Your Location: Home > Annual Reports > 2003 - 2004 > Print this page Defence Signals Directorate

Defence Signals Directorate

What DSD does

295. DSD's primary function is to collect foreign signals intelligence. It produces and disseminates reports based on what it collects. These reports, which are concerned with significant developments in our region, are provided to key policy makers, the intelligence assessment agencies, and other selected government agencies.

296. DSD may not intercept communications within the domestic Australian telecommunications network. If the collection of foreign intelligence requires such interception, this would be conducted by ASIO under a warrant.

297. Since 29 October 2001, DSD's intelligence collection and reporting activities have been regulated by ministerial directions, ministerial authorisations and privacy rules, made pursuant to the Intelligence Services Act 2001 (ISA).

298. Intelligence priorities for the Australian intelligence community are established in a planning document that is endorsed and regularly reviewed by the National Security Committee of Cabinet.

299. DSD also acts as the government's authority on matters relating to the security and integrity of information that is processed, stored or communicated by electronic means. This is commonly referred to as Information Security.

300. Further information can be found on the Defence Signals Directorate website.

Significant issues

Intelligence Services Act

301. The introduction of the ISA in October 2001 did not change the basic business of DSD but did affect some major changes in how it does business. The ISA did this by:

• clearly setting out DSD's functions for the first time in a readily accessible public document and specifying the limits on those functions

• providing a mechanism for the Minister for Defence to issue Directions to the Director DSD, and

• requiring ministerial authorisation for collection activities involving Australians which were previously referred to the Director DSD for approval.

302. As described in 'The Year in Review' chapter of this report, the Secretary of DPM&C has accepted that after nearly three years of operation and significant changes in the security environment since it came into effect, the ISA should be reviewed.

303. I expect this review will occur in the 2004-2005 reporting period and that any recommendations to amend the ISA may be progressed at the same time as legislative changes flowing from the Flood Report are put to the Parliament.

Inspection activities

304. Shortly after I was appointed as Inspector-General, I wrote to the Director DSD setting out the range of inspection activities I planned to undertake.

305. In that letter I indicated that if any concerns or matters worthy of comment were to arise during an inspection activity, a member of my staff or I would discuss them with an appropriate senior manager or liaison officer in the first instance. I also indicated that following each inspection visit I would write to the Director with a summary of our discussions or findings.

306. Inspection activities involving DSD during the reporting period have included:

• reviewing ministerial authorisations and other submissions made by DSD to the Minister for Defence
• regular monitoring of DSD reporting for compliance with the ISA and the DSD privacy rules
• monthly meetings with DSD staff to discuss compliance and policy issues, and
• visiting DSD collection sites outside of Canberra, as opportunity permits.

307. The Director and I have also agreed procedures to operate should I form the view that any matter arising from an inspection needed to be brought to the attention of the Minister for Defence or the Prime Minister. No such matters arose during the reporting year.

Review of ministerial authorisations

308. The ISA provides a framework within which DSD can collect the foreign communications of Australians in certain restricted circumstances.

309. The Minister for Defence must authorise any activity undertaken for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person.

310. If DSD wishes to conduct such an activity, therefore, the Director needs to satisfy the minister that the criteria set out in the ISA for such intelligence collection will be met.

311. Sometimes in the course of collecting the communications of foreign targets, DSD unintentionally collects the communications of an Australian person engaged in activity that is of legitimate intelligence interest (eg. involvement in terrorism).

312. DSD can legitimately report the intelligence, but in order to deliberately target the Australian's communications to produce further such intelligence it must have a ministerial authorisation.

313. DSD provides a written submission to its minister in relation to each authorisation that it seeks. This material was reviewed each month and also accessed at other times, when needed.

314. I am satisfied on the basis of the material I have reviewed that these submissions contain sufficient information for the minister to make well-informed decisions.

DSD privacy rules

315. The DSD privacy rules regulate the communication of intelligence information about Australian persons collected by DSD. They require that all such communication meet certain strict criteria.

316. This office has access to and regularly inspects those reports containing intelligence information relating to Australians to check whether they comply with the privacy rules.

317. The proportion of such reports compared to the total output of reports disseminated by DSD has traditionally been very small. This was again the case during the 2003-2004 reporting period.

318. DSD maintains a register of every report containing intelligence information about Australian persons, to which I and my staff have on-line access. The register, amongst other things, indicates whether each reference was the result of deliberate or incidental collection.

319. My staff and I separately cross-check the veracity of this register by regularly interrogating the DSD reports database from a computer terminal in our office.

320. We have not hesitated to query reports that contain intelligence information about Australian persons, where it is not obvious that the privacy rules permit such reporting. However, there have been very few instances where the office has contemplated or felt it necessary to query reports.

321. In the reporting year there were several occasions when, as required by the privacy rules, DSD consulted either Mr Blick or myself on what action should be taken in relation to issues that arose concerning the application of the Privacy Rules.

322. The most common issue noted by this office is where DSD becomes aware that a person they had believed to be a foreign national is found to in fact be an Australian citizen or permanent resident.

323. Remedial action taken by DSD frequently involves cancellation of the report and notification to recipients to destroy copies. In those cases where the reporting occurred some time before its discovery, it has been the practice to recommend that no action be taken because to do otherwise would draw undue attention to material that could be sensitive.

324. It has been long standing DSD policy not to name Australian persons in its reporting other than in very exceptional circumstances (eg. where there is a real and imminent threat to the health or safety of an individual). This is not a statutory requirement but is consistent with the philosophy that the Directorate should intrude as little as possible into the affairs of Australian persons.

325. Where DSD feels it necessary to refer to an Australian person without identifying them by name, the reporting staff will typically use a generic description such as a named Australian person, a possible Australian person, etc. This approach is referred to as 'minimisation'.

326. A client agency needing details of a minimised identity must justify having access to it. DSD will not release the name unless:

• the intelligence information is directly pertinent to the functions of the requesting agency, and
• the agency identifies an appropriate provision of the privacy rules and provides sufficient supporting information.

327. DSD keeps this office fully informed of these requests and the decisions they make in respect of each request.

328. In the reporting year there were no instances in which DSD's release of a name requested by another agency constituted a breach of the privacy rules.

Monthly meetings

329. In the later years of his time as Inspector-General, Mr Blick instituted the practice of meeting with key DSD personnel on a monthly basis. The purpose of these meetings is to enable participants to freely discuss current issues of common interest in an informal setting.

330. Those personnel typically involved in these meetings are drawn from DSD's ISA and privacy rules compliance section, the intelligence policy section and the Special Counsel.

331. I have found these meetings to be very useful in gaining an appreciation of DSD's work, particularly where the subjects under discussion also intersect with the interests of the wider AIC.

332. Depending on their availability, I also meet with the Director, or the Deputy Director immediately prior to, or after, each monthly meeting.

Comsec monitoring

333. One section of DSD is devoted to Communications Security (Comsec) monitoring.

334. This involves targeting the communications of personnel taking part in selected Defence operations to assess how secure their communications are and, if deficiencies are identified, to instigate remedial action. Comsec monitoring is not directed against members of the public.

335. Comsec monitoring requires ministerial authorisation. Those whose communications are targeted must be warned in advance.

336. Given the potential of such monitoring to intrude upon the privacy of individuals, Mr Blick and I received bi-monthly updates on Comsec activities during the 2003-2004 reporting period.

337. The Comsec monitoring section has been particularly active in the past 12 months and has identified some instances of poor communications security by Defence personnel which have required immediate remedial actions.

338. I am satisfied that the responsible staff are fully aware of their responsibilities under the Intelligence Services Act and discharge their duties with care and within the limits of their authority.

New collection activities

339. DSD frequently develops new projects involving different approaches to collection of intelligence.

340. DSD regularly informs this office of the nature of such projects and we discuss any issues that might arise concerning legality or propriety.

Site visits

341. DSD maintains a number of facilities around Australia which are integral to its collection activities.

342. It is important that staff in these sometimes remote facilities know that they are governed by the same laws and guidelines as apply in DSD's Canberra Headquarters.

343. During 2003-2004, staff from this office visited one of DSD's more significant sites to give several presentations on ethics and accountability and to be available to staff to discuss any issues or concerns they might have.

344. I plan to visit DSD's various facilities on a rolling basis, to the same end.

Training activities

345. In the years following the enactment of the ISA, DSD devoted significant resources to the development of new guidelines and reporting systems to ensure compliance with its obligations.

346. During the 2003-04 reporting period, the DSD ISA compliance section devoted significant resources to delivering an in-house training module on the practical requirements of the ISA and the principles underpinning the application of the privacy rules.

347. This training module lasts a full day for collection and reporting staff, while a shortened version is offered to staff members who need less detail (eg. technical and administrative staff).

348. Either I or one of my staff speak on the role and functions of this office each time this course is offered in Canberra, and have also delivered our component at various DSD sites around Australia. There are approximately 20 such presentations per year.

349. I wish to thank the Manager and the staff of DSD's Office of Compliance for their consistent hard work, good humour, and dedication to the task of fostering a healthy compliance culture.

Complaints and inquiries

350. The level of complaint about DSD is generally low due to the fact that DSD collects foreign signals intelligence by technical means. It is unlikely that members of the Australian public would have any direct dealings with DSD.

351. One complaint about DSD was carried from the 2002-2003 reporting period, while two new complaints about DSD led to preliminary inquiries. These two new complaints were received in June 2004 and remained open at the end of the 2003-2004 reporting period.

352. Four other persons also contacted the office about DSD but their concerns were handled without need for inquiry action.

Security checking

353. Mr Blick initiated an inquiry in April 2003 into various grievances raised by an applicant for a position with DSD who was not granted the necessary level of security clearance.

354. Mr Blick found that the staff involved had acted in an objective and professional manner but there were aspects of the handling of this case which merited the complainant being retested and the test results and related assessments being reviewed by a person with no prior involvement in the process. Mr Blick subsequently engaged a consultant with relevant academic and professional qualifications to prepare a report.

355. The consultant's report indicated that the assessments made of the complainant were appropriate and the conclusions reached were well justified.

356. While Mr Blick endorsed these findings, he did suggest improvements were needed in two areas. The first was that the psychologists used by the Defence Intelligence Group should take a fairly robust approach early in the Organisational Suitability Assessment process, rather than leaving doubts to be resolved in the positive vetting process. This has been accepted.

357. Second, Mr Blick considered that there was scope for some improvement in record keeping, so that key queries and discussions that arose during assessments can be readily identified after the event. This suggestion was noted and accepted by the agency.

---

previous

content

next