Annual Report 2002 - 2003

DEFENCE SIGNALS DIRECTORATE

WHAT DSD DOES

218. DSD’s primary function is to collect foreign signals intelligence. It produces and disseminates reports based on what it collects. These reports, which are concerned with significant political, military and economic developments in our region, are provided to key policy makers, the intelligence assessment agencies, and other selected government agencies.

219. DSD may not intercept communications within the domestic Australian telecommunications network.

220. Since 29 October 2001, DSD’s intelligence collection and reporting activities have been regulated by ministerial directions, ministerial authorisations and privacy rules, made pursuant to the Intelligence Services Act 2001 (ISA).

221. Targeting priorities for the Australian intelligence community are established in a planning document that is endorsed and regularly reviewed by the National Security Committee of Cabinet.

222. DSD also acts as the government’s authority on all matters pertaining to communications security and information technology security.

223. Further information about DSD can be found at http://www.dsd.gov.au.

SENIOR APPOINTMENTS

224. Mr Stephen Merchant replaced Mr Ron Bonighton as Director DSD in December 2002.

225. In accordance with a recommendation of the MV Tampa inquiry report (see 2001-02 annual report) DSD obtained in house legal expertise, a Special Counsel outposted from the Australian Government Solicitor.

INSPECTION ACTIVITIES

226. Inspection activities involving DSD during the reporting period have included:

227. Following each of these activities we discuss any concerns with an appropriate senior manager or liaison officer.

228. I have also made a practice of following up our monthly meetings with a letter to the Director outlining any issues of on-going significance or concern.

229. The Director and I have also agreed procedures to operate should I form the view that any matter arising from an inspection needed to be brought to the attention of the Minister for Defence or the Prime Minister. No such matters arose during the reporting year.

Intelligence Services Act and privacy rules

230. Last year’s annual report discussed the background to the ISA and its first few months of operation.

231. The Act has brought about significant changes, the foremost being that the Minister for Defence, rather than the Director DSD, is now responsible for approving collection activities involving Australians.

232. Several unintended effects and minor deficiencies in the Act and rules have become apparent. We have raised these either at our monthly meetings or directly with the Director, and administrative solutions have been possible in some cases.

233. At my suggestion, DSD has been keeping a list of these problems so that legislative amendments, where appropriate, can be proposed at an opportune time.

Collection and reporting of Australians' communications

234. The ISA provides a framework within which DSD can collect the foreign communications of Australians in certain restricted circumstances.

235. The Minister for Defence must authorise any activity undertaken for the specific purpose, or for purposes which include the specific purpose, of producing intelligence on an Australian person.

236. If DSD wishes to conduct such an activity, therefore, the Director needs to satisfy the minister that the criteria set out in the ISA for such intelligence collection will be met.

237. Sometimes in the course of collecting the communications of foreign targets, DSD unintentionally collects the communications of an Australian person engaged in activity (eg involvement in terrorism) that is of legitimate intelligence interest.

238. DSD can legitimately report the intelligence, but in order to deliberately target the Australian's communications to produce further such intelligence it must have a ministerial authorisation.

239. DSD provides a written submission to its minister in relation to each authorisation that it seeks. We regularly review this material as well as the signed authorisations.

240. I am satisfied that these submissions contain sufficient information for the minister to make well-informed decisions.

241. The privacy rules regulate the communication of intelligence information about Australian persons collected by DSD. They require that all such communication meet certain strict criteria.

242. We inspect reports containing intelligence information relating to Australians to check whether they comply with the privacy rules.

243. The proportion of such reports compared to the total output of reports disseminated by DSD is very small.

244. DSD maintains a register, for inspection by the Inspector-General, of every report containing intelligence information about Australian persons. The register, amongst other things, indicates whether the reference was the result of deliberate or incidental collection.

245. Separately, we cross check by interrogating the DSD reports database from a computer terminal in our office. We query DSD when we see reports that contain intelligence information about Australian persons, where it is not obvious that the privacy rules permit such reporting.

246. In the reporting year there were also occasions when, as required by the privacy rules, DSD consulted me about action that should be taken in relation to infringements it believed had occurred.

247. In several instances there was, in fact, a breach of the rules. This occurred for various reasons, the most common being that DSD became aware that a person they had believed to be a foreign national (in some cases on advice from another agency) in fact was an Australian citizen or permanent resident. In one case the person concerned changed their residency status and DSD did not discover it in time to avoid reporting.

