Go to top of page


Objective 1 - Assisting Ministers

Before commencing an inquiry into an intelligence agency the Inspector-General is required under the IGIS Act to notify the Minister responsible for that agency. A draft copy of an inquiry report must be provided to the responsible Minister for comment, and a copy of the final report must be provided. IGIS met these requirements for all inquiries conducted during 2018-19. The IGIS Act also provides that IGIS may report to Ministers if the actions taken by an agency in response to recommendations set out in an inquiry report are not adequate, appropriate and sufficiently timely. There was no occasion for any such report in 2018-19. Under section 25A of the IGIS Act, the IGIS may report to the responsible Minister on a completed inspection of an intelligence agency. During 2018-19 no such reports were made.

The office responded promptly to all requests from Ministers during 2018-19 for information or briefings about the independent oversight activities of the office. Each Minister responsible for an intelligence agency was proactively provided an information brief upon assuming or reassuming office following the 2019 Federal Election.

During 2018-19 no requests were made by Ministers or the Prime Minister for the IGIS to conduct an inquiry under the IGIS Act.

Objective 2 - Assuring Parliament


The Inspector-General appeared before the Senate Standing Committee on Legal and Constitutional Affairs on 23 October 2018 for Supplementary Budget Estimates, and on 19 February 2019 during the 2018-19 Additional Estimates hearing. The Inspector-General was prepared to attend Budget Estimates on 9 April 2019 but was not called by the Committee to appear.


The Inspector-General participated in six inquiries conducted by the Parliamentary Joint Committee on Intelligence and Security (the PJCIS) during the reporting period:

  • Review of the Office of National Intelligence Bill 2018 and Office of National Intelligence (Consequential and Transitional Provisions) Bill 2018;
  • Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018;
  • Review of the Intelligence Services Amendment Bill 2018;
  • Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018;
  • Review of the Counter-Terrorism (Temporary Exclusion Orders) Bill 2019; and
  • Review of Administration and Expenditure No. 17 (2017-2018).

The Inspector-General’s contributions to the PJCIS’s legislation inquiries provided information about the oversight implications of proposed changes to agencies’ governing legislation, and in some instances, about the efficiency and effectiveness of the performance of oversight functions.

During the PJCIS inquiries into the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill (the Bill) in 2018 and the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the Act) in 2019, the Inspector-General provided six separate submissions and appeared before the Committee on three separate occasions. The Inspector-General gave evidence about a range of technical concerns including identifying areas of ambiguity in the legislation and suggestions to improve clarity.

The PJCIS’s report on the Bill was tabled on 6 December 2018, and included recommendations to strengthen oversight of the new powers. Amendments responding to the PJCIS’s recommendations were introduced on 7 December 2018, and the amended Bill was passed on the same day. Following this, the Committee commenced a separate review of the Act. The PJCIS presented its second report on 2 April 2019, and made a number of recommendations including those relating to the need for adequate resourcing of oversight bodies. During the reporting period, the Committee commenced a third review of the Act, and the Inspector-General will report on engagement with that review in the next annual report.

The Inspector-General also provided evidence to the PJCIS review of agencies’ administration and expenditure for the 2017-18 financial year. IGIS regularly participates in this review, providing a public submission and classified oral evidence when requested by the Committee. In the period under review by the Committee, the Inspector-General provided an overview of oversight responsibilities and functions exercised.

Broadly, the three other inquiries involved proposals to amend legislation relating to, amongst other things, ASIO, ASIS and ONI functions or powers. The Inspector-General provided comments on the oversight implications of these proposals.


The Inspector-General participated in two inquiries conducted by the Senate Legal and Constitutional Affairs Committee during the reporting period:

  • Review of Defence Amendment (Call Out of the Australian Defence Force) Bill 2018 (the Defence Bill); and
  • National Integrity Commission Bill 2018 (No. 1), and National Integrity Commission Bill 2018 (No. 2).

The Inspector-General provided submissions to both inquiries.

In respect of the Defence Bill, the Inspector-General provided evidence to the Committee noting, among other things, that the proposed amendments would not amend the scope of her oversight. The Committee’s report was presented in September 2018, recommending that the Bill be passed with amendments clarifying the purpose of making a call out of the Australian Defence Force. The Bill was passed on 27 November 2018.

The National Integrity Commission Bills were a package of private Member and private Senator Bills which, broadly, sought to establish a federal independent public sector anti-corruption commission. The Inspector-General provided evidence relating to, among other things, the potential for overlap between the functions of the proposed commission and the existing jurisdiction of the Office of the Inspector-General of Intelligence and Security. The Committee’s report was presented in April 2019 and did not recommend the Bills’ passage.


During the reporting period the Senate Finance and Public Administration Committee conducted a review of the Intelligence Services Amendment (Enhanced Parliamentary Oversight of Intelligence Agencies) Bill 2018.

The Bill was a private Senator’s Bill, and proposed amendments to extend parliamentary scrutiny over the activities of Australia’s national security and intelligence agencies. The Inspector-General made a submission to the review and appeared before the Committee at a public hearing on 26 October 2018. The Inspector-General gave evidence, amongst other things, relating to the Bill’s proposed imposition of additional mandatory functions on the Office of the Inspector-General of Intelligence and Security. The Committee’s report was presented on 12 November 2018 and did not recommend the passage of the Bill.


The Inspector-General is participating in the Comprehensive Review of the Legal Framework Governing the National Intelligence Community being conducted by Mr Dennis Richardson AC. The office provided submissions in response to the issues papers prepared by the Review and participated in workshops conducted by the Review throughout the year on a range of topics. The Inspector-General continues to work collaboratively with the Review.

Objective 3 - Informing the Public


The IGIS Act provides that it is a purpose of the office to assist the Government in assuring the Parliament and the public that intelligence and security matters relating to Commonwealth agencies are open to scrutiny, in particular the activities and procedures of intelligence agencies.

IGIS conducts a regular program of presentations to the broader community. This includes groups who have a demonstrated interest in national security and intelligence matters, such as those who study and research in the area or who frequently engage with parliamentary committees in relation to national security oversight and law reform. It also includes groups whose interest is less specialised and extends to the whole range of current affairs as well as more eclectic groups who have a great range of intellectual interests. The program is designed to create greater public awareness and understanding of the role and activities of this office. During 2018-19, these activities were conducted in line with a draft strategic engagement plan. The plan was developed to test whether the target audience for public engagement activities achieves an appropriate balance between being sufficiently representative of the general Australian community while aligning the office’s outreach efforts to those groups mostly likely to derive a material benefit from such engagement.


In addition to publishing material on the IGIS website and in this annual report, during 2018-19 the office delivered over 15 presentations to groups outside the intelligence community. The Inspector-General delivered presentations to academic audiences at several universities around Australia, including the 21st Geoffrey Sawer Lecture at the Australian National University Centre for International and Public Law. In April 2019 the Inspector-General addressed a public consultation workshop conducted for the Comprehensive Review of the Legal Framework Governing the National Intelligence Community. These engagements were supplemented by lectures and presentations delivered by SES staff from the office to various audiences outside the intelligence community, comprising both government and non-government attendees.


In June 2019 the Inspector-General convened a pilot meeting with three civil society groups with a view to establishing a regular consultative forum. The three groups chosen for the pilot (the Joint Councils for Civil Liberties, the Human Rights Law Centre and the Law Council of Australia) were selected because they regularly make submissions to the PJCIS on a wide range of matters relating to Australian intelligence and security agencies. The initiative was prompted in part by advice from intelligence oversight bodies from New Zealand, the United Kingdom and the United States of America on the value they derived from such meetings.

It is envisaged that the meetings will give civil society groups access to relevant and credible unclassified information about the work of the IGIS and Australia’s intelligence and security agencies; give the IGIS an opportunity to understand the views of those who work with people directly affected by the work of intelligence and security agencies; provide a forum for discussion of differing perspectives about issues relevant to the work of IGIS; and potentially allow for the discussion of legal and technical issues with civil society groups who possess expertise in such fields.

The next meeting of the Civil Society Reference Group is scheduled for late 2019.

Objective 4 - Inquiries, Inspections and Investigation of Complaints

Figure 2.1 Performance indicators - conducting inquiries














IGIS own motion

IGIS own motion

IGIS own motion

Minister of Defence request

IGIS own motion

Date initiated

2 February 2017

14 November 2016

12 July 2018

30 May 2018

14 February 2018

Date finalised

14 July 2017

8 September 2017

20 December 2018

2 May 2019

14 June 2019

Duration (days)

163 days

299 days

161 days

337 days

485 days

Number of recommendations






Percentage of recommendations accepted






Implementation of recommendations as at 30 June 2019

100% fully implemented

100% fully implemented

100% fully implemented

0% completed but in progress

0% completed but in progress


As reported in the 2017-18 annual report, in July 2017 this office completed an inquiry into an Australian Signals Directorate (ASD) matter pursuant to section 8(2) of the IGIS Act. The Inquiry Report included five classified recommendations designed to ensure that the situation would not arise in the future and to streamline ASD’s communications with Ministers and with the IGIS. ASD accepted all five recommendations, and provided reports to the IGIS regarding implementation progress in December 2017 and June 2018, by which point it had fully implemented three of the recommendations. In August 2018 ASD confirmed that it had finalised the remaining two. This office reviewed ASD’s advice and considers that ASD has sufficiently implemented all Inquiry recommendations.


In September 2017, the IGIS completed a third inquiry into the analytic independence and integrity of the Defence Intelligence Organisation (DIO). This was a routine Inquiry, not prompted by any particular concern. The Inquiry did not find any evidence of interference with the independence of DIO assessments; generally the analytical integrity of the DIO process for producing reports is sound, although some areas for continuing improvement were highlighted. The Inquiry made two recommendations relating to analytic tradecraft policy and record keeping and several suggestions for improvement, which DIO accepted. A detailed unclassified summary of this Inquiry can be found on the IGIS website www.igis.gov.au/publications-reports/public-reports.

