MCLT and Director-General of Security
[2018] AATA 1359
•25 May 2018
MCLT and Director-General of Security [2018] AATA 1359 (25 May 2018)
Division:Security Division
File Number(s): 2016/4015
Re:MCLT
APPLICANT
AndDirector-General of Security
RESPONDENT
DECISION
Tribunal:Deputy President S A Forgie
Senior Member Egon Fice
Senior Member A Nikolic AM CSCDate:25 May 2018
Place:Melbourne
The Tribunal affirms the Adverse Security Assessment issued by the respondent to the applicant on 15 March 2016.
........[sgd]...........................................
S A FORGIE
Deputy President
CATCHWORDS
NATIONAL SECURITY – adverse security assessment – refusal to grant a Negative Vetting 1 security clearance – relevance of particular prescribed administrative action - decision affirmed
Legislation
Administrative Appeals Tribunal Act 1975 ss 30(1A), 30(1AA), 33(1)(a), 33(1)(c), 35, 35AA, 35AA(1), 37, 37(2), 37(2)(a), 37(2)(b), 39A, 39A(2), 39A(3), 39A(5), 39A(6), 39A(7), 39A(8), 39A(9), 39A(10), 39A(11), 39A(12) to 39A(17), 39B, 39B(11), 43, 43(1), 43(1A), 43AAA, 43AAA(2), 43AAA(3), 43AAA(4), 43AAA(5) and 43AAA(6)
Australian Passports Act 2005 ss 14(1) and 22(2)(d)
Australian Securities Intelligence Organisation Act 1979 ss 4, 17(1), 35(1), 37(1), 37(2)(a), 37(3), 37(4), 38(1), 38(1A), 38(2), 38A, 54, 54(1), 61, 64 and 65(3)
Home Affairs and Integrity Agencies Legislation Amendment Act 2018 s 3, Schedule 2; cll 1-10
Immigration Act R.S.C. 1985 (Canada) ss 7 and 53(1)(b)
Legislation Act 2003 s 8(4)
Migration Act 1958 ss 12, 13, 36(2)(aa), 36(2C), 36(2C)(a), 36(2C)(b)(i), 201 and 202
Telecommunications Act 1997
Migration Regulations 1994 cl 866.225(a) of Schedule 2; Criterion 4002
Public Service Regulations 1999 regs 5.24(1) and 5.29
Cases
Alexandra Private Geriatric Hospital Pty Ltd v Blewett (1984) 2 FCR 368; 56 ALR 265
CIC Insurance Ltd v Bankstown Football Club Ltd (1997) 187 CLR 384; 141 ALR 618
Drake v Minister for Immigration and Ethnic Affairs (1979) 24 ALR 577; 2 ALD 60
Hussain and Minister for Foreign Affairs and Anor [2008] FCAFC 128
Jaffarie v Director-General of Security [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596
Leghaei v Director-General of Security [2007] FCAFC 37; (2007) 241 ALR 141; 97 ALD 516
Minister for Aboriginal Affairs v Peko-Wallsend Ltd [1986] HCA 40; (1986) 162 CLR 24; 66 ALR 299
MYVC v Director-General of Security [2014] FCA 1447; (2014) 234 FCR 134; 323 ALR 400; 65 AAR 369; 148 ALD 489
Plaintiff M47/2012 v Director-General of Security [2012] HCA 46; (2012) 251 CLR 1; 292 ALR 245
Queensland Bacon Pty Ltd v Rees (1966) 115 CLR 266
Re BLBS and Director-General of Security and Anor [2013] AATA 820
Re CMHV and Director-General of Security and Anor [2017] AAT 1547
Re Drake and Minister for Immigration and Ethnic Affairs (No 2) (1979) 2 ALD 634
Re FLSZ and Director-General of Security (Unreported Administrative Appeals Tribunal, Forgie DP, Fice SM and Nikolic SM, 4 May 2018)
Re RZBZ and Director-General of Security [2015] AATA 296
Re TNFD and Director-General of Security [2015] AATA 752
Re TSJY and Director-General of Security [2015] AATA 243
RJCG v Director-General of Security [2013] FCA 269
Suresh v Canada (The Minister of Citizenship and Immigration) [2002] 1 SCR 3
Secondary Materials
1951 Convention Relating to the Status of Refugees and the 1967 Protocol Relating to the Status of Refugees Article 33(2)
Canadian Charter of Rights and Freedoms
Chambers 21st Century Dictionary, 1999, reprinted 2004
Convention against Torture Articles 1, 2, 3 and 16
Hope Royal Commission; Second Report
International Covenant on Civil and Political Rights Articles 4 and 7
Security Assessment Determination No. 2
REASONS FOR DECISION
Deputy President S A Forgie
Senior Member Egon Fice
Senior Member A Nikolic AM CSC
The applicant, whom we are calling MCLT, applied to the Australian Government Security Vetting Agency (AGSVA) for a Negative Vetting 1 (NV1) security clearance. The AGSVA is located within the Department of Defence. MCLT wanted an NV1 security clearance in order to accept any appointments that might be offered by a Commonwealth Department or authority (CDOA). As part of its vetting process, AGSVA obtained advice from the Australian Security Intelligence Organisation (ASIO) as to whether there were any security related concerns relating to the grant of a clearance. On 15 March 2016, the Director‑General of ASIO (Director-General) issued an adverse security assessment (ASA) recommending that MCLT be denied an NV1 security clearance. AGSVA accepted the recommendation and, in a letter dated 22 June 2016, advised MCLT that it had received an ASA from ASIO.[1] The letter also advised MCLT that, in accordance with the Australian Government Protective Security Policy Framework (AGPSPF) and in light of the ASA made in relation to MCLT, AGSVA decided to refuse to grant an NV1 security clearance as sought by MCLT. MCLT lodged an application for review of the ASA on 25 July 2016. We have decided to affirm the ASA.
[1] The Tribunal does not have any power to review the decision made by AGSVA. A member of the Australian Public Service (APS), can make a request to AGSVA under r 5.24(1) of the Public Service Regulations 1999 (PSR), to review its decision. If dissatisfied with AGSVA’s decision, an APS member is entitled to apply to the Merit Protection Commissioner under r 5.29 of the PSR for review. Members of CDOA may make seek review.
Our reasons are set out in two documents. That has arisen in part because of our obligations under ss 39A and 39B of the Administrative Appeals Tribunal Act 1975 (AAT Act) to protect certain information and, in part, by virtue of our acceding to an application by MCLT under s 35 that, in effect, asks us to redact any information relating to MCLT’s personal, family, professional or work-related activities. We acceded to the application after hearing submissions made on MCLT’s behalf by Mr Tracey of counsel in support of an order of confidentiality and having regard to those made by Mr Connor QC with Ms Mitchelmore of counsel on behalf of the Director-General. In view of the issues at the heart of this matter, we granted the order.
The first part of our reasons is found in this document. It deals with the law and the AGPSPF and summarises our reasons in the broadest of terms. This part of our reasons is available to the parties and the public without restriction. Access to the second part of our reasons is restricted to MCLT, the Director-General, AGSVA and the ASIO Minister and their legal advisers and the staff of ASIO. The Director-General may, however, give access to it in accordance with his legislative obligations and any protocols he has in place as he may with the first part. Although we heard evidence in closed session and we have considered it, none of it supports the case put on behalf of MCLT. In particular, none of it suggests ameliorating grounds or puts MCLT’s activities in any light other than that which shines upon them in the open evidence. Therefore, we have decided in this matter not to prepare a third set of reasons setting out the evidence given in the closed session.
THE PRESCRIBED ADMINISTRATIVE ACTION
Security clearance
The prescribed administrative action that is relevant in this case is AGSVA’s determination whether or not to grant a security clearance to a person. The particular person is MCLT and the security clearance is an NV1 security clearance. In making its determination, AGSVA follows a security clearance process to determine a person’s suitability for a security clearance and does so within guidelines developed to implement the requirements of the AGPSPF. AGSVA’s determination relates to, or affects, MCLT’s ability to have access to any information or place when access to that information or place is limited on security grounds.[2]
[2] ASIO Act; s 35(1)
Australian Government Protective Security Policy Framework
The AGPSPF is designed to help agencies identify their individual levels of security tolerance, to achieve the mandatory requirements for protective security expected by Government and to develop an appropriate security culture to meet their business goals securely.[3] It was issued by the then Attorney-General in June 2010 and is updated from time to time to reflect and “… refine protective security policy that promotes the most effective and efficient ways to secure the continued delivery of Government business.”[4]
[3] AGPSPF at [1]: UD Documents at UD1056
[4] AGPSPF at [1]; UD Documents at UD1056
The overarching Protective Security Policy Statement is set out at [2] of the AGPSPF:
“The appropriate application of protective security by Government agencies and bodies ensures the operational environment necessary for the confident and secure conduct of Government business. Managing security risks proportionately and effectively enables Government agencies and bodies to provide the necessary protection of the Government’s people, information and assets.”[5]
[5] UD Documents at UD1057
The body, which employs AGSVA, is an agency subject to the AGPSPF. Its head has responsibilities to the relevant Minister for, among other things:
“… creating and maintaining an agency operating environment that:
·safeguards its people and clients from foreseeable risks
·limits the potential for compromise of the confidentiality, integrity and availability of its official information and assets, recognising risks to Government such as those associated with aggregation
.…
Agency heads need to understand, prioritise and manage security risks to prevent harm to official resources and disruption to business objectives. Security is not just a cost of doing business, but enables an agency to manage risks that could adversely affect achieving its objects. Agencies can only achieve effective protective security if security is part of the agencies’ culture, practices and operational plans. Therefore agencies should build protective security into government processes rather than implementing it as an afterthought. Effective protective security and business continuity management underpin organisational resilience.
Agency heads are to ensure that employees and contractors entrusted with their agency’s information and assets, or who enter their agency’s premises:
·are eligible to have access
·have had their identity established
·are suitable to have access, and
·are willing to comply with the Government’s policies, standards, protocols and guidelines that safeguard that agency’s resources (people, information and assets) from harm.”[6]
[6] AGPSPF at [3]; UD Documents at UD1057
All agencies are required to comply with the mandatory requirements contained within the three protective security core policies in the AGPSPF. Those are personnel security, information security and physical security.[7] In relation to personnel security, [5.1] of the AGPSPF explains:
“The protection of classified resources across Government includes limiting access to those people whom the Australian Government assesses to be suitable and whose work responsibilities specifically require them to access these resources. The Government determines the suitability for such access through a robust assessment process. …
…
The purpose of personnel security is to provide a level of assurance as to the honesty, trustworthiness, maturity, tolerance and loyalty of individuals who access Government resources. …”[8]
All Australian Government agencies must follow the AGPSPF.[9]
[7] AGPSPF at [5]: UD Documents at UD1075
[8] UD Documents at UD1075
[9] PERSEC 5; AGPSPF at [5.1]: UD Documents at UD1077
With some limited exceptions, only AGSVA may conduct security vetting for the Australian Government. AGSVA is required “… to resolve any doubts about the suitability of a clearance subject to access security classified resources in favour of the Commonwealth.”[10] All vetting decisions are based on an assessment of the whole person. They are to be made in accordance with the principles of natural justice and of procedural fairness. An NV1 security clearance is “a suitability assessment that permits ongoing access to PROTECTED, CONFIDENTIAL and SECRET resources. The suitability assessment includes Baseline Vetting plus additional suitability checks.”[11]
[10] AGPSPF at [5.1]; UD Documents at UD1077
[11] AGPSPF at [5.1]; UD Documents at UD1077
The Australian Government Personnel Security Protocol and Guidelines
Paragraph [75] of the AGPSPF provides that agency heads may require a security clearance as a condition of employment. A security clearance is a determination by a vetting agency that an individual is suitable to have access to security classified resources.
A. Personnel security guidelines Agency personnel security responsibilities
Guidelines have been developed to advise and assist agencies in their application of the controls set out in the AGPSPF. They are the “Personnel security guidelines Agency personnel security responsibilities” (PSG). They provide guidance only and agencies may use other controls and measures to implement the requirements of the AGPSPF.[12] Among other matters, the PSG provides advice to agencies when undertaking personnel security risk assessments.[13] All agencies are required to undertake employment screening in order to achieve two outcomes. One outcome is to mitigate the risks identified in their personnel security risk assessment. The other is to provide a level of assurance across all agencies that all Australian Government personnel are suitable to have access to Australian Government resources that they may share.[14] What is meant by “suitable” is developed in [57]:
“To be suitable, personnel need to demonstrate a level of integrity and reliability sufficient for the agency to be assured the person can be entrusted with its Australian Government resources. Integrity (soundness of character and moral principle) and reliability (trustworthy, responsible and dependable) are assessed by considering a range of character traits and behaviours, principally: honesty, maturity, trustworthiness, loyalty, tolerance and resilience. For further information see Annex J – Adjudicative consideration of the Personnel security guidelines – Vetting Practices.”[15]
[12] PSG at [1] and [2]; UD Documents at UD1402
[13] PSG at [1.3]; UD Documents at UD1402
[14] PSG at [54]; UD Documents at UD1412
[15] UD Documents at UD1412
B. Personnel security guidelines – Vetting Practices
The Personnel Security Guidelines – Vetting Practices (PSG-VP) were approved in 2014 and amended in 2016. They have been developed to assist assessing officers and delegates to assess the clearance subject against common factor areas that may impact on his or her suitability to hold a security clearance. The character traits referred to in the previous paragraph from the AGPSPF are developed:
“A clearance subject is suitable to hold a security clearance at any level, where it is established, to the appropriate degree of satisfaction, that the clearance subject possesses and demonstrates an appropriate level of integrity, i.e., a soundness of character and moral principle. In the security context, integrity is defined as a range of character traits that a clearance subject should possess and demonstrate in order for the Government to have confidence in that clearance subject’s ability to protect security classified resources. These character traits are:
·honesty – truthful and frank, and do not have a history of unlawful behaviour
·trustworthiness – responsibility and reliability and maturity
·maturity – capable of honest self-appraisal and able to cope with stress; age is not necessarily a good indicator of maturity
·tolerance – and appreciation of the broader perspective even when holding strong personal views, able to remain impartial and flexible (an inability to accept other people’s life choices or respect cultures can indicate intolerance); and accept differences in people, opinions or situations through respect, understanding and empathy.
·resilience – ability to adapt well in the face of adversity, trauma, tragedy, threats or significant sources of stress, and
·loyalty – a commitment to the democratic processes of the Australian Government, loyalty is not confined to the nation but also includes the objectives, ethos and values of the working environment (strong political views incompatible with the Australian Constitution may put in doubt a person’s loyalty).
Reference to a number of factor areas of the clearance subject’s life, including personal relationships, employment history, behavioural and financial habits contributes to an assessment of a clearance subject’s integrity. Agencies should be confident that clearance subjects who are responsible for security classified resources possess a sound and stable character.
Clearance subjects must also demonstrate that they are not unduly vulnerable to influence or coercion.”[16]
[16] PSG-PV at [237]-[239; UD Documents at UD1723-1724
Agencies are also advised that they:
“… should also determine if the person is unduly vulnerable to improper influence – for example from issue motivated groups, criminal associations or commercial interests. A person may be vulnerable to coercion due to one or more factors – for example:
∙conflicts of interest
∙current or past criminal behaviours or criminal associations, or
∙membership of issue motivated groups.”[17]
[17] PSG at [58]; UD Documents at UD1412
C. Personnel security guidelines – Vetting Practices
The PSG-VP were approved in 2014 and amended in 2016. They have been developed to assist assessing officers and delegates to assess the clearance subject against common factor areas that may impact on his or her suitability to hold a security clearance. In evaluating the relevance of any conduct, [235] of the PSG-VP states that the assessing officer and delegate should consider the:
“·nature, extent, and seriousness of the conduct
·circumstances surrounding the conduct including the degree of willing and/or knowledgeable participation
·frequency and currency of conduct
·clearance subject’s age and maturity at time of the conduct
·presence or absence of rehabilitation and other pertinent behavioural changes
·motivation for the conduct
·potential for pressure, coercion, exploitation, or duress, and
·likelihood of continuation or recurrence.”
Paragraph [236] then provides the following general guidance:
“Clearance subjects must be assessed on their own merits, and the final determination remains the responsibility of the delegate. Any doubt concerning the clearance subject’s suitability must be resolved in favour of the national interest.”
The PSG-VP addresses “Conditions that could raise a security concern and may be disqualifying” in [250] to [266].[18] In his Open Affidavit given on behalf of the Director‑General, Mr Deklan[19] summarised these conditions accurately:
[18] UD Documents at UD1726-1729
[19] Under s 39A(11) of the AAT Act, the witness has been permitted to use an assumed name: see further [114]‑[117] below.
“a) involvement in, support of, or training to commit espionage or acts of foreign interference;
b)association with persons who are attempting to commit, or are committing any of the above acts;
c)contact with a family member, friend or other person who is a citizen of, or resident in, a foreign country, if that contact creates an unacceptably heightened risk of foreign exploitation, inducement, manipulation, pressure or coercion;
d)connections to a foreign person, group, government or country that create a potential conflict of interest;
e)failure to report, when required, association with a foreign national;
f)performing duties so as to serve the interests of a foreign person, group, organisation or government in conflict with Australia’s national interest;
g)any employment or service, whether compensated or voluntary, with:
i.the government of a foreign country;
ii.a foreign national, organisation or other entity;
iii.a representative of any foreign interest;
iv.any foreign or domestic organisation/person engaged in analysis, discussion or publication of material on intelligence, defence, foreign affairs, protective technology or protective security; or
v.failure to report or fully disclose an outside activity when this is required. …”[20]
[20] Exhibit 1 at [71]
Paragraph [267] of the PSG-VP sets out a number of factors that may mitigate any concern arising if conditions of the sort described in in [250] to [266] were to exist. We will set out a sample of those listed in [267]:
“· The clearance subject was unaware of the unlawful aims of an individual or organisation and severed ties upon learning of these.
·…
·Involvement in activities of concern occurred only for a short period of time and was attributable to curiosity or academic interest.
·The involvement or association with such activities occurred under such unusual circumstances, or so much time has elapsed, that it is unlikely to recur and does not cast doubt on the clearance subject’s current reliability, trustworthiness, or loyalty.
·The nature of the relationships with foreign persons, the country in which these person are located, or the positions or activities of those persons in that country are such that it is unlikely the clearance subject will be placed in a position of having to choose between the interests of a foreign individual, group, organisation, or government and Australia’s national interest.
·There is no conflict of interest, either because the clearance subject’s sense of loyalty or obligation to the foreign person, group, government, or country is so minimal, or the clearance subject has such deep and longstanding relationships and loyalties in Australia that they can be expected to resolve any conflict of interest in favour of Australia’s national interest.
·Contact or communication with foreign citizens is casual and infrequent and there is little likelihood that it could create a risk for foreign influence or exploitation.
·…
·The clearance subject has promptly complied with agency requirements regarding the reporting of contacts, requests, or threats from persons, groups, or organisations from a foreign country.
· …
· …
·The clearance subject has expressed a willingness to renounce other citizenships.
·Exercise of the rights, privileges, or obligations of foreign citizenship occurred before the clearance subject became an Australian citizen or when the clearance subject was a minor.
·…
·…
·…”[21]
[21] UD Documents at UD1728-1729
Personal relationships and conduct are the subject of section 5.2.2 of the PSG-VP. The section begins with a general statement that:
“Conduct involving questionable judgment, dishonesty, or unwillingness to comply with rules and regulations can raise questions about the clearance subject’s reliability, trustworthiness and ability to protect security classified information.
Of special interest is any failure to provide truthful and candid answers during the security clearance process or any other failure to cooperate with the security clearance process. …”[22]
[22] PSG-VP at [268]-[269]; UD Documents at UD1729
Conditions that could raise a security concern and that may be disqualifying are the subject of [271] to [279] of the PSG-VP. We will refer only to the following:
“271. Deliberate omission, concealment, or falsification of relevant facts from any personnel security questionnaire, personal history statement, or similar form used to determine security clearance suitability; or providing misleading information [or] assessing officers or other officers involved in the clearance process.
272.Credible adverse information in several adjudicative issue areas that is not sufficient for an adverse determination under any other single guideline, but which, when considered as a whole, supports a whole-person assessment of questionable judgment, untrustworthiness, unreliability, lack of candour, unwillingness to comply with rules and regulations, or other characteristics indicating that the person may not properly safeguard official information.
273.Credible adverse information that is not explicitly covered under any other guideline and may not be sufficient for an adverse determination, but which, when combined with all available information supports a whole-person assessment of questionable loyalty, trustworthiness, honesty, maturity, tolerance or vulnerability to coercion or influence. This includes but is not limited to consideration of:
·untrustworthy or unreliable behaviour including breach of client confidentiality, release of proprietary information, unauthorised release of sensitive corporate or other official government information
·disruptive, violent, or other inappropriate behaviour in the workplace
·a pattern of dishonesty or rule violations, or
·evidence of significant misuse of Government or other employer’s time or resources.
274-276.…
277Personal conduct, or concealment of information about one’s conduct, that creates a vulnerability to exploitation, manipulation, or duress, such as:
·engaging in activities which, if known, may affect the person’s personal, professional, or community standing, or
·while in another country, engaging in any activity that is illegal in that country or that is legal but illegal in Australia and may serve as a basis for exploitation or pressure by the foreign security or intelligence service or other group.”[23]
[23] PSG-VP at [271]-[277]; UD Documents at UD1730-1731
The PSG-VP recognises conditions that could mitigate security concerns. We will set out only the first four of those conditions that may have an impact on one or more areas of concern:
“· The behaviour occurred prior to or during adolescence and there is no evidence of subsequent conduct of a similar nature.
·The behaviour no longer serves as a basis for coercion, exploitation, or influence.
·The clearance subject made prompt, good-faith efforts to correct the omission, concealment, of falsification before being confronted with the facts.
·The refusal or failure to cooperate, omission, or concealment was caused by or associated with improper or inadequate advice of government officers or legal counsel. Upon being made aware of the requirement to cooperate or provide the information, the clearance subject cooperated fully and truthfully.
.…”[24]
[24] PSG-VP at [280]; UD Documents at UD1731
D. Contact Reporting Scheme
The Contact Reporting Scheme (CRS) forms part of the AGPSPF network and is set out in Part G of the Protective Security Manual. The Australian Government Policy is set out at [5.1] and [5.2], which reads, in part:
“… A key element in protecting official information is informing Australian Government officials of the risk posed by foreign intelligence services in Australia and overseas. Human intelligence is low-risk and the most common form of intelligence collection. Intelligence services can develop an aggregate picture through low-level collection from a number of sources. Australian Government employees, contractors, contracted employees, and all others who hold Australian Government security clearances, need to understand that small pieces of information they may provide could form part of an intelligence gathering process. Accordingly, individuals need to recognise that an ‘innocent’ conversation or contact (eg, e-mail) with a foreign official can be part of human intelligence gathering.
