16 July 2014

Post-Snowden changes to Aust National Security Law

The National Security Legislation Amendment Bill (No. 1) 2014 (Cth) introduced in the Australian Parliament today is intended to "modernise and improve the legislative framework that governs the activities of the Australian Intelligence Community", primarily the Australian Security Intelligence Organisation Act 1979 (Cth) and the Intelligence Services Act 2001 (Cth).

It is of particular interest as a response to Wikileaks and Snowden and for a more permissive approach to device/network access by national security agencies.

It reflects the 2013 Potential Reforms of Australia’s National Security Legislation report by the Parliamentary Joint Committee on Intelligence and Security, along with "some additional measures to update and strengthen the secrecy offences in the ASIO Act and the IS Act in relation to the intentional unauthorised communication, handling or treatment of intelligence-related information".

The Government states that
The Bill enhances the capability of our intelligence agencies in seven key areas:
  • Modernising ASIO’s statutory employment framework (Schedule 1) 
  • Modernising and streamlining ASIO’s warrant-based intelligence collection powers (Schedule 2) 
  • Strengthening ASIO’s capability to conduct covert intelligence operations, with appropriate safeguards and oversight (Schedule 3) 
  • Clarifying and improving the statutory framework for ASIO’s co-operative and information-sharing activities (Schedule 4) 
  • Enhancing the capabilities of IS Act agencies (Schedule 5) 
  • Improving protection of intelligence-related information (Schedule 6), and 
  • Renaming of Defence agencies to better reflect their roles (Schedule 7). 
Schedule 1 modernises ASIO Act employment provisions to more closely align them with Australian Public Service (APS) standards, streamlines and simplifies terminology used to describe employment and other relationships and makes consequential amendments to a range of other Acts

Schedule 2 modernises and streamlines ASIO's warrant based intelligence collection powers, including in relation to computer access warrants, surveillance devices and warrants against an identified person of security concern

Schedule 3 provides ASIO employees and ASIO affiliates with limited protection from criminal and civil liability in authorised covert intelligence operations (referred to as 'special intelligence operations')

Schedule 4 clarifies the ability of ASIO to co-operate with the private sector and enables breaches of section 92 of the ASIO Act, related to non-disclosure of identity obligations, to be referred to law enforcement agencies for investigation

Schedule 5 amends the IS Act to
enable Australian Secret Intelligence Service (ASIS) to undertake a new function of co-operating with ASIO in relation to the production of intelligence on Australian persons in limited circumstances, will create a new ground of Ministerial authorisation enabling ASIS to protect its operational security and will allow ASIS to train certain individuals in use of weapons and self-defence techniques. It will also extend immunity for IS Act agencies for actions taken in relation to an overseas activity of the agency, provide a limited exception for use of a weapon or self-defence technique in a controlled environment and clarify the authority of the Defence Imagery & Geospatial Organisation (DIGO) to provide assistance 
Schedule 6 relates to the protection of intelligence-related information by creating two new offence provisions and updating existing offence provisions, including by increasing penalties in the IS Act and ASIO Act.

Schedule 7 provides for the formal renaming of DIGO as the Australian Geospatial Intelligence Organisation (AGO) and the Defence Signals Directorate (DSD) as the Australian Signals Directorate (ASD).

The legislation is expected to update ASIO Act employment provisions to more closely align them with the APS standards, providing for the secondment of staff to and from ASIO and facilitating the transfer of ASIO employees to APS agencies while protecting their identity.

The Bill also seeks to enhance ASIO’s intelligence-collection powers by:
  • enabling it to obtain intelligence from a number of computers (including a computer network) under a single computer access warrant, including computers at a specified location or those which are associated with a specified person 
  • amending the current limitation on disruption of a target computer 
  • allowing ASIO to use third party computers and communications in transit to gain access to a target computer under a computer access warrant 
  • modernising provisions related to surveillance devices to better align them with the Surveillance Devices Act 2004 and improving their functionality and operation 
  • establishing an identified person warrant for ASIO to utilise multiple warrant powers against an identified person of security concern 
  • enabling warrants to be varied by the Attorney-General where minor changes in circumstances or administrative errors are identified 
  • facilitating the Director-General of Security to authorise a class of persons able to execute warrants rather than listing individuals 
  • clarifying that the search warrant, computer access, surveillance devices and identified person warrant provisions authorise access to third party premises to execute a warrant, and 
  • clarifying that force which is necessary and reasonable to do things specified in the warrant may be used at any time during the execution of a warrant, not just on entry 
The Bill seeks to introduce an evidentiary certificate regime in relation to special intelligence operations and specific classes of warrants issued under Division 2 of Part III of the ASIO Act to protect the identity of employees, sources and sensitive operational capabilities. The legislation is intended to
  • provide limited protection from criminal and civil liability for ASIO employees and affiliates, in relation to authorised special intelligence operations, subject to appropriate safeguards and accountability arrangements 
  • confirm ASIO’s ability to co-operate with the private sector 
  • enable breaches of section 92 of the ASIO Act (publishing the identity of an ASIO employee or affiliate) to be referred to law enforcement for investigation when it is not otherwise relevant to security 
  • enable the Minister responsible for ASIS to authorise the production of intelligence on an Australian person who is, or is likely to be, involved in activities that pose a risk to, or are likely to pose a risk to, the operational security of ASIS
  • enhance the ability of ASIS, without a Ministerial authorisation, to co-operate with ASIO when undertaking less intrusive activities to collect intelligence relevant to ASIO’s functions on an Australian person or persons overseas in accordance with ASIO’s requirements
  • enhance the ability for ASIS to train staff members of a limited number of approved agencies that are authorised to carry weapons in the use of weapons and self-defence and ensuring that ASIS is not restricted in limited circumstances from using a weapon or self-defence technique in a controlled environment (such as a gun club or rifle range or martial arts club) 
  • clarify the DIGO’s authority to provide assistance to Commonwealth, State and Territory authorities (and certain non-government bodies and foreign governments approved by the Minister for Defence) 
  • extend the protection available to a person who does an act preparatory to, in support of, or otherwise directly connected with, an overseas activity of an IS Act agency to an act done outside Australia, and 
  • enhance protections for information and records acquired or prepared by or for an intelligence agency in connection with the performance of its functions
That post-Snowden and post-Wikileaks enhancement involves -
  • updating sections 39, 39A and 40 in the IS Act, and increasing the penalties for existing unauthorised communication of information offences in the ASIO Act and the IS Act from two to ten years, to better reflect the culpability inherent in such wrongful conduct 
  • extending the existing unauthorised communication offences in the IS Act to the Defence Intelligence Organisation (DIO) and the Office of National Assessments (ONA) 
  • creating a new offence in the ASIO Act and the IS Act, punishable by a maximum of three years imprisonment, where a person intentionally deals with a record in an unauthorised way (for example, by copying, transcription, retention or removal), and 
  • creating a new offence in the ASIO Act and the IS Act, punishable by a maximum of three years’ imprisonment, in relation to persons who intentionally make a new record of information or matter without authorisation.