248. There were also several instances of DSD consulting me about possible breaches when, after considering the circumstances, I concluded that no breach had occurred.

249. Remedial action taken by DSD normally involves cancellation of the report and notification to recipients to destroy copies. Sometimes, however, particularly if the breach occurred some time before its discovery, our advice to DSD is to take no further action, because to do so would draw renewed attention to material that could be sensitive.

250. Although not required by the privacy rules, DSD does not name Australian persons in its reporting. It typically uses a generic description such as a named Australian person, a possible Australian person, etc.

251. A client agency needing a name must justify having access. DSD will not release the name unless:

252. DSD keeps records of the requests and decisions, which we regularly inspect. Also, DSD sometimes consults our office before making a decision in respect of these requests. On occasion we raise issues with DSD after a decision on the release of a name has been made.

253. In the reporting year there were no instances in which DSD’s release of a name requested by another agency constituted a breach of the privacy rules.

Comsec monitoring

254. One section of DSD is devoted to Communications Security (Comsec) monitoring.

255. This involves targeting the communications of personnel taking part in selected Defence operations to assess how secure their communications are and, if deficiencies are identified, to instigate remedial action. Comsec monitoring is not directed against members of the public.

256. Comsec monitoring requires ministerial authorisation. Those whose communications are targeted must be warned in advance.

257. Given the potential of such monitoring to intrude upon the privacy of individuals, I regularly receive an update on Comsec activities and issues when I visit DSD headquarters.

258. I am satisfied that the responsible staff are fully aware of their responsibilities under the Intelligence Services Act and discharge their duties with care and within the limits of their authority.

New collection activities

259. DSD frequently develops new projects involving different approaches to collection of intelligence. DSD regularly informs me of the nature of such projects and we discuss any issues that might arise concerning legality or propriety. My main concern in such cases is to ensure that adequate attention is given to such issues, including DSD obtaining legal advice where necessary.

260. In addition to receiving briefings at DSD headquarters, we also inspected some of DSD’s other facilities.

261. I am confident, based on these inspections, other inspection activities and discussions with DSD staff at all levels, that its activities do not involve collecting the domestic communications of the Australian community.

TRAINING ACTIVITIES

262. In the year following the commencement of the ISA and the privacy rules, DSD devoted significant resources to the development of new guidelines and reporting systems to ensure compliance with their newly mandated obligations.

263. During the 2002-03 reporting period, DSD devoted significant resources to fine-tuning and delivering an in-house training module on the practical requirements of the ISA and the principles underpinning the application of the privacy rules.

264. DSD intends delivering this day-long training module to all reporting staff and line managers, and a shortened form to staff members who need less detail (eg. technical and administrative staff).

265. The Director DSD has shown his commitment to this training program by participating in the training module with a group of his most senior managers and personally speaking to as many training groups as he is able.

266. The Inspector-General’s office is equally supportive of this training program. During the reporting period we:

COMPLAINTS AND INQUIRIES

267. The level of complaints about DSD is generally low due to the fact that DSD collects foreign signals intelligence by technical means. It is unlikely that members of the Australian public would have any direct dealings with DSD.

268. During the reporting period three new complaints about DSD led to either a preliminary or full inquiry. One complainant had concerns about employment within the Australian intelligence community, which required checking with each member of the AIC including DSD.

269. Four complaints about DSD were handled without need for inquiry action.

Bali terrorist attack

270. DSD provided full and enthusiastic assistance with the conduct of this inquiry, devoting major resources to the task of identifying and bringing to attention possibly relevant material. The body of the final report is classified, but the unclassified introduction and summary is at Annex 2 to this annual report.

Alleged bugging of a federal politician

271. On 30 April 2003 a number of news outlets reported on DSD cooperation with an investigation into leaks of material relating to East Timor in 1999-2000. There were allegations that DSD might have eavesdropped on the communications of Mr Laurie Brereton MP, then Opposition spokesman on foreign affairs.

272. There were also suggestions that DSD might have asked a cooperating overseas agency to monitor Mr Brereton’s communications because it would have been illegal for DSD to do so itself.

273. Given the nature of the allegations I decided to conduct an inquiry.

274. The report of the inquiry is reproduced at Annex 3 to this annual report.

previous

content

next