In November 2018, DIO released an updated end-noting and sourcing policy, which completed recommendation one of the Inquiry. In December 2018 DIO advised this office that an identified technical change had been implemented, satisfying recommendation two of the Inquiry.

The next analytic independence and integrity inquiry is scheduled to be conducted in 2020.


On 12 July 2018 this office commenced an inquiry into allegations that ASIS officers engaged in misconduct and fraud. The allegations were made by a former ASIS officer. Although lacking detail, the serious nature of the allegations warranted the Inspector-General initiating a formal inquiry as soon as possible.

At the time, the resources of the office were not sufficient to commit to an inquiry on an urgent basis. Consequently, the Inspector-General identified Mr Bruce Miller AO as having the appropriate expertise and security clearance and invited Mr Miller to lead the Inquiry. In accordance with section 32(4) of the IGIS Act, approval of Mr Miller’s appointment was obtained from the Minister for Foreign Affairs. Pursuant to section 32AA of the IGIS Act, the Inspector-General delegated to Mr Miller, in writing, the functions and powers required for him to lead the Inquiry. Mr Miller led the Inquiry supported by IGIS staff.

The Inquiry Report was completed on 20 December 2018 and the Inspector-General adopted the Inquiry Report as her own. The Inquiry found no evidence to support the allegations, either in the records reviewed or through interviews of those in a position to know the facts. The Inquiry did, however, find areas where ASIO and ASIS could improve communication and collaboration.

The Report included four recommendations, all of which were accepted. All recommendations have now been implemented and ASIO and ASIS have provided this office with details of the implementation.


In May 2018 the Inspector-General began an inquiry into the unauthorised interception of telecommunications by ASD. The Inquiry was requested by the then Minister for Defence, at the suggestion of the Director-General Designate of ASD. The Minister expressed concern with the timeliness and adequacy of reporting to her and the Inspector-General, noting similar inadequacies were identified during a 2017 IGIS Inquiry. ASD cooperated fully with the Inquiry.

The Inquiry related to an operation to collect communications of foreign intelligence value. The operation was facilitated by warrants sought by ASIO under the Telecommunications (Interception and Access) Act 1979 (TIA Act). Intercepting a communication under such a warrant is only lawful if the person who takes the action has been authorised to do so by an instrument made under section 12 of the TIA Act. Individual staff members of ASD are routinely authorised to intercept communications under these warrants.

In June 2017, ASD advised the Inspector-General that as a result of an error in preparing the relevant authorisation under section 12 for certain warrants, some ASD staff who were not authorised had intercepted telecommunications; in the absence of authorisation the collection was unlawful. That advice did not give any indication of the scale of the issue. By July 2017, five months after the warrants were signed, ASD staff were aware that a significant number of unlawful interceptions had occurred. This information was not conveyed to the Inspector-General or the Minister for Defence until February 2018.

The Inquiry found that the unlawful interception was the result of an error made by ASIO in preparing the relevant authorisation and by a failure on the part of ASD to check the accuracy of the authorisation before relying on it. When the error was detected ASD promptly requested a new authorisation and ASIO promptly responded to that request. Once the authorisation instrument was corrected ASD undertook a lengthy internal investigation and took appropriate steps to delete all unlawful intercept.

The Inquiry found that ASD’s initial reporting of this matter to the Inspector-General and the Minister for Defence was inadequate. ASD did make a comprehensive report of the matter to the Inspector-General and the Minister prior to the Inquiry commencing, and has improved its reporting since this incident occurred. While ASIO did not report the breaches of the warrant to the Attorney-General, ASIO has since amended its procedures and is now reporting breaches to the Attorney-General.

The Inquiry also found that in the past 10 years, in a relatively small percentage of the warrants that ASD was involved in executing, there had been regular legislative breaches and incidents resulting from inadequate management of warrant procedures.

The final Inquiry Report was issued on 2 May 2019. The Inspector-General made five (classified) recommendations to improve the reporting of future breaches of the TIA Act, and reduce the risk of their recurrence. ASD and ASIO accepted all five recommendations and have commenced implementation. ASD and ASIO are expected to report to the IGIS on progress of implementation of the recommendations no later than 30 October 2019.


On 14 February 2018 in response to ASIO’s notification of a potential non-compliance matter, pursuant to section 8(1) of the IGIS Act the Inspector-General, of her own motion, initiated an inquiry into an ASIO matter. The Inquiry examined the conduct and details of a multi-faceted, multi-agency foreign intelligence collection operation led by ASIO, including whether certain intelligence collection activities conducted by ASIO as part of that operation were lawful. While the Inquiry found significant problems with the planning and execution of the operation, stemming from systemic weaknesses within ASIO’s compliance management framework, it also concluded it is likely that most, but not all, of the activities reviewed as part of the Inquiry were lawful. Importantly, there was no evidence of any deliberate wrong-doing by the officers involved in the operation.

