, or the financial management of the Organisation. At the time of the introduction
of the Bill, the note highlighted that further provisions relating to delegations are in
sections 34AB and 34A of the Acts Interpretation Act 1901.
16. Section 34AA of the Acts Interpretation Act 1901 makes it clear that delegation provisions
in legislation are to be construed as including a power to delegate to a class of persons in a
specific office or position, even where that office or position did not exist at the time the
delegation was made. Accordingly, the Director-General's delegation power in subsection
16(1) should be construed consistently with section 34AA of the Acts Interpretation Act.
Item 4 After subsection 16(1A)
17. This item would insert subsections 16(1B) and (1C) to the ASIO Act.
18. Subsection 16(1B) would enable the Director-General to delegate their powers or
functions under proposed subsection 82D(1) of the ASIO Act to an ASIO employee or an
ASIO affiliate. A note would be inserted under subsection 16(1B) to clarify that proposed
subsection 82D(1) of the ASIO Act would provide that the Director-General may, on
behalf of ASIO, exercise ASIO's powers and functions under Part IVA.
19. While delegations under subsection 16(1B) can be made to both ASIO employees and
ASIO affiliates, the inclusion of ASIO affiliates is designed to enable the Director-General
of Security to delegate certain powers and functions to officers from other Commonwealth
agencies who are seconded to, or contracted by, ASIO. This is necessary so that ASIO is
able to respond flexibly to manage a high volume of decisions by maximising ASIO's
ability to exercise its security vetting functions in specific and controlled circumstances.
34
20. The approach proposed ensures secondees to, and contractors engaged by, ASIO for
security vetting purposes--and who are subject to the same standard, policies and
procedures as ASIO employees, with oversight from the QAO and IGIS as applicable--
are able to undertake security vetting and security clearance related activities on ASIO's
behalf. While secondees to, and contractors engaged by, ASIO would be authorised to
exercise delegations for the purposes of making security clearance decisions or furnishing
security clearance suitability assessments on ASIO's behalf, external service providers
would not. Both secondees and contractors will be required to possess the appropriate
qualifications, skills and/or experience. ASIO's human sources or agents will not be
involved in the undertaking of security vetting.
21. ASIO may also engage specialised external service providers to undertake certain aspects
of security vetting processes. For example, ASIO may engage external service providers
for psychological services not available within ASIO. External service providers would
not be engaged to undertake quality assurance or contract management of other external
service providers. All external service providers would be subject to strict contract
management by ASIO, and would be required to comply with relevant ASIO policies and
procedures including those related to operations, training and security.
22. Subsection 16(1B) is to be read subject to subsection 16(1C). Subsection 16(1C) limits the
scope of the Director-General's authority to delegate their powers or functions to make
security clearance decisions or to furnish SCSAs to ASIO employees or ASIO affiliates
who are in a position within ASIO that is equivalent to or higher than an
Executive Level 1 position (EL1).
23. This reflects ASIO's usual operational practice, where non-prejudicial assessments and
decisions may be made at the EL1 equivalent level. Requiring a higher delegation floor
than EL1 level is not possible due to the proportionately smaller workforce above the EL1
level and volume of security clearance decisions and SCSA that would be made/furnished
by ASIO once the Bill commences. It also reflects that a majority of ASIO's caseload is
expected to be non-prejudicial decisions or assessments that would grant or recommend
the granting of a security clearance. Given the non-controversial and non-prejudicial
nature of these decisions and assessments, it is not necessary for them to be made by
delegates at more senior levels.
24. A higher delegation floor would impede ASIO's ability to make decisions or furnish
assessments in a timely manner, without unnecessary delay that could pose a barrier to an
individual in receiving a security clearance decision or assessment that would enable them
to participate in chosen work. This will support administrative efficiency given the volume
of security clearance decisions and assessments it is anticipated ASIO will need to make.
25. Delegates would be appropriately qualified and trained in accordance with policies and
procedures that the Director-General of Security must put in place to provide guidance on
the making of security clearance decisions and SCSAs under proposed
paragraph 82D(2)(b), and subject to the application of rigorous analytical procedures.
26. More complex cases, or cases that involved PSCSAs or security clearance decisions to
deny, revoke or impose or vary conditions upon a security clearance, would generally be
escalated to more senior delegates, with the seniority of the escalation depending on their
complexity and sensitivity. Decisions to be made under proposed section 82L where an
application has been made for review of an internally reviewable decision, which must be
considered by an alternative delegate, could fall into this category more frequently.
35
Item 5 At the end of paragraphs 17(1)(a) and (b)
27. This item would amend subsections 17(1)(a) and (b) of the ASIO Act by inserting the
word 'and' at the end of each paragraph. This amendment rectifies a typographical error in
subsection 17(1) of the ASIO Act as at the time the Bill was introduced.
Item 6 Paragraph 17(1)(c)
28. This item would amend subsection 17(1)(c) by omitting the word 'responsibilities' and
replacing it with 'responsibilities; and'. This amendment rectifies a typographical error in
subsection 17(1) of the ASIO Act as at the time the Bill was introduced.
Item 7 After paragraph 17(1)(ca)
29. This item would insert paragraph 17(1)(cb) into the ASIO Act. Paragraph 17(1)(cb) would
be a new function for ASIO, which would allow ASIO to undertake security vetting and
security clearance related activities in accordance with new Part IVA. Proposed
subsection 82C(1) would provide ASIO may, for the purposes of ASIO's new function
under paragraph 17(1)(cb), do any of the following:
• undertake security vetting to assess a person's suitability to hold a security
clearance;
• make security clearance decisions;
• undertake ongoing security vetting and assessment of a person's suitability to
continue to hold a security clearance that has been granted, or is taken under
proposed paragraph 82C(2)(a) to have been granted, by the ASIO;
• furnish an SCSA in respect of a person;
• communicate with a sponsoring agency for a security clearance in relation to the
ongoing suitability of a person to hold the security clearance;
• assume responsibility for a security clearance that has been granted to a person
by another security vetting agency;
• do anything incidental to a thing mentioned above.
30. ASIO may currently make security clearance decisions for its own staff and, under Part IV
of the ASIO Act, furnish non-binding security assessments to Commonwealth agencies,
including to security vetting agencies to inform security clearance decisions by those
agencies. ASIO does not have an express function enabling it to engage in the activities
referred to in the paragraph above, and in particular, ASIO does not have a function of
making security clearance decisions in relation to non-ASIO staff.
Item 8 At the end of subsection 17(1)
31. This item would insert a note to subsection 17(1) of the ASIO Act. It would provide that
ASIO's new function referred to in paragraph 17(1)(cb) does not limit the capacity of any
other authority of the Commonwealth to undertake the kinds of activities referred to in that
paragraph.
32. It is not intended that ASIO's new security vetting and security clearance functions would
in any way limit other security vetting agencies from continuing to perform security
vetting or make security clearance decisions in accordance with their existing practices.
36
Item 9 Subsection 35(1) (definition of Commonwealth agency)
33. This item repeals the definition of Commonwealth agency in Part IV of the ASIO Act.
This definition has been moved to section 4 of the ASIO Act.
Item 10 At the end of Division 1 of Part IV
34. This item would insert section 36A into the ASIO Act, entitled 'Part not to apply to
security vetting and security clearance related activities'.
35. Subsection 36A(1) would provide that Part IV does not apply in relation to the exercise of
a power or the performance of function under Part IVA, with the exception of section 81
of the ASIO Act. Section 81 is a secrecy provision that applies to members and officers of
the Administrative Appeals Tribunal (AAT), and would be relevant to members and
officers involved in any AAT proceedings originating pursuant to Part IVA as well as Part
IV.
36. Subsection 36A(2) would clarify that:
• a communication made, including an SCSA furnished, by the Organisation in
connection with the performance of its function under paragraph 17(1)(cb) is not
a security assessment; and
• Commonwealth agencies, States or authorities of a State taking action or making
decisions based on a communication from ASIO made in connection with the
performance of its function under paragraph 17(1)(cb) is not prescribed
administrative action within the meaning of paragraph (a) of the definition of
prescribed administrative action in subsection 35(1).
37. Relevantly, paragraph (a) of the definition of prescribed administrative action provides
that it includes action that relates to or affects:
• access by a person to any information or place access to which is controlled or
limited on security grounds; or
• a person's ability to perform an activity in relation to, or involving, a thing (other
than information or a place), if that ability is controlled or limited on security
grounds,
including action affecting the occupancy of any office or position under the Commonwealth
or an authority of the Commonwealth or under a State or an authority of a State, or in the
service of a Commonwealth contractor, the occupant of which has or may have any such
access or ability.
38. Section 36A does not affect the treatment of other communications made under Part IV
which relate to a wide range of prescribed administrative action (PAA), including in
relation to certain powers under the Migration Act 1958, the Australian Citizenship Act
2007, the Australian Passports Act 2005, the Telecommunications Act 1997, the Security
of Critical Infrastructure Act 2018 or the Data Availability and Transparency Act 2022.
39. Section 36A makes it clear that existing Part IV of the ASIO Act, including the Part IV
restriction on taking PAA, would not apply in relation to security vetting and security
clearance-related activities (including communications) that would now come under the
new Part IVA. This would ensure there are no circumstances where both Part IV and
Part IVA would apply to the same communication.
37
40. The reforms in the Bill would enable ASIO and security clearance sponsors to share
information more freely about a person's suitability to hold a security clearance. This in
turn would enable an integrated, single repository of information about security clearance
holders, freeing sponsors to responsibly manage their clearance holders. This is critical to
supporting the persistent, rather than point-in-time, validation of an individual's suitability
for a security clearance.
41. This is not as easily facilitated under the current framework in Part IV of the ASIO Act.
Part IV of the ASIO Act prohibits Commonwealth agencies from taking permanent PAA
on the basis of ASIO advice, unless that advice is a security assessment (section 39 of the
ASIO Act). Qualified and adverse security assessments are reviewable in the AAT in
accordance with Part IV.
42. The restrictions in Part IV affect ASIO's ability to continuously assess a person's
suitability to hold the highest-level of security clearance, and clearance sponsors' ability to
proactively manage insider threats and other risks. This increases the risk of ASIO and
clearance sponsors being less able to deal with security threats as and when they arise. As
changes in an individual's suitability go unreported risks accumulate. Periodic revalidation
not well-supported by a continuous exchange of clearance suitability information makes
the aggregate of individual unreported changes more difficult to manage, and may in
extreme cases result in a clearance subject being found no longer suitable only after a
significant risk has materialised.
43. For example, a sponsor or employer would be able to, on the basis of a communication
from ASIO made in connection with a power or function under Part IVA, take steps to
restrict or manage a security clearance holder's or applicant's access to information, a
place, or ability to perform certain activities, without a security assessment under Part IV.
This would enable sponsors and employers to more proactively manage risk and would
support treatment that is consistent with their more general administrative powers over
employees and visitors attending their premises.
44. It would also mean that if a security clearance holder transferred from one security
clearance sponsor to another - for example, by moving from the Department of Defence to
the Department of Home Affairs - ASIO would be able to transfer the clearance holder's
personnel security file from the old sponsor to the new sponsor without need to furnish a
qualified security assessment under Part IV of the ASIO Act. The necessity to furnish a
qualified security assessment under Part IV would arise if the information in the personnel
security file could be prejudicial to the person, regardless of the lack of any intention to
revoke or downgrade the person's security clearance - meaning the person would have
external merits review rights in the AAT for the qualified security assessment under
Part IV of the ASIO Act.
45. The removal of the current Part IV prohibition on taking PAA is appropriate due to the
consent-based nature of the security clearance process under Part IVA - that is,
applications for a security clearance are voluntary, and applicants give clear and informed
consent to the collection and use of personal information by the Commonwealth to
determine individual suitability to hold a security clearance and to maintain that clearance
over time, including for ASIO to communicate such information to other Commonwealth
agencies.
38
46. A clearance holder would not have recourse against their Commonwealth security
clearance sponsor, should that employer act against the clearance holder on the basis of
ASIO advice under the new Part IVA. Such sponsors would still be required to afford their
affected employees with the usual requirements of procedural fairness, and could be
subject to unfair dismissal or other causes of action were they to take unlawful action
based on ASIO's advice.
47. The Bill would also introduce new safeguards in proposed sections 82E and 82F, affecting
the circumstances in which security vetting agencies can make security clearance
decisions on the basis of ASIO advice:
• Proposed section 82E would restrict a security vetting agency from making a
security clearance decision on the basis of ASIO advice unless that advice is an
SCSA. This would ensure that such decisions - which can have lasting or
permanent repercussions on a person's livelihood - are subject to accountability
through the Bill's external merits review framework. An exception applies that
would enable a security vetting agency to make a temporary security clearance
decision to suspend, impose or vary a condition upon a security clearance, if the
requirements of security make it necessary as a matter of urgency.
• Proposed section 82F would prohibit ASIO from communicating with a State
security vetting agency where ASIO knows a communication is intended or
likely to be used to by the agency to make a security clearance decision, unless
that communication is an SCSA. An exception applies if the Director-General
considers the requirements of security make it necessary as a matter of urgency
for the State security vetting agency to make a temporary security clearance
decision to suspend, impose or vary conditions upon a security clearance.
Item 11 Subsection 81(3)
48. This item would amend subsection 81(3) of the ASIO Act by inserting after the words
"this Part" wherever occurring, the words "or Part IVA". This would ensure that the
secrecy provision that applies to members and officers of the AAT would apply to both
Part IV and IVA of the ASIO Act, reflecting the introduction of a new external merits
review framework in Part IVA. This is consistent with the terms of proposed section 36A,
which disapplies the operation of Part IV in relation to Part IVA, except for the application
of section 81.
Item 12 After Part IV
49. This item would insert new Part IVA into the ASIO Act, entitled 'Security vetting and
security clearance related activities'.
Section 82 - Purpose of this part
50. Proposed new section 82 would set out the purpose of Part IVA. Subsection 82(1) would
provide that Part IVA is made for the purposes of ASIO's new function of security vetting
and security clearance related activities in paragraph 17(1)(cb).
Subsection 82(2) would clarify that:
39
• ASIO's performance of its paragraph 17(1)(cb) function is not limited by
subsection 17(2) of the ASIO Act (which specifies limits on the Organisation
carrying out or enforcing measures for security within an authority of the
Commonwealth); and
• Paragraph 17(1)(cb) and Part IVA do not prevent any other authority of the
Commonwealth from undertaking those activities.
Section 82A - Definitions
51. Section 82A would define a number of terms used in Part IVA as set out below.
Affected person
52. An affected person:
• in relation to an internally reviewable decision, has the meaning given by
section 82H; and
• in relation to an externally reviewable decision, has the meaning given by
section 83; and
• in relation to an independently reviewable decision - has the meaning given by
section 83EA.
53. An 'affected person' pursuant to section 82H is a person in respect of whom any of the
following decisions was made by ASIO:
• to deny the person's security clearance;
• to revoke the person's existing security clearance;
• to impose a condition on, or vary a condition imposed on, the person's security
clearance, where the person is required to agree to the imposition of that
condition to be granted, or retain, the security clearance.
54. An 'affected person' pursuant to section 83 is a person in respect of whom:
• an internal reviewer affirmed or varied an internally reviewable decision under
paragraph 82L(3)(a);
• an internal reviewer denied, revoked, or imposed or varied conditions upon a
security clearance, where the person is required to agree to the imposition of that
condition to be granted, or retain, the security clearance under
paragraph 82L(3)(b);
• ASIO furnished a PSCSA to a security vetting agency.
55. An 'affected person' pursuant to section 83EA is person who, immediately before the time
the internally reviewable security clearance decision was made neither held a security
clearance nor was a Commonwealth employee, and in respect of whom:
• an internal reviewer affirmed or varied an internally reviewable decision under
paragraph 82L(3)(a);
• an internal reviewer denied or revoked a security clearance, or imposed or varied
conditions upon a security clearance, where the person is required to agree to the
imposition of that condition to be granted, or retain, the security clearance under
paragraph 82L(3)(b).
40
Authority of a State
56. An Authority of a State includes:
• a State Minister;
• a Department of State, or a Department of the Public Service, of a State;
• a Police Force of a State;
• a body, whether incorporated or not, established for public purposes by or under
a law of a State;
• a body corporate in which the State or a body established for public purposes has
a controlling interest.
57. The definition of authority of State in Part IVA is intentionally broad, and would cover all
of the entities that are captured by the equivalent definitions in both subsection 35(1) and
paragraph (b) of the definition of 'authority of a State' provided in section 4 of the ASIO
Act at the time the Bill was introduced. This definition ensures that a broad range of State
entities are captured by the definitions of security vetting agency and sponsoring agency
also contained in proposed section 82A. The definition is also used in other provisions,
including the safeguard in proposed section 82F, and proposed section 83D which would
require authorities of States to treat the findings of the AAT as superseding relevant
security clearance decisions and PSCSAs.
Externally reviewable decision
58. Externally reviewable decision has the meaning given by section 83. Subsection 83(1)
would provide that an externally reviewable decision is:
• a decision by an internal reviewer to affirm or vary an internally reviewable
decision under paragraph 82L(3)(a);
• an decision by an internal reviewer under paragraph 82L(3)(b) to deny, revoke,
or impose or vary certain conditions upon a security clearance, where the person
is required to agree to the imposition of that condition to be granted, or retain,
the security clearance;
• ASIO furnishing a PSCSA in respect of a person to a security vetting agency.
With the exception of PSCSAs, these decisions would be externally reviewable decisions
only where the person, immediately before the decision was made, held a security
clearance or was a Commonwealth employee.
Independently reviewable decision
59. Independently reviewable decision has the meaning given by section 83EA. Section 83EA
would provide that an independently reviewable decision is:
• a decision by an internal reviewer to affirm or vary an internally reviewable
decision under paragraph 82L(3)(a);
• an decision by an internal reviewer under paragraph 82L(3)(b) to deny or revoke
a security clearance or impose or vary conditions upon a security clearance,
where the person is required to agree to the imposition of that condition to be
granted, or retain, the security clearance.
Independent reviewer
41
60. An independent reviewer means an individual engaged as an independent reviewer under
section 83EF. Section 83EF would provide that the Attorney General may, from time to
time on behalf of the Commonwealth engage by written agreement, one or more
individuals as contractors to be independent reviewers for the purposes of review in
accordance with Division 3 of Part IVA, and most relevantly Subdivision C - review by
an independent review.
Internally reviewable decision
61. Internally reviewable decision has the meaning given by section 82H. Subsection 82H(1)
would provide that each of the following security clearance decisions by ASIO is an
internally reviewable decision:
• to deny a person's security clearance;
• to revoke a person's existing security clearance;
• to impose a condition on, or vary a condition imposed on, a person's security
clearance, where the person is required to agree to the imposition of that
condition to be granted, or retain, the security clearance.
62. Subsection 82H(2) would provide that a decision of an internal reviewer under subsection
82L(3) is not an internally reviewable decision. This makes it clear that a decision made
on internal review is not itself subject to internal review.
63. Subsection 82H(3) would provide that a security clearance decision in respect of a person
is not an internally reviewable decision if the person:
• is engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia; and
• either is not an Australian citizen, or (regardless of whether they are an
Australian citizen) does not normally reside in Australia.
Internal reviewer
64. Internal review has the meaning given by subsection 82L(1). Subsection 82L(1) would
provide that the internal reviewer is the person who ASIO arranges to review an internally
reviewable decision in respect of which an application has been made.
Prejudicial security clearance suitability assessment
65. A PSCSA means an SCSA in respect of a person that contains information that would or
could be prejudicial to a security clearance decision in respect of the person. For example,
an SCSA containing information that would lead to a decision to revoke a security
clearance, or expressing an opinion that the person should not be granted a security
clearance, would be a PSCSA. Certain persons in respect of whom a PSCSA is made by
ASIO would have access to external merits review of that suitability assessment in the
AAT.
42
66. The definition of PSCSA seeks to incorporate concepts from the definitions of both
qualified and adverse security assessments in Part IV of the ASIO Act. It adopts the lower
threshold provided for in the definition of qualified security assessment, in that a PSCSA
may contain information that could or would be prejudicial, and unlike an adverse security
assessment, need not contain a recommendation that action be taken or not taken that
would be prejudicial to the interest of a person. This lower threshold would ensure a broad
range of SCSAs may be categorised as PSCSAs, maximising access to external merits
review in the AAT for certain persons who may be affected by prejudicial security
clearance decisions.
Security vetting agency
67. 'Security vetting agency' means an authority of the Commonwealth, a State or an
Authority of a State, whose functions or activities include making security clearance
decisions. This includes security vetting agencies the functions of which are not legislated.
Sponsoring agency
68. 'Sponsoring agency', in relation to a security clearance, means the Commonwealth
agency, State or an authority of a State that sponsors the security clearance, or would
sponsor it if it were granted.
Section 82B - Simplified outline of this Part
69. Section 82B would insert a simplified outline of Part IVA. It specifies that Part IVA deals
with the Organisation's function in relation to security vetting and security clearance
related activities, lists some of those functions, notes the Director-General's delegation
power under section 16; notes there are some limitations on actions certain bodies or
persons can take on the basis of ASIO's communications, and some limitations on the
circumstances in which ASIO may communicate other than in the form of SCSAs; and
provides for review of certain security clearance decisions and prejudicial security
clearance suitability assessments.
Section 82C - Security vetting and security clearance related activities
70. Section 82C sets out what ASIO may do for the purposes of its function referred to in
paragraph 17(1)(cb). It places ASIO's security vetting and security clearance activities on
a statutory basis and extends ASIO's existing ability to grant, deny and revoke clearances
sponsored by ASIO to clearances sponsored by other agencies. ASIO may do any of the
activities listed in subsection 82C(1) for the purposes of performing its new security
vetting and security clearance related activities function.
71. ASIO's proposed new functions are predicated on the consent of the affected persons. The
new functions would not confer upon ASIO special powers to collect information which
would otherwise be unlawful without a warrant. Applications for a security clearance are
voluntary. Following passage of the Bill, new clearance applicants would have the
opportunity to familiarise themselves with the proposed Part IVA framework, including
the scope of ASIO's functions and powers, and their rights as current or prospective
security clearance holders. ASIO must obtain consent to collect, use and disclose personal
information (including sensitive information) for the purposes of assessing and reviewing,
including a persistent and frequent basis, eligibility and suitability for a security clearance.
To ensure consent remains current, consent must be sought at the commencement of the
application process, and on a regular basis thereafter.
43
72. If a clearance subject does not consent to security vetting, a security vetting process cannot
be undertaken. If an existing clearance holder withdraws their consent, their clearance
cannot be maintained and would ordinarily be revoked.
73. Paragraph 82C(1)(a) would provide that ASIO may undertake security vetting to assess a
person's suitability to hold a security clearance. The purpose of the security vetting
process is to determine whether an individual is suitable to hold a security clearance--that
is, whether they possess and demonstrate an appropriate level of integrity. In the security
context, integrity depends on a range of character traits that indicate the individual is able
to protect Australian Government resources. These character traits are: honesty,
trustworthiness, maturity, tolerance, resilience and loyalty.
74. The assessment of a clearance subject needs to establish confidence that they possess a
sound and stable character, and that they are not unduly vulnerable to influence or
coercion. Any doubt regarding an individual's suitability to hold a security clearance must
be resolved in the national interest.
75. Paragraph 82C(1)(b) would provide that ASIO may make security clearance decisions.
This function allows ASIO to grant, deny, suspend, revoke, and impose or vary conditions
on, a security clearance.
76. Paragraph 82C(1)(c) would provide that ASIO may undertake ongoing security vetting
and assessment of a person's suitability to continue to hold a security clearance. This is
critical to supporting the persistent, rather than point-in-time, validation of an individual's
suitability for a security clearance.
77. Paragraph 82C(1)(d) would provide ASIO may furnish an SCSA in respect of a person.
This function would be used by ASIO to furnish SCSAs to security vetting agencies,
which those security vetting agencies could use to inform their security clearance
decisions. Once furnished to a security vetting agency, SCSAs that are PSCSAs are
externally reviewable in the AAT, subject to limited exceptions. ASIO may also furnish
SCSAs to sponsors, employers or others but is under no obligation to do so. PSCSAs
furnished to such entities are not subject to external merits review.
78. Paragraph 82C(1)(e) would provide ASIO may communicate with a sponsoring agency for
a security clearance in relation to the ongoing suitability of a person to hold a security
clearance. In particular, this function would enable the sharing of information relating to
insider threats for Australia's highest level of security clearance. This supports the insider
threats program of individual sponsor agencies and the uplift of clearance sponsors'
knowledge and capability in relation to insider threat and clearance management
processes.
79. Paragraph 82C(1)(f) would provide ASIO may assume responsible for a security clearance
that has been granted to a person by another security vetting agency. This places on a
statutory footing ASIO's ability assume responsibility for a security clearance issued by
another agency.
80. Paragraph 82C(1)(g) would provide that ASIO may do anything incidental to the things
mentioned in paragraphs 82C(1)(a)-(f). This is to ensure ASIO has statutory authority to
engage in activities necessary for the exercise of those functions that is not expressly listed
in those paragraphs.
44
81. A note would be inserted under subsection 82C(1) providing that in respect of
communications made by ASIO under Part IVA, it is ASIO's responsibility to determine a
person's suitability on security grounds to hold a security clearance. In respect of a person
employed, or proposed to be employed, by a Commonwealth agency or other body, it is
the responsibility of that agency or body to determine the person's suitability on
employment grounds to be employed by that agency or body. The purpose of this note is
to make clear the delineation of responsibilities between ASIO and sponsors and
employers. While sponsors and employers are not precluded from making decisions on
security grounds on the basis of ASIO communications, it makes clear that such
employers and sponsors should have regard to ASIO's views as it is ASIO's responsibility
to make such determinations.
82. Paragraph 82C(2)(a) clarifies that, where ASIO has assumed responsibility for a security
clearance from another security vetting agency, that clearance is, from that time, taken to
have been granted by ASIO.
83. Paragraph 82C(2)(b) would provide that Part IVA applies in relation to a security
clearance decision made after that time in respect of a clearance that ASIO has assumed
responsibility for. This would provide certainty of the time at which Part IVA, including
the merits review framework, would apply to such clearances.
84. A note would be inserted under subsection 82C(2) providing that internal and AAT review
under Part IVA, do not apply to a security clearance decision made by a security vetting
agency in respect of a security clearance before the Organisation assumes responsibility
for the clearance. This makes it clear that the review rights under Part IVA apply to
security clearance decisions made by ASIO under Part IVA, not security clearance
decisions made by other agencies.
85. Subsection 82C(3) would make clear that nothing in the ASIO Act limits ASIO's ability to
impose or vary conditions on a security clearance:
• where the person is not required to agree to the condition, or the variation of the
condition, in order for the security clearance to be granted or continued;
• where the sponsoring agency for the security clearance, or the employer of the
person, must agree to the condition, or the variation of the condition, in order for
the security clearance to be granted to the person or continued in respect of the
person.
86. Paragraph 82H(1)(c) and subsection 83E(3) would provide that the imposition or variation
of a condition on a security clearance is only reviewable if the affected person must agree
to the condition for the clearance to be granted, or for the clearance to not be revoked. The
purpose of those provisions are to ensure that only those conditions that are so onerous
that a security clearance would not be issued or continued without the clearance holder's
agreement are subject to internal and external merits review.
87. Notwithstanding this, subsection 82C(3) makes it clear that ASIO's ability to impose or
vary conditions are not limited to these circumstances. ASIO may also impose conditions,
or requirements that could be perceived as conditions, upon a clearance in circumstances
where the clearance holder's consent is not required. This could include, for example, a
requirement to seek prior approval before travelling overseas, or a requirement to report
on any material change in circumstances that could affect a person's suitability to hold a
security clearance. These sorts of conditions are a routine part of holding a security
clearance, and therefore do not reach the threshold of being reviewable under Part IVA.
45
Section 82D - Director-General's powers, functions and duties
88. Proposed section 82D would provide that the powers and functions of ASIO under Part
IVA may be exercised or performed by the Director-General on behalf of ASIO.
Subsection 82C(1) would provide the powers and functions of ASIO under Part IVA,
which may be exercised by the Director-General under section 82D. The proposed note to
this subsection highlights the connection to section 16, which provides the Director-
General's power to delegate their powers under this subsection to ASIO employees or
ASIO affiliates.
89. Subsection 82D(2) imposes a duty on the Director-General to ensure that ASIO has
policies and procedures in place in relation to the exercise or performance of a function or
power under Part IVA, including policies and procedures for undertaking security vetting
of a person, and making SCSAs and security clearance decisions. The list of policies and
procedures outlined in paragraphs 82D(2)(a)-(b) is non-exhaustive.
90. Subsection 82D(2) would provide an important safeguard to ensure ASIO's new security
vetting and security clearance function are underpinned by robust policies and procedures,
which are subject to review by the IGIS. These policies and procedures would ensure
ASIO's new functions are consistently and equally applied to all security clearance
subjects to ensure consistent decision-making and security vetting best practices.
