Home | Databases | WorldLII | Search | Feedback Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests

You are here: 

Australian Border Force Amendment (Protected Information) Bill 2017 - Commentary on Ministerial Responses [2017] AUSStaCSBSD 294 (6 September 2017)

Chapter 2

Commentary on ministerial responses

2.1 This chapter considers the responses of ministers to matters previously raised by the committee.

Australian Border Force Amendment (Protected Information) Bill 2017

2.2 The committee dealt with this bill in Scrutiny Digest No. 9 of 2017. The Minister responded to the committee's comments in a letter dated 29 August 2017. Set out below are extracts from the committee's initial scrutiny of the bill and the Minister's response followed by the committee's comments on the response. A copy of the letter is available on the committee's website.^[1]

Broad scope of offence^[2]

Initial scrutiny – extract

2.3 Section 42 of the Australian Border Force Act 2015 (the Act) currently contains a provision that provides that a person commits an offence if they are, or have been, an entrusted person and they make a record of, or disclose information, and the information is protected information. The offence is subject to up to two years imprisonment. The bill proposes replacing the current definition of 'protected information' in the Act with a new definition of 'Immigration and Border Protection Information'. This new definition narrows the type of information which, if recorded or disclosed, would make a person liable to prosecution under section 42 of the Act.

2.4 The new definition provides that 'Immigration and Border Protection information' includes 'information the disclosure of which would or could reasonably be expected to prejudice the security, defence or international relations of Australia'.^[3] Proposed subsection 4(5) provides that the kind of information which is taken to so prejudice security, defence or international relations, includes 'information that has a security classification'.^[4] There is no definition in the bill of what a 'security classification' means. The explanatory memorandum states that this 'picks up the Australian Government's Protective Security Policy Framework' and the security classifications 'reflect the level of damage done to the national interest, organisations and individuals, of unauthorised disclosure, or compromise of the confidentiality, of information'.^[5] It goes on to give examples of the type of information that has a security classification:

• new policy proposals and associated costing information marked as Protected or Cabinet-in-Confidence;

• other Cabinet documents, including Cabinet decisions;

• budget related material, including budget related material from other government departments; and

• adverse security assessments and qualified adverse security assessments of individuals from other agencies.^[6]

2.5 Additionally, proposed section 50A provides that if an offence against section 42 relates to information that has a security classification, a prosecution must not be initiated 'unless the Secretary has certified that it is appropriate that the information had a security classification at the time of the conduct'.^[7] The explanatory memorandum states that the purpose of the provision is to ensure that a person cannot be prosecuted where 'it was not appropriate that the information had a security classification'.^[8]

2.6 The inclusion of proposed section 50A suggests there may be circumstances where information has a security classification which was not appropriately applied. In this regard, the government's Information security management guidelines (part of the Protective Security Policy Framework) states that '[i]f information is created outside the Australian Government the person working for the government actioning this information is to determine whether it needs a protective marking'.^[9] This indicates that any outside contractor or consultant working for the government can mark information with a security classification. A person who makes a record of, or discloses, such information would then be liable for prosecution, unless the Secretary does not certify that the information was appropriately classified. However, if the Secretary does certify that the information was appropriately classified, there does not appear to be any defence on the basis that the information was inappropriately classified. As such, it does not appear that an inappropriate security classification would be a matter that a court could consider in determining whether a person had committed an offence under section 42. It also does not appear that any merits review would be available in relation to the Secretary's decision to issue a certification that the information was appropriately classified.

2.7 The committee requests the Minister's advice as to why it is necessary and appropriate to include a broad definition that effectively makes it an offence to disclose or record any information that has a security classification, in circumstances where there is no defence available if the classification was inappropriately applied and where there is no definition of what constitutes a 'security classification'.

Minister's response

2.8 The Minister advised:

The concept of security classification is described in the Australian Government's Protective Security Policy Framework- Glossary of security terms. That document describes the Security classification system as a set of procedures for identifying official information whose compromise could have a business impact level of high or above for the Australian Government. It is the Government's mechanism for protecting the confidentiality of information generated by it or provided to it by other governments and private entities.
The concept of security classification is not easily reduced to a neat all-encompassing definition within an Act of Parliament. It is for this reason that the concept of 'security classification' is not defined in the Bill. The intention is to adhere to the Protective Security Policy Framework when implementing the amendments.
The test in section 50A to be inserted by the Bill is that the Secretary has certified that it is appropriate that the Immigration and Border Protection information had a security classification at the time of the disclosure of the Immigration and Border Protection information that is alleged to constitute the offence.
The Secretary is not required to certify that the information in question was appropriately classified.
Further, the Secretary certifies that it is appropriate that the Immigration and Border Protection information had a security classification before a decision is made to prosecute the entrusted person under section 42 of the Australian Border Force Act 2015 (the ABF Act). Due diligence also requires that the information in question was classified at the correct level before a decision is taken to prosecute the entrusted person.
For these reasons, it is not necessary, or appropriate, for a defence concerning the appropriateness of the security classification to be available.

Committee comment

2.9 The committee thanks the Minister for this response. The committee notes the Minister's advice that security classifications are the government's mechanism for protecting the confidentiality of information generated by it or provided to it by other governments and private entities. The committee also notes the Minister's advice that the concept of a security classification is not easily reduced to a definition in an Act of Parliament, and the intention is to adhere to the Protective Security Policy Framework when implementing the amendments. The committee also notes the Minister's advice that the Secretary has to certify that it is appropriate that the information had a security classification at the time of the disclosure, but is not required to certify that the information in question was appropriately classified, and as such it is not necessary or appropriate for a defence concerning the appropriateness of the security classification to be available.

2.10 The committee considers that the concept of a security classification is broad and could result in a person being found to commit an offence for disclosing a document that had been marked as classified, even in circumstances where disclosure of the information would not be likely to prejudice the security, defence or international relations of Australia. The committee therefore considers it might be more appropriate if proposed subsection 4(5) provided that the fact that information has a security classification is an example of information that could prejudice the security, defence or international relations of Australia, rather than all information with a security classification being included in the definition of 'Immigration and Border Protection information'. This would leave to the discretion of the court whether the information could reasonably be expected to prejudice the security, defence or international relations of Australia, and help ensure information that had a security classification placed on it in circumstances where the disclosure of that information would cause no harm would not be captured.

2.11 The committee draws its scrutiny concerns to the attention of Senators and leaves to the Senate as a whole the appropriateness of making it an offence to disclose or record any information that has a security classification, in circumstances where there is no discretion available to the court to consider whether the information could be expected to prejudice the security, defence or international relations of Australia and where there is no definition of what constitutes a 'security classification'.

Significant matters in delegated legislation^[10]

Initial scrutiny – extract

2.12 The proposed definition of 'Immigration and Border Protection information' also includes 'information of a kind prescribed in an instrument under subsection (7)'. Proposed subsection 4(7) provides that the Secretary may make a legislative instrument prescribing information if satisfied that disclosure of the information would or could reasonably be expected to 'prejudice the effective working of the Department' or 'otherwise harm the public interest'.

2.13 The committee's view is that significant matters, such as broad powers to state that particular information which, if recorded or disclosed, would lead to the commission of an offence, should be included in primary legislation unless a sound justification for the use of delegated legislation is provided. In this instance the explanatory memorandum states:

New kinds of information, not already covered by the above definition of Immigration and Border Protection information, that require protection could be identified and need to be disclosed by the Department. Such information may require protection more quickly than an amendment to the ABF Act would permit. The new power in subsection 4(7) is necessary to enable the Secretary to act swiftly to protect information that is not covered by one of the other limbs of the definition from disclosure.^[11]

2.14 The committee notes that the explanatory memorandum does not provide any examples of the types or categories of information that may need to be captured by this provision. Rather, it gives a broad power to enable the Secretary to prescribe information in delegated legislation. An entrusted person who makes a record of or discloses such information would then be liable for an offence under section 42 of the Act. The committee considers that matters that go to whether a person has committed an offence are more appropriately matters for parliamentary enactment. The committee notes that a legislative instrument, made by the executive, is not subject to the full range of parliamentary scrutiny inherent in bringing proposed changes in the form of an amending bill. While the committee appreciates that making amendments to primary legislation can take longer than making a legislative instrument (which can take effect on the day that the instrument is registered),^[12] the committee notes that in urgent situations Parliament has passed legislation in as little as two sitting days.

2.15 If such matters are to remain in delegated legislation, the committee considers parliamentary scrutiny over such significant matters could be increased by requiring the positive approval of each House of the Parliament before the instrument could come into effect.^[13]

2.16 The committee's view is that significant matters, such as what constitutes the type of information which, if recorded or disclosed, would result in the commission of an offence (subject to up to two years imprisonment), should be included in primary legislation unless a sound justification for the use of delegated legislation is provided. In this regard, the committee requests the Minister's advice as to:

• what categories of information it is envisaged may need to be prescribed under this provision; and

• if the matters are to be retained in a legislative instrument, the appropriateness of requiring the positive approval of each House of the Parliament before an instrument comes into effect.

Minister's response

2.17 The Minister advised:

Examples of the kinds of information that may come within paragraph (f) of the proposed definition of Immigration and Border Protection information in subsection 4(1) of the ABF Act are:

• internal tools for making visa decisions (such as those concerning risk profiling) which, if disclosed, could increase a person's prospects of being granted a visa which they may not otherwise be eligible to be granted;

• internal procedures for assessing applications for Australian Trusted Trader status under Part XA of the Customs Act 1901 which, if disclosed, could lead to an entity receiving Australian Trusted Trader status that would not otherwise be given that status.

I note the Committee's view that, if this matter is to remain in a legislative instrument, Parliamentary scrutiny over it could be increased by requiring positive approval of each House of the Parliament before the instrument comes into effect. This would defeat the purpose of the provision, which is to allow the Secretary to act swiftly to protect information that is not covered by one of the other limbs of the definition of Immigration and Border Protection information from disclosure.
In addition, the legislative instrument referred to in subsection 4(7) would be subject to public scrutiny and would be disallowable under the Legislation Act 2003.

Committee comment

2.18 The committee thanks the Minister for this response. The committee notes the Minister's advice that the kinds of information that may be prescribed as part of the definition of 'Immigration and Border Protection information' include internal tools for making visa decisions which, if disclosed, could increase a person's prospects of being granted a visa or internal procedures for assessing applications for Australian Trusted Trader status which, if disclosed, could leader to an entity receiving such status. The committee also notes the Minister's view that requiring the positive approval of each House of the Parliament before the instrument comes into effect would defeat the purpose of the provision, which is to allow the Secretary to act swiftly.

2.19 The committee reiterates its view that significant matters, such as broad powers to state that particular information which, if recorded or disclosed, would lead to the commission of an offence, should be included in primary legislation unless a sound justification for the use of delegated legislation is provided. The committee considers that matters that go to whether a person has committed an offence are more appropriately matters for parliamentary enactment. The committee notes that a legislative instrument, made by the executive, is not subject to the full range of parliamentary scrutiny inherent in bringing proposed changes in the form of an amending bill. While the committee appreciates that making amendments to primary legislation can take longer than making a legislative instrument (which can take effect on the day that the instrument is registered),^[14] the committee notes that in urgent situations Parliament has passed legislation in as little as two sitting days. The committee also notes if there are matters that are already envisaged as being needed to be included in the definition of 'Immigration and Border Protection information', such as internal tools or procedures for decision-making, these could now be included in the bill, and therefore subject to the full range of parliamentary scrutiny.

2.20 The committee draws its scrutiny concerns to the attention of Senators and leaves to the Senate as a whole the appropriateness of enabling a legislative instrument to specify information which, if recorded or disclosed, would result in the commission of an offence (subject to up to two years imprisonment).

2.21 The committee also draws this matter to the attention of the Senate Standing Committee on Regulations and Ordinances for information.

[1] See correspondence relating to Scrutiny Digest No. 10 of 2017 available at: www.aph.gov.au/senate_scrutiny_digest.

[2] Item 5, proposed subsection 4(5) and item 21. The committee draws Senators' attention to these provisions pursuant to principle 1(a)(i) of the committee's terms of reference.

[3] See item 1, definition of 'Immigration and Border Protection information', paragraph (a).

[4] See item 5, proposed paragraph 4(5)(a).

[5] Explanatory memorandum, p. 15.

[6] Explanatory memorandum, p. 15.

[7] See item 21, proposed section 50A.

[8] Explanatory memorandum, p. 18.

[9] Australian Government, Information security management guidelines: Australian Government security classification system, version 2.2, approved November 2014, amended April 2015, p. 4, paragraph [29]. Available at: https://www.protectivesecurity.gov.au/informationsecurity/Documents/INFOSECGuidelinesAustralianGovernmentSecurityClassificationSystem.pdf.

[10] Item 1, definition of 'Immigration and Border Protection information', paragraph (f) and item 5, proposed subsection 4(7). The committee draws Senators' attention to this provision pursuant to principle 1(a)(iv) of the committee's terms of reference.

[11] Explanatory memorandum, p. 16.

[12] See subsection 12(1) of the Legislation Act 2003.

[13] See, for example, section 10B of the Health Insurance Act 1973.

[14] See subsection 12(1) of the Legislation Act 2003.