The issues identified by the Inquiry included poor communication between ASIO’s lawyers and operational staff. As a consequence of the poor communication ASIO staff believed, incorrectly, that a warrant was not required to undertake activities that in fact did require such authorisation. Additionally, as ASIO’s lawyers were not fully informed about changes to operational plans those activities were conducted without proper advice. Other issues identified by the inquiry included failures to comply with procedural requirements for warrants and associated reports; a key secondment agreement being signed by an officer without the appropriate delegation to do so; and inadequate management and supervision of those officers ostensibly seconded to ASIO.

In addition to reviewing the circumstances surrounding the operation, the Inquiry also examined ASIO’s approach to compliance and training more broadly. It found that ASIO provided little if any compliance training for ASIO employees and affiliates in relation to legislative restrictions germane to the operation. The Inquiry also found that whilst operational staff complied with ASIO’s operational planning procedures, these procedures were inconsistent with other ASIO policies and were insufficient to ensure that ASIO acted lawfully. At the time of the incident, ASIO did not have a dedicated compliance unit; however, even before the formal recommendations outlined in the following paragraph were made, ASIO had begun to develop a formal compliance framework and to establish a dedicated compliance unit.

The final Inquiry Report was issued on 14 June 2019 and made eight recommendations. Those recommendations focus on ensuring that ASIO’s proposed compliance team is established as a matter of priority; that ASIO implements a compliance training program; improves legal advice; and reviews relevant policies and procedures. ASIO has accepted all eight recommendations.

ASIO is expected to report to the Inspector-General on progress of implementation of the recommendations by 30 September 2019. This office will continue to monitor ASIO’s implementation of the Inquiry recommendations and further details will be provided in the next annual report.

Objective 4 - Inspections


ASIO’s activities have been categorised according to the functions of the Organisation set out in section 17 of the Australian Security Intelligence Organisation Act 1979 (the ASIO Act) namely:

  • security intelligence collection, correlation and evaluation;
  • intelligence communication;
  • advice about security of Ministers and Commonwealth authorities in relation to their functions and responsibilities;
  • furnishing security assessments to States and States authorities;
  • advice to Ministers and Commonwealth authorities about protective security;
  • collection of and communication of foreign intelligence; and
  • co-operation with and assistance to other agencies.

During this reporting period the ASIO inspection team met the IGIS target of inspecting at least 75% of ASIO’s activity categories. Priority was given to reviewing ASIO’s intelligence collection activities, its security assessments, and advice to Ministers on security matters. There were no inspections of ASIO’s provision of advice relating to protective security.

During 2018-19 ASIO was involved in three matters which were the subject of inquiries pursuant to section 8 of the IGIS Act. These inquiries are described separately in this report (see page 22).


It is not possible to monitor all ASIO activities. Accordingly, IGIS staff regularly inspect a sample of activities selected on the basis of risk and available resources. For this purpose IGIS staff have direct access to the relevant ASIO information technology and records management systems.

Throughout 2018-19 IGIS staff conducted inspections using a variety of methodologies, including thematic reviews, risk-based sampling and random sampling. Inspections of ASIO’s investigative cases focused on:

  • the legality of ASIO’s activities;
  • the propriety of the investigative activities being proposed and undertaken;
  • compliance with Ministerial guidelines; and
  • compliance with internal policies and procedures.

ASIO proactively provided an increased number of briefings to the office compared to the previous reporting period. The briefings covered a wide range of topics including new capabilities, new initiatives and areas of risk.

In the previous reporting period (2017-18), record keeping deficiencies at ASIO were identified as an issue requiring continued monitoring by the office during 2018-19. Inspections in 2018-19 continued to identify minor record-keeping issues; however, the overall standard of record-keeping has improved since June 2018.


ASIO produces a range of analytic products including security assessments, applications for warrants, investigative reviews and published analytic products. Some products have greater potential to intrude into the privacy of Australians than those of DIO and ONI, and others may adversely affect the interests of individuals; for example, an adverse security assessment may recommend that the Government take an action which would be prejudicial to the interests of the person such as cancelling their passport. These assessments may also result in ASIO providing specific policy guidance to the Government.

During the reporting period, ASIO instituted several measures to provide greater support to analysts, including the appointment of a senior analyst with specific responsibility for promoting and coordinating analytical tradecraft, training and quality assurance across ASIO.


ASIO activities include collection of intelligence through human sources. The details of these activities are highly sensitive and cannot be disclosed in a public report. During the reporting period, IGIS staff reviewed ASIO human source case files and met with ASIO staff to discuss related activities. Overall ASIO handles their human sources sensitively and no significant issues of concern were identified by IGIS staff when reviewing these activities.


ASIO can intercept telecommunications under warrants issued by the Attorney-General pursuant to the Telecommunications (Interception and Access) Act 1979 (the TIA Act). Warrants for the exercise of other intrusive powers, including searches, computer access and surveillance devices, can be issued pursuant to the provisions of the ASIO Act.

Throughout the reporting period IGIS staff inspected an indicative sample of warrants, primarily as part of the regular inspection of investigative cases. As in previous years, several ASIO warrant documents contained typographical errors; however, the majority of typographical errors in 2018-19 were identified by ASIO and proactively advised to this office in a timely fashion, rather than being discovered during an inspection. ASIO has further refined its processes to help ensure that warrant documentation is accurate.

Two systemic issues relating to warrants were raised with ASIO during 2018-19. One issue, first mentioned in the 2017-18 annual report, related to authorisations of classes of persons under section 24 of the ASIO Act. The office raised with ASIO some descriptions that had been used to define a class of persons for the purposes of section 24 that the office considered may be overly broad, uncertain, or not sufficiently connected to the exercise of power under the warrant. In response, ASIO undertook to review its operational arrangements and warrant application procedures.

The second issue related to the inappropriate use of templated text to brief the Attorney-General for the purposes of section 27C(2)(b) of the ASIO Act. In response ASIO amended warrant application templates to prompt officers to provide a tailored brief in relation to this criterion.

As noted above, ASIO proactively informed the office of breaches and other issues relating to warrants issued under the TIA Act and the ASIO Act. There was a substantial increase in the number of notifications made to this office in this reporting period, including early notification of several incidents that were ultimately confirmed to be compliant and notification of incidents that resulted from events outside ASIO’s control but which ASIO believed should be notified to this office in the interests of transparency. Some incidents reported were attributable to mistakes made by telecommunications carriers rather than ASIO, nevertheless they required remedial action from ASIO such as deleting information incorrectly sent by the carrier. This office welcomes the increased rate of voluntary disclosures of potential non-compliance and related incidents by ASIO. A detailed summary of compliance incidents reviewed by this office is provided below.



ASIO advised of an incident where it requested a telecommunications carrier intercept an additional telecommunications service under a named person warrant, on the grounds that the service was being used, or was likely to be used by the subject of the warrant. In fact, the written request to the carrier contained a typographical error and the specified service was unrelated to the subject of the warrant. The error was identified roughly one month after interception was enabled, at which time efforts to intercept the incorrect service were discontinued and interception was commenced on the correct service. However, no telecommunications were intercepted on the incorrect service as it was not currently subscribed; consequently, it was not necessary for ASIO to quarantine and delete data.


ASIO advised of three instances where an application for a named person warrant under section 11B of the TIA Act included a typographical error in one of the telecommunications services listed in the application as being used or likely to be used by a foreign person or organisation.

Having regard to the specific circumstances of each incident, the office is satisfied that none of these three incidents resulted in a breach of the TIA Act.


ASIO advised of four instances where errors made by telecommunications carriers resulted in ASIO receiving information which it was not authorised to collect. In all instances ASIO informed the telecommunications carriers of the error; it promptly took steps to prevent collection of further information and to delete all such information stored on ASIO systems.


ASIO advised of a breach of section 16(2)(c)-(d) of the TIA Act where the interception of a telecommunications service under a named person warrant should cease, but due to a breakdown in internal processes oral and written advice was provided to the carrier over one month after the determination was made. All data collected during this period was deleted within seven days once the error was identified.

In 2018-19 ASIO also separately advised of a second possible breach of section 16(2) of the TIA Act. As at 30 June 2019 ASIO had not concluded its investigation into this incident.


Section 17(2) of the TIA Act requires ASIO to report to the Attorney-General with details of each telecommunications service intercepted under a named person warrant. In 2017-18 this office identified that ASIO had provided a report to the Attorney-General advising that all services named on a warrant had been intercepted without establishing the accuracy of this advice. IGIS staff continued to note similar instances of non-compliance with section 17(2) of the TIA Act during 2018-19. While ASIO acknowledges its non-compliance is ongoing, practical difficulties render it impossible to remediate this issue completely in the near future. As an interim measure, ASIO has improved the accuracy of section 17 reports by including explanatory notes outlining the limitations on the assurance they can provide to the Attorney-General in relation to section 17(2). In the interests of allocating scarce resources IGIS staff do not propose to monitor this issue further during 2019-20 as the extent of ASIO’s non-compliance is now fully known to the Attorney-General and the Minister for Home Affairs.


Under the TIA Act, ASIO is obliged to instruct telecommunications carriers to discontinue interception of telecommunications where there are no longer grounds to maintain the interception or the warrant or authority authorising the interception has lapsed or has been revoked.

As an additional measure and pursuant to the Attorney-General’s Guidelines (the Guidelines), ASIO maintains internal controls to terminate the collection and storage of telecommunications data at the moment it is determined the collection is no longer justifiable. These controls mitigate the risk that a delay by the carrier in effecting disconnection will result in the unjustifiable collection of personal information by ASIO.

During the reporting period, ASIO advised this office of two relatively short periods where the ordinary operation of these internal controls failed and required remedial intervention. On both occasions, a greater than usual amount of personal information was collected (covering the time period between providing advice to telecommunications carriers and disconnection being effected); however, this additional information was subsequently deleted from ASIO systems.

Having regard to the circumstances, the IGIS is satisfied that ASIO’s actions in relation to this issue are consistent with the Guidelines requirement to take all reasonable steps to minimise the collection of personal information to what is reasonably necessary.


As an assurance activity, each year IGIS staff conduct an inspection to confirm that the deletion of data from ASIO systems has been effective and that no traces of information unintentionally remain. During 2018-19, the office identified one instance where data that ASIO had advised was deleted from all systems was still available on one system. ASIO deleted this data after it was identified during the inspection activity.


When ASIO submits a request to the Attorney-General to obtain a named person warrant under section 9A or section 11B of the TIA Act, ASIO must include details, to the extent these are known, sufficient to identify the telecommunications services that ASIO assesses the named person is using, or is likely to use. During 2017-18 IGIS staff queried whether ASIO’s warrant documentation made clear the nature of the services ASIO intended to target. In this reporting period, ASIO prepared standing guidance for the Attorney-General on how it describes telecommunications services, in consultation with this office. As at 30 June 2019 the advice was yet to be provided to the Attorney-General.



ASIO advised of an issue in relation to a computer access warrant under section 25A of the ASIO Act. At the time the warrant was issued, ASIO assessed on reasonable grounds that a computer specified in the warrant was likely to be used by the subject of an investigation (Person A). Later, during the life of the warrant, it became apparent to ASIO that Person A was not likely to use the computer. Due to a failure in internal processes an ASIO officer mistakenly accessed the computer. Irrespective of questions of legality, in these circumstances, access to the computer would at least raise an issue of propriety. Discussions with ASIO regarding ASIO’s response to this incident are continuing.


ASIO advised of one instance of unauthorised collection under the ASIO Act. The breach related to the use of surveillance devices under an identified person warrant, pursuant to an authorisation under section 27F of the ASIO Act. A second warrant was issued to permit ASIO to use other special powers in relation to the person but, as ASIO had decided to discontinue the use of surveillance devices, no authorisation was sought to permit the continued use of surveillance devices under the second warrant. The decision not to seek a further authorisation to use surveillance devices under the second warrant was not brought to the attention of the relevant area within ASIO. Consequently, upon expiry of the first identified person warrant ASIO did not disable the surveillance devices. The devices were used without authorisation for seven days before ASIO realised that they were still operational. Upon identifying the issue, all data collected during those seven days were deleted from ASIO systems within 24 hours. ASIO conducted a review of procedures and instituted new checks to be followed at the time a warrant expires, to ensure that any activities not authorised under a successive warrant are terminated.


ASIO advised this office of a possible breach of section 25 of the ASIO Act in that a person who examined records during a search activity may not have been authorised under section 24 to do so. Discussions are continuing between this office and ASIO to determine whether the person was authorised to examine the records.


Sections 175 and 176 of the TIA Act empower certain ASIO personnel to authorise the collection of historical and prospective telecommunications data from telecommunications carriers or carriage service providers. Authorisations are limited to circumstances in connection with the performance of ASIO’s functions and in accordance with the Attorney-General’s Guidelines (the Guidelines).

ASIO reported one instance where it was determined that the subject of a section 176 TIA Act authorisation no longer met the threshold for a security investigation. In closing the investigation, ASIO officers inadvertently failed to revoke the section 176 authorisation; this led to two further weeks of information being collected. Immediately after the non-compliance was identified, ASIO revoked the authorisation and deleted the additional information. The proper operation of section 176(6), supported by similar requirements in the Guidelines, imposes an obligation on ASIO officers to be diligent in revoking authorisations upon identifying that the subject is no longer of security interest. In response to this incident, ASIO revised relevant processes to prevent future occurrences.

ASIO also reported one instance where a typographical error in an authorisation under section 175 of the TIA Act resulted in ASIO collecting information relating to a telecommunications service that was not relevant to ASIO’s functions. The error was detected when the collected information was analysed. ASIO deleted the erroneously collected information within 48 hours of identifying the error.


No questioning, or questioning and detention, warrants were authorised or used during the reporting period.


Warrants issued under the ASIO Act must explicitly authorise the use of force necessary and reasonable to do the things specified in the warrant. Under section 31A of the ASIO Act, when force is used against a person in the execution of a warrant ASIO must notify the Inspector-General in writing as soon as practicable. The ASIO Act does not specify a timeframe for the provision of these reports and ASIO has developed a policy that requires an initial notification within 72 hours (three days) of the use of force, to be followed by more detailed information within 10 days.

During the reporting period, IGIS received one notification of the use of force against persons during the execution of an ASIO search warrant. The force was used by law enforcement officers assisting ASIO in the execution of the warrant. The incident was subject to the usual police internal reporting and review process and there is no indication in the police report that the force was other than reasonable and proportionate for the purpose for which it was exercised. ASIO provided an initial written notification to IGIS three days after the use of force, and this was followed by a detailed written notification 11 business days after the use of force.

This is only the second use of force notification this office has received since the ASIO Act was amended in 2014 to permit the authorisation of the use of force against persons in the exercise of a search warrant.


ASIO’s special intelligence operations (SIO) powers introduced in 2014 allow ASIO to seek authorisation from the Attorney-General to undertake activities that would otherwise be unlawful. Where the circumstances justify the conduct of an SIO, ASIO can seek these authorisations to assist in the performance of its special powers functions. The legislation requires ASIO to notify the IGIS as soon as practicable after an authority is given. All SIOs approved during the reporting period were notified to the Inspector-General within 24 hours of approval being granted by the Attorney-General.

The legislation also requires ASIO to provide a written report on each SIO to the Attorney-General and the IGIS. As the details of SIOs are highly sensitive and cannot be included in a public report it is not possible to give more information about the operations here. However, during the reporting period one propriety issue was raised concerning the interim report for a particular SIO; this matter was addressed in the final report to the Attorney-General. No other substantive issues or concerns were identified when reviewing these activities.

Under the provisions of Division 4 of the ASIO Act, SIOs can be varied or cancelled but the Act does not require ASIO to inform SIO participants of a variation or cancellation. During 2018-19 the office identified several instances where special intelligence operations were varied, but participants were not formally advised in a timely manner of a change to their immunity under the SIO authority. As a result, ASIO revised its procedures to ensure that participants are informed in a timely manner of any change to their immunity under an SIO authority.


During 2018-19, ASIO was granted new powers under the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. ASIO proactively briefed the office on its use of these powers and formally notified the Inspector-General within seven days of a notice being given where required by legislation. The office intends to review each use of these powers as part of the inspection program for the next financial year.


The Attorney-General’s Guidelines (the Guidelines) are issued under section 8A of the ASIO Act and are to be observed by ASIO in the performance of its functions.

The Guidelines require that the initiation of an ASIO investigation be authorised by a senior ASIO officer. IGIS staff identified a small number of instances in which investigative activities were undertaken without first obtaining the proper authorisations required by the Guidelines, however this was not assessed to be a systemic issue.

The Guidelines also require ASIO to review each of ASIO’s investigations on an annual basis. In 2018-19 a small number of investigations were conducted without review for periods longer than a year. ASIO proactively reported the majority of these breaches to the Inspector-General.


ASIO reported one incident where a person (Person A) was placed under investigation, based on reporting alleging that a person with similar biographical details to Person A was involved with a terrorist organisation. ASIO’s investigation subsequently determined that Person A was not the subject of this reporting; rather, the subject was a different person (Person B) whose biographical details were substantially similar to those of Person A. ASIO promptly ceased the investigation into Person A and recorded in its systems that Person A was not relevant to security. ASIO also deleted all other information that had been collected on Person A and proactively notified this office of the incident.

In a similar but separate incident, ASIO conducted an investigation into a person (Person C) but collected telecommunications data on another person (Person D) with similar biographical details to Person C. The checks used biographical information derived from historical intelligence reporting; when the telecommunications data was analysed it was determined the historical reporting was inaccurate and that the data did not relate to the subject of the investigation. Investigative activities that did not rely on this incorrect reporting were always targeted correctly towards Person C. Upon detecting the error, ASIO updated its records, deleted all information that related to Person D, and notified the office of the incident.

The IGIS considers that ASIO’s actions in these cases were lawful and proper. It is inevitable that intelligence agencies, frequently working with incomplete information under significant pressure, will occasionally draw incorrect conclusions and will be forced to amend them as new information comes to light. ASIO’s response in these matters is a positive demonstration of how agencies, acting transparently and accountably, can preserve the privacy of individuals who are inadvertently affected by such errors.


ASIO’s interactions with other Australian Government agencies include the exchange of information. Exchanges of sensitive personal information are of particular interest to the IGIS, and are subject to IGIS staff review as part of periodic inspections.

During the reporting period, ASIO exchanged information with a number of Australian Government agencies including the Australian Criminal Intelligence Commission, Australian Federal Police, State and Territory police services, the Department of Home Affairs, the Department of Defence and the Department of Foreign Affairs and Trade. Regular inspection activity included reviewing these exchanges to assess ASIO’s compliance with legislation, the Attorney-General’s Guidelines and ASIO policy. No specific concerns were identified during these inspections.


Section 355-70 of Schedule 1 to the Taxation Administration Act 1953 provides that a taxation officer authorised by the Commissioner of Taxation or delegate may disclose protected information to an authorised ASIO officer if the information is relevant to the performance of ASIO’s functions. This access to sensitive information is further governed by a memorandum of understanding between the Commissioner of Taxation and the Director-General of Security, the Attorney-General’s Guidelines and ASIO’s internal guidelines and procedures. ASIO rarely requests access to this type of information.

During the reporting period, IGIS staff reviewed ASIO’s access to sensitive tax information carried over from the previous financial year. No issues of concern were identified in this inspection. The office will review ASIO’s access to taxation information for the 2018-19 period later this year and will report the findings in next year’s annual report.


The ASIO Act authorises ASIO to provide and to seek information relevant to Australia’s security, or the security of a foreign country, from authorities in other countries. ASIO may only cooperate with foreign authorities approved by the Minister. ASIO has guidelines for the communication of information on Australians and foreign nationals to approved foreign authorities.

ASIO advised of one incident in 2018-19 where a breakdown in process resulted in information relating to Australian citizens being disclosed to a foreign service without sufficient authorisation as required by ASIO internal policy. Appropriate approval was subsequently retrospectively granted and additional procedures for foreign disclosure were implemented to prevent a reoccurrence.


In 2018-19 IGIS staff reviewed a range of submissions to the Attorney-General and Minister for Home Affairs. These reviews continue to be useful in obtaining an overview of legality and propriety issues, and to keep the Inspector-General informed of current operations and emerging issues.


Security assessments issued by ASIO can result in administrative decisions, such as cancelling a visa or passport, which significantly affect the liberties of the person who is the subject of the assessment. Similar to previous years, in 2018-19 IGIS staff reviewed a sample of cases where ASIO issued prejudicial (adverse or qualified) security assessments.


In certain circumstances, section 38(1) of the ASIO Act requires a Commonwealth agency that receives an adverse or qualified security assessment from ASIO in respect of a person to give written notice to the person, including a copy of the assessment and information concerning the person’s right of appeal to the Administrative Appeals Tribunal, within 14 days.

During the reporting period, ASIO advised the office of four cases where a Commonwealth department failed to furnish the relevant information within the time period required by section 38(1). ASIO also advised of one case where another Commonwealth department failed to furnish the relevant information within the time period required by section 38(1).

The office is satisfied that ASIO’s actions in relation to these five cases were lawful and proper. During the reporting period the IGIS did not ordinarily have jurisdiction to review the actions of either of the two departments involved and no further inquiries with either department were made in relation to these cases.


The office of the Independent Reviewer of Adverse Security Assessments fell vacant in September 2018. Mr Robert Cornall AO was subsequently reappointed as Independent Reviewer by the Attorney-General in March 2019.

During the reporting period, ASIO notified IGIS of at least one subject of an adverse security assessment who was eligible to request review by the Independent Reviewer but could not do so while the office was vacant. ASIO continued to update IGIS in relation to the impact of the vacancy until Mr Cornall was reappointed.


In 2017-18 IGIS reported on a security assessment that had been subject to significant delay but was unresolved at the time of the annual report. This case was finalised in 2018-19.


In November 2016, the Inspector-General initiated an inspection project focusing on ASIO staff access to surveillance devices and other technical devices used for surveillance. This project was suspended in 2017-18 due to higher priority inspection activities and staffing shortages in this office. It was later reactivated in October 2018 and then finalised in June 2019.

The project considered the risk that devices maintained by ASIO could be misused for unauthorised purposes, and examined whether accountability measures and other risk controls adequately address this risk. The project was not initiated in response to any incident, but instead sought to provide proactive assurance that foreseeable risks of improper or illegal activity are appropriately managed by ASIO.

The office has concluded that the inherent risk of ASIO devices being misused for unauthorised purposes is low due to the complementary effect of risk controls that primarily address operational security and financial accountability risks. However, the project identified opportunities for ASIO to better manage this risk, in particular by ensuring that controls relevant to the risk of unauthorised misuse are clearly established in associated policies and procedures, and that these policies and procedures are easily accessed and applied by staff working with such devices. The office will periodically revisit this issue in the course of our regular inspection program of ASIO activities in 2019-20.


In 2011 ASIO and the Inspector-General agreed on a protocol for the management of information concerning complaints or public interest disclosures made to IGIS. This protocol provides guidance for ASIO’s management of lawfully intercepted communications which identify, or potentially identify, a person who has made a complaint or public interest disclosure to this office.

In last year’s annual report, the office noted that ASIO was updating the protocol but that its review was not yet finalised. In consultation with IGIS, ASIO finalised the revised protocol and supporting policies and procedures in 2018-19.


The Inspector-General’s oversight of ASIS’s activities falls into eight categories, which are based on the underlying functions of ASIS as set out in section 6(1) of the Intelligence Services Act 2001 (ISA). These categories are:

  • foreign intelligence collection;
  • intelligence communication;
  • assistance to the Australian Defence Force;
  • counter intelligence;
  • foreign liaison;
  • cooperation and assistance to certain intelligence agencies and prescribed authorities;
  • actions undertaken in relation to ASIO; and
  • other activities as the Minister for Foreign Affairs directs.

IGIS staff conducted a range of regular inspections of ASIS activities covering all the agency’s functions. These inspections included reviewing: operational files, advice to the Minister for Foreign Affairs, weapons-related matters, and access to sensitive financial information. Inspection activities were conducted using a risk-based approach with priority given to operational file reviews.

This office also conducts other review and oversight related activity apart from inspections and inquiries. These other activities are an important part of the IGIS’s oversight of ASIS, and provide additional assurance that ASIS’s activities are legal and proper. Examples of such activities include reviewing ASIS reporting provided to this office on legislative non-compliance or other significant matters; being consulted on the legality and propriety of certain proposals and draft internal policies prior to finalisation, which allows the office to identify any concerns before action is taken; and engaging in visits to ASIS officers outside of its Canberra headquarters.

These inspections and other review activities are supplemented by awareness briefings on various matters throughout the year that either this office requests, or are provided proactively by ASIS. These briefings allow the office to stay abreast of emerging issues, or to follow up on observations from inspection activities. There are also regular bi-monthly meetings between the Inspector-General and senior ