BFR15 v Minister for Immigration

FEDERAL CIRCUIT COURT OF AUSTRALIA

REPRESENTATION

ORDERS

1. The application filed 29 June 2015 be dismissed.

2. The Applicant pay the Respondents’ costs of and incidental to the application fixed in the sum of $5,000.00.

No. DNG 38 of 2015

Applicant

And

First Respondent

Second Respondent

Third Respondent

REASONS FOR JUDGMENT

Ex Tempore

1. These reasons for judgement were delivered orally. They have been corrected from the transcript. Grammatical errors have been corrected and an attempt has been made to render the orally delivered reasons amenable to being read.

2. This is an application for judicial review of a decision of a departmental assessor following an event known as the ‘data breach’ occurring in February 2014 when the personal information, including names, dates of birth, place where detained, whether relatives of the person detained were in detention and the like were published inadvertently on the web.  The Department undertook International Treaty Obligation Assessments, referred to ‘ITOA’, following that event. An ITOA was conducted about the applicant in this case on 23 June 2015. It was found that Australia’s obligations were not engaged in the case of the applicant.

3. The applicant, as I mentioned, has sought judicial review.  His original application was filed on 3 July 2015 and included 19 grounds of review.  They are template grounds and have been considered in other decisions of this court.  The applicant no longer relies on those template grounds and instead relies on two grounds contained in an amended application filed on 5 May 2017.  I will not read the entirety of the grounds and the particulars but I will attempt to summarise them.

4. The first ground alleges that the applicant was denied procedural fairness because the assessor failed to warn him that the assumption described by the High Court in Minister for Immigration and Border Protection v SZSSJ, Minister for Immigration and Border Protection v SZTZI [2016] HCA 29; (2016) 90 ALJR 901 at paragraph [91] of the High Court decision was not applied.  That assumption was that the information released in the data breach was accessed by the governments, organisations and entities from which each applicant professed to fear harm. It was said that in the assessment the assessor did not actually apply that assumption and ought to have warned the applicant that he or she was not applying the assumption and that his or her failure to do so was a denial of procedural fairness.

5. The second ground of review is that the assessor considered the wrong issue and that is formulated in this way. It is said that at page 10 of the assessor’s decision (occurring at court book 37) the assessor found that there was no evidence that the claimant had a profile or was the subject of interest to any terrorist organisation, criminal syndicate or foreign intelligence agency which, so far as it goes, I am satisfied correctly describes the assessor’s finding. The applicant goes on in his particulars to complain that he never claimed to have a profile or to be of interest to any of those organisations but rather he said that the data breach and the consequent disclosure of his personal details may, of itself, cause the organisations and agencies to harm him.

6. Following the data breach in February 2014 the applicant was advised of the data breach in March 2014. On 14 July 2014 a letter was sent seeking submissions from him about the impact of the data breach.  He replied to that letter on 23 July 2014, raising a fear that foreign intelligence agencies, criminal syndicates or terrorist organisations may have accessed the information.

7. On 1 May 2015 the assessor or at least the Department as part of the assessment process sent a letter to the applicant that has been described as a procedural fairness letter.  There was no response from the applicant to that letter.  That letter included an attachment with a notification of adverse information that would be given consideration in the assessment.  At page 5 of that letter it was said that the Department was unable to find any country information that indicated that there was a risk to the applicant from the Chinese authorities given his particular situation following cancellation of a visa or immigration detention in Australia.  It was noted that the applicant did not have an adverse profile with the Chinese authorities.  It goes on to say:

   “Furthermore, there is no indication that your personal information published online would be valuable or usable to terrorist organisations, criminal syndicates and/or foreign security and intelligence agencies”.

8. The procedural fairness letter did not say that the assumption that the information had been accessed by such organisations would not apply.  It did say that it would be considered that the information about the applicant would not be ‘valuable or usable’.  As I have noted, there was no response by the applicant to that letter.

9. In the assessment the assessor relied on the fact that the applicant had not made any claims of adverse attention from the Chinese authorities or any other agency or organisation in a foreign country and also that there was no evidence of interest in the applicant by any security or intelligence organisation, terrorist organisation or criminal syndicate. The assessor went on to consider that those claims were unsubstantiated and speculative.

10. Counsel for the Minister submitted that the formulation used by the assessor demonstrated that the assumption was applied, and in particular referred to page 10 of the decision, appearing at court book 37, where in the fifth paragraph the assessor said:

    “Consequently, I consider the claim that foreign security and intelligence agencies, terrorist organisations and/or criminal syndicates would use the claimant’s information, which includes his name, date of birth, nationality, gender and detention details, to target and harm him to be unsubstantiated and speculative”.

11. Counsel submitted that the use of the phase “would use” indicates that the assumption was applied and that the process of reasoning of the assessor was that it was assumed that the information would be accessed but not used.

12. I am not entirely satisfied that the wording of the assessment makes that clear.  It is certainly not said in express terms that the assumption of access would be applied.  However, there is nothing in the letter to directly suggest that the assumption was not applied and I accept the submission of counsel for the Minister that the express reasoning used by the assessor was that such information would not be used and that the basis of the reasoning was because the applicant was of no interest to such organisations or there was no evidence that he was of interest to such organisations.

13. I consider that a fair reading of the assessor’s decision is that there was no rejection of that assumption and I do not accept that there is a factual basis for the assertion in ground 1 that the assumption was not used.  I consider that the language used by the assessor is more consistent with the assumption being applied and, as I have noted, the basis of reasoning being that the information may have been accessed but it would not have been used to target or harm the applicant.

14. The argument or the logic of the applicant in ground 2 is, first, that there was no evidence of a profile or interest in the applicant by any such organisation; secondly, the applicant did not claim the existence of any profile or interest and, thirdly, simply asserted that the release of the information of itself may cause such organisations to have an interest in the applicant, notwithstanding the previous absence of an interest. It was said that in failing to consider that proposition put forward by the applicant that the assessor ignored an issue or failed to ask the correct question.

15. Counsel for the Minister says that the right question was simply whether or not there was a risk of harm to the applicant flowing from the data breach and that, in asking that question, the assessor asked the correct question.  I accept that, as a fundamental proposition, that formulation is correct and that, from a purely legal point of view, the right question was always that. 

16. However, I might observe that on my reading of the assessor’s decision, the assessor has by necessary implication actually addressed the question that the applicant says was the right question.  The assessor, I think by necessary implication, found that in the absence of any evidence of prior interest in the applicant that such interest would develop simply as a result of the data breach was highly implausible, and indeed the assessor formulated his or her conclusions on the basis that, in the absence of any such evidence, the assertion that such organisations would target or harm the applicant was unsubstantiated or speculative.   

17. It appears to me that while the assessor has not expressly considered the question of whether there may be interest in the applicant simply flowing from the data breach by necessary implication that question has been considered and dismissed. It appears to me that that reasoning was entirely proper and that the form of reasoning that the applicant says ought to have been followed is really a semantic distinction without a difference.  I find that neither ground is made out and I dismiss the application.

I certify that the preceding seventeen (17) paragraphs are a true copy of the reasons for judgment of Judge Young

Date:     18 May 2017