Consequently, people who work for, or on behalf of, the Australian Government, or who hold a security clearance, are a potential intelligence source. Effective measures are required to protect against unauthorised disclosures and to protect people working for and on the behalf of the Australian Government.”[25]
[25] UD Documents at UD186-187
Australian Government officers and others who hold a security clearance are required to be conscious of the fact that intelligence and security services in some countries conduct surveillance of foreign representatives. They should contact their Agency Security Adviser before travelling in order to ascertain the possible threat from foreign intelligence services and seek appropriate briefings.[26] The purpose of reporting and recording security incidents is:
“… to help agencies identify security risks and implement appropriate treatments. The main aim is not to punish individuals. Rather, it helps agencies to identify security risks and implement appropriate treatments to counter them. This ultimately provides better protection for an agency and the individuals who work for it.”[27]
[26] CRS at [5.18]; UD Documents at UD188
[27] CRS at [6.5]; UD Documents at UD189
A document called “Contact Reporting Guidelines” has also been prepared to be read with the CRS.[28]
[28] UD Documents at UD846-853
E.Managing the insider threat to your business
The document entitled “Managing the insider threat to your business” (MITTYB) is directed to Australian organisations to improve their understanding of personnel security and to promote a positive protective security culture as well as a robust and resilient organisation.[29] MITTYB focuses on the “trusted insider” who can, intentionally or unknowingly, assist external parties in their activities against the organisation. Trusted insiders come in the form of potential, current or former employees or contractors who have, have had or may have legitimate access to information, techniques, technology, assets or premises. In so far as technology is concerned, it:
“… has exacerbated the threat from trusted insiders. Technology has broadened access to information for staff at all levels and increased the ease with which sensitive information can be aggregated, removed and disseminated.”[30]
[29] MITTYB at ii; UD Documents at UD1661
[30] MITTYB at 3; UD Documents at UD1665
There are various categories of insider activity but, generally, they are six in number. One is concerned with unintentional disclosure in the sense that the person is unaware of the disclosure or that the information being disclosed is valuable or sensitive. That can happen in various ways including not securing a password, leaving a work station unlocked or in a conversation with a family member or friend. Another category is that of espionage. The MITTYB develops that category:
“… A trusted insider can be used as a tool for either traditional espionage by a foreign government ...
Espionage poses an enduring threat to both the Australian Government and Australian business. It can provide governments or companies significant unauthorised access to a wide range of information detrimental to our interests, including future prosperity.”[31]
[31] MITTYB at 6; UD Documents at UD1668
The MITTYB links in with the Protective security better practice guide” (PSBP Guide). That guide is concerned with “Identifying and managing people of security concern – integrating security, integrity, fraud control and human resources”. It identifies values that a person should display including integrity, commitment, impartiality, respect for others and accountability.[32] Potential areas of concern are identified and developed. They are personality traits and lifestyle and circumstantial vulnerabilities as well as workplace behaviours.[33]
[32] PSBP Guide at [27]; UD Documents at UD1475
[33] PSBP Guide at [29]-[38]; UD Documents at UD1475-1479
F. CDOA’s Security Manual
The CDOA’s Security Manual (CASM) represents the application and implementation of the policies and guidelines set out in the AGPSPF framework, to which we have referred above.[34] It does so in the context of the CDOA’s own environment. In relation to the process for reporting overseas travel, the CASM specifically directs attention to a Circular Memorandum regarding travel.[35]
[34] UD Documents at UD1784-2614
[35] CASM at [22.28]; UD Documents at UD 2473
With regard to Contact Reporting, which is the subject of Part 2 of CASM, CDOA officers are reminded that they have access to, and knowledge of, information that could compromise national security through accidental or deliberate disclosure. An aggregate picture of any Commonwealth Department or authority’s capabilities can be developed by gathering low-level information from a variety of sources. Contact reporting allows the CDOA to protect people, information, assets and infrastructure and the capabilities they support by promptly identifying threatening activity, make an assessment of the risk and put appropriate countermeasures in place in an appropriate timeframe. Therefore, the policy stated in the CASM to mitigate this risk is:
“All … [CDOA officers] and external service providers are to report contacts of security concern to assist in the identification of any attempts by external parties to cultivate … [the CDOA agency’s] people and acquire official, classified or sensitive information.”[36]
[36] CASM at [23.9]; UD Documents at UD 1948
THE STATEMENT OF GROUNDS
As required by the Australian Securities Intelligence Organisation Act 1979 (ASIO Act), ASIO furnished MCLT with a Statement of Grounds. We will set out only the conclusion in this part of our reasons:
“ASIO is conscious that depriving a person of a NV1 security clearance is a serious matter and has considered carefully the consequences of this adverse security assessment for … MCLT. This includes the consequences of limiting … MCLT’s employment opportunities. … Notwithstanding these considerations, ASIO considers that the recommended denial of … MCLT’s NV1 security clearance is appropriate and proportionate to the assessed risk to security should … MCLT be granted a NV1 security clearance.”
THE LEGISLATIVE BACKGROUND
The functions and powers of ASIO
Section 17(1) of the ASIO Act sets out ASIO’s functions:
“(a) to obtain, correlate and evaluate intelligence relevant to security;
(b)for purposes relevant to security, to communicate any such intelligence to such persons, and in such manner, as are appropriate to those purposes;
(c)to advise Ministers and authorities of the Commonwealth in respect of matters relating to security, in so far as those matters are relevant to their functions and responsibilities.
(ca)to furnish security assessments to a State or an authority of a State in accordance with paragraph 40(1)(b);
(d)to advise Ministers, authorities of the Commonwealth and such other persons as the Minister, by notice in writing given to the Director-General, determines on matters relating to protective security; and
(e)to obtain within Australia foreign intelligence pursuant to section 27A or 27B of this Act or section 11A, 11B or 11C of the Telecommunications (Interception and Access) Act 1979, and to communicate any such intelligence in accordance with this Act or the Telecommunications (Interception and Access) Act 1979; and
(f)to co-operate with and assist bodies referred to in section 19A in accordance with that section.”
Making an adverse security assessment or assessment
An ASA is made under the ASIO Act. Under s 54 of that Act, an application may be made to the Tribunal for review of an ASA or of a qualified security assessment. A “security assessment or assessment”:
“… means a statement in writing furnished by the Organisation to a Commonwealth agency … expressing any recommendation, opinion or advice on, or otherwise referring to, the question whether it would be consistent with the requirements of security for prescribed administrative action to be taken in respect of a person or the question whether the requirements of security make it necessary or desirable for prescribed administrative action to be taken in respect of a person, and includes any qualification or comment expressed in connection with any such recommendation, opinion or advice, being a qualification or comment that relates or that could relate to that question.”[37]
[37] ASIO Act; s 35(1)
An “adverse security assessment” means:
“… a security assessment in respect of a person that contains:
(a)any opinion or advice, or any qualification of any opinion or advice, or any information, that is or could be prejudicial to the interests of the person; and
(b)a recommendation that prescribed administrative action be taken or not be taken in respect of the person, being a recommendation the implementation of which would be prejudicial to the interests of the person.”
The expression “prescribed administrative action”, to which reference is made in this definition is itself defined in s 35(1) of the ASIO Act. In so far as it is relevant in this case, only paragraph (a) of the definition is relevant. It provides:
“prescribed administrative action means:
(a)action that relates to or affects:
(i)access by a person to any information or place access to which is controlled or limited on security grounds; or
(ii)a person’s ability to perform an activity in relation to, or involving, a thing (other than information or a place), if that ability is controlled or limited on security grounds;
including action affecting the occupancy or any office or position under the Commonwealth or an authority of the Commonwealth or under a State or an authority of a State, or in the service of a Commonwealth contractor, the occupant of which has or may have any such access or ability.
(b)-(d) …”
AGSVA’s decision to deny MCLT an NV1 security clearance is an action that relates to, or affects, MCLT’s access to any information or place, access to which is controlled or limited on security grounds. It also limits MCLT’s ability to perform an activity in relation to, a thing that is not information or a place if that ability is controlled or limited on security grounds. As a consequence, the decision to deny an NV1 security clearance would affect MCLT’s ability to occupy an office or position with a CDOA if it were essential that the occupant of that office or position hold an NV1 security clearance. We make no finding about any specific opportunities that may be denied MCLT as there is no evidence on that issue but the fact remains that the denial of an NV1 security clearance will limit MCLT’s activities in the manner described in paragraph (a) of the definition of “prescribed administrative action”.
In this context, the word “security” is defined in s 4 of the ASIO Act to mean:
“(a) the protection of, and of the people of, the Commonwealth and the several States and Territories from:
(i)espionage;
(ii)sabotage;
(iii)politically motivated violence;
(iv)politically motivated violence;
(v)attacks on Australia’s defence system; or
(vi)acts of foreign interference;
whether directed from, or committed within, Australia or not; and
(aa)the protection of Australia’s territorial and border integrity from serious threats; and
(a)the carrying out of Australia’s responsibilities to any foreign country in relation to a matter mentioned in any of the subparagraphs of paragraph (a) or the matter mentioned in paragraph (aa).”
The expression “espionage”[38] is not defined but s 4 defines “acts of foreign interference” to mean:
[38] See further at [52]-[55] below.
“… activities relating to Australia that are carried on by or on behalf of, or are directed or subsidised by or are undertaken in active collaboration with, a foreign power, being activities that:
(a)are clandestine or deceptive and:
(i) are carried on for intelligence purposes;
(ii)are carried on for the purpose of affecting political or governmental processes; or
(iii)are otherwise detrimental to the interests of Australia; or
(b)involve a threat to any person.”
An adverse or qualified security assessment shall be accompanied by a statement of the grounds for the assessment. The statement:
“(a) shall contain all information that has been relied on by the Organisation in making the assessment, other than information the inclusion of which would, in the opinion of the Director-General, be contrary to the requirements of security; and
(b)shall, for the purposes of this Part, be deemed to be part of the assessment.”[39]
[39] ASIO Act; s 37(2)(a)
Regulations made under the ASIO Act:
“… may prescribe matters that are to be taken into account, the manner in which those matters are to be taken into account, and matters that are not to be taken into account, in the making of assessments, or of assessments of a particular class, and any such regulations are binding on the Organisation and on the Tribunal.”[40]
[40] ASIO Act; s 37(3)
Subject to any regulations that have been made, although there are none at the moment:
“… the Director-General shall, in consultation with the Minister, determine matters of a kind referred to in subsection (3), but nothing in this subsection affects the powers of the Tribunal.”[41]
As required by s 37(4), the Director-General issued a determination on 28 July 2010. It is Security Assessment Determination No. 2 (Determination No. 2).
[41] ASIO Act; s 37(4)
Unless the Attorney-General[42] has certified that he is satisfied of certain matters under s 38(2)[43] or unless s 38A applies,[44] s 38(1) requires the, in this case, CDOA to whom ASIO has furnished an adverse or qualified security assessment in respect of a person to give that person written notice of it and attach a copy of the assessment. The notice must inform the person of his or her right to apply to the Tribunal under Part IV of the ASIO Act. The Commonwealth agency must do so within 14 days after the day on which the assessment is furnished to it. The Minister has given MCLT notice of the ASA as required by s 38(1).
[42] Since the amendments by the Home Affairs and Integrity Agencies Legislation Amendment Act 2018, all references to the “Attorney-General” have been replaced with references to the “ASIO Minister”. References to “the responsible Minister” have been substituted to references to “ASIO Minister”. The amendments took effect on 11 May 2018. No. 31 of 2018; s 3, Schedule 2 at cll 1-10.
[43] The Attorney-General may give the Director-General a written certification that he is satisfied that withholding of a notice to a person of the making of a security assessment in respect of the person is essential to the security of the nation or that disclosure of the statement of grounds, or a particular part of the statement, contained in the security assessment in respect of the person would be prejudicial to the interests of security. The Attorney-General has not made a certification under s 38(2).
[44] ASIO Act; s 38(1A). Section 38A applies to assessments given to the Attorney-General in connection with certain provisions of the Telecommunications Act 1997.
Reviewing an adverse security assessment
We have already referred to the Tribunal’s power under s 54(1) of the ASIO Act to review an adverse or qualified security assessment in the circumstances of this case. Once the Tribunal has reviewed a security assessment, s 61 provides that every Commonwealth agency, State and State authority concerned with prescribed administrative action to which that assessment is relevant is required, to the extent that the Tribunal’s findings do not confirm the assessment, to treat those findings as superseding the assessment. Any person or authority having power to hear appeals from, or to review, a decision with respect to any administrative action, to which the assessment is relevant, is required to treat the findings of the Tribunal, to the extent that they do not confirm the assessment, as superseding that assessment.
Once the Tribunal has made findings upon a review of a security assessment, ASIO is not permitted to make a further assessment in respect of the person concerned that is not in accordance with those findings except on the basis of matters occurring after the review or if the evidence was not available at the time of the review.[45]
[45] ASIO Act, s 64
A. Procedures in the Tribunal
The AAT Act makes particular provision for review of a security assessment. In general terms, the Tribunal’s procedure is within its own discretion.[46] It is not bound by the rules of evidence but may inform itself on any matter as it thinks fit.[47] Review of a security assessment is conducted in the Tribunal’s Security Division in a proceeding to which the Director‑General and the applicant are the parties. Although not a party, the Commonwealth agency to which the assessment is given is entitled to adduce evidence and make submissions.[48]
[46] AAT Act; s 33(1)(a)
[47] AAT Act; s 33(1)(c)
[48] AAT Act; s 39A(2) The Tribunal cannot exercise its power under s 30(1A) to make a Commonwealth agency a party because that section does not apply to a proceeding in the Security Division: AAT Act; s 30(1AA).
The Director-General is not obliged to comply with s 37 of the AAT Act but is obliged to present all relevant information to the Tribunal as set out in s 39A(3). The proceeding is to be in private and, subject to there being a certificate issued under s 39A(8) in relation to submissions or evidence or under 39B in relation to information or a document, the Tribunal is required to determine those people who may be present at any time.[49] The applicant and the Director-General and their representatives and a person representing the Commonwealth agency to whom the assessment was given, may be present when each is making submissions to the Tribunal or adducing evidence.[50] If a certificate has been issued, the applicant must not be present when the evidence is adduced or submissions made and, unless the Minister consents, nor may a person representing the applicant.[51] That representative must not disclose the submissions or evidence to the applicant or to any other person.[52] Sections 39A(12) to (17) are concerned with the order in which submissions are made and evidence adduced in a hearing.
[49] AAT Act; s 39A(5)
[50] AAT Act; ss 39A(6) and (7)
[51] AAT Act; s 39A(9)
[52] AAT Act; s 39A(10)
Section 35AA, rather than s 35,[53] permits the Tribunal to make an order prohibiting or restricting the publication of evidence given in proceedings in the Security Division. Section 39B also makes particular provision for the protection of information and documents from disclosure if they are the subject of a public interest certificate issued by the Attorney‑General. Quite apart from more specific provisions found in the AAT Act and the ASIO Act, s 39B(11) provides that:
“It is the duty of the Tribunal, even though there may be no relevant certificate under this section, to ensure, so far as it is able to do so, that, in or in connection with a proceeding, information is not communicated or made available to a person contrary to the requirements of security.”
Section 39A(11) also obliges the Tribunal to do all things necessary to ensure that the identity of a person giving evidence on behalf of the Director-General of Security is not revealed.
[53] AAT Act; s 35AA(1)
Once the Attorney-General has issued a certificate, the Tribunal has no power to vary the consequences that flow from s 39B. This point was made by the Full Court of the Federal Court in Hussain and Minister for Foreign Affairs and Anor[54] when it said:
“ Neither s 39A, nor s 39B of the AAT Act, indicates a legislative intent to give the Tribunal any discretion in relation to whether to accept the Minister’s certificate. Once such a certificate has issued, the provisions state in clear terms that the Tribunal is not to disclose any of the material that is the subject of the certificate.
…
… [Section] 39A(8) states that the Minister ‘may, by signed writing, certify … that the disclosure of the evidence or submissions would be contrary to the public interest because it would prejudice security or the defence of Australia’. The issue of such a certificate is clearly a matter for the Minister, and for him alone. Once the Minister has issued a certificate, s 39A(9) states in mandatory terms that the applicant must not be present in the relevant part of the hearing and that the applicant’s representative may only be present with the Minister’s consent. It would be difficult to find implicit in these words any discretion to be exercised by the Tribunal. Instead, it is clear that the applicant’s presence, and that of his representative, in the relevant part of the hearing is entirely dependent on the Minister’s determination.
Similarly, the wording of s 39B does not lend itself to a construction that gives the Tribunal any discretion in relation to the material that is the subject of the Minister’s certificate. The only exception is a certificate issued pursuant to s 39B(2)(c), which is not relevant to this proceeding.”[55]
B. Tribunal’s review of adverse or qualified assessment
[54] [2008] FCAFC 128; Weinberg, Bennett and Edmonds JJ
[55] [2008] FCAFC 128 at [127]-[130]
B.1 Requirements of the AAT Act
Section 43(1) of the AAT Act provides that, for the purposes of reviewing a decision, the Tribunal may exercise all the powers and discretions conferred on the relevant enactment on the person who made the decision and shall make a written decision in the terms it then specifies. It must give reasons for its decision and s 43 provides for certain consequential issues. In matters heard in the Security Division, the provisions of s 43 are subject to those of s 43AAA and, in matters that are not relevant in this case, to s 65(3) of the ASIO Act.[56]
[56] AAT Act; s 43(1A)
Section 43AAA of the AAT Act applies to a review conducted by the Security Division. Section 43AAA(2) provides that:
“Upon the conclusion of a review, the Tribunal must make and record its findings in relation to the security assessment, and those findings may state the opinion of the Tribunal as to the correctness of, or justification for, any opinion, advice or information contained in the assessment.”[57]
[57] Section 43AAA(3) links back to s 61 of the ASIO Act and its requirement that the Tribunal’s findings must, to the extent they do not confirm ASIO’s findings, be treated as superseding ASIO’s findings. It provides that:
“The Tribunal must not make findings in relation to an assessment that would, under section 61 of the Australian Security Intelligence Organisation 1979, have the effect of superseding any information that is, under subsection 37(2) of that Act, taken to be part of the assessment unless those findings state that, in the Tribunal’s opinion, the information is incorrect, is incorrectly represented or could not reasonably be relevant to the requirements of security.”
Among the “information that is, under subsection 37(2) of that Act, taken to be part of the assessment” is the statement of grounds for the assessment, which is deemed to be part of the assessment by virtue of s 37(2)(b) of the ASIO Act. That statement:
“shall contain all information that has been relied on by the Organisation in making the assessment, other than information the inclusion of which would, in the opinion of the Director-General, be contrary to the requirements of security”: ASIO Act; s 37(2)(a).
Subject to the qualification found in s 43AAA(5), s 43AAA(4) requires the Tribunal to give a copy of its findings to applicant, the Director-General, the Commonwealth agency to which the assessment was given and, since the amendments made to the AAT Act with effect from 11 May 2018, to the ASIO Minister. The qualification to this is set out in s 43AAA(5):
“The Tribunal may direct that the whole or a particular part of its findings, so far as they relate to a matter that has not already been disclosed to the applicant, is not to be given to the applicant or is not to be given to the Commonwealth agency to which the assessment was given.”
That qualification must be read in light of the Tribunal’s duty under s 39B of the AAT Act not to communicate information contrary to a public interest certificate issued by the Attorney‑General or, more generally, that is not contrary to the requirements of security.
Once the Tribunal has given its findings, or part of them, to an applicant then, subject to any directions it makes s 43AAA(6) permits that applicant to publish those findings in any manner he or she thinks fit. The Tribunal may also publish those reasons for, as Foster J said in RJCG v Director-General of Security,[58] there is no foundation for the Tribunal’s earlier practice of not making its Reasons for Decision in such matters available to the public.[59]
[58] [2013] FCA 269
[59] [2013] FCA 269 at [58]-[59]
B.2 The questions we must ask ourselves
Section 54 of the ASIO Act provides that an application may be made to the Tribunal for review of an ASA or of a qualified security assessment. In this case, the review is of an ASA. Having regard to the definition of a “security assessment” in s 35(1) of the ASIO Act and separating the elements of the question, our task is:
(1)to review of an adverse statement furnished to the Minister;
(2)“… expressing any recommendation, opinion or advice on … the question …”:
(a)“… whether it would be consistent with the requirements of security for prescribed administrative action to be taken in respect of…” MCLT:
(i)in circumstances in which that “prescribed administrative action” is the exercise of power that relates to or affects MCLT’s access to any information or place access to which is controlled or limited on security grounds by refusing to issue MCLT with an NV1 security clearance; or
(b)“… whether the requirements of security make it necessary or desirable for prescribed administrative action to be taken in respect of …” MCLT being the prescribed administrative action described in (a) above; and
(3)including “… any qualification or comment expressed in connection with any such recommendation, opinion or advice being a qualification or comment that relates or could relate to the question.”
ESPIONAGE AND ACTS OF FOREIGN INTERFERENCE
Mr Connor submitted that we should have regard to the statement made by the Full Court in Jaffarie v Director-General of Security[60] (Jaffarie) in considering paragraph (aa) of the definition of “security”. Paragraph (aa) provided that one of the word’s meanings is “the protection of Australia’s territorial and border integrity from serious threats”. The Court had been considering a submission that paragraph (aa) should be given a meaning that confined the meaning of “security” in that context to the protection of Australia’s territorial and border integrity from serious threats in so far as they comprised a threat to the “oneness” or “territorial integrity” of Australia and its immunity from attack, division, secession, occupation or annexation. As people smuggling did not constitute such a threat, it did not represent a threat to Australia’s territorial and border integrity.
[60] [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596; Flick, Perram and White JJ
In rejecting the submission, the Full Court said:
“ The term ‘security’ and the phrase ‘the protection of Australia’s territorial and border integrity’ is thus not to be read in the confined manner advanced on behalf of Mr Jaffarie. Nothing in para (aa) suggests that the phrase should be given anything other than the natural and ordinary meaning of the words employed; indeed, if anything, the statutory context in which the phrase is employed strongly suggests that no pedantic or unnecessary construction should be placed upon the phrase. … Nor does the confined role entrusted to ASIO, as opposed to the role entrusted to law-enforcement agencies to monitor compliance with those who seek to illegally enter Australia, dictate a confined meaning to be given to para (aa).
It may be further observed that such a confined construction of para (aa) of the definition of ‘security’ employed in s 4 of the Australian Security Intelligence Organisation Act could well set ‘the bar too high’ and frustrate the ability of ASIO to properly monitor and assess threats to Australia’s national interests: compare Suresh v Canada (The Minister of Citizenship and Immigration) [2002] 1 SCR 3 at [88]; [2002] SCC1 (Suresh). To give the phrase ‘the protection of Australia’s territorial and border integrity’ the confined meaning advanced on behalf of Mr Jaffarie may well hamstring ASIO in its ability to confront the ever growing threat of terrorism and associated evils.”[61]
[61] [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596 at [65]-[66]; 525; 611-612; 614
Although we are not concerned with paragraph (aa) of the definition of “security”, we are mindful of the principle underpinning the Full Court’s judgment in these two paragraph. It is a principle that goes beyond paragraph (aa). In so far as it applies to paragraph (a), it is a principle that we should view the definition of the word “security” generally, and each of its paragraphs, with a flexibility that allows us to have regard to the ever changing environment in which the Commonwealth and the several States and Territories, and their people, must be protected from the various acts specified in subparagraphs (i) to (vi). It is with that principle in mind that we come to the meanings of “espionage” and “acts of foreign interference”.
Espionage
In his second report, Justice Hope wrote: “Espionage is spying.”[62] He made the general observation that:
“… It must be remembered that covert intelligence can add significantly to intelligence obtained overtly through diplomatic, public and other sources. Depending on its subject-matter it may greatly strengthen the position of the power acquiring the covert intelligence against the power from whom it has been acquired, and sometimes against others. Australia must not be so naïve as to think that it has some exemption from clandestine operations, or that it need not take steps to protect itself against them.”[63]
[62] Hope Royal Commission; Second Report at [38]
[63] Hope Royal Commission; Second Report at [41]
Acts of foreign interference
The expression “acts of foreign interference” was considered by the Full Court in Leghaei v Director-General of Security:[64]
“ The term ‘acts of foreign interference’ was added to the ASIO Act by s 3(a) of the Australian Security Intelligence Organization Amendment Bill 1986 (No 122 of 1986) (Cth). The expression replaced an earlier definition of ‘actual measures of foreign intervention’.
The explanatory memorandum to the Bill and the Attorney-General’s second reading speech made it clear that the Bill was intended to give effect to certain recommendations made by Hope J in his 1984 report.”[65]
[64] [2007] FCAFC 37; (2007) 241 ALR 141; 97 ALD 516; Tamberlin, Stone and Jacobson JJ
[65] [2007] FCAFC 37; (2007) 241 ALR 141; 97 ALD 516 at [79]-[80]; 148; 523
Justice Hope considered the expression “active measures of foreign intervention”, which was then defined in the ASIO Act as “clandestine or deceptive action taken by or on behalf of a foreign power to promote the interests of that power”. Action of that sort might include activities using “agents of influence and disinformation and deceptive information.”[66] Some of the main points made by Justice Hope in this area include:
[66] Hope Royal Commission; Second Report at [3.16]
“3.17 Some controversy has surrounded the concept of agents of influence. It was pointed out in RCIS (4:1, 47) that a person is not to be regarded as an agent of influence merely because he does or says things, publicly or privately, favourable to a particular foreign power, or because he has been persuaded to do so by the available material about that power. … [W]hat is crucial for the discharge of ASIO’s function of seeking to protect Australia against illicit foreign interference, is that the alleged agent of influence is being operated by the intelligence service of a foreign power for the benefit of that power and against the interests of Australia.
3.18 …
3.19 If an Australian citizen is being operated by an intelligence officer, then whatever the citizen’s state of mind may be, it is ASIO’s duty to monitor the operation with a view to enabling the Government to forestall its success. …
3.20 The state of mind of a person who is the subject of an operation by a foreign intelligence service is a secondary consideration.
3.21 … He may be completely unaware that he is being used by a foreign intelligence service, although he may find it hard to sustain a claim of innocence if he continues to accede to such requests and does not reveal to the Government or to the public the fact that they have been made. If such a person is, in fact, unwitting he should not be regarded as a security risk simply because he is being used to further the purposes of a foreign power. The activity of the foreign power will nevertheless remain a matter of security interest.
3.22-3.30 …
3.31 … ASIO’s duty is to detect and forewarn the Australian Government of the clandestine or deceptive actions of foreign powers or agencies. It has a duty to investigate any case where it is suspected that a person has been operated by a foreign power as an agent of influence, or, indeed, where it is suspected that a foreign power is actively trying to cultivate a person in order that he might act as an agent of influence for it. …
3.32-3.36 …
3.37 It would be preferable in my view to spell out more clearly the kind of activity which, if of foreign origin, constitutes a threat to the security of Australia. The existing definitions of ‘activities of foreign origin’ and ‘active measures of foreign intervention’ could be drawn on for this purpose and merged in a new definition.
Proposed definition of objectionable foreign interference
3.38 The establishment or support by a foreign power of an organisation in Australia to promote its interests does not necessarily involve an ‘active measure of foreign intervention’. Many foreign powers openly establish or support such organisations. They commonly promote cultural, trading and other ties, and seek to achieve other quite proper objectives. The interests of the foreign power may be promoted, but there is no objectionable interference with the interests of Australia. The promotion of the interests of a foreign power may detrimentally affect some of Australia, but if all aspects of that promotion are carried on openly, it will not of itself give rise to a matter of security concern. It is a combination of clandestinely or deception with the effect of the activity on the interests of Australia that gives rise to a security concern.
3.40-4.42 …
3.43 There are thus four classes of activity which, if of foreign origin, should attract investigation by ASIO. They are, first, clandestine or deceptive activities which are conducted for purposes of detrimental to the interests of Australia. The latter part of this description is to be compared with the present definition of ‘active measures of foreign intervention’ which refers to activities to promote the interests of a foreign power. As has been shown, such an activity is not necessarily a matter of security concern, although it may need investigation by ASIO to see what its true purpose and ramifications are. Secondly, there is foreign clandestine or deceptive intrusion into the political or governmental processes of Australia. Of its nature, activity of that kind can be regarded as detrimental to the interests of Australia. Foreign clandestine or deceptive intelligence activity, the third activity, can likewise be regarded, in itself, as detrimental to the interests of Australia. The fourth activity is threats to persons in Australia, whether or not clandestine or deceptive.”
DETERMINATION NO. 2
At [60] to [71] of our reasons in Re CMHV and Director-General of Security and Anor[67] (CMHV), we expressed our concerns about the way in which a differently constituted Tribunal has characterised the role of Determination No. 2 and, in particular, about the way in which we should have regard to it. That Tribunal did so in Re BLBS and Director‑General of Security and Anor[68] (BLBS). The Director-General has relied on BLBS and drawn our attention to other decisions[69] in which that decision has been applied. We will not refer to those decisions further for they have applied BLBS without analysis of the case itself or of its underlying principles or explained why they have adopted it. Nevertheless, we have revisited the issue again and will begin by setting out the relevant parts of Determination No. 2.
[67] [2017] AATA 1547
[68] [2013] AATA 820; Kerr J, President, Deputy President Constance and Senior Member Friedman
[69] All were decided by Deputy Presidents Constance and Frost and Senior Member Isenberg and it is to be expected that, having come to their view in one case, that they would repeat it in the following two. The cases are: Re TSJY and Director-General of Security [2015] AATA 243 at [28]-[29] and [34]; Re RZBZ and Director-General of Security [2015] AATA 296 at [30], [36] and [53]; and Re TNFD and Director-General of Security [2015] AATA 752 at [35] and [41]
Determination No. 2
Determination No. 2 applies to security assessments made under Part IV of the ASIO Act from that date. In particular, it is to be applied when the decision-maker considers that the assessment process is likely to result in an adverse or a qualified security assessment under that legislation.[70] Where a decision-maker believes that the assessment process is likely to result in a non-adverse security assessment, he or she is not obliged to apply Determination No. 2.[71] Nothing that is stated in Determination No. 2 affects the Tribunal’s powers.[72]
[70] Determination No. 2 at [9]
[71] Determination No. 2 at [3]
[72] ASIO Act; s 37(4)
Determination No. 2 begins with a Preamble including a statement that:
“4. ASIO’s purpose in furnishing a security assessment under Part IV of the Act is to provide, in writing to another agency, a recommendation, opinion or advice on (or otherwise refer to):
A.whether it would be consistent with the requirements of security for prescribed administrative action to be taken in respect of the assessment subject; or
B.whether the requirements of security make it necessary or desirable for prescribed administrative action to be taken in respect of the assessment subject.
5.A security assessment includes any qualification or comment expressed in connection with any such recommendation, opinion or advice, being a qualification or comment that relates (or that could relate) to either (A) or (B) above.”
Clause 7 of the Operative Part of Determination No. 2 observes that, during the process of making a security assessment, there are at least five clear stages at which the assessor must make a decision. It identifies them:
“7.2.1 Referring to any relevant legislative test
a.In deciding the threshold for an adverse assessment, the decision maker should take into account any relevant legislative test which will be used by the agency receiving the security assessment.
7.2.2 Whether to take information into account
a.In deciding what information should be taken into account in the security assessment, the decision maker should consider the credibility, nature and authenticity of the relevant facts, information and sources.
b.The decision maker should consider what weight should be accorded to the available information, including whether the information can be corroborated.
7.2.3 Currency of information
a.The weight to be given to information may be affected by its currency.
b.The decision maker should consider whether the age of the information means it should be given less weight. Where it is considered that the information should still carry weight, the decision maker should explain why.
7.2.4 Torture
a.The weight to be given to information may be affected by the risk that it has been obtained using means which may amount to duress, torture or other cruel, inhuman or degrading treatment or punishment.
b.In deciding what weight should be given to such information, the decision maker should apply the policy ASIO Prohibition on the Use or Involvement with Torture or other cruel, inhuman or degrading treatment or punishment.
7.2.5 Making a finding or conclusion
a.A decision maker should consider whether there is enough information to justify a finding or conclusion being drawn.
b.Any finding or conclusion in an assessment (whether immediate or final) which is adverse to the assessment subject should be judged to be at least likely.”
The opening paragraph of cl 7.2 recognises the need to link the assessment process back to the prescribed administrative action. That prescribed administrative action will be the subject of its own legislative regime. It is the consequences of taking, or not taking that action or, if permitted, of partially or conditionally taking that action to which the assessment is addressed and the consequences to security addressed. In the context of this case, it is the consequences of granting, or not granting, an NV1 security clearance to MCLT. This is inherent in cl 6.3 of Determination No. 2:
“6.3.1 Account is to be taken of the potential consequences to security of the relevant Commonwealth agency taking, or not taking, prescribed administrative action in relation to the assessment subject.
6.3.2 Factors relevant to the consequences to security include:
(ii)the nature and type of the prescribed administrative action; and
(iii)how taking (or not taking) the prescribed administrative action will impact on the assessment subject as relevant to security.”
Clause 7.1 emphasises the need to make security assessments in good faith and without bias using a process that is as fair as possible while taking into account the requirements of security. Clause 6.2.1 draws attention to the fact that each security assessment must relate specifically to the security subject. Determination No. 2 then draws attention to a number of matters that may be relevant in preparing a security assessment on a security subject in relation to prescribed administrative action. The list does not purport to be exhaustive, and nor can it be, for the range of relevant matters may vary as they will be shaped by the particular administrative action in relation to which the security assessment is being undertaken and in the circumstances in which it is being undertaken. Clause 6.2.2 is helpful, though, and we will set it out:
“In preparing a security assessment on the assessment subject in relation to the prescribed administrative action, matters that may be taken into account (if relevant) include:
(i)Activities:
(a)physical activities of the assessment subject (including conspiring, scheming, planning, organising, counselling, abetting and advising or otherwise advocating or encouraging any act or activities) which:
1.relate to or have a connection with, one or more of the activities listed in the definition of ‘security’ in the Act; or
2.are likely to be conducted in a manner not consistent with the requirements of security.
(ii)Associations:
(a)an active association of the assessment subject (such as an alliance, link, connection, support for and/or membership) with any person (any individual, group, association, society, organisation, organised body and/or government) who is involved in, or is reasonably suspected of being involved in, activities prejudicial to security; and
(b)that association reflects adversely on the assessment subject.
Note: A passive association which is limited to family ties, a professional affiliation or by mere casual acquaintance is not sufficient to warrant treating the ‘association’ as adverse.]
(i)Attitudes relevant to ‘security’, including:
(a)the assessment subject’s acceptance of, support for and/or sympathy with an act or activities which relate to or are reasonably suspected of having a connection with, one or more of the activities listed in the definition of ‘security’ in the Act; and/or
(b)the assessment subject’s acceptance of and/or support for, maintaining protective security.
(iv)Background relevant to ‘security’ including:
(a)the assessment subject’s personal history (circumstances, upbringing, residence, travel in foreign countries) and/or continuing emotional, personal, financial, political and/or legal ties with a person or entity whose activities are reasonably suspected of being prejudicial to security; and
1.collectively, the findings give rise to, or potentially gives rise to, an assessment that the assessment subject is engaging in, or is likely to engage in, activities prejudicial to security; and/or
2.collectively, the findings give rise to, or potentially give rise to, an assessment that the assessment subject is, or is likely to be, vulnerable to exploitation in a manner not consistent with the requirements of security.
(v)Character relevant to ‘security’ including:
(a)aspects of past and/or present personal behaviour [sic], including criminal conduct, which:
1.is inconsistent with the requirements of security; or
2.gives rise to a reasonable suspicion that the assessment subject is vulnerable to exploitation relevant to security; or
3.raises doubts about credibility of the assessment subject and which reduces the weight to be given to any information given by the assessment subject.
[Note: Evidence of any rehabilitation and recent good conduct may be relevant to the assessment.]”
Clause 8 emphasises the approach that must be followed in making an assessment when it sets out the factors that may not be considered:
“NO information concerning an assessment subject shall be taken into account in the formulation of a qualified or adverse security assessment, unless that information:
(a)is capable of satisfying the tests referred to in clauses 6 and 7;
(b)is relevant to the requirements of security; and
(c)has a reasonable nexus with, and is relevant to, the assessment subject.”
Clause 5(m) provides that the “test terms” used in cll 6 and 7 are to be interpreted as follows:
“(i) ‘Reasonable Suspicion’: The reasonable suspicion test is met if the following two elements exist:
(a)the decision maker’s suspicion is aroused by the information available in the making of the security assessment; and
(b)the decision-maker’s suspicion is an honestly held suspicion based on that information and it is reasonable in the circumstances. Reasonable suspicion does not have to equate to actual belief.
(ii)‘Likely to be’: The ‘likely to be’ test is met if the decision maker is of the opinion that there is a real, and not remote, possibility that the risk could occur. It is not necessary that the risk is ‘more likely than not’ to occur.”
The role of Determination No. 2
A. BLBS and Director-General of Security and Anor
On behalf of the Director-General, and relying on BLBS, Mr Connor submitted that, as a matter of law, the Tribunal remained free to apply, or not apply, a Ministerial policy in reaching the correct or preferable decision in each case on the material before it. A policy statement may, however, furnish assistance in arriving at the preferable decision. We will set out the passages from BLBS on which he relied:
“53. Re Drake and Minister for Immigration and Ethnic Affairs (No 2) (1980) 2 ALD 634 is authority for the proposition that while the Tribunal as a matter of law remains free to apply a Ministerial policy or not in reaching the correct or preferable decision in each case on the material before it, such policy statements can furnish assistance in arriving at the preferable decision.
54. We think we should apply the policy disclosed in the Determination similarly to the way Ministerial policy was discussed in Re Drake notwithstanding that the Determination was made by the Director-General rather than a Minister, is not subject to Parliamentary scrutiny and much of its content cannot be known to the public because it remains classified for security reasons. These factors differ from those in Re Drake, but because Parliament has conferred the power to make such determinations on the Director-General in consultation with the Minister we think there is sufficient similarity not to reject its applicability. While s 37(4) of the ASIO Act is explicit that the Determination is not binding upon the Tribunal we think that does not prevent our deciding this matter consistently with the policy of the Direction unless persuaded that the policy expressed in the Determination is inconsistent with the ASIO Act or would produce an unjust outcome in the circumstances of a particular case. Subject to the observation below we discern no reason to regard the policy expressed in the Determination as in any way inconsistent with the ASIO Act.”
The Tribunal then turned to the meaning of the word “likely” and associated words as used in Determination No. 2. Its discussion includes the following passage:
“The Determination may not have been drafted with the precision of an act or regulation but it is a significant legal instrument made by the Director-General. It is binding on officers of ASIO carrying out their statutory functions. The ASIO Act required the Director-General to consult with the Minister before it was promulgated. It is reasonable to assume that the Determination was the subject of extensive and careful scrutiny before it was published and we take notice of the fact, from our own knowledge, that ASIO has extensive legal resources. It is difficult to attribute the different appearance of the word ‘likely’ to carelessness.
Instead, the fact that ‘likely’ is not underlined suggests that italics were used in cl 7.2.5(b) simply for emphasis. So understood the words ‘at least likely’ highlight that at the fifth and final stage, before making any adverse or qualified assessment, notwithstanding that to that point an assessment had met all the tests and thresholds which the operative parts of the Determination require, an ASIO officer must yet apply a final check. The finding or conclusion must be judged at least likely.
Because Mr Berger’s opponent could not identify or contest the point because the critical language of the Determination was redacted, we express our views without the benefit of argument but, subject to that caveat, the Tribunal concludes that the word likely in cl 7.2.5(b) was used in its ordinary sense and does not require further embellishment in order to apply the policy of the Determination.”[73]
[73] [2013] AATA 820 at [60]-[62]
B. The role of policy in discretionary decision-making
Policy has an important role to play in the making of discretionary decisions made under an enactment. In the first instance, the meaning of the enactment under which the discretionary decision is made must be identified. Policy, whether it is described as such or as legislative intent, underpins every enactment made by Parliament. The words of an enactment are interpreted in light of that intention as conveyed by the enactment itself either alone or with the assistance of legitimate aids to assist in its interpretation.
“… Instances of general words in a statute being so constrained by their context are numerous. In particular, as McHugh JA pointed out in Isherwood v Butler Pollnow Pty Ltd (1986) 6 NSWLR 363 at 388, if the apparently plain words of a provision are read in the light of the mischief which the statute was designed to overcome and of the objects of the legislation, they may wear a very different appearance. Further, inconvenience or improbability of result may assist the court in preferring to the literal meaning an alternative construction which, by the steps identified above, is reasonably open and more closely conforms to the legislative intention ...”[74]
[74] CIC Insurance Ltd v Bankstown Football Club Ltd (1997) 187 CLR 384; 141 ALR 618 at 408; 634-5 per Brennan CJ, Dawson, Toohey and Gummow JJ
Once the words of the enactment conferring a discretionary power have been interpreted, the boundaries of that discretionary power must be identified. Those boundaries are to be found either expressly stated in the enactment or they may be implicit when regard is had to the subject matter of the enactment under which the decision is made as well as from object and underlying policy of that enactment.[75] Within those boundaries, the person to whom the decision-making power is entrusted may develop a policy setting out guidelines relevant to the way in which the discretionary power will be exercised either by the person or, where delegation is permitted, by that person’s delegates.
[75] Alexandra Private Geriatric Hospital Pty Ltd v Blewett (1984) 2 FCR 368; 56 ALR 265 at 375; 272 per Woodward J and see also Minister for Aboriginal Affairs v Peko-Wallsend Ltd [1986] HCA 40; (1986) 162 CLR 24; 66 ALR 299; Gibbs CJ, Mason, Brennan, Deane and Dawson JJ at 39-40; 308-309 per Mason J with whom Gibbs CJ and Dawson J agreed
The role of such policy was discussed by the Tribunal’s first President, Brennan J, in Re Drake and Minister for Immigration and Ethnic Affairs (No 2)[76] (Drake (No 2)) when considering then ss 12 and 13 of the Migration Act 1958 (Migration Act) requiring the Minister to determine whether or not to deport a person in certain circumstances. In that case, Brennan J said:
“… The Minister is free to exercise that power without adopting a policy as to the standards and values to which he will have regard in deciding particular cases. He is equally free, in point of law, to adopt such a policy in order to guide him in the exercise of the statutory discretion, provided the policy is consistent with the statute. …
There are powerful considerations in favour of a Minister adopting a guiding policy. It can serve to focus attention on the purpose attention which the exercise of the discretion is calculated to achieve, and thereby to assist the Minister and others to see more clearly, in each case, the desirability of exercising the power in one way or another. Decision-making is facilitated by the guidance given by an adopted policy, and the integrity of decision-making in particular cases is the better assured if decisions can be tested against such a policy. By diminishing the importance of individual predilection, an adopted policy can diminish the inconsistencies which might otherwise appear in a series of decisions, and enhance the sense of satisfaction with the fairness and continuity of the administrative process.
Of course, a policy must be consistent with the statute. It must allow the Minister to take into account the relevant circumstances, it must not require him to take into account irrelevant circumstances, and it must not serve a purpose foreign to the purpose for which the discretionary power was created. A policy which contravenes these criteria would be inconsistent with the statute … The Minister must decide each of the cases under ss 12 and 13 on its merits. His discretion cannot be truncated by a policy as to preclude consideration of the merits of specified classes of cases. A fetter of that kind would be objectionable, even though it were adopted by the Minister on his own initiative. A Minister’s policy, formed for the purposes of ss 12 and 13 of the Migration Act, must leave him free to consider the unique circumstances of each case, and no part of a lawful policy can determine in advance the decision which the Minister will make in the circumstances of a given case.
That is not to deny the lawfulness of adopting an appropriate policy which guides but does not control the making of decisions, a policy which is informative of the standards and values which the Minister usually applies. There is a distinction to be drawn between an unlawful policy which creates a fetter purporting to limit the range of discretion conferred by a statute, and a lawful policy which leaves the range of discretion intact while guiding the exercise of the power. …”[77]
[76] (1979) 2 ALD 634
[77] (1979) 2 ALD 634 at 640-641
Section 7 of the Charter guaranteed “[e]veryone … the right to life, liberty and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice”. Its guarantee extended to refugees and it was conceded that deportation to torture might deprive a refugee of liberty, security and, perhaps, life. Was that deprivation in accordance with the principles of fundamental justice?
The SCC identified the Articles in various Conventions ratified by Canada and prohibiting torture. Articles 1, 2, 3 and 16 of the Convention against Torture (CAT) and Articles 4 and 7 of the International Covenant on Civil and Political Rights (ICCPR) reflect the prevailing international norm. The CAT protects everyone, without exception, from threats to life and freedom from State-sponsored torture. In contrast, Article 33(2) of the 1951 Convention Relating to the Status of Refugees and the 1967 Protocol Relating to the Status of Refugees (Refugee Convention) provides more qualified protection for it provides that the benefit of the non-refoulement obligation cannot:
“… be claimed by a refugee whom there are reasonable grounds for regarding as a danger to the security of the country in which he is, or who, having been convicted by a final judgment of a particularly serious crime, constitutes a danger to the community of that country.”
Although there may be some doubt on the question, it concluded that the better view is that international law rejects deportation to torture even where national security interests are at stake. “This is the norm which best informs the content of the principles of fundamental justice under s. 7 of the Charter”, the SCC said.[85] Barring extraordinary circumstances, deportation to torture will generally violate s 7 of the Charter. In summary:
“… It follows that insofar as the Immigration Act leaves open the possibility of deportation to torture, the Minister should generally decline to deport refugees where on the evidence there is a substantial risk of torture.”[86]
[85] [2002] 1 SCR 3 at [2] at [75]
[86] [2002] 1 SCR 3 at [77]
In these circumstances, s 53(1)(b) of the Immigration Act does not violate s 7 of the Charter. That said, there was a question whether the terms “danger to the security of Canada” and “terrorism” were unconstitutionally vague and, if not, the meaning of the expression “danger to the security of Canada”. Only the expression “danger to the security of Canada” was relevant in M47/2012. It was found to be an expression that was not unconstitutionally vague. It gave people who might come within the ambit of s 53(1)(b) fair notice of the consequences of their conduct while adequately limiting law enforcement discretion.[87]
[87] [2002] 1 SCR 3 at [92]
As to the meaning of the expression “danger to the security of Canada”, the SCC accepted that:
“… the determination of what constitutes a ‘danger to the security of Canada’ is highly fact-based and political in a general sense. All this suggests a broad and flexible approach to national security …”[88]
It later summarised its view:
“ While the phrase ‘danger to the security of Canada’ must be interpreted flexibly, and while courts need not insist on direct proof that the danger targets Canada specifically, the fact remains that to return (refouler) a refugee under s. 53(1)(b) to torture requires evidence of a serious threat to national security. To suggest that something less than serious threats founded on evidence would suffice to deport a refugee to torture would be to condone unconstitutional application of the Immigration Act. Insofar as possible, statutes must be interpreted to conform to the Constitution. This supports the conclusion that while ‘danger to the security of Canada’ must be given a fair, large and liberal interpretation, it nevertheless demands proof of a potentially serious threat.
90 These considerations lead us to conclude that a person constitutes a ‘danger to the security of Canada’ if he or she poses a serious threat to the security of Canada, whether direct or indirect, and bearing in mind the fact that the security of one country is often dependent on the security of other nations. The threat must be ‘serious’, in the sense that it must be grounded on objectively reasonable suspicion based on evidence and in the sense that the threatened harm must be substantial rather than negligible.”
[88] [2002] 1 SCR 3 at [85]
In its conclusion, the SCC focused on the words of s 53(1)(b) of the Immigration Act - “danger to the security of Canada” – and did so in the context of balancing the power given to the Minister under that section with the obligations imposed by s 7. Its judgment cannot be read as attempting to give a universal meaning to the determination of when there is a threat to national security and when it will be regarded as serious regardless of the statutory framework in which similar expressions are used.
We respectfully suggest that the High Court has not attempted to do so in the case of M47/2012 but has applied similar principles in deciding a case raising similar tensions between concerns of non-refoulement and those of national security. The issue that it had to decide centred on cl 866.225(a) of Schedule 2 to the Migration Regulations 1994. That clause prescribed that an applicant for a protection visa had to satisfy public interests criterion 4002 i.e. that:
“The applicant is not assessed by the Australian Security Intelligence Organisation to be directly or indirectly a risk to security, within the meaning of section 4 of the Australian Security Intelligence Organisation 1979.”
In his judgment, French CJ noted that:
“… The word ‘security’ as defined in the ASIO Act does not in terms set a threshold level of risk necessary to support an adverse assessment for the purposes of public interest criterion 4002.”[89]
[89] [2012] HCA 46; (2012) 251 CLR 1; 292 ALR 245 at [68]; 47; 266
He set out the context of the statutory scheme in which criterion 4002 took place at the time that the case was decided:
“ The Migration Act creates a statutory scheme, the purpose of which is to give effect to Australia’s obligations under the Convention and to provide for cases in which those obligations are limited or qualified. It provides, in ss 36 and 65, for the grant of protection visas to persons to whom Australia owes protection obligations. It provides for the refusal or cancellation of such visas in respect of persons to whom Australia owes obligations where:
·the person may nevertheless be expelled from the country for ‘compelling reasons of national security’ pursuant to Art 32;
·the person may be removed from the country where ‘there are reasonable grounds for regarding [the person] as a danger to the security of the country in which [the person] is’ pursuant to Art 33(2).
The Act provides procedural protection by way of merits review of decisions to refuse or cancel a visa relying on Arts 32 or 33(2). That protection is not available in those ‘national interest’ cases in which the Minister makes a decision personally to refuse or cancel a visa pursuant to s 501 and issues a certificate under s 502. That is the statutory scheme by reference to which the validity of public interest criterion 4002 is to be judged.”[90]
[90] [2012] HCA 46; (2012) 251 CLR 1; 292 ALR 245 at [66]-[66]; 46; 265-266
The passage quoted in the Minister’s submissions refers to the level of threat sufficient to lift the weight of prohibition against refoulement.[91] As the Chief Justice said: “… The word ‘security’ as defined by the ASIO Act does not in terms set a threshold level of risk necessary to support an adverse assessment for the purposes of public interest criterion 4002.”[92] While this is true, we respectfully suggest that the level of risk is determined by reference to the ASIO Act and the particular administrative action to be taken.
[91] [2012] HCA 46; (2012) 251 CLR 1; 292 ALR 245 at [68]; 47; 266
[92] [2012] HCA 46; (2012) 251 CLR 1; 292 ALR 245 at [68]; 47; 266
At the time, s 36(2C) of the Migration Act provided that a non-citizen was taken not to satisfy the criterion in s 36(2)(aa) (as a person to whom Australia has protection obligations) if:
“(a) the Minister has serious reasons for considering that:
(i)the non-citizen has committed a crime against peace, a war crime or a crime against humanity, as defined by the international instruments prescribed by the regulations; or
(ii)the non-citizen committed a serious non-political crime before entering Australia; or
(iii)the non-citizen has been guilty of acts contrary to the purposes and principles of the United Nations; or
(b) the Minister considers, on reasonable grounds, that:
(i) the non-citizen is a danger to Australia’s security; or
(ii)the non-citizen, having been convicted by a final judgment of a particularly serious crime (including a crime that consists of the commission of a serious Australian offence or serious foreign offence), is a danger to the Australian community.”
The administrative action that was the subject of the ASA had to centre on whether, relying on this provision and, it would seem s 36(2C)(b)(i), the Minister should decide to refuse a protection visa on the basis that there were “reasonable grounds” for considering that the non-citizen was a “danger to Australia’s security”. The word “security” is defined in s 4 of the ASIO Act in terms which include a reference to a “serious threat” when referring to the protection of Australia’s territorial and border integrity. That appears in paragraph (aa) of the definition of the word “security”. ASIO’s focus on the decision that the Minister must make is not to take the decision-making role from the Minister. That follows from the fact that an ASA is focused on whether the requirements of security make it necessary or desirable for prescribed administrative action, which includes the exercise of any power in relation to a person under the Migration Act to be taken in respect of a person. The words of each of ss 36(2C)(a) and (b) set the standard. If s 36(2C)(b)(i) is relevant, for example, ASIO’s recommendation, opinion or advice must be focused on whether there are reasonable grounds for considering that the non-citizen is a danger to Australia’s security.
When the Full Court of the Federal Court decided Jaffarie, it was concerned with paragraph (aa) of the definition of “security” in s 4 of the ASIO Act. That is, “security means … (aa) the protection of Australia’s territorial and border protection from serious threats …”. The Full Court referred to Suresh in considering what constituted a “serious threat” to security. Such a phrase must be interpreted “flexibly”, Flick and Perram JJ said in their joint judgment, but:
“… ultimately any assessment on the part of ASIO that the facts constitute a ‘serious threat’ must be an assessment ‘grounded on reasonable suspicion based on evidence and in the sense that the threatened harm must be substantial rather than negligible’: cf Suresh at [90].[93] When addressing the question as to whether a statutory provision requiring the Minister to consider ‘danger to the security of Canada’ was constitutionally ‘vague’, the Court there observed:
[89] While the phrase “danger to the security of Canada” must be interpreted flexibly, and while courts need not insist on direct proof that the danger targets Canada specifically, the fact remains that to refoule a refugee under s. 53(1)(b) to torture requires evidence of a serious threat to national security. To suggest that something less than serious threats founded on evidence would suffice to deport a refugee to torture would be to condone unconstitutional application of the Immigration Act. Insofar as possible, statutes must be interpreted to conform to the Constitution. This supports the conclusion that while “danger to the security of Canada” must be given a fair, large and liberal interpretation, it nevertheless demands proof of a potentially serious threat.
[90] These considerations lead us to conclude that a person constitutes a “danger to the security of Canada” if he or she poses a serious threat to the security of Canada, whether direct or indirect, and bearing in mind the fact that the security of one country is often dependent on the security of other nations. The threat must be “serious,” in the sense that it must be grounded on objectively reasonable suspicion based on evidence and in the sense that the threatened harm must be substantial rather than negligible.
French CJ in Plaintiff M47/2012 v Director-General of Security [2012] HCA 46 at [68], [2012] HCA 46; (2012) 292 ALR 243 at 266 cited with approval these observations in Suresh, supra, as to what was meant by the term ‘serious’. See also: Zaoui v Attorney-General [2004] 2 NZLR 339 at 372 to 373 per Williams J.”[94]
[93] [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596 at [72]; 526; 613; 615
[94] [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596 at [72]; 526-527; 613; 615-616
When Flick and Perram JJ came to apply the principles to the case before them, they did not use terms such as “objectively reasonable suspicion”. Instead, they framed the question in terms of whether Mr Jaffarie “was directly or indirectly a risk to Australia’s security”. That was the issue that was relevant in the case before them for the Minister had, as in this case, relied on an ASA to cancel Mr Jaffarie’s visa under the Migration Act with the consequence that he was detained for the purpose of his removal from Australia. Flick and Perram JJ explained the task involved in answering the question:
“ When construing the ‘Unclassified Reasons’ as to why ASIO concluded that Mr Jaffarie ‘was directly or indirectly a risk to Australia’s security’, it is necessary to determine whether such reasons as were exposed demonstrated that the assessment made by ASIO was founded upon something which ‘objectively’ demonstrated that the risk was ‘serious’ or – perhaps expressed differently – ‘substantial rather than negligible’. The particular ‘evidence’ upon which ASIO founded its assessment, it may readily be accepted, may legitimately attract a claim for public interest immunity privilege. But that which was exposed in the ‘Unclassified Reasons’ is to be scrutinised with some degree of care.”[95]
[95] [2014] FCAFC 102; (2014) 226 FCR 505; 313 ALR 593; 143 ALD 596 at [73]; 527; 613; 616
MYVC v Director-General of Security[96] (MYVC) was an appeal from a decision made by the Tribunal affirming ASIO’s decision to furnish the Department of Foreign Affairs and Trade (DFAT) with an ASA requesting the cancellation of MYVC’s passport and a decision by the MFA to cancel that passport and to refuse to issue a new one to him under s 14(1) of the Passports Act. As requested, the MFA cancelled MYVC’s passport under s 22(2)(d) of the Passports Act. The two decisions were underpinned by ASIO’s assessment that MYVC had been engaged in people smuggling whilst travelling overseas on his Australian passport and that this posed a serious threat to Australia’s border integrity.
[96] [2014] FCA 1447; (2014) 234 FCR 134; 323 ALR 400; 65 AAR 369; 148 ALD 489
It was a case in which concepts of “reasonable suspicion” were relevant. The MFA could only make her decisions under the Passports Act after a competent authority (said to be ASIO but no reference is made as to how that comes about) had made a request to her that she make an order under the relevant enactment in relation to an Australian passport or foreign travel documents. The competent authority could only make that request if he or she “reasonably suspected on reasonable grounds” that, if an Australian travel document were issued to a person, the holder of those documents would be likely to engage in one or other of the types of conduct listed in s 14(1) of the Passports Act. As Rares J explained the background:
“ ASIO had power under s 14(1) of the Passports Act to make a refusal/cancellation request to the Minister if the conditions in that section were satisfied, namely that ASIO had to suspect on reasonable grounds that if the applicant’s passport were not cancelled, he would be likely to engage in conduct that might prejudice the security of Australia and the cancellation should be made in order to prevent his engaging in that conduct. The exercise of a power under the Passports Act was prescribed administrative action for the purposes of s 35 of the ASIO Act. An adverse security assessment was a security assessment that contained, relevantly, ASIO’s opinion or advice that was or could be prejudicial to the applicant and that recommended that prescribed administrative action be taken against him.”[97]
[97] [2014] FCA 1447; (2014) 234 FCR 134; 323 ALR 400; 65 AAR 369; 148 ALD 489 at [48]; 147; 412; 383; 500‑501
Rares J referred to the High Court’s approval in George v Rockett[98] of a passage from the judgment of Kitto J in Queensland Bacon Pty Ltd v Rees.[99] His Honour continued:
“ Importantly, their Honours approved what Kitto J had said, that a suspicion that something exists is more than mere idle wondering about its existence. Rather, it is a positive feeling of actual apprehension or mistrust amounting to a slight opinion, but without sufficient evidence. Whatever the source of the suspicion is, it has to be sufficient to create in the mind of a reasonable person an actual apprehension or fear that the matter being considered actually exists. Where a statute requires a decision maker to determine whether there is a real chance or possibility that something might happen in the future, the decision maker must estimate the likelihood that one or more events would give rise to the occurrence of that thing. In many, if not most, cases, determining what is likely to occur in the future will require findings as to what has occurred in the past because, as Brennan CJ, Dawson, Toohey, Gaudron, McHugh and Gummow JJ said in Minister for Immigration and Ethnic Affairs v Guo (1997) 191 CLR 559 at 575:
... what has occurred in the past is likely to be the most reliable guide as to what will happen in the future.
It is therefore, ordinarily, an integral part of the process of making a determination concerning the chance of something occurring in the future that the decision-maker will arrive at conclusions concerning past events: see also Minister for Immigration and Ethnic Affairs v Wu Shan Liang (1996) 185 CLR 259 at 282-283 per Brennan CJ, Toohey, McHugh and Gummow JJ.”[100]
[98] [1990] HCA 26; (1990) 170 CLR 104
[99] (1966) 115 CLR 266
[100] [2014] FCA 1447; (2014) 234 FCR 134; 323 ALR 400; 65 AAR 369; 148 ALD 489 at [52]-[53]; 148; 384; 501‑502
Given the nature of the particular prescribed administrative action that was the subject of the ASA, the issues that ASIO had to address and the Tribunal had to review, concepts such as “serious threat”, “reasonable suspicion”, “suspicion on reasonable grounds” and the like were all relevant concepts.
What the authorities reveal to us is that the matters that must be considered in the review of an ASA are very much shaped by the parameters of the prescribed administrative action. That means that, in some instances, we are required to form a recommendation, opinion or advice on whether there is a reasonable suspicion that a certain state of affairs or outcome is likely but, in others, reasonable suspicion is not the issue. The issue is determined by a reading of the definition of “security assessment or assessment” in s 35(1) of the ASIO Act and of the formulation of the particular prescribed administrative action to which the assessment is directed.
There is nothing in the ASIO Act or in the AGPSPF or the guidelines that have been developed under it that requires us to ask and answer a question founded on whether we suspect certain matters or things on reasonable grounds. The prescribed administrative action that is relevant in this matter is whether AGSVA should grant MCLT an NV1 security clearance. Having regard to the definition of “security assessment” or “assessment” in s 35(1) of the ASIO Act and to the particular administrative action in issue, the question that we must ask ourselves may be formulated in either of two ways. One is whether it would be consistent with the requirements of security for an NV1 security clearance to be issued to MCLT. We must express a recommendation, opinion or advice on that question. The other way is to ask whether it would be consistent with the requirements of security make it necessary or desirable for MCLT to be granted an NV1 security clearance.[101]
[101] See [59] above
We cannot answer either formulation of the question on the basis of whether or not we “reasonably suspect” that it would be consistent with the requirements of security or that the requirements of security make it necessary or desirable to grant or not grant MCLT an NV1 security clearance. We cannot answer the question on the basis of whether or not we consider that there are “reasonable grounds for issuing the ASA”. Indeed, we are not asked to answer questions of that type at all. What we are asked to do is to give an “opinion” (i.e. “… a belief or judgment which seems likely to be true, but which is not based on proof …”[102]), “advice” (“… suggestions or opinions given to someone about what they should do in a particular situation …”[103]) or “recommendation” (“… to advise, eg a particular course of action …”[104]) on the question framed by reference to the power given to AGSVA.
[102] Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers (Chambers)
[103] Chambers
[104] Chambers
We must, instead, answer the question by reference to what a security assessment is and so in terms of whether MCLT will “directly or indirectly” be a “risk” to “security”. When used as a noun in relation to a person as it is in the context of the definition of a “security assessment” and not in the context of insurance, the word “risk” has been defined as:
“… someone … likely to cause loss, injury, damage, etc; …”[105]
That person may be assessed to be directly or indirectly a risk to security. The word “directly” means “… 1 in a direct manner. 2 by a direct path. 3 at once; immediately. 4 very soon. 5 exactly …”.[106] The word “indirectly” is the adverbial form of the adjective “indirect”. The latter word, and so the former, is defined as “… 1 said of a route, course, line, etc: not direct or straight. 2 not going straight to the point; not straightforward or honest; devious. 3 not directly aimed at or intended ¨ indirect consequences. …”[107]
[105] Chambers
[106] Chambers
[107] Chambers
That is not to say that principles enunciated in cases such as George v Rockett do not guide us in the formulation of our recommendation, opinion or advice. We must refer to a basis on which we make our recommendation, have come to our opinion or give our advice.
PROTECTION OF IDENTITY OF WITNESS
Section 39A(11) of the AAT Act provides:
“If the Director-General of Security so request, the Tribunal must do all things necessary to ensure that the identity of a person giving evidence on behalf of the Director-General of Security is not revealed.”
On behalf of the Director-General, Mr Connor requested that the witness giving evidence on behalf of the Director-General, who has been called Mr Deklan, not be identified and that he be permitted to give evidence by telephone as a step necessary to ensure that outcome. Mr Tracey opposed our permitting Mr Deklan to give evidence by telephone submitting that there is no evidence to support our finding that his appearing in person would enable him to be identified. There is no question that the word “must” imposes an obligation on the Tribunal but what is “necessary” is within its discretion. In exercising that discretion, the Tribunal must look to the purpose of s 39A(11). MCLT’s position, Mr Tracey submitted, is that Mr Deklan’s physical presence would make it much easier to assess the relevancy of his evidence and his credibility. Requiring him to be present would be consistent with the Tribunal’s obligation to act fairly.
When such a request is made under s 39A(11), it is clear from the terms of the section that the Tribunal has no discretion in so far as it is required to “do all things necessary to ensure that the identity of a person … not be revealed”. There is no room for the Tribunal to consider whether the applicant will feel unfairly prejudiced. Parliament has already determined that procedural fairness and the like is not a relevant consideration in this context. The only discretion that the Tribunal has is in relation to what it is that is “necessary to ensure that the identity” (emphasis added) of the witness is not revealed. Considerations of procedural fairness will ensure that the Tribunal does not do more than is necessary but it must do what is necessary to achieve that outcome.
When a request is made under s 39A(11), what is necessary to ensure that the identity of the person is not revealed will vary from case to case. In some cases, it is enough to permit the witness to use a pseudonym. We have permitted that in this case and the witness is known as Mr Deklan. In this case, however, Mr Connor has submitted that a pseudonym does not go far enough and asked that Mr Deklan be permitted to give evidence by telephone in the open hearing. It is true that he has not produced any evidence as to why Mr Deklan’s physical appearance may reveal his identity but we do not think that it is necessary to do so. A person’s physical attributes and appearance are relevant traits in identifying a person. It does not matter whether they would reveal, or would not reveal, Mr Deklan’s identity to those in the hearing room. They retain their essential characteristics as traits that identify Mr Deklan.
In some cases, the Director-General asks only that witnesses giving evidence on his behalf be given a pseudonym. In those circumstances, we would fulfil our obligation under s 39A(11) by simply permitting a pseudonym to be used. In a case such as this, the Director-General has gone further and we are of the view that, as he has made the request that Mr Deklan give evidence by telephone and as we consider that a person’s physical attributes and appearance are relevant traits in identifying a person, we must accede to his request.
MR DEKLAN’S EVIDENCE
On behalf of MCLT, Mr Tracey submitted that the procedure that the Tribunal is required to follow puts an applicant at forensic disadvantage. The Attorney-General had refused MCLT’s request to permit counsel to be present in any closed hearing when the Director‑General’s evidence would be heard. That meant that MCLT was not able to test or challenge any evidence given in Mr Deklan’s closed affidavit or given orally in any closed hearing. The evidence should, therefore, be given limited weight because it had not been tested and challenged and MCLT had not had the opportunity to adduce evidence to contradict or qualify it. Where Mr Deklan gives evidence of his opinion, conclusion, submission or hearsay, that evidence should be given little or no weight. In fact, Mr Deklan should be found to be an unreliable witness and his evidence generally given little or no weight because he rarely gave any direct evidence of material facts but acted rather as a commentator. Mr Deklan was neither the decision-maker who made the ASA or one of the interviewers at the Security Assessment Interview (SAI). Mr Tracey pointed to passages of Mr Deklan’s affidavit that he submitted were inconsistent or contradictory.
We are bound to follow the procedures set out in the AAT Act relating to matters heard in the Security Division. They are inconsistent with procedural fairness but they represent the statutory regime within which we are required to review an ASA. It is for that reason, that it is a practice followed by counsel for the Director-General and also by us, that we ask questions of the witnesses in closed session that the applicant would have us ask. It will be apparent from both this and the second parts of our reasons that we have referred directly to the evidence whether it is in the form of the transcript of MCLT’s answers given in the SAI or to forms and questionnaires that have been completed by MCLT. Regard has also been had to MCLT’s own evidence given orally and in two affidavits. We have not had regard to any person’s opinion or assessment of what recommendation, opinion or advice, we should formulate on the basis of the evidence be it Mr Deklan’s, MCLT’s or any other person’s. What we have done is to assess the evidence and we have set it out in the second part of our reasons. That part is available only to MCLT, the Director-General, AGSVA and the ASIO Minister and their legal advisers and the staff of ASIO. We have considered the evidence given in closed session but, having decided that it did not add to what had been given in open evidence in support of either MCLT’s case or that of the Director-General, we have made no further reference to it.
That is not to say that Mr Deklan’s evidence is not of value. It is. He has given evidence relating to matters that are within his expertise. Those matters relate to issues such as foreign intelligence service activities and the security frameworks that are in place to protect Australia from them. As an experienced ASIO officer, those matters are well within his area of expertise and we have given careful consideration to what he has said regarding them. His evidence is also valuable in another sense. It is valuable in bringing order to the documents by directing our attention and that of MCLT to the relevant passages in the open material whether it be redacted or unredacted.
EVIDENCE OF FAMILY AND GOOD CHARACTER
Both in giving evidence and in answering various questions put over the years, MCLT has quite regularly referred to family. MCLT clearly admires and respects family. We do not in any way diminish the achievements and qualities of MCLT’s family members. We do not in any way diminish MCLT’s pride in them but their achievements do not reflect on MCLT’s integrity or suitability to be the holder of an NV1 security clearance one way or another. The fact that a person comes from what might be regarded as a “good family” does not, of itself, carry weight as it might do in some cultural or social contexts. A security vetting process centres on an individual. That individual’s associations, including those with his or her family, will be a relevant consideration but only one. The same is true of the person’s character. A person may be well regarded in the community but a security vetting process may reveal other traits or raise questions and uncertainties when that person’s integrity is considered in relation to his or her suitability to be trusted to protect security classified resources.
In this case, we have given the parties comprehensive reasons in the second part of our reasons for decision. In essence, we have found that, over the years and as MCLT has applied for various positions or security clearances, MCLT has responded to various questions relating to past activities. MCLT’s answers have, we have found to contain omissions and inconsistencies when viewed as a whole. We are not satisfied that those omissions and inconsistencies are the acts of forgetfulness or carelessness or that they can be overlooked because MCLT now says that the truth is being put forward. The acts and omissions are inconsistent with the actions of a person who is not only mindful of, but has been expressly reminded of, the requirements to be open and honest in answering the questions. They are omissions and inconsistencies that are found throughout the table of evidence we set out in the second part of our reasons.
For the reasons we have given in the second part of our reasons, we have formed our opinion that MCLT is not a person who has the level of honesty, openness and maturity to demonstrate suitability to protect security classified resources to which access would be given to a person holding an NV1 security clearance. In other words, we are not of the opinion that it would be consistent with the requirements of security for MCLT to be granted an NV1 security clearance. We are also of the opinion that the requirements of security make if necessary or desirable for MCLT not to be granted an NV1 security clearance.
DECISION
For these reasons, we affirm the ASA issued by ASIO to MCLT on 15 March 2016.
| I certify that the preceding one hundred and twenty‑four (124) paragraphs are a true copy of the reasons for the decision herein of Deputy President S A Forgie, Senior Member Egon Fice, Senior Member A Nikolic AM CSC |
...............[sgd]...................................................
Personal Assistant
Dated: 25 May 2018
| Date of hearing Counsel for the applicant | 12, 13, 14 and 15 February 2018 Mr John (Jack) R M Tracey |
| Counsel for the respondent Solicitor for the respondent | Mr Paul X Connor QC with Ms Anna Mitchelmore Mr Steve Webber, Australian Government Solicitor |
2
22
0