91. Subsection 82D(3) would provide that if a policy or procedure referred to in
subsection 82D(2) is in writing, the policy or procedure is not a legislative instrument.
This provision is declaratory of the fact that such a policy or procedure is not a legislative
instrument within the meaning of the Legislation Act 2003. It is included to assist readers,
as the policies and procedures referred to in subsection 82D(2) are not legislative
instruments within the meaning of subsection 8(1) of the Legislation Act 2003.
Section 82E - Communications by Organisation to another Commonwealth security
vetting agency
92. Section 82E would provide a key safeguard that ensures security clearance decisions
cannot be made by Commonwealth security vetting agencies on the basis of advice from
ASIO, unless that advice is provided in the form of an SCSA or a limited exception
applies. Where an SCSA is a PSCSA, an affected person may apply for external merits
review in the AAT unless an exception applies.
93. Given SCSAs have the potential to significantly impact an individual's livelihood,
employment prospects and reputation, it is important that Commonwealth security vetting
agencies are prohibited from making security clearance decisions on ASIO
communications unless that agency has received a formal assessment in the form of an
externally merits reviewable SCSA. This reflects the operation of Part IV of the ASIO Act
as at the time of the Bill's introduction, under which Commonwealth security vetting
agencies cannot act on ASIO's advice relating to security clearances without a security
assessment, which is reviewable if the assessment is a qualified or adverse security
assessment.
46
94. Subsection 82E(1) would provide that section 82E applies in relation to communications
by ASIO to another security vetting agency that is an authority of the Commonwealth (a
Commonwealth security vetting agency). For example, the section would apply to
communications that go towards a person's suitability to hold a security clearance on
security grounds between ASIO and a Commonwealth security vetting agency. Section
82E does not apply to communications made by ASIO to a sponsor or employing agency
to enable a free flow of information, more effective partnership and shared responsibility
between ASIO, proactive management of the insider threat capabilities of the agencies that
sponsor clearance holders, as the action taken by the sponsor or employer would not be a
security clearance decision.
95. Subsection 82E(2) would prohibit a Commonwealth security vetting agency from making,
refusing to make, or refrain from making, a security clearance decision based on a
communication made to that agency by ASIO that is not an SCSA. For example, ASIO,
may provide a Commonwealth security vetting agency with information regarding a
potential security threat that goes towards a person's suitability to hold a security
clearance on security grounds. In this situation, the Commonwealth security vetting
agency would not be able to make a security clearance decision on the basis of this
communication, until ASIO furnishes the agency with an SCSA, except in limited
circumstances.
96. The prohibition is an effective safeguard to ensure communication of relevant prejudicial
information (that is short of a SCSA), that is information which is not fully assessed by
ASIO and as such could be subject to error and change, does not result in a permanent
security clearance decision that could have significant impacts on an individual's
livelihood, employability and reputation. In this way, it encourages ASIO to communicate
security advice in the form of an SCSA, which is subject to external merits review unless
an exception applies.
97. Subsection 82E(3) would not prohibit Commonwealth security vetting agencies from
acting on communications from ASIO made under Part IVA that do not amount to a
SCSA for any purpose other than security clearance decisions. In this way,
subsection 82D(2) is different to the prohibition in subsection 39(1) of the ASIO Act on
Commonwealth security vetting agencies taking permanent prescribed administrative
action based on communications that do not amount to an adverse or qualified security
assessment. Subsection 82D(2) does not limit sponsoring or employing Commonwealth
agencies from taking actions to manage their employees on the basis of this
communication. This is critical in supporting the free flow of information, and the ability
of sponsors and employers to act upon that information in order proactively manage risk
or insider threat without the need to furnish a SCSA.
98. As section 82E only prohibits the making of security clearance decisions on the basis of
communications short of an SCSA, this means that a sponsor or employer would be able
to take:
• employment decisions that relate to access to information or places, or the
performance of activities, on security grounds (which would have been
prohibited under paragraph 35(1)(a) in the absence of a security assessment) -
such as the granting, suspending or restricting of a security clearance holder's or
applicant's access to particular information technology systems, or
• employment decisions that do not relate to security clearance decisions - such
as the granting, suspending or terminating of someone's employment,
47
without the need for an SCSA under Part IVA or a security assessment under Part IV of the
ASIO Act.
99. Subsection 82E(3) would provide that subsection 82E(2) does not prevent a
Commonwealth security vetting agency from making a security clearance decision to
temporarily suspend or revoke the suspension of a security clearance, or impose a
condition, or vary a condition imposed on, a security clearance, held by a person in
circumstances referred to in subsection 82E(4).\
100. Subsection 82E(4) sets out the circumstances in which subsection 82E(3) applies. The
circumstances are that:
• ASIO makes a communication to the Commonwealth security vetting agency
pending the furnishing of a SCSA in respect of the person; and
• The Commonwealth security vetting agency is satisfied that the requirements of
security make it necessary, as a matter of urgency, to make the security clearance
decision.
Section 82F - Communications by Organisation to State security vetting agency
101. Section 82F would provide a key safeguard that prevents ASIO from communicating
information to a security vetting agency that is a State or an authority of a State, unless
that information is an SCSA or an exception applies, if ASIO knows that agency would, or
is likely to, use the information to make a security clearance decision in respect of a
person. Where an SCSA is a PSCSA, an affected person may apply for external merits
review in the AAT unless an exception applies.
102. Subsection 82F(1) would provide that Section 82F would apply in relation to
communications made by ASIO to a security vetting agency that is a State or an authority
of a State (a State security vetting agency).
103. Subsection 82F(2) confirms ASIO may furnish an SCSA to a State security vetting agency
by providing that assessment to that agency directly, or by providing the assessment to
another Commonwealth agency that could pass it on to that agency. Subsection 82F(2)
does not limit ASIO'S function under paragraph 82B(1)(d) to furnish SCSAs.
104. Unless subsection 82F(4) applies, paragraph 82F(3)(a) prevents ASIO from
communicating to a State security vetting agency any information about a person, if ASIO
knows it is intended or likely that the information would be used to make, refuse to make
or refrain from making a security clearance decision in respect of that person.
105. Unless subsection 82F(4) applies, paragraph 82F(3)(b) prevents ASIO from
communicating to a Commonwealth agency, knowing the Commonwealth agency intends
to transmit that communication to a State security vetting agency for use in considering
whether to make, refuse to make or refrain from making a security clearance decision.
This paragraph is designed as a safeguard to prevent any circumvention of the prohibition
in paragraph 82E(3)(a) by use of a third party.
106. The clearest example of this would be in circumstances where a State security vetting
agency sought ASIO's advice in respect of a security clearance decision to be made by
them. In those circumstances, ASIO would not be able to furnish that advice unless it was
in the form of an SCSA, or the exception in subsection 82F(4) applies.
48
107. This would ensure that the communications from ASIO upon which a State security
vetting agency may make a permanent security clearance decision are subject to a rigorous
analytical process and, unless an exception applies, subject to external merits review in the
AAT if prejudicial. Given such communications have the potential to significantly impact
an individual's livelihood, employment prospects and reputation, it is important that these
communications are not made to State security vetting agencies unless in the form of an
externally merits reviewable SCSA. This would ensure individuals get an opportunity to
respond to any adverse findings that could significantly prejudice them.
108. Subsection 82F(4) would provide that ASIO may, pending the furnishing of an SCSA,
communicate to a State security vetting agency, or to a Commonwealth agency that would
transmit the information to a State security vetting agency, if the Director General of
Security, or a person authorised by the Director General of Security (under subsection
82F(6), is satisfied that the requirements of security make it necessary as a matter of
urgency for the State security vetting agency to make a security clearance decision
referred to in subsection 82F(5). The security clearance decisions referred to in subsection
82F(5) are to temporarily:
• suspend a security clearance, or revoke a suspension of a security clearance; or
• impose a condition, or vary a condition, imposed on a security clearance.
109. In these circumstances, ASIO is not required to communicate the information in the form
of an SCSA. It is essential that State security vetting agencies be able to act on preliminary
advice where there is an urgent need to suspend a clearance (or revoke a suspension), or
impose or vary conditions on a security clearance, to avoid prejudice to security, while
ASIO completes its assessment prior to furnishing a, SCSA.
110. Currently under Part IV, ASIO can only furnish a security assessment directly to a State or
indirectly via a Commonwealth agency to a State. ASIO is unable to provide preliminary
advice to state and territory authorities where it is aware that action would be taken to
limit access to information or a place, or perform an activity, on security grounds, even in
urgent circumstances. Such arrangements are resource intensive and significantly hinder
the timely provision of security assessments to state and territory authorities.
111. To overcome this barrier, subsection 82E(4) would enable ASIO to communicate
preliminary security advice directly to a State security vetting agency in urgent
circumstances, would assist the agency better respond to threats to security.
112. Subsection 82F(6) would provide that the Director-General may, in writing, authorise a
person for the purposes of subsection 82F(4) if the person is an ASIO employee, or an
ASIO affiliate, who holds, or is acting in, a position in the Organisation that is equivalent
to or higher than a position occupied by an SES employee. The effect of this is to provide
a delegation floor to ensure that any persons authorised by the Director-General are of an
appropriate level of seniority and experience. This will support administrative efficiency
given the volume of security clearance decisions and assessments it is anticipated ASIO
will need to make.
Section 82G - Statement of grounds for prejudicial security clearance suitability
assessments
49
113. Subsection 82G(1) would require ASIO to prepare a statement of grounds for PSCSAs
furnished in respect of a person. Where ASIO furnishes multiple copies of the same
PSCSAs to multiple recipients, the intention is that the same statement of grounds would
be applicable to each such PSCSA. However, where ASIO furnished multiple PSCSAs in
respect of a person but at different times and containing different information, it is
intended that a statement of grounds would need to be prepared in respect of each such
PSCSA.
114. Subsection 82G(2) ensures the statement of grounds is comprehensive by requiring ASIO
to include all information it relied on in making the PSCSA, other than information the
inclusion of which, in the opinion of the Director-General, would be prejudicial to
security. A statement of grounds is intended to contain sufficient information to allow an
affected person to make an informed decision regarding whether to seek external merits
review. However, as some of the information upon which the assessment was based may
be classified or sensitive information about security vetting capabilities and
methodologies, the Director-General must have the ability to restrict the disclosure of such
information, if disclosure would be prejudicial to security.
115. Subsection 82G(3) clarifies that the statement of grounds is taken to be part of the PSCSA.
The effect of this is that the statement of grounds would be externally merits reviewable
along with the PSCSA. An affected person would be able to respond to prejudicial
findings in the statement of grounds.
116. Subsection 82G(4) would provide for the Director-General to authorise, in writing, a
person for the purposes of subsection (2) if the person is an ASIO employee or affiliate
who holds or is acting in a position in the Organisation that is equivalent to or higher than
a position occupied by an SES employee. The effect of this is to provide a delegation floor
to ensure that any persons authorised by the Director-General are of an appropriate level
of seniority and experience. This will support administrative efficiency given the volume
of security clearance decisions and assessments it is anticipated ASIO will need to make.
Division 3 - Review of certain security clearance decisions and prejudicial security
clearance suitability assessments
117. Division 3 of the Bill would provide a policy framework for internal merits review of
ASIO security clearance decisions, and external merits review in the AAT of security
clearance decisions and PSCSAs made or furnished by ASIO.
Subdivision A - Internal review of certain security clearance decisions
118. Subdivision A of the Bill sets out the framework for internal review of security clearance
decisions by a person appointed by ASIO. The internal review framework is modelled on
Part VI of the Freedom of Information Act 1982, and is intended to provide legislative
certainty on the process for internal review by ASIO of reviewable security clearance
decisions.
119. Internal merits review would be done in alignment with Administrative Review Council
best practice with a decision to vary, revoke or change the decision being made by an
alternate decision-maker. As a matter of practice the delegate would normally be at the
same classification or higher than the original decision-maker. Given the operational
nature of this requirement whether the alternate decision-maker is more senior or not may
be determined on a case-by-case basis.
50
120. Internal review is intended to be a comprehensive process wherein applicants are invited
to provide information or evidence in support of their application, for a new decision-
maker to review their case afresh. In addition to opportunities to address matters given to
the person before the internally reviewable decision was made, internal review would
provide the applicant a chance to provide factual material and submissions why they
should obtain a favourable outcome.
121. An individual would need to exhaust internal review options before being able to apply (if
eligible) to the AAT for external merits review of the security clearance decision. Having
a mandatory internal review mechanism would not pose a barrier to external merits
review, but rather support an affected person to seek review in a less formal setting to
facilitate more constructive and free flowing conversations that would support high quality
outcomes of the review.
Section 82H - Internally reviewable decisions
122. Section 82H would provide the security clearance decisions made by ASIO that are
eligible for the internal review process. These decisions are referred to in the Bill as an
'internally reviewable decision'.
123. Paragraph 82H(1)(a) would provide that a decision by ASIO to deny a security clearance
in respect of a person (the affected person) is an internally reviewable decision.
124. Paragraph 82H(1)(b) would provide that a decision by ASIO to revoke a security clearance
held by a person (the affected person) is an internally reviewable decision.
125. Both a decision to deny or revoke a security clearance are prejudicial security clearance
decisions that could have significant impacts on an individual's livelihood, employment
prospects and reputation, making it appropriate that the affected person has an opportunity
for an alternative decision-maker to review the decision taking into account information
provided by the affected person.
126. Paragraph 82H(1)(c) would provide that a decision by ASIO to impose, or vary, a
condition on a security clearance in respect of a person (the affected) person would be an
internally reviewable decision in two circumstances.
127. First, a decision to impose or vary a condition on a clearance would be internally
reviewable if the person has not yet been granted the security clearance, and the person is
required to agree to the condition being imposed on their clearance by ASIO before the
clearance would be granted to them.
128. Second, a decision to impose or vary a condition on a clearance would be internally
reviewable where the person already holds a security clearance, and that security clearance
would be revoked if the person does not agree to ASIO adding a condition to their
clearance, or changing a condition with which they must already comply.
129. A decision to impose or vary a condition on a security clearance is reviewable regardless
of whether the person agrees to the condition - the availability of review depends on the
nature of the condition, that is, one which requires the consent of the person. A person
may agree to a condition or disagree and still seek merits review of the decision to impose
it. If ASIO imposed a condition and the person did not agree to the condition, then the
clearance would either be denied (for a new applicant) or revoked (for an existing
clearance holder). An example of such a condition would be a condition that an existing
clearance holder undergoes regular psychological counselling and assessment to
demonstrate that they continue to be suitable to hold a security clearance.
51
130. Subsection 82H(2) would make clear that the decision of an internal reviewer under
subsection 82L(3) is not itself internally reviewable. This prevents applicants from
continuously seeking internal review of a decision. For example, if a clearance applicant is
denied a security clearance and they undergo internal review of the decision, and the
outcome of internal review is still that the security clearance is denied, then the applicant
would not entitled to further internal review of that decision. Instead, the applicant could
seek external merits review in the AAT (unless an exception applied to prevent them from
doing so).
131. Subsection 82H(3) would provide that security clearance decisions in respect of persons
engaged, or proposed to be engaged, for employment outside Australia for duties outside
Australia, who are either not Australian citizens, or (regardless of whether they are
Australian citizens) not normally resident in Australia, are not internally reviewable.
Individuals subject to these decisions will not have notification rights under section 82J.
This limitation is necessary, reasonable and proportionate to achieve the legitimate
objective of protecting Australia's national security by ensuring that persons in these
circumstances, noting the heightened risk that persons engaged in these circumstances
may pose in relation to espionage, are not able to access sensitive information about
Australia's security clearance processes by engaging in merits review to exploit potential
vulnerabilities.
Section 82J - Notification of internally reviewable decision
132. Subsection 82J(1) imposes an obligation on ASIO to give notice in writing within 14 days
to the affected person and their sponsoring agency that an internally reviewable decision
has been made, and provide reasons for the decision. The notice would be given to the
sponsoring agency to assist the agency manage their security clearance holder/applicant.
133. Subsection 82J(2) would require that the notice of an internally reviewable decision must
contain prescribed information about the person's right to apply to ASIO for internal
review of the decision. Prescribed information is intended to be consistent with the intent
of the Administrative Appeals Tribunal (Code of Practice) Determination 2017 for
notifying persons of internal and external merits review rights. A written notice would
inform an affected person that an internally reviewable decision has been made and may
contain information about the merits review options available to the affected person. This
would assist the affected person in determining whether to apply for internal review.
ASIO's internal policies and procedures would provide for the type of information a notice
of an internally reviewable decisions must contain.
134. The obligation in subsection 82J(1) to give reasons ensures that an applicant would be
made aware of the basis of the security clearance decisions. Subsection 82J(3) would
provide that section 25D of the Acts Interpretation Act 1901 does not apply to such
reasons. This means that ASIO is not required to give reasons that set out the findings on
material questions of fact and refer to the evidence of other material on which those
findings were based. Section 82J sets out, without being exhaustive, matters that ASIO
may withhold from the reasons given. ASIO would be required to provide a more
comprehensive statement of grounds for security clearance decisions if AAT proceedings
are commenced (proposed section 83C).
52
135. Subsection 82J(4) would provide for the Director-General, or a person authorised under
subsection 82J(5), to exclude from the reasons given under subsection 82J(1) the
following content:
• any information relating to a standard relating to the Commonwealth's highest
level of security clearance the inclusion of which would, in the opinion of the
Director General, be prejudicial to security. As at the date of this Explanatory
Memorandum, there is more than one standard for the highest level of security
clearance;
• any information that, in the opinion of the Director General, would be contrary
to the public interest:
o because it would prejudice security, the defence of the Commonwealth
or the conduct of the Commonwealth's international affairs; or
o because it would reveal information that has been disclosed to the
Organisation in confidence; or
o for a reason that could form the basis for a claim by the Crown in right
of the Commonwealth in a judicial proceeding that the information
should not be disclosed;
• any information that, in the opinion of the Director General, could reveal the
methodology underlying a psychological assessment of the affected person.
136. This is consistent with matters that can be excluded from the statement of reasons for the
purposes of new section 83C.
137. The Australian Government's framework of protective security policy sets the standard
relating to the Commonwealth's highest level of security clearances and can be obtained
through more than one standard. During the transition phase, TOP SECRET-Privileged
Access security clearances and Positive Vetting security clearances will be the
Commonwealth's highest level of security clearance. As such, the standard for either of
these clearances would constitute the standard for the highest level of security clearance.
In due course, once PV security clearances have been replaced entirely, there may be a
circumstance where there will only be one standard.
138. Subsection 82J(5) would provide for the Director-General to authorise, in writing, a
person for the purposes of subsection (4) if the person is an ASIO employee or affiliate
who holds or is acting in a position in the Organisation that is equivalent to or higher than
a position occupied by an SES employee. The effect of this is to provide a delegation floor
to ensure that any persons authorised by the Director-General are of an appropriate level
of seniority and experience. This will support administrative efficiency given the volume
of security clearance decisions and assessments it is anticipated ASIO will need to make.
Section 82K - Application for internal review of decision
139. Subsection 82K(1) allows an affected person (as defined in proposed section 82H) to
apply for internal review.
53
140. Subsection 82K(2) stipulates the requirements of an internal review application. The
application must be in writing to ASIO, and be made within 30 days after the day the
person is given notice of the internally reviewable decision, or any further period of time
granted to the person by ASIO. The minimum 30 day period for seeking internal review
aligns with other legislative frameworks, such as the Freedom of Information Act 1982.
This would provide sufficient time for an applicant to make an application for the review.
If an affected person requires more than 30 days to submit an application for a review, a
request can be made to ASIO for an extension. ASIO may grant extensions where it
considers it appropriate to afford the affected person additional time to bring an
application for internal review, including to ensure procedural fairness to the affected
person.
Section 82L - Decision on internal review
141. Section 82L would provide the processes the internal review is to follow once a person has
applied for review in accordance with proposed section 82K.
Decision on internal review
142. Subsection 82L(1) would require ASIO to arrange for a person (the internal reviewer) to
review the decision in as timely a manner as is possible.
143. All internal reviewers would be appropriately trained and qualified in accordance ASIO
and applicable Commonwealth policies.
144. Subsection 82L(2) would provide that the internal reviewer cannot be the person who
made the decision that is subject to internal review. This ensures the internal reviewer
brings an independent and impartial mind to the review. Where possible, the internal
review would normally be a more senior officer who was not involved in the original
security clearance decision.
145. Paragraph 82L(3)(a) would provide that the internal reviewer must, on behalf of ASIO,
reconsider the internally reviewable decision and confirm, vary or set aside that decision.
146. Paragraph 82L(3)(b) would provide an internal reviewer who sets aside an internally
reviewable decision may make another security clearance decision in respect of the
affected person. The decision of the internal reviewer replaces the set aside decision. In
those circumstances, it is the replacement decision that would be subject to external merits
review in the AAT, if external review is available.
147. Subsection 82L(4) would confirm that a decision by the internal reviewer is a security
clearance decision made by ASIO within the meaning provided in paragraph 82C(1)(b) of
the Bill. It makes clear that security clearance decision includes decisions made under the
internal review process.
Notification of internal reviewer's decision
148. Subsection 82L(5) would require ASIO to notify the affected person and their sponsor
agency in writing of the internal reviewer's decision and reasons for the decision within 14
days of the decision being made. A sponsoring agency, along with the affected person
would be given notice of the internal reviewer's decision in order to inform the agency of
the outcome of the internal review to ensure they can manage the security clearance
subject appropriately.
54
149. Subsection 82L(6) would provide that if an internal reviewer's decision is an externally
reviewable decision, the notice to the individual must contained prescribed information
concerning the affected person's right to apply to the AAT under Subdivision B for review
of the decision. Prescribed information is intended to be consistent with the intent of the
Administrative Appeals Tribunal (Code of Practice) Determination 2017 for notifying
persons of internal and external merits review rights.
150. Subsection 82L(6A) would provide that if the internal reviewer's decision under
subsection (3) is an independently reviewable decision under Subdivision C, the notice
given under subsection (5) must also contain prescribed information concerning the
affected person's right to apply to an independent reviewer under Subdivision C for
review of the decision. This would ensure the affected person has the relevant information
to know how to make an application for independent review.
151. Subsection 82L(7) would provide that section 25D of the Acts Interpretation Act 1901
does not apply to the internal reviewer's reasons given under subsection (5). This means
that ASIO is not required to give reasons that set out the findings on material questions of
fact and refer to the evidence of other material on which those findings were based. ASIO
would be required to provide a more comprehensive statement of grounds for security
clearance decisions if AAT proceedings are commenced (proposed section 83C).
152. Further, subsection 82L(8) would provide that the Director-General, or a person authorised
under subsection 82L(9), may exclude from the reasons given under subsection 82L(5) the
following content:
• any information relating to a standard relating to the Commonwealth's highest
level of security clearance the inclusion of which would, in the opinion of the
Director General, be prejudicial to security. As at the date of this Explanatory
Memorandum, there is more than one standard for the highest level of security
clearance;
• any information that, in the opinion of the Director General, would be contrary
to the public interest:
o because it would prejudice security, the defence of the Commonwealth
or the conduct of the Commonwealth's international affairs; or
o because it would reveal information that has been disclosed to the
Organisation in confidence; or
o for a reason that could form the basis for a claim by the Crown in right
of the Commonwealth in a judicial proceeding that the information
should not be disclosed;
• any information that, in the opinion of the Director General, could reveal the
methodology underlying a psychological assessment of the affected person.
153. This is consistent with matters that can be excluded from the statement of reasons for the
purposes of proposed section 83C.
55
154. Subsection 82L(9) would provide for the Director-General to authorise, in writing, a
person for the purposes of subsection (8) if the person is an ASIO employee or affiliate
who holds or is acting in a position in the Organisation that is equivalent to or higher than
a position occupied by an SES employee. The effect of this is to provide a delegation floor
to ensure that any persons authorised by the Director-General are of an appropriate level
of seniority and experience. This will support administrative efficiency given the volume
of security clearance decisions and assessments it is anticipated ASIO will need to make.
Subdivision B - Review by the Administrative Appeals Tribunal of certain security
clearance decisions and security clearance suitability assessments
155. Subdivision B of the Bill sets out the framework for external review of both security
clearance decisions and PSCSAs by the AAT.
156. Unless the exception at subsection 83(3) applies, an affected person would have a right to
seek external merits review in the AAT in the following circumstances:
(a) if the internal reviewer appointed by ASIO under paragraph 82L(1) makes a security
clearance decision in respect of a person who, immediately before the time the
internal reviewer made the decision, held a security clearance or was a
Commonwealth employee, to deny, revoke, or impose or vary certain conditions
upon a security clearance; and
(b) the person is the subject of a PSCSA furnished by ASIO.
Section 83 - Externally reviewable decisions
157. Subsection 83(1) sets out the decisions of an internal reviewer in respect of which an
affected person, who, immediately before the time the internal reviewer made the decision,
held a security clearance or was a Commonwealth employee, may seek AAT review (each
an externally reviewable decision).
158. Paragraph 83(1)(a) would provide that a decision by an internal reviewer to affirm an
internally reviewable decision in respect of a person (the affected person) who,
immediately before the time the internally reviewable decision was made, held a security
clearance or was a Commonwealth employee, is AAT reviewable.
159. Paragraph 83(1)(b) would provide that a decision to vary an internally reviewable decision
in respect of a person (the affected person) who, immediately before the time internally
reviewable decision was made, held a security clearance or was a Commonwealth
employee, is AAT-reviewable.
160. Paragraph 83(1)(c) would provide that each of the following decisions by an internal
reviewer in respect of a person (the affected person) who, immediately before the time the
internally reviewable decision was made, held a security clearance or was a
Commonwealth employee, are AAT reviewable:
• under subparagraph 83(1)(c)(i), a decision to deny a security clearance;
• under subparagraph 83(1)(c)(ii), a decision to revoke a security clearance; and
• under subparagraph 83(1)(c)(iii), a decision to impose a condition, or vary a
condition already imposed, on a security clearance, where the affected person is
required to agree to the condition for the person to be granted or retain the
security clearance.
56
161. The intention of subsection 83(1) is to ensure that an affected person, who, immediately
before the time the internal reviewer made the decision, held a security clearance or was a
Commonwealth employee, may seek external merits review in the AAT of a decision by
an internal reviewer that is prejudicial to the affected person, unless an exception applies.
162. Subsection 83(2) would provide that a PSCSA furnished by ASIO to a security vetting
agency is an externally reviewable decision. The effect is that the person who is the
subject of the PSCSA (the affected person) may apply to the AAT for external review,
unless an exception applies. An individual would not have external merits review rights
for a PSCSA that ASIO furnishes to any entity that is not a security vetting agency. This
means, for example, that sponsors and employers would be able to proactively manage
their clearance holders, including to address insider threats, but that a PSCSA that is
furnished to an authorised security vetting agency who may make a security clearance
decision based on that assessment, would be subject to external merits review unless an
exception applies.
163. As a sponsor or employer that is not a security vetting agency would not be able to make
security clearance decisions, it is not necessary to extend external merits review for
security clearance decisions or assessments in those circumstances. While employment
decisions would not be reviewable under the new Part IVA of the ASIO Act, the new Part
IVA of the ASIO Act would not affect a person's right to seek legal remedies for breaches
of contracted employment arrangements or statutory employment rights, or through other
causes of action.
164. Subsection 83(3) would provide that a security clearance decision, or a PSCSA, in respect
of a person is not an externally reviewable decision if the person:
• is engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia; and
• either is not an Australian citizen, or (regardless of whether they are an
Australian citizen) does not normally reside in Australia.
165. Non-Australians and non-residents engaged or proposed to be engaged for duties outside
Australia would not have access to external merits review for assessments or decisions.
Merits review would be excluded, for example, for locally engaged staff at Australian
embassies outside Australia where they required an Australian security clearance to
perform their role. In those circumstances, in the interests of security, there should not be
an obligation to afford a foreign national external review rights. However, SCSAs in
relation to the suitability to hold a security clearance of non-citizens and non-residents
engaged, or proposed to be engaged, inside Australia would be not excluded from
notification and review rights. This is consistent with existing section 36(1)(a) of the
ASIO Act.
166. Subsection 83(1) would provide that a security clearance decision is not an externally
reviewable decision if, immediately before the time the internal reviewer made the
security clearance decision, the person neither held a security clearance nor was a
Commonwealth employee.
167. Subsection 83(4) would define a Commonwealth employee as a person:
57
• who is an APS employee; or employed under the Members of Parliament (Staff)
Act 1984; or a Parliamentary Service employee (within the meaning of the
Parliamentary Service Act 1999); or a member of the Defence Force; or a
member of the Australian Federal Police (within the meaning of the Australian
Federal Police Act 1979) or a special member (within the meaning of that Act);
or an employee of an agency within the NIC (within the meaning of the Office
of National Intelligence Act 2018); and
• who has completed any period of probation that applies to the employment; and
• who is not employed in a Commonwealth company (within the meaning of the
Public Governance, Performance and Accountability Act 2013) or corporate
Commonwealth entity (within the meaning of that Act).
168. A note would be inserted under subsection 83(4) to clarify that a person is not a
Commonwealth employee if the person is engaged as a consultant, contractor or
subcontractor.
169. For security clearance decisions issued by ASIO, new applicants who do not hold a current
security clearance or are not Commonwealth employees (as defined in subsection 83(4))
would not have rights to external merits review in the AAT. \
170. Prejudicial security assessments under Part IV of the ASIO Act are presently reviewable in
the AAT subject to limited exceptions, including if they relate to the engagement, or
proposed engagement, of a person as a staff member by AIC agencies - ASIO, ASIS,
AGO, ASD, DIO and ONI. The section 36(1)(c) exception for AIC agencies was passed
by Parliament in 2011. In practice, current and new staff members of these agencies have
no rights to external merits review for ASIO's adverse or qualified security assessments
under Part IV, and they also have no rights to external merits review for adverse security
clearance decisions made by security vetting agencies.
171. The policy rationale for excluding external review for new applicants who do not hold a
current security clearance or are not Commonwealth employees is that Australia is
confronted by a security environment that is complex, challenging and changing. The
threat to Australians from espionage and foreign interference is higher than at any time in
Australia's history. In this context, the threats are higher for new applicants who would
not yet have a sufficient understanding of their security obligations or have not
participated in security awareness training and are therefore less able to manage these
threats. New applicants also bring a lower level of assurance, in that they have not
previously undergone an organisational suitability assessment and do not have an existing
track record as a Commonwealth employee.
58
Section 83A - Notification of prejudicial security clearance suitability assessment
that is externally reviewable decision
172. Subsection 83A(1) would provide that within 14 days after the day on which ASIO
furnishes a PSCSA that is an externally reviewable decision to a security vetting agency,
the security vetting agency must give the affected person notice in writing of the
assessment and a copy of the assessment. This includes a copy of the statement of grounds
for the assessment, prepared pursuant to subsection 82G(1). The note to subsection 83A(1)
would highlight that the statement of grounds for a security suitability assessment is taken
to be part of the assessment under subsection 82G(3). Subsection 82G(3) has the effect
that the statement of grounds would be externally merits reviewable alongside the PSCSA.
An affected person would be able to respond to any prejudicial findings in the statement of
grounds relied on by ASIO to furnish a PSCSA.
173. Subsection 83A(2) would provide that a notice that is given under subsection 83A(1) must
contain prescribed information concerning the affected person's right to apply to the AAT
for review of the PSCSA. It is intended that prescribed information would be consistent
with the intent of the Administrative Appeals Tribunal (Code of Practice) Determination
2017 for notifying persons of internal and external merits review rights. A written notice
would inform the affected person of the externally decision that has been made and their
right to seek external merits review, which would assist the affected person in supporting
their claim in the AAT.
174. Paragraph 83A(3)(a) would provide that subsections 83A(1) and 83A(2) do not apply if
the Minister gives a certificate in accordance with paragraph 83A(4)(a) in respect of the
notice for the PSCSA.
175. Paragraph 83A(3)(b) would provide that if the Minister gives a certificate in accordance
with paragraph 83A(4)(b) in respect of the statement of grounds for the PSCSA, the copy
of the statement of grounds, or that part of the statement to which the certificate applies,
must not be given to the affected person.
Certificate to withhold notice or statement of grounds
176. Subsection 83A(4) would enable the Minister to, by writing signed by the Minister and
delivered to the Director-General, certify that the Minister is satisfied that:
• the withholding of notice of the PSCSA in respect of the affected person is
essential to the security of the nation (paragraph (a)); or
• the disclosure to an affected person of the statement of grounds for the PSCSA
in respect of the affected person, or a particular part of that statement, would
be prejudicial to the interests of security (paragraph (b)).
177. Subsection 83A(4) is consistent with existing practices in Part IV of the ASIO Act.
Withholding notice of the assessment means the affected person would not be made aware
that advice from ASIO was involved in making the decision by the other security vetting
agency, and that may be appropriate where it is essential to the security of the nation.
59
178. The lack of notice of the PSCSA would not preclude the relevant security vetting agency
that used the PSCSA to inform their security clearance decision from giving the affected
person notice of their decision - for example, of a decision by that agency to deny the
clearance. The effect of not notifying the affected person about a PSCSA is that they
would not be able to access external merits review. However, subsection 83A(5) would
provide a safeguard in that the Minister must consider whether to revoke a certificate
12 months after the certificate to withhold notice is given.
179. Depending on any risks associated with disclosing information in the statement of
grounds, the Minister has the option to certify that the statement of grounds, in full or in
part, be withheld from the affected person, if the Minister is satisfied that it would be
prejudicial to the interests of security. This is critical in the protection of sensitive national
security information that would be prejudicial to the interests of security if disclosed to the
affected person.
180. Subsection 83A(5) would provide that if the Minister gives a certificate under
subsection 83A(4), the Minister must cause a copy of the certificate to be delivered to the
security vetting agency to which the assessment was furnished, and the sponsoring agency
for the security clearance in relation to which the assessment was furnished. In receiving
this certificate, the security vetting agency and the sponsoring agency would be made
aware of the security risks involved in a case and be able to manage their security
clearance holder/applicant and notification accordingly.
181. Subsection 83A(6) would require the Minister to consider whether to revoke a certificate
given under subsection 83A(4) before the end of 12 months after it was given, or each 12
month period after the Minister last considered whether to revoke it. As the affected
person is not made aware of an SCSA, subsection 83A(6) acts as a safeguard to ensure that
the individual is only prevented from accessing external merits review until the security
risk is no longer relevant. Ministerial accountability is key to this as disclosure of such
information may harm the security of nation and attract criticism from the public, making
it crucial that a decision to revoke a certificate be made by the Minister.
182. Subsection 83A(7) would provide for the Minister to, in writing, delegate the Minister's
powers and functions under paragraph (4)(b) to an ASIO employee or affiliate who holds
or is acting in a position in the Organisation that is equivalent or higher than a position
occupied by an SES employee. The effect of this is to provide a delegation floor to ensure
that any persons authorised by the Director-General are of an appropriate level of seniority
and experience. This will support administrative efficiency given the volume of security
clearance decisions and assessments it is anticipated ASIO will need to make.
183. Subsection 83A(8) would provide that in performing a function or exercising a power
under a delegation under subsection (7), the delegate must comply with any written
directions of the Minister.
Subsection 83B - Application to the Administrative Appeals Tribunal
184. Subsection 83B(1) would provide that an application may be made to the AAT for review
of a security clearance decision or an SCSA that is an externally reviewable decision.
185. A note to subsection 83B(1) refers to section 27AA of the AAT Act which would provide
who can apply for a review under this section. An application can be made to the AAT by
a person:
60
• in respect of whom a security clearance decision or SCSA that is an externally
reviewable decision is made and who has been given notice in accordance with Part
IVA; and
• for a review of the findings of the AAT on the ground that the applicant has fresh
evidence of material significance that was not available at the time of the previous
review, by the person who applied for the review in which the findings were made.
186. Subsection 83B(2) would provide that at any time after the completion of a review by the
AAT of the security clearance decision or SCSA, an application may be made to the AAT
for review of the AAT's findings on the ground that the applicant has fresh evidence of
material significance that was not available at the time of the previous review. Broadly,
fresh evidence is evidence available which the applicant could not previously have
discovered by the use of reasonably diligence which could affect the findings that were
made by the AAT. It is not enough for an affected person with new evidence to re-open a
matter because the new evidence also has to be of material significance. This is to prevent
a litigious or vexatious applicant from re-opening the matter several times on the basis of
new evidence, which is not only an administrative burden for the AAT but also a misuse
of the Tribunal's resources.
Subsection 83C - Statement of grounds for security clearance decision
187. Unlike a person subject of a PSCSA who may receive a statement of grounds when a
PSCSA is furnished, a person the subject of a prejudicial security clearance decision
would only receive a statement of grounds should they make an application to the AAT for
external review. This is because, unlike for PSCSAs, the Bill introduces rights to internal
merits review for prejudicial security clearance decisions which need to be exhausted
before proceeding to external merits review. As with the existing provision in Part IV, the
Bill would provide a mechanism to ensure that applicants do not need to be provided with
security classified information that might be contained in the statement of grounds.
188. Subsection 83C(1) would provide that this section applies if the Director-General is
notified under Part IV of the AAT Act of an application to the AAT for the review of a
security clearance decision that is an externally reviewable decision.
189. Subsection 83C(2) would provide that, as soon as practicable, after the Director-General
receives notice of the application, ASIO must prepare a statement of grounds for the
security clearance decision, and subject to subsections 83C(5) and (7) give a copy of the
statement of grounds to the affected person. The statement of grounds would be given to
the affected person in an as timely manner as possible to ensure the applicant has
sufficient time to consider the information to support their claim in the AAT, and avoid
significant delays to the external merits review process in the AAT.
190. A note to be inserted under subsection 83C(2) refers to subsection 38A(1B) of the
AAT Act to clarify that the Director-General of Security must also lodge a copy of the
statement of grounds with the AAT. It is intended that the copy lodged with the AAT
would be the full statement of grounds without any part of it withheld for security reasons.
Providing the AAT with the full version of the statement of grounds would assist the AAT
consider all the relevant information the ASIO decision-maker relied on to make the
review of a security clearance decision, and make independent findings.
191. Subsection 83C(3) would provide that the statement of grounds must contain all of the
information that has been relied on by ASIO in making the security clearance decision.
61
192. Subsection 83C(4) would provide that for the purposes of Part IVA, the statement of
grounds is taken to be part of the security clearance decision. This would have the effect
that the statement of grounds would be externally merits reviewable alongside the security
clearance decision. An affected person would be able to respond to any prejudicial
findings in a copy of the statement of grounds given to them that was relied on by ASIO to
make a prejudicial security clearance decision.
193. Subsection 83C(5) would provide that if the security clearance decision is in respect of the
Commonwealth's highest level of security clearance, the copy of the statement of grounds
given to the affected person must not include:
• any information relating to a standard relating to the Commonwealth's highest
level of security clearance that was used to make the decision if the inclusion of
the information would, in the opinion of the Director General, or a person
authorised by the Director-General under subsection (8), be prejudicial to
security. As at the date of this Explanatory Memorandum, there is more than one
standard for the highest level of security clearance;
• any information that, in the opinion of the Director General, or a person
authorised by the Director-General under subsection (8), would be contrary to
the public interest:
o because it would prejudice security, the defence of the Commonwealth
or the conduct of the Commonwealth's international affairs; or
o because it would reveal information that has been disclosed to the
Organisation in confidence; or
o for a reason that could form the basis for a claim by the Crown in right
of the Commonwealth in a judicial proceeding that the information
should not be disclosed;
• any information that, in the opinion of the Director General, could reveal the
methodology underlying a psychological assessment of the affected person.
194. This provision prevents the disclosure of information relating to the standard for the
highest security clearance, which is a classified document that is only available to
practitioners conducting security vetting for the highest security clearance, other
information the disclosure of which would be contrary to the public interest, or
information that could reveal the methodology underlying a psychological assessment of
the affected person. Protection of this information is crucial to prevent information relating
to the security clearance process the Bill seeks to uplift and strengthen, or otherwise
sensitive national security information, from being disclosed to applicants in respect of
whom there may be security concerns.
195. As the Commonwealth's senior official responsible for advising the Australian
Government on security, it is appropriate that it is the opinion of the Director-General of
Security that is relevant to whether information should be withheld from an applicant,
subject to the objective criteria set out in the Bill. The Director-General of Security is best
placed to make such assessments.
62
196. Subsection 83C(6) would provide that the Minister may certify that the Minister is
satisfied that the disclosure of information with respect to matter stated in the certificate,
or the disclosure of the contents of a document, would be contrary to the public interest
because it would prejudice security. A certificate under this provision must be written,
signed by the Minister, and delivered to the Director-General.
197. Subsection 83C(7) relates to certificates to withhold contents of statement of grounds.
Subsection 83C(7) would provide that if the Minister gives a certificate in accordance with
subsection (6) in respect of information or document contained in the statement of grounds
for the security clearance decision, the copy of the statement of grounds, or that part of the
statement to which the certificate applies, must not be given to the affected person.
198. Depending on any risks associated with disclosing information in the statement of
grounds, the Minister has the option to certify that the statement of grounds, in full or in
part, be withheld from the affected person, if the Minister is satisfied that it would be
prejudicial to the interests of security. This is critical in the protection of sensitive national
security information that would be prejudicial to the interests of security if this were to be
disclosed to the affected person.
199. Subsection 83C(8) would provide for the Director-General to authorise, in writing, a
person for the purposes of subsection 83C(5) if the person is an ASIO employee or
affiliate who holds or is acting in a position in the Organisation that is equivalent to or
higher than a position occupied by an SES employee. The effect of this is to provide a
delegation floor to ensure that a person authorised by the Director-General are of an
appropriate level of seniority and experience. This will support administrative efficiency
given the volume of security clearance decisions and assessments it is anticipated ASIO
will need to make.
200. Subsection 83C(9) would provide for the Minister to, in writing, delegate the Minister's
powers and functions under subsection 83C(6) to an ASIO employee or affiliate who
holds or is acting in a position in the Organisation that is equivalent or higher than a
position occupied by an SES employee.
201. Subsection 83C(10) would provide that in performing a function or exercising a power
under a delegation under subsection (9), the delegate must comply with any written
directions of the Minister.
Subsection 83D - Effect of Findings
202. The provisions in section 83D are modelled on Part IV of the ASIO Act. They require
ASIO to comply with the AAT's findings, but enable ASIO to make new decisions and
assessments where new information has come to light.
203. Subsection 83D(1) would provide that if a security clearance decision or PSCSA has been
reviewed by the AAT, every Commonwealth agency, State or authority of a State for
which the decision or assessment is relevant, and any tribunal, person or authority having
power to hear appeals from, or to review, a decision with respect to the security clearance
decision or PSCSA, must treat the findings of the AAT, to the extent that they do not
affirm the security clearance decision or PSCSA, as superseding that decision or
assessment. This ensures that the AAT's findings are binding and cannot be disregarded.
63
204. Subsection 83D(2) would provide that if the AAT has made findings upon a review of a
security clearance decision or PSCSA that is an externally reviewable decision, ASIO
must not make a further security clearance decision or SCSA in respect of the affected
person that is not in accordance with the AAT's findings except on the basis of matters
occurring after the review or of which evidence was not available at the time of the
review. This ensures that ASIO is able to make new security clearance decisions or furnish
new SCSAs in light of new information not considered by the AAT.
Section 83E - Conclusive Certificates
205. Subsection 83E(1) would provide that the Minister may, in exceptional circumstances,
issue a conclusive certificate in relation to a security clearance decision or PSCSA that is
an externally reviewable decision if the Minister believes that it would be prejudicial to
security to change the decision or assessment, or it would be prejudicial to security for the
decision or assessment to be reviewed.
206. Subsection 83E(2) would provide that the AAT must not review, or continue to review, a
security clearance decision or an PSCSA in relation to which the Minister has issued a
conclusive certificate under subsection 83E(1).
207. Under Part IV of the ASIO Act, the Minister for Home Affairs may issue a certificate
preventing notice of an adverse or qualified security assessment going to an affected
person, which in turn prevents that person from accessing external merits review in the
AAT where it is essential to security to do so.
208. Consistent with the policy underlying that approach, this provision would enable the
Minister to prevent a matter from going to external merits review, or for AAT review to
continue in relation to a matter. A conclusive certificate would only be issued in
exceptional circumstances where doing so would be prejudicial to security. This reflects
that decisions and assessments under Part IVA would generally impact Australian citizens
and therefore a higher threshold is appropriate. This higher threshold is necessary to
address scenarios where the foreign intelligence threat is extreme, or where the
circumstances involved are so serious that it would not be in Australia's security interests
to enable external merits review.
Subdivision C - Review by an independent reviewer
Section 83EA - Independently reviewable decisions
209. Subdivision C would provide for review of decisions made by an internal reviewer under
section 82L(3) of the Bill in respect of persons that are not eligible for external review
through the AAT because they do not hold a security clearance at any level or are not
Commonwealth employees.
210. Subsection 83EA(1) would provide that, for the purposes of Division 3, each of the
following security clearance decisions by an internal reviewer, on behalf of the
organisation, is an independently reviewable decision:
• an internal reviewer affirmed an internally reviewable decision under paragraph
82L(3)(a);
• an internal reviewer varied an internally reviewable decision under paragraph
82L(3)(a);
64
• an internal reviewer denied or revoked a security clearance, or imposed or varied
conditions upon a security clearance, where the person is required to agree to the
imposition of that condition to be granted, or retain, the security clearance under
paragraph 82L(3)(b).
211. Subsection 83EA(2) would provide that despite subsection 83EA(1), a security clearance
decision in respect of a person is not an independently reviewable decision if the person:
• is engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia; and
• either is not an Australian citizen, or (regardless of whether they are an
Australian citizen) does not normally reside in Australia.
212. Subsection 83EA(3) would provide that for the purposes of section 83EA a
Commonwealth employee means a person:
• who is an APS employee; or employed under the Members of Parliament (Staff)
Act 1984; or a Parliamentary Service employee (within the meaning of the
Parliamentary Service Act 1999); or a member of the Defence Force; or a
member of the Australian Federal Police (within the meaning of the Australian
Federal Police Act 1979) or a special member (within the meaning of that Act);
or an employee of an agency within the NIC (within the meaning of the Office
of National Intelligence Act 2018); and
• who has completed any period of probation that applies to the employment; and
• who is not employed in a Commonwealth company (within the meaning of the
Public Governance, Performance and Accountability Act 2013) or corporate
Commonwealth entity (within the meaning of that Act).
213. A note would be inserted under subsection 83EA(3) to clarify that a person is not a
Commonwealth employee if the person is engaged as a consultant, contractor or
subcontractor.
214. This definition of Commonwealth employee is consistent with the definition that would be
provided in section 83 for the purposes of externally reviewable decisions by the AAT.
Section 83EB - Application for independent review of decision
215. Subsection 83EB(1) would provide that an affected person for the purposes of subsection
83EA may apply for review of an independently reviewable decision. An affected person
for the purposes of section 83EA is a person who, immediately before the time the
internally reviewable security clearance decision was made, neither held a security
clearance nor was a Commonwealth employee, and in respect of whom:
• an internal reviewer affirmed or varied an internally reviewable decision under
paragraph 82L(3)(a);
• an internal reviewer denied or revoked a security clearance, or imposed or varied
conditions upon a security clearance, where the person is required to agree to the
imposition of that condition to be granted, or retain, the security clearance under
paragraph 82L(3)(b).
65
216. Subsection 83EB(2) would provide that an application for review must be made, in
writing, to an independent reviewer within 30 days after the day the person is given notice
of the decision under section 82L(5); or any further period that an independent reviewer
allows.
217. The note following subsection 83EB(2) would assist the reader by providing that the
notice given to the affected person of the independently reviewable decision must contain
prescribed information concerning the person's right to apply to an independent reviewer
for review of the decision (see subsection 82L(6A)).
218. Subsection 83EB(3) would provide that as soon as practicable after receiving an
application made in accordance with subsection (2), the independent reviewer must:
• decide whether to review the independently reviewable decision; and
• give the affected person, the Director-General and the sponsoring agency for the
security clearance in relation to which the independently reviewable decision
was made notice in writing of the independent reviewer's decision on whether
to perform the review.
Section 83EC - Director-General to provide information to independent reviewer
219. Subsection 83EC(1) would provide that, if the Director-General receives notice under
subsection 83EB(3)(b) that the independent reviewer has decided to review the
independently reviewable decision, the Director-General must, in as timely a manner as
possible, provide the independent reviewer all of the information relied on by the internal
reviewer in making the independently reviewable decision.
220. Subsection 83EC(2) would provide that the Director-General may provide to the
independent reviewer a copy of any standard (or part thereof) certified in writing by the
Director-General as a standard relating to the Commonwealth's highest level of security
clearance that was used to make the independently reviewable decision. As at the date of
this Explanatory Memorandum, there is more than one standard for the highest level of
security clearance
221. Subsection 83EC(2) would not limit the requirement on the Director-General under
subsection 83EC(1) to provide the independent reviewer all of the material relied upon in
making the independently reviewable decision.
222. A note would be inserted under subsection 83EC(2) to clarify that a standard relating to
the Commonwealth's highest level of security clearance is part of the Australian
Government's framework of protective security policy.
223. Subsection 83EC(3) would provide that the independent reviewer may, in writing, request
that the Director-General seek information from the affected person for the purposes of the
independent review.
224. Subsection 83EC(4) would provide that if the Director-General receives a request from the
independent reviewer under subsection 83EC(4), the Director-General must use their best
endeavours to seek the requested information from the affected person, and provide that
information to the independent reviewer.
225. Subsection 83EC(5)(a) would provide that the independent reviewer must comply with
any reasonable directions of the Director-General relation to the protection or handling of
information that is provided to the independent reviewer under section 83E.
66
226. Subsection 83EC(5)(b) would provide that the independent reviewer must do all things
necessary to ensure that any information provided to the internal reviewer (including any
copy of a standard provided to the independent reviewer under subsection (2)) is not
disclosed to the applicant.
227. Subsection 83EC(6) would enable the Director-General to delegate their powers under
subsection 83EC(2) to an ASIO employee or affiliate.
228. Subsection 83EC(7) would enable the Director-General to delegate their powers under
subsection 83EC(5)(a) to an ASIO employee, or an ASIO affiliate, who holds, or is acting
in, a position in the Organisation that is equivalent to or higher than a position occupied by
an SES employee.
229. Subsection 83EC(7) would provide that the Director-General's delegate under subsection
(6) or (7) must comply with any written directions of the Director-General.
Section 83ED Independent review of decision
230. Subsection 83ED(1) would provide that section 83ED applies if the independent reviewer
has decided under subsection 83EB(3) to review the independently reviewable decision.
231. Subsection 83ED(2) would provide that the independent must review the decision in as
timely a manner as is possible.
232. Subparagraph 83ED(3)(a) would provide that, in reviewing the decision, the independent
reviewer must consider all of the information provided to the independent reviewer by the
Director-General under section 83EC.
233. Subparagraph 83ED(3)(b) would provide that, if the Director-General has provided a
certified copy of a standard (or part thereof) under subsection 83EC(2) the independent
reviewer must apply that standard (or part thereof).
234. Subsection 83ED(4) would provide that an independent reviewer must, after reviewing the
independently reviewable decision, give the Director-General in writing the independent
reviewer's opinion as to whether the decision was reasonably open to have been made by
the internal reviewer who made the decision.
235. Subsection 83ED(5) would provide that the independent reviewer must also give a copy of
the opinion provided under subsection 83ED(4) to the IGIS.
236. Subsection 83ED(6) would provide that, within 14 days after the day on which the
independent reviewer gave the Director-General the opinion under subsection 83ED(4),
the independent reviewer must give the affected person, and the sponsoring agency for the
security clearance in relation to which the reviewed decision was made, notice that the
opinion has been given.
237. Subsection 83ED(7) would provide that the independent reviewer must not give the
opinion to the affected person or sponsoring agency.
Section 83EE - Director-General's consideration of independent reviewer's opinion
238. Subsection 83EE(1) would provide that, if the independent reviewer has given the
Director-General an opinion in relation to the independently reviewable decision, the
Director-General must, as soon as practicable, consider the opinion and decide whether to
take any action.
67
239. A note would be inserted following subsection 83EE(1) to clarify that the action may
include the Director-General causing the making of a new security clearance decision by
the Organisation in respect of the affected person.
240. Subsection 83EE(2) would provide that, as soon as practicable after deciding whether to
take any action, the Director-General must give written notice of the Director-General's
decision to:
• the affected person; and
• the IGIS; and
• the sponsoring agency for the security clearance in relation to which the
independently reviewable decision was made.
241. Subsection 83EE(3) would provide that, if the Director-General decides to take action by
causing the Organisation to make a new security clearance decision in respect of the
person under Division 2, the Director-General must ensure that new decision is not made
by:
• The internal reviewer who made the independently reviewable decision
(subparagraph 83EE(3)(a); or
• The person who made the internally reviewable decision in respect of which the
internal review made the independently reviewable decision (subparagraph
83EE(3)(b)).
242. Subsection 83EE(4) would provide that the Director-General may, in writing, delegate the
Director-General's powers and functions under subsection (1) to an ASIO employee, or an
ASIO affiliate, who holds, or is acting in, a position in the Organisation that is equivalent
to or higher than a position occupied by an SES employee.
243. Subsection 83EE(5) would provide that the Director-General's delegate under subsection
(4) must comply with any written directions of the Director-General.
Section 83EF - Attorney-General may engage independent reviewers
244. Subsection 83EF(1) would provide that the Attorney-General may, on behalf of the
Commonwealth, engage one or more individuals, as contractors, to be an independent
reviewer for the purposes of Subdivision C.
245. Subsection 83EF(2) would clarify the engagement of the independent reviewer must be by
written agreement.
246. Subsection 83EF(3) would provide that the Attorney-General must not engage a person to
be an independent reviewer unless the Attorney-General is satisfied that the person has
appropriate skills or qualifications to perform the role, and that the person holds a security
clearance that is the Commonwealth's highest level of security clearance.
247. Subsection 83EF(4) would provide that a person must not be engaged as an independent
reviewer if the person is a current, or former, ASIO employee or ASIO affiliate.
68
Division 4 - Other matters relating to review by the Administrative Appeals Tribunal
Section 83F - Reference of certain matters to the Administrative Appeals Tribunal by
Attorney-General
248. Section 83F is based on section 65 in Part IV of the ASIO Act, and would provide a
mechanism for the Attorney-General to have the AAT inquire and report into certain
matters.
249. Subsection 83F(1) would provide that the section applies if:
• ASIO has furnished to a security vetting agency an SCSA in respect of a person,
other than a PSCSA of which a copy has been delivered to that person in
accordance with Part IVA (paragraph (a)); or
• ASIO has made a security clearance decision in respect of a person other than a
security clearance decision which is an internally reviewable decision or an
externally reviewable decision (paragraph (b)).
250. Subsection 83F(2) empowers the Attorney-General to, if satisfied that it is desirable to do
so by reason of special circumstances, require the AAT to:
• inquire and report to the Attorney-General and the Minister upon any question
concerning the furnishing of the SCSA or the making of the security clearance
decision (paragraph (a)); or
• review the SCSA or security clearance decision and any information or matter
on which the assessment or decision was based (paragraph (b)).
251. Subsection 83F(3) would provide that if the Attorney-General makes a requirement of the
AAT under subsection 83F(2), the AAT must comply with the requirement and report its
findings to the Attorney-General and the Minister.
252. Subsection 83F(4) would provide that for the purposes of determining whether it is
desirable to make a requirement of the AAT under subsection 83F(2) in relation to a
matter, the Attorney-General may request the IGIS to inquire into the matter or into a
specified aspect of the matter, and report to the Attorney-General and the Minister the
results of the inquiry.
253. Subsection 83F(5) would provide that if the Attorney-General makes a request of the IGIS
under subsection 83F(4), the IGIS must comply with the request.
254. Subsection 83F(6) would provide that the constitution and procedure of the AAT under
this section shall be as determined by the President.
255. Subsection 83F(7) would provide that sections 43 and 43AAB of the AAT Act, and
subsection 83D(1) of the ASIO Act, do not apply in relation to a review under this section.
256. Subsection 83F(8) would provide that if the AAT has made findings under section 83F,
the Attorney-General must, subject to the requirements of security, take or cause to be
taken such action in relation to those findings, by way of communication or publication of
the findings or alteration of records, as the Attorney-General considers appropriate in the
interests of justice.
257. This provision serves as an additional safeguard in respect of ASIO's SCSAs and security
clearance decisions that would not otherwise be reviewable. This would ensure that ASIO
remains accountable for decisions that are not otherwise reviewable under the framework.
69
Item 13 Application provisions
258. This item would insert an application provision on the following terms.
• (Subsection (1)) ASIO's proposed security vetting function in
paragraph 82C(1)(a) would apply in relation to security vetting undertaken on or
after the commencement of this item, other than security vetting undertaken for
the purposes of:
o a security clearance decision that was under consideration immediately
before the commencement of this item; or
o a security assessment commenced under Part IV of that Act before the
commencement of this item that had not been furnished before that
commencement.
• (Subsection (2)) ASIO's proposed security clearance decision making function
in proposed paragraph 82C(1)(b):
o would apply in relation to a security clearance decision made on or after
the commencement of this item in respect of a security clearance,
whether the security clearance was granted before, on or after the
commencement of the item; but
o would not apply in relation to a security clearance decision that was
under consideration immediately before the commencement of the item.
• (Subsection (3)) ASIO's proposed function of undertaking ongoing security
vetting and assessment in paragraph 82C(1)(c) would apply in relation to the
ongoing security vetting and assessment, after the commencement of the item,
in respect of a security clearance whether the security clearance was granted
before, on or after the commencement of the item.
• (Subsection (4)) ASIO's proposed function of furnishing SCSAs in
paragraph 82C(1)(d) would apply in relation to a security clearance suitability
assessment furnished on or after the commencement of this item in respect of a
person, whether or not the person held a security clearance before the
commencement of this item.
• (Subsection (5)) ASIO's proposed function of communicating with sponsoring
agencies in relation to a person's ongoing suitability to hold a security clearance
in paragraph 82C(1)(e) would apply in relation to a communication, on or after
the commencement of the item, in respect of a security clearance whether the
security clearance was granted before, on or after the commencement of the item.
• (Subsection (6)) ASIO's proposed function of assuming responsibility for
security clearances in paragraph 82C(1)(f), would apply in relation to a security
clearance for which ASIO assumes responsibility on or after the commencement
of the item, whether the security clearance was granted before, on or after the
commencement of the item.
• (Subsection (7)) To avoid doubt, the ASIO Act, as in force immediately before
the commencement of this item, would continue to apply in relation to the
following:
70
o a security assessment commenced under Part IV before the
commencement of the item that had not been furnished before that
commencement;
o a security assessment furnished under Part IV before the commencement
of the item;
o any communication made pending the furnishing of a security
assessment mentioned in either point above, whether the communication
was made before, on or after the commencement of the item.
• (Subsection (8)) To avoid doubt, nothing in the Division would affect the
capacity of a security vetting agency other than the Organisation to make a
security clearance decision on the basis of a security assessment mentioned in
the point above.
259. The purpose of this application provision is to ensure that matters in train before
commencement of the Bill would continue to be dealt with under Part IV of the ASIO Act,
to ensure an orderly transition of ASIO's operations from Part IV to Part IVA.
Division 2 - Amendments to other Acts
Administrative Appeals Tribunal Act 1975
Overview
260. The Bill would amend the Administrative Appeals Tribunal Act 1975 (the AAT Act) to
enable security clearance decisions and SCSA to be brought for consideration to the AAT.
As would be provided for in section 83 of the Bill all persons other than:
• persons who are not existing Commonwealth employees, or do not hold an existing
security clearance; and
• persons engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia, who are either not Australian citizens, or (regardless of
whether they are Australian citizens) not normally resident in Australia.
would have access to external merits review in the AAT for prejudicial security clearance
decisions made by ASIO.
261. As would be provided for in section 83 of the Bill, for prejudicial security clearance
suitability assessments furnished by ASIO to a security vetting agency, all persons other
than those engaged, or proposed to be engaged, for employment outside Australia for
duties outside Australia, who are either not Australian citizens, or (regardless of whether
they are Australian citizens) not normally resident in Australia would have access to
external merits review in the AAT.
71
Item 14 Subsection 3(1)
262. This item would insert new definitions for security clearance decision, security clearance
suitability assessment, security vetting agency and sponsoring agency into subsection 3(1)
of the AAT Act. These definitions have the same meaning as in the Australian Security
Intelligence Organisation Act 1979 (the ASIO Act).
Item 15 Paragraph 17B(2)(a)
263. This item would insert in paragraph 17B(2)(a) of the AAT Act a reference to section 83B
of the ASIO Act. Subsection 17B of the AAT Act sets out powers of the AAT which can
only be exercised by the Security Division of the AAT. Section 83B of the ASIO Act is
a new section that would be inserted by the Bill that deals with applications to the AAT for
review of a security clearance decision or security clearance suitability assessment that
would be externally reviewable decisions as defined in new section 83 of the ASIO Act.
Item 16 Subsection 19E(1)
264. This item would insert in subsection 19E(1) of the AAT Act a reference to subsection
83F(6) of the ASIO Act. Section 19E of the AAT Act deals with the constitution of the
Security Division of the AAT. Section 83F of the ASIO Act would be a new section
inserted by the Bill that would provide for the referral of certain matters to the AAT by the
Attorney-General, and new subsection 83F(6) would provide that the constitution and
procedure of the AAT under new section 83F(6) must be as determined by the President of
the AAT.
Item 17 Before subsection 27AA(1)
265. This item would insert at the beginning of section 27AA of the AAT Act a new
subheading "Applications under Part IV of the Australian Security Intelligence
Organisation Act 1979". Section 27AA sets out what applications under the ASIO Act can
be reviewed by the AAT.
Item 18 At the end of section 27AA
266. This item would insert a new subheading and new subsections at the end of section 27AA
of the AAT Act. Section 27AA sets out what applications under the ASIO Act can be
reviewed by the AAT. New subsections 27AA(4), (5) and (6) of the AAT Act would deal
with applications under Part IVA of the ASIO Act.
267. Subsection 27AA(4) of the AAT Act would allow an application under new
subsection 83B(1) of the ASIO Act for review of a security clearance decision or security
clearance suitability assessment to be made by a person in respect of whom the decision or
suitability assessment was made and who has, in accordance with Part IVA of the ASIO
Act, been given notice of the decision or suitability assessment. New subsection 83B(1)
would allow an application to be made to the AAT for review of a security clearance
decision or SCSA that is an externally reviewable decision. A new note under new
subsection 83B(1) refers to section 27AA of the AAT Act for ease of reference.
72
268. Subsection 27AA(5) of the AAT Act would allow an application under new
subsection 83B(2) of the ASIO Act for review of the findings of the AAT on a review of a
security clearance decision or security clearance suitability assessment that may be made
by the person who applied for the review in which the findings were made. New
subsection 83B(2) would provide that at any time after the completion of a review by the
AAT of a security clearance decision or security clearance suitability assessment an
application may be made to the AAT for review of the findings of the AAT on the ground
that the applicant has fresh evidence of material significance that was not available at the
time of the previous review.
269. Subsection 27AA(6) of the AAT Act would permit the AAT to review its previous
findings if the AAT is satisfied that an application referred to in subsection 27AA(5) of the
AAT Act is justified, and the AAT Act applies in relation to such a review and the
findings in such a review as if it were the review of a security clearance decision or SCSA.
Item 19 Paragraph 29(1)(ca)
270. This item would insert in paragraph 29(1)(ca) of the AAT Act a reference to new
subsection 83B(1) of the ASIO Act. Amended paragraph 29(1)(ca) sets out, in addition to
the other requirements set out under subsection 29(1), what an application under
subsection 54(1) or 83B(1) of the ASIO Act must be accompanied by, being a copy of the
assessment as given to the applicant, and a statement indicating any part or parts of the
assessment with which the applicant does not agree and setting out the grounds on which
the application is made. Subsection 83B(1) of the ASIO Act would be a new subsection
inserted by the Bill that would allow an application to be made to the AAT for review of a
security clearance decision or security clearance suitability assessment that is an externally
reviewable decision.
Item 20 Paragraph 29(1)(ca)
271. This item would insert in paragraph 29(1)(ca) of the AAT Act a reference to a security
clearance suitability assessment. This change would provide that the requirements set out
under paragraph 29(1)(ca) apply in respect of an application made under subsection 54(1)
or 83B(1) of the ASIO Act for review of a security assessment or a SCSA.
Item 21 Subparagraphs 29(1)(ca)(i) and (ii)
272. This item would insert in subparagraph 29(1)(ca)(i) and (ii) a reference to suitability
assessment.
Item 22 Paragraph 29(1)(cb)
273. This item would insert in paragraph 29(1)(cb) of the AAT Act a reference to subsection
83B(2) of the ASIO Act. Amended paragraph 29(1)(cb) sets out, in addition to the other
requirements set out under subsection 29(1), what an application under subsection 54(2) or
83B(2) of the ASIO Act must be accompanied by, being a statement setting out the
grounds on which the application is made. Subsection 83B(2) would provide for when an
application may be made to the AAT for review of the findings of the AAT on the ground
that the applicant has fresh evidence of material significance that was not available at the
time of the previous review.
Item 23 Section 29B (heading)
274. This item changes the heading of section 29B to "Notice of application under Australian
Security Intelligence Organisation Act".
73
Item 24 Section 29B
275. This item would insert "(1)" before "If an application". This change moves the text that
was previously in section 29B into new subsection 29B(1).
Item 25 At the end of section 29B
276. This item would insert new subsection 29B(2) in the AAT Act. Subsection 29B(2) would
provide that where an application is made to the AAT for a review of a security clearance
decision or SCSA, the Registrar (at the AAT) must give a copy of the application, and of
the statement lodged with the application, to:
• the Director-General of Security; and
• for an application for review of a security clearance decision--the sponsoring
agency (within the meaning given by new section 82A of the ASIO Act) for the
security clearance in relation to which the security clearance decision was made; and
• for an application for review of a SCSA--the security vetting agency (within the
meaning given by new section 82A of the ASIO Act) to which the suitability
assessment was given.
Item 26 After subsection 38A(1)
277. This item would insert new subsections 38A(1A) and 38A(1B) into the AAT Act.
278. Subsection 38A(1A), would apply in the situation where an application for review of a
SCSA is made where the ASIO Minister has given a certificate in respect of a statement of
grounds in accordance with new paragraph 83A(4)(b) of the ASIO Act.
Paragraph 83A(4)(b) would provide that the disclosure to an affected person of the
statement of grounds for the PSCSA in respect of the affected person, or a particular part
of that statement, would be prejudicial to the interests of security.
279. In this situation the Director-General of Security would be required to, as soon as
practicable after receiving notice of the application, lodge with the AAT:
(a) a copy of the certificate; and
(b) a copy of the whole of the suitability assessment (including a copy of the statement
of grounds prepared for the SCSA under new section 82G of the ASIO Act.)
280. Subsection 38A(IB), would apply in the situation where an application for review of a
security clearance decision is made. In this situation the Director-General of Security,
would be required to, as soon as practicable after receiving notice of the application lodge
with the AAT:
(a) a copy of the statement of grounds prepared for the security clearance decision under
new section 83C of the ASIO Act; and
(b) a copy of the certificate, in the situation where the ASIO Minister has given a
certificate certifying in accordance with new subsection 83C(6) of the ASIO Act.
74
Item 27 Subsection 38A(2)
281. This item would insert a reference to new subsections 38A(1A) or (1B) into subsection
38A(2) of the AAT Act to prevent the AAT, at any time, from telling the applicant of the
existence of, or permit the applicant to have access to any copy or particulars of, a
certificate of the ASIO Minister referred to in those subsections or any matter to which the
certificate relates.
Item 28 After section 39A
282. This item would insert new section 39BA into the AAT Act, which deals with the
procedure for the reviewing of a security clearance decision or SCSA in the Security
Division of the AAT.
283. New 39BA is entitled 'Procedure in Security Division review of security clearance
decisions or security clearance suitability assessment'.
284. Subsection 39BA(1) would require the AAT to review the decision or suitability
assessment in accordance with new section 39BA where an application for a review of a
security clearance decision or SCSA is made to the AAT.
285. Subsection 39BA(2) would provide that the parties to the proceedings are the Director-
General of Security and the applicant. In addition, the relevant sponsor may (but is not
compelled to) adduce evidence and make submissions, and so may the relevant authorised
vetting agency for SCSA reviews. For example, a sponsor or vetting agency may provide
further information about behaviours in the workplace of a clearance subject to support a
claim made in relation to a SCSA.
286. Subsection 39BA(3) would ensure that ASIO presents to the AAT the information that is
both (i) available to the Director-General of Security and (ii) relevant to the findings made
in the statement of grounds for the security clearance decision or SCSA. This provision is
modelled on subsection 36K(3) of the Australian Crime Commission Act 2002.
287. Subsection 39BA(4) would provide that the Director-General of Security may present to
the AAT a copy of any standard (or part of any standard) certified in writing by the
Director-General of Security as the standard relating to the Commonwealth's highest level
of security clearance that was used to make the security clearance decision or security
clearance suitability assessment or a copy of any standard (or part of any standard)
certified in writing by the Director-General of Security as the current standard relating to
the Commonwealth's highest level of security clearance. As at the date of this Explanatory
Memorandum, there is more than one standard for the highest level of security clearance.
288. Subsection 39BA(5) would provide that the Director-General of Security may present both
copies of the standard referred to in paragraphs (4)(a) and (b) (or part of any standard) to
the AAT.
289. Subsections 39BA(6) to 39BA(21) would mirror subsections 39A(6) to 39A(18) of the
AAT Act to ensure consistency with the existing legislative regime in relation to the right
of parties to be present, security/defence certificates, protection of identity of person
giving evidence, evidence and submissions, and dismissal of application. However, the
Minister could delegate the power under s39B(11) to person holding or acting in a position
equivalent or higher than a position occupied by an SES employee.
75
290. Subsection 39BA(22) would provide that the Minister may, in writing, delegate the
Minister's powers and functions under subsection 39BA(11) to an ASIO employee or
affiliate who holds or is acting in a position in the Organisation that is equivalent or higher
than a position occupied by an SES employee. Furthermore, subsection 39BA(23) would
require a delegate under subsection 22 to comply with any written directions of the
Minister.
Item 29 Section 39B (heading)
291. This item would change the heading of section 39B of the AAT Act to "Certain documents
and information not to be disclosed in certain Security Division reviews".
Item 30 Subsection 39B(10) (heading)
292. This item would change the heading of section 39B of the AAT Act to "Certificate lodged
under section 38A".
Item 31 Subsection 39B(10)
293. This item would insert into subsection 39B(10) of the AAT Act a reference to new
subsections 38A(1A) and (1B) to ensure that, in the situation where the Director-General
of Security has lodged with the AAT a certificate of the ASIO Minister in accordance with
those new subsections, the certificate is also taken to certify to the AAT that the disclosure
of the information to which the certificate relates would be contrary to the public interest
because it would prejudice security.
Item 32 Subsection 39B(10)
294. This item would insert into subsection 39B(10) of the AAT Act a reference to new
subsections 83A(4) and 83C(6) of the ASIO Act to ensure that a certificate of the ASIO
Minister given under these new subsections of the ASIO Act is also taken to be a
certificate certifying to the AAT that the disclosure of the information to which the
certificate relates would be contrary to the public interest because it would prejudice
security, in the situation where the Director General of Security has lodged with the AAT
this certificate.
Item 33 Subsection 39B(10)
295. This item would insert the words into subsection 39B(10) so that it confirms that the
certificate which is 'taken to be a certificate' is taken to be a certificate under subsection
39B(2).
Item 34 At the end of section 39B
76
296. This item would add new subsections 39B(12) and 39B(13) which would provide that the
ASIO Minister may, by signed writing, delegate the ASIO Minister's power under
subsection 39B(2), to the extent it applies in relation to review of a security clearance
decision or security clearance suitability assessment, to an ASIO employee, or an ASIO
affiliate, who holds, or is acting in, a position in ASIO that is equivalent to or higher than
a position occupied by an SES employee. Further, in exercising a power under such
delegation, the delegate must comply with any written directions of the ASIO Minister.
Item 35 At the end of Division 4 of Part IV
297. This item would insert new section 39C into the AAT Act, which deals with the
consideration and disclosure of certain documents in relation to the review of security
clearance decisions and SCSA.
298. New 39C is entitled 'Review of security clearance decisions and SCSAs - considerations
and disclosure of certain documents and information'.
299. Subsection 39C(1) would provide that section 39C applies to a proceeding in the Security
Division for a review of a security clearance decision or a SCSA in respect of the
Commonwealth's highest level of security clearance.
300. Subsection 39C(2) would require the AAT to apply any standard certified by the Director
General under subsection 39BA(4) provided to the AAT by the Director-General of
Security in reviewing security clearance decisions or SCSAs in relation to the
Commonwealth's highest level security clearance. This would ensure that the AAT cannot
review a security clearance decision or SCSA in relation to the Commonwealth's highest
level security clearance and not be bound by the same standard as ASIO in making its
decision or assessment.
301. Subsection 39C(3) would, subject to sections 39C and 46, require the AAT to do all things
necessary to ensure that a copy of any standard (or part thereof), presented to the AAT
under subsection 39BA(4), or any information contained in it, is not disclosed to the
applicant or any person other than:
(a) a member of the AAT as constituted for the purposes of the proceeding; or
(b) the Director-General of Security or the Director-General's representative.
302. Subsection 39C(4) would apply subsection 39C(5), if the AAT is provided with a
document containing information (defined as 'sensitive information') certified in writing
by the Director-General of Security as being information that in the opinion of the
Director-General of Security, or a person authorised by the Director-General under
subsection 39C(9), would be contrary to the public interest because it would prejudice
security, the defence of the Commonwealth or the conduct of the Commonwealth's
internal affairs or because it would reveal information that has been disclosed to ASIO in
confidence or for a reason that could form the basis for a claim by the Crown in the right
of the Commonwealth in a judicial proceeding that the information should not be
disclosed, or could reveal the methodology underlying a psychological assessment of the
applicant.
77
303. The intention of this provision would be to ensure that sensitive information is
appropriately protected at the AAT, which is fundamental to the integrity of the vetting
process and protection of Australia's national security. Subsection 39C(5) would apply so
that the AAT must, subject to sections 39C and 46, do all things necessary to ensure that
the sensitive information provided to the AAT is not disclosed to the applicant or any
person other than:
• a member of the AAT as constituted for the purposes of the proceeding; or
• the Director-General of Security or the Director-General's representative.
304. Subsection 39C(6) would operate so that subsections 39C(3) and 39C(4) do not apply in
relation to disclosure to the applicant or a person representing the applicant to the extent
that the information has already been lawfully disclosed to the applicant or is disclosed to
the applicant with the consent of the Director-General of security.
305. Subsection 39C(7) would not prevent the disclosure of a copy of any standard (or part of
the standard), presented to the AAT under subsection 39BA(4), any information contained
in it, or any sensitive information referred to in subsection 39C(4) to a member of the
AAT staff in the course of their performance of the staff member's duties. This subsection
is required to ensure that AAT staff can carry out their duties as required.
306. Subsection 39C(8) would apply to exclude the operation, apart from this section, of any
rules of law relating to the public interest that would otherwise apply in relation to the
disclosure in a proceeding of any standard (or part of the standard), any information
contained in it, or any sensitive information referred to in subsection 39C(4).
307. Subsection 39C(9) would provide for the Director-General to authorise, in writing, a
person for the purposes of subsection (4) if the person is an ASIO employee or affiliate
who holds or is acting in a position in the Organisation that is equivalent to or higher than
a position occupied by an SES employee. The effect of this is to provide a delegation floor
to ensure that a persons authorised by the Director-General are of an appropriate level of
seniority and experience. This will support administrative efficiency given the volume of
security clearance decisions and assessments it is anticipated ASIO will need to make.
Item 36 Subsection 43(1A)
308. This item would insert a reference to sections 43AAA and 43AAB of the AAT Act and
subsections 65(3) and subsection 83F(7) of the ASIO Act in subsection 43(1A) which
provides for the AAT's decision on review.
Item 37 After subsection 43(1)
309. This item would insert subsection 43(1AA) which would limit the AAT's decision making
power in relation to a security clearance decision only to affirm the decision under review
or set aside the decision under review and remit the matter back to ASIO for
reconsideration in accordance with any directions or recommendation from the AAT.
Item 38 At the end of subsection 43AAA(1)
310. This item would insert the words "of a security assessment" to clarify that section 43AAA
would apply to a review in the Security Division of a security assessment.
78
Item 39 After section 43AAA
311. This item would insert new section 43AAB, which deals with the findings of the Security
Division in the AAT when reviewing a security clearance decision or SCSA.
312. Subsection 43AAB(1) would provide that section 43AAB applies to a review in the
Security Division of a security clearance decision or SCSA.
313. Subsection 43AAB(2) would provide that upon the conclusion of a review, the AAT must
make and record its findings in relation to the security clearance decision or SCSA, and
those findings may state the opinion of the AAT as to the correctness of, or justification
for any recommendation, opinion, advice or information contained in the security
clearance decision or SCSA.
314. Subsection 43AAB(3) would prevent the AAT from making findings in relation to a
security clearance decision or a SCSA that would, under new subsection 83D(1) of the
ASIO Act, have the effect of superseding any information that is, under new section 82G
or 83C of the ASIO Act, taken to be part of the decision or assessment unless those
findings state that, in the AAT's opinion, the information is incorrect, is incorrectly
represented or could not reasonably be relevant to the requirements of security.
315. Subsection 43AAB(4), would, subject to subsection 43AAB(5), require the Tribunal to
cause copies of its findings to be given to the applicant, the Director-General of Security,
the ASIO Minister and the relevant body. For findings in relation to a security clearance
decision--the relevant body would be the sponsoring agency for the security clearance in
relation to which the security clearance decision was made. For findings in relation to a
SCSA-- the relevant body would be the security vetting agency to which the suitability
assessment was given.
316. Subsection 43AAB(5) would permit the AAT to direct that the whole or a particular part
of its findings (so far as they relate to a matter that has not already been disclosed to the
applicant) is not to be given to the applicant or the relevant body.
317. Subsection 43AAB(6), would require that subject to any direction by the AAT, the
applicant is entitled to publish, in any manner that the applicant thinks fit, the findings of
the AAT so far as they have been given to the applicant.
318. Subsection 43AAB(7) would permit the AAT to attach to a copy of findings to be given to
the Director-General of Security under this section any comments the AAT wishes to
make on matters relating to procedures or practices of ASIO that have come to the AAT's
attention as a result of a review.
319. Subsection 43AAB(8) would require the AAT to give the Minister a copy of any
comments attached as mentioned in subsection 43AAB(7).
Item 40 At the end of subsection 46(2)
320. This item would insert a note after subsection 46(2) which clarifies for the reader that
subsection 39B(10) of the Australian Security Intelligence Organisation Act 1979 deems
certain certificates referred to in subsection 39B(10) to be certificates under
subsection 39B(2).
Item 41 After subsection 46(3)
321. This item would insert new subsections 46(3A) and 46(3B) of the AAT Act.
79
322. Subsection 46(3A) would require that if the Federal Court of Australia or the Federal
Circuit and Family Court of Australia (Division 2), is sent a copy of the standard (or part
of the standard) referred to in subsection 39C(2) of the AAT Act or a document containing
any sensitive information referred to in subsection 39C(4); the relevant court must (subject
to this section) do all things necessary to ensure that the copy of the standard, (or part of
the standard), or any information contained in the standard, or the sensitive information, is
not disclosed to any person, other than a member of the court as constituted for the
purposes of the proceeding; or the Director-General of Security or the Director-General's
representative.
323. Subsection 46(3B) would provide that subsection 46(3A) does not provide in relation to
disclosure to the person who was the applicant, or a person representing the person who
was the applicant, in the proceedings before the AAT to the extent that the information has
already been lawfully disclosed to the person or is disclosed to the person with the consent
of the Director-General of Security.
Item 42 Section 69B (heading)
324. This item changes the heading of section 69B to "Costs in certain Security Division
reviews".
Item 43 Paragraph 69B(1)(a)
325. This item would replace paragraph 69B(1)(a) relating to "Costs in certain Security
Division Reviews" and would apply in the situation where the person makes an
application under section 54 or new section 83B of the ASIO Act to the AAT for a review
of a security assessment, a security clearance decision, or a security clearance suitability
assessment in respect of the person. This amended paragraph would allow the AAT to
order that the costs reasonably incurred by the applicant in connection with the application
or any part of those costs that is determined by the AAT, be paid by the Commonwealth.
Item 44 Amendments of listed provisions--section 39BA
326. This item would insert references to new section 39BA into various provisions.
Office of National Intelligence Act 2018
Overview
327. The amendments to the ONI Act would provide ONI with a new function to provide
quality assurance, reporting and advice in relation to the highest level of security
clearances issued by the Commonwealth, and to assist Commonwealth authorities that
sponsor those clearances to establish and maintain those authorities' capability to prevent
and detect insider threats.
328. This new function would enable a new Quality Assurance Office (QAO) within ONI to
independently assess the quality, consistency, and transferability of the highest-level of
security clearances, and drive the uplift of the insider threat capability of agencies that
sponsor these clearances. ONI and ASIO would continue to be overseen by the IGIS.
80
Item 45 Section 3
329. This item amends the simplified outline of the Act at section 3 of the ONI Act to provide
that ONI's functions include providing quality assurance and advice in relation to the
Commonwealth's highest level of security clearances. This reflects ONI's new function
that would be introduced into the ONI Act by the Bill.
Item 46 After paragraph 7(1)(b)
330. This item would insert proposed paragraph 7(1)(ba) into the ONI Act. Proposed
paragraph 7(1)(ba) is a new function for ONI to:
• provide quality assurance, reporting and advice to support the consistency and
transferability of the highest level of security clearances issued by the
Commonwealth; and
• assist the Commonwealth authorities that sponsor those security clearances to
establish and maintain those authorities' capability to prevent and detect insider
threats.
331. This would make it clear that ONI can provide a quality assurance function, including
audit and review activities, against policy and procedures relevant to the highest level of
security clearance. The QAO would then be able to report on these activities to appropriate
parts of government and the executive, and provide advice on concerns and process
improvements as appropriate.
332. In assisting Commonwealth authorities that sponsor those security clearances, the QAO
would be able to engage agencies and articulate appropriate measures and programs to
prevent and detect insider threats. The QAO also be able to work with agencies to ensure
the robustness of those measures, including through the provision of training, education
and advice.
Item 47 After subsection 10(2)
333. This item would insert proposed subsection 10(2A) into the ONI Act, which would
provide that paragraphs 10(2)(b) and 10(2)(d) of the ONI Act do not prevent ONI from
undertaking its function under paragraph 7(1)(ba).
334. Paragraphs 10(2)(b) and 10(2)(d) are limitations on ONI's functions. Paragraph 10(2)(b)
provides that ONI's functions do not include conducting inquiries into individual
complaints about an intelligence agency or an agency with an intelligence role or function.
ONI, including the QAO, does not have a specific complaints handling function, and the
inquiries the QAO would make under its quality assurance function are not the type of
activities undertaken by the IGIS pursuant to the IGIS Act. However, this amendment
would make it clear that the QAO is not precluded from conducting reviews and collecting
information relating to the processes for making decisions relating to the highest level of
security clearance, and managing such clearances. This includes where complaints have
been made in respect of those processes.
81
335. Paragraph 10(2)(d) provides that ONI's functions do not include inquiring into the
legality, propriety or integrity of activities undertaken by an intelligence agency; or an
agency with an intelligence role or function. While legality, propriety and integrity are not
the QAO's focus, this amendment would make clear the QAO may incidentally identify,
consider and, where appropriate, report or refer such concerns where they arise. For the
avoidance of doubt, the inquiries the QAO would make are not of the type the IGIS can
undertake pursuant to the IGIS Act, including as part of its inspection role.
Item 48 At the end of section 39
336. This item would insert proposed subsection 39(3) into the ONI Act, which would provide
that for the purpose of ONI performing its function under paragraph 7(1)(ba) of the ONI
Act, any Commonwealth authority may provide to ONI information, documents or things
that relate, or may relate, to that function, even if doing so would not otherwise fall within
the Commonwealth authority's statutory functions. This would make clear that
Commonwealth agencies that sponsor the highest level of security clearance have the
authority communicate with ONI in respect of ONI's new insider threat functions,
regardless of whether such communications would ordinarily fall within their functions.
Part 2 - Other Amendments
Inspector-General of Intelligence and Security Act 1986
337. The IGIS is an independent statutory office holder who reviews the activities of Australian
intelligence agencies under IGIS jurisdiction, including ONI and ASIO. The purpose of
this review is to ensure that these agencies act legally and with propriety, comply with
ministerial guidelines and directives and respect human rights. The IGIS can undertake a
formal inquiry into the activities of an Australian intelligence agency in response to a
complaint or at the request of the Attorney-General or the responsible Minister. The IGIS
can also act independently to initiate inquiries and conducts regular inspections and
monitoring of agency activities, including those undertaken by ONI and ASIO.
Item 49 Subparagraph 8(1)(c)(i)
338. This item amends subparagraph 8(1)(c)(i) of the Inspector-General of Intelligence and
Security Act 1986 (IGIS Act). This section sets out a function of the IGIS is to inquire into
the action (if any) that should be taken to protect the rights of a person who is an
Australian citizen or a permanent resident in a case where ASIO has furnished a report to a
Commonwealth agency (as defined in Part IV of the ASIO Act), which is not reviewable
by the AAT and may result in the taking of action by that agency that is adverse to the
interests of the person.
339. This item omits the words 'Part IV of' from subparagraph 8(1)(c)(i) of the IGIS Act. This
reflects a technical change the Bill would make to the ASIO Act, under which the
definition of "Commonwealth agency" would move from Part IV of the Act to section 4.
82
Index]
[Search]
[Download]
[Bill]
[Help]