You are here
Agencies subject to the Intelligence Services Act 2001
Limits to the functions of intelligence agencies
The functions of agencies governed by the Intelligence Services Act 2001 (the ISA) are set out in sections 6, 6B and 7 of the ISA. For example, ASIS functions include to obtain and communicate, in accordance with the Government's requirements, intelligence about the capabilities, intentions or activities of people or organisations outside Australia. The work of ASIS, ASD and AGO is guided by the national intelligence priorities, which are reviewed and agreed by the National Security Committee of Cabinet each year.
The ISA also requires that ASIS, ASD and AGO only perform their functions in the interests of Australia's national security, Australia's foreign relations or Australia's national economic well-being; and only to the extent that those matters are affected by the capabilities, intentions or activities of people or organisations outside Australia.
All activities undertaken by ASIS, ASD or AGO to produce intelligence on an Australian person require individual consideration and approval by the responsible minister, with the following exceptions:
- intelligence can be produced by ASIS on an Australian person without ministerial authorisation if doing so assists ASIO in the performance of its functions
- class authorisations can be given by the Minister where the intelligence is produced by ASIS in the course of providing assistance to the Defence Force
- subject to conditions, agency heads may give an authorisation in an emergency when ministers are not available.
Ministers are able to direct that other activities require prior ministerial approval, and each Minister has done so. In AGO's case, any intelligence collected over Australian territory requires authorisation by the head of the agency. Another example is that ministerial approval is required before ASD conduct certain cyber operations.
Section 15 of the ISA provides that the ministers responsible for ASIS, ASD and AGO must make written rules to regulate the communication and retention of intelligence information concerning Australian persons (privacy rules). The term 'Australian persons' includes citizens and certain permanent residents and companies. The rules regulate the agencies' communication of intelligence information concerning Australian persons to other Australian agencies and to foreign authorities, including to Australia's closest intelligence partners. Communication to foreign authorities is also subject to additional requirements. The privacy rules are unclassified and appear on the agencies' websites. No changes were made to the privacy rules in this reporting period.
Privacy rules require that agencies may only retain or communicate information about an Australian person where it is necessary to do so for the proper performance of each agency's functions, or where retention or communication is required under another Act. If a breach of an agency's privacy rules is identified, the agency in question must advise the IGIS of the incident and the measures taken by the agency to protect the privacy of the Australian person, or Australian persons more generally. Adherence to this reporting requirement provides the office with sufficient information upon which to decide whether appropriate remedial action has been taken, or further investigation and reporting back to the IGIS is required.
The presumption of nationality
The privacy rules require that, unless there is evidence to the contrary, ASIS, ASD and AGO are to presume that a person located in Australia is an Australian person, and that a person who is located outside Australia is not an Australian person. An initial presumption of nationality may be rebutted at a later date. For example:
- new information or evidence may indicate that a person overseas is an 'Australian person'. If it was not reasonable for this information to have been known and considered at the time the initial assessment was made then the presumption of nationality could be rebutted. There would have been no breach of the privacy rules in this circumstance.
- the agency may discover that it, or another agency, was already in possession of evidence that a person was an Australian person and which should have been considered in the initial assessment. In this case the presumption of nationality would be rebutted and if intelligence information had already been communicated about the Australian person there may have been a breach of the privacy rules. There may also be a breach of the ministerial authorisation requirement if intelligence collection was undertaken.
If the agency made a reasonable assessment of the nationality status of that person, based on all the information that was available at the time, there is no breach of the privacy rules. Where a presumption of nationality is later rebutted, ASIS, ASD and AGO must advise the IGIS of this and the measures taken to protect the privacy of the Australian concerned.