AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1994 >> [1994] PrivLawPRpr 149

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "Review of ASIO's security assessments" [1994] PrivLawPRpr 149; (1994) 1(10) Privacy Law & Policy Reporter 194

Review of ASIO's security assessments

Report of the Parliamentary Joint Committee on the Australian Security Intelligence Organisation (ASIO) & Security Assessment - A review of security assessment procedures, June 1994

The Committee, chaired by Mr Russ Gorman MP, is established under Pt VA of the Australian Security Intelligence Organisation Act 1979 (the ASIO Act). It received a reference under s 92C to review Pt IV of the Act concerning security assessments. The review was held partly in public and partly in camera.

The Report generally endorses and continues the direction set by Justice Hope's two Royal Commissions into security and intelligence matters in 1974 and 1984, the recommendations of which form the current framework for security assessment.

A key factor in the operation of security assessments is that each agency, not ASIO, has final responsibility for making access decisions, and for the consequent protection of national security or confidential information from overseas. ASIO's role is to provide advice.

Security classifications

The Protective Security Manual (PSM), which defines security procedures for Commonwealth agencies, defines three levels of national security clearance (with corresponding levels of national security classified documents to which these people may have access): confidential secret, and top secret. These levels require Pt IV ASIO clearance, and are now called Designated Security Assessment Positions (DSAP). The remaining national security document classification, restricted, does not require a security clearance.

After the 1984 Hope Royal Commission, a new category of clearance, Positions of Trust (POT), not requiring a Pt IV ASIO clearance, was created.

From 1988-1989 to 1992-1993, the number of 'access' security assessments sought declined by 40 per cent, from 18,059 to 11,372, though the number of top secret checks remained the same. Some of this decline can be attributed to the creation of the Positions of Trust category in 1991.

In 1992-1993 only one adverse security clearance was issued by ASIO, and no qualified assessments (see below) were issued.

ASIO's vetting process

ASIO's security clearance process involves the following steps:

  1. The agency requires the subject to complete a security questionnaire, concerning 'activities, associates, background, beliefs and character' (see Appendix C of the Report) which is passed to ASIO.
  2. ASIO registry staff check the subject and others mentioned in the questionnaire against ASIO's own security database.
  3. A processing officer in the Security Assessment Branch examines the questionnaire and any 'traces' from the ASIO database to determine if there are any concerns (ranging from 'activities prejudicial to security' to 'vulnerabilities that might be exploited').
  4. If appropriate, the processing officer initiates checks with co-operating foreign authorities. If there is no cause for security concern, a non-prejudicial assessment is issued.
  5. If a cause for concern is identified, an assessing officer (a) initiates any investigative activity; and (b) may arrange for an interview of the subject to check the ASIO information.
  6. If the assessing officer identifies a vulnerability, the assessing officer (a) may give the subject a briefing on security awareness; and (b) makes a security assessment (which is passed for decision to the necessary level of ASIO management).

The report indicates that most agencies are 'satisfied with the current arrangements or argued for a reduced role for ASIO'. The Public Sector Union (PSU) was satisfied with ASIO's role in the current system. The Committee concluded that the balance between the role of ASIO and that of agencies was correct.

Qualified assessments

ASIO can only communicate three forms of assessment to agencies: non-prejudicial, adverse, or qualified. The first two are unambiguous advice, but agencies indicated that they have considerable difficulties with qualified assessments. ASIO admitted that agencies tended to interpret such assessments as ASIO stating that there is cause for concern, but not resolving it by recommending against access. ASIO does not see qualified assessments in this way, claiming that it uses them to advise agencies of matters they should know where it does not wish to recommend against access. ASIO proposed a new category, 'non-prejudicial with advice'.

The Committee rejected any new category because it opposed 'any arrangement that would diminish the already limited right of review'. The problem is that the Security Appeals Tribunal has no jurisdiction concerning how the agency interprets the assessment; it can only review the advice from ASIO.

Uncheckable backgrounds

The Department of Primary Industries and Energy (DPIE) expressed concern that ASIO was not reporting 'uncheckable background' of staff recruited overseas, in areas of sensitive commercial/economic interests. The issue is whether ASIO should issue a non-prejudicial or a qualified assessment when it is not able to assess all aspects of a subject's background.

Prior to 1984, ASIO issued qualified assessments in all such cases, leaving it to the agency to evaluate the significance of the 'missing' information. Following decisions by the Security Appeals Tribunal in 1984, 'which held that ASIO was only justified in issuing a qualified assessment where it could attach some cogency to the absent information', it ceased this practice. ASIO now considers that the significance of such an inability to check varies greatly, and 'sees little merit in advising of an inability to check background, unless that inability is a cause for legitimate security concern'. The Committee agrees with ASIO's approach, for the reasons mentioned above.

The agencies are the problem

The Report makes it clear that 'ASIO's involvement is only one part of the clearance process', and a diminishing part, particularly since the creation of Positions of Trust (POT). The Department of Defence, for example, conducts about 17,000 security interviews a year in relation to POT classifications (40 per cent more that all ASIO assessments), and other large agencies do likewise. These POT clearances indicate, according to the Committee, that 'widespread over-classification of positions is still a problem, notwithstanding the downward trend in the numbers of ASIO assessments conducted', a position with which the Attorney-General's Department, ASIO and the PSU all agree.

The Committee accepted that the interviewing carried out by agencies for all positions involving security clearances were very often highly intrusive. It referred to concerns by the PSU of a continuing emphasis on political activity and sexuality, and a high level of personal discretion in those doing the assessment, and to the Privacy Commissioner's references to 'the present practices of routine intrusive interviewing'. It shared the Privacy Commissioner's disquiet at the approach of some agencies in asking questions designed principally to test whether an applicant was 'frank and candid in his or her responses' rather than because of any intrinsic gravity in the questions, the lack of qualifications of the interviewers, and 'the sheer volume of interviews conducted and files submitted to ASIO'.

Despite this level of concern, and the minuscule number of current adverse assessments, which 'led the Committee to question the value of the security checking process', it was not willing to reach a firm conclusion because of the paucity of evidence about agency checking practices. It therefore limited its recommendations to (a) a review of the value and content of the security questionnaire, to be carried out by Attorney-General's in consultation with the Privacy Commissioner and the PSU [R 4]; better training for interviewing officers [R 5]; consideration of a work-based assessment process [R 6]; and continuation of privacy audits by the Privacy Commissioner [R 7].

Appeals against agencies

The Committee's main concern, and most important recommendation, comes in relation to appeals against agency decisions to deny security access. At present there are two rights of review, neither of which receive much use (a) the Merit Protection and Review Agency (MPRA) can review decisions involving security clearances for existing Commonwealth employees; and (b) the Ombudsman can review administrative decisions affecting persons not employees of the Commonwealth (for example, an employee of a contractor). No review seems to be available to applicants for employment. Since 1985 the MPRA has reviewed two cases involving security clearances, finding the refusal of clearances justified, but a denial of natural justice in the failure to inform the applicant of the reasons.

The Security Appeals Tribunal (SAT) cannot review agency decisions, only ASIO advice, but since 1981-1984 (when it averaged nine appeals per year, a majority of which were upheld), it has averaged less than one appeal per year. The Committee could not determine the reason for this great change, which was out of proportion to the overall decline in number of assessments requested of ASIO. Justice Samuels, former SAT President, questioned in his 1988-1989 Annual Report whether agencies might be refusing security clearances without recourse to ASIO, thereby denying any access to the SAT as well. The Committee preferred the explanation that agencies were making decisions 'almost exclusively on character rather than security grounds' (but still 'weeding out' applicants before the stage of an ASIO check), but was concerned that 'the distinctions between being unsuitable on character grounds and being a security risk are not at all precise'.

The Committee concluded that, on balance 'the present arrangements are capable of producing an injustice, resting as they do on the uncontrolled discretion of the agency head', and a complete lack of public reporting requirements. Now that ASIO's role is much smaller, and its advice probably no longer automatically accepted, the Committee doubts that the existing SAT arrangements comply any longer with the ILO's Convention 111 (Concerning discrimination in respect of employment and occupation). It therefore recommended that the process of establishing a new security division of the AAT should include provision for appeal by any person aggrieved by an access decision of an agency head.

ASIO's private court?

At present neither ASIO nor the applicant is entitled to be present before the SAT when the other side is giving its evidence. ASIO submitted that it should be able to hear the applicant's evidence but not vice-versa. The Committee accepted that this might appear somewhat unfair, and recommended instead that in general all parties to a SAT hearing should be present throughout, subject to the Tribunal having the discretion to exclude one party or use masking technology where necessary in the national interest [R 8].

Greater agency accountability

The Committee recommends that Commonwealth agencies be required to include in their annual reports details of the numbers of the following: designated security assessment positions; positions of trust; security assessments completed; and assessments involving denial of access (including reasons) [R 2].

The Committee recommended that ASIO continue not to charge agencies for conducting assessments [R 3], despite Attorney-General's advocacy of a 'user-pays' approach as a means of reducing over-classification. This makes an interesting contrast with the Barrett Report recommendations concerning charges paid for telecommunications interception (see (1994) 1 PLPR 185).

Comment - Government response

No government response to the report is yet available publicly, except that the Law and Justice Legislation Amendment Bill

(No 3) 1994 , introduced in December 1994 (see Senate Hansard 7 December 1994, p 4086), effects the transfer of security appeals jurisdiction to a new Security Appeals Division of the Administrative Appeals Tribunial (AAT) (as was already proposed before the Committee's Report). It was noted in the Senate that the Security Appeals Tribunal is now averaging less than one appeal per year, so there will be cost savings in incorporating its functions into the AAT. The legislation incorporates within the AAT Act provisions of the ASIO Act relating to confidentiality and qualification of members of the division.

The AAT already has power to hear appeals against the refusal of requests under the Archives Act for access to ASIO records that are more than 30 years old. The new Security Appeals Division will also have this function, 'because it calls for skills and knowledge similar to those involved in reviews of security assessments'.

Comment - something fishy?

The Committee clearly though that there was something fishy about the way in which security assessments were now operating, but it was unable to work out exactly what it was. Its main solution, a right of appeal against any refusal of access by an agency head, seems designed to reveal over time where the problem might be.

Justice Gordon Samuels' inquiry into the Australian Secret Intelligence Service (ASIS) is expected to deliver its report to the Federal Government in February 1995. The Minister for Foreign Affairs, Senator Evans, announced the inquiry in February 1994 after two former ASIS agents claimed, among other things, that ASIS held files on tens of thousands of Australians. It has been reported that the Samuels inquiry may recommend that ASIS be placed on a formal legislative basis, whereas it now merely operates under the cover of the Department of Foreign Affairs and Trade.

Graham Greenleaf

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback