While Australian intelligence agencies seek to protect Australians and uphold national security, their broad powers require oversight.
The Inspector-General of Intelligence and Security (IGIS) reviews the activities of six Australian intelligence agencies, to ensure that they act legally and respect human rights.
You can make a complaint to IGIS:
- If you think you have been unfairly affected by the actions of an intelligence agency.
- If you consider that an Australian intelligence agency has acted unlawfully or improperly or not consistent with human rights either to you, or to someone else.
- If you are concerned about the process of a security assessment check conducted by ASIO as part of an Australian visa or citizenship application or a security clearance application.
The IGIS 2021-22 Annual Report provides details of inspection, compliance and inquiry activities during the year.
Which Australian intelligence agencies are under IGIS jurisdiction?
The Inspector-General has jurisdiction over the following agencies:
- Office of National Intelligence (ONI) – ONI produces assessments on international political, strategic and economic developments for the government.
- Australian Security Intelligence Organisation (ASIO) – ASIO is responsible for the protection of Australia from security threats.
- Australian Secret Intelligence Service (ASIS) – ASIS is Australia’s overseas secret human intelligence collection agency.
- Australian Signals Directorate (ASD) – ASD is responsible for the collection, analysis and distribution of foreign signals intelligence.
- Australian Geospatial-Intelligence Organisation (AGO) – AGO is Australia’s national geospatial and imagery intelligence agency.
- Defence Intelligence Organisation (DIO) – DIO is an intelligence assessment agency that supports Defence and Government decision-making.
2021-22 review of the intelligence agencies
IGIS provides a snapshot of key statistics relating to the review of the intelligence agencies, including the number of inspections completed, compliance incidents reported, and inquiries completed. This information is outlined in the table below.
Inspections completed | Compliance incidents reported | Inquiries completed | |
Office of National Intelligence (ONI) | 1 | 1 | 0 |
Australian Security Intelligence Organisation (ASIO) | 21 | 30 | 0 |
Australian Secret Intelligence Service (ASIS) | 14 | 6 | 0 |
Australian Signals Directorate (ASD) | 11 | 12 | 1 |
Australian Geospatial-Intelligence Organisation (AGO) | 13 | 1 | 0 |
Defence Intelligence Organisation (DIO) | 3 | 0 | 0 |
Only one inquiry (which had been commenced in the previous reporting period) was completed in 2021-22, relating to the ASD.
Office of National Intelligence (ONI)
Inspections
The ONI only completed one inspection in 2021-22. This is fewer than planned and is attributed to the COVID-19 lockdown in the ACT in second half of 2021.
ONI reported one compliance incident to IGIS. This incident related to an administrative aspect of ONI’s assumed identities arrangements, as governed by the Crimes Act 1914, and which constituted non-compliance with s 15LG(2).
Australian Security Intelligence Organisation (ASIO)
Inspections
IGIS undertook 21 inspections of ASIO activities in 2021–22. Of those 21 inspections, IGIS did not identify any matters of legality or propriety in most inspections which spanned:
- Access to Australian Taxation Office information.
- COVID-19 app data.
- Visa and citizenship complaints.
- Internal security.
- Adverse and qualified security assessments.
- Access to and use of AUSTRAC information.
- Investigative cases.
- Compliance remediation.
- Computer access under s 25A of the ASIO Act.
IGIS identified matters of legality or propriety in two inspections involving:
- Ministerial submissions – IGIS inspected ministerial submissions made to the Attorney-General in support of requests for Ministerial Authorisations. In a small number of cases, IGIS raised questions about the completeness and clarity of the information provided to the Attorney-General.
- Technical collection and retention – IGIS identified five instances where data reported to have been deleted had not been deleted fully from all systems for various reasons.
Compliance incidents
In 2021–22, ASIO reported 30 compliance incidents to IGIS. This included notification of two incidents that were ultimately confirmed to be compliant. Additionally, ASIO provided notification of seven incidents that resulted from events outside ASIO control but that ASIO considered appropriate to report to IGIS. This included incidents arising from the actions of another Australian intelligence agency. There were some common themes among the incidents reported to IGIS during the reporting period, including:
- Potential non-compliance with s 175 of the Telecommunications (Interception and Access) Act 1979 or s 3.7 of the Minister’s Guidelines – telecommunications data – certain ASIO personnel may authorise the collection of historical telecommunications data from telecommunications carriers or carriage service providers in connection with the performance of ASIO’s functions. ASIO potentially did not take all reasonable steps to ensure that personal information used or disclosed by ASIO was relevant, accurate and not misleading.
- Potential non-compliance with Part IAC of the Crimes Act 1914 – assumed identities. Incidents included: assumed identity evidence being obtained without appropriate authorisation, use of the evidence supporting an assumed identity after the assumed identity had been cancelled, approval of the variation of an assumed identity and an assumed identity review where the approver was not authorised to do so, and failure to review an assumed identity within the timeframes stipulated in the Crimes Act 1914.
- Non-compliance with s 2.5 of the Minister’s Guidelines – annual review of investigations – ASIO is required to review each of its ongoing investigations on an annual basis. ASIO reported a small number of investigations that were not ceased, and were not reviewed within the 12-month timeframe.
Australian Secret Intelligence Service (ASIS)
Inspections
IGIS completed 14 inspections of ASIS activities in 2021–22. Of the 14 inspections, IGIS did not identify any matters of legality or propriety in 11 inspections which involved:
- Operational files from two locations.
- Operational files for a particular priority thematic issue.
- Use of bulk data holdings.
- Access to and use of AUSTRAC information.
- Internal security investigations, particularly where there may be an impact on an individual’s clearance.
- Ministerial submissions.
- Use of weapons and weapons training.
Issues were found in inspections concerning:
- Liaison with foreign services: ASIS liaises with intelligence or security services of other countries and conducts human rights assessments (HRAs) of these foreign services. IGIS identified non-compliance with ASIS’s internal policy concerning the management of HRAs, specifically regarding assessments and annual reviews that were not completed or not reviewed within the specified timeframe.
- Operational file reviews at particular locations: For example, IGIS identified four instances of non-application of the ASIS Privacy Rules and a significant number of missing records.
Compliance incidents
In 2021–22 ASIS reported six compliance incidents to IGIS. The incidents included:
- Non-application of the ASIS Privacy Rules – ASIS did not apply their Privacy Rules before communicating information concerning Australian persons.
- Non-recording of the application of the ASIS Privacy Rules – ASIS did not record its application of the ASIS Privacy Rules, in contravention of ASIS internal policy.
- Non-compliance with s 10A(2) of the Intelligence Services Act 2001: ASIS did not provide a report to the Minister within three months from when the Ministerial Authorisations ceased to have effect.
- Non-compliance with s 15KP of the Crimes Act 1914: ASIS inadvertently used an assumed identity for a purpose that was consistent with its functions, but other than the authorised purpose.
Australian Signals Directorate (ASD)
Inquiries
On 7 May 2021 IGIS commenced an inquiry into a complaint where the complainant alleged that a security breach for which senior ASD staff had been responsible led to the suspension of the complainant’s security clearance with consequences for their future employment. The inquiry found that, based on the evidence obtained and reviewed, the allegations made by the complainant were not made out.
Inspections
IGIS completed 11 inspections of ASD activities in 2021–22. Of the 11 inspections, IGIS did not identify any matters of legality or propriety in 10 inspections covering the following topics:
- Ministerial Authorisations (including specific reviews of authorisations to undertake certain activities).
- Application of the ASD Privacy Rules made under the Intelligence Services Act 2001.
- Interception under Part 21 of the Telecommunications (Interception and Access) Act 1979.
- Interception under Part 22 of the Telecommunications (Interception and Access) Act 1979.
In one inspection of joint ASD and AGO activities, IGIS identified concerns relating to the content and completeness of Ministerial Authorisations (MAs) and covering submissions sought jointly by AGO and ASD to conduct activities in support of a military operation. While IGIS identified no matters of legality or propriety in respect of the operational activities, there were several issues which arose in relation to the sufficiency of the submissions to the Minister for Defence in support of the requests for the MAs.
Compliance incidents
ASD reported 12 compliance incidents to IGIS in 2021–22, of which:
- Three incidents remain under review by IGIS.
- Four incidents were confirmed by IGIS as legislative non-compliance.
- Three incidents were found to be non-compliant with ASD’s policies and procedures.
- Two incidents were ultimately determined to be compliant.
Australian Geospatial-Intelligence Organisation (AGO)
Inspections
IGIS completed 13 inspections of AGO activities in 2021–22. IGIS did not identify any matters of legality or propriety in 12 inspections spanning:
- Ministerial authorisations to undertake certain activities.
- Ministerial submissions.
- Application of the AGO Privacy Rules made under the Intelligence Services Act 2001.
- Director’s Approvals and Post Activity Reporting.
- AGO’s support to Defence advice to the Foreign Investment Review Board.
- Provision of geospatial products to partners.
One inspection of joint ASD and AGO activities which raised some concerns is outlined above.
Compliance incidents
AGO notified IGIS of an incident of non-compliance with ss 65(2) and 137(3) of the Telecommunications (Interception and Access) Act 1979. The incident related to AGO’s use and communication of foreign intelligence information without required approvals from the Attorney-General.
Defence Intelligence Organisation (DIO)
Inspections
IGIS undertook four inspections of DIO’s activities in 2021–22. IGIS did not identify any matters of legality or propriety in inspections spanning:
- Compliance with the DIO Privacy Rules.
- Ministerial submissions.
In one instance, IGIS inspected a program of specified activities, which is established and governed by a Five-Eyes Memorandum of Understanding. IGIS identified some propriety and procedural concerns arising from the early stage of maturity of the capability. In addition, some record-keeping issues were identified.
As at 30 June 2022, IGIS had commenced one inspection of DIO’s processes and practices relating to maintaining its analytic integrity which has not been finalised.
Compliance incidents
No compliance incidents were reported during 2021-22.
Key takeaways
The Inspector-General of Intelligence and Security (IGIS) holds Australian intelligence agencies accountable by conducting inspections, investigating compliance incidents, and carrying out inquiries. As outlined in its 2021-22 Annual Report, most IGIS inspections did not identify any matters of legality or propriety, although there were some incidents of concern. Only one inquiry was conducted related to a complaint against the Australian Signals Directorate, where the allegations made by the complainant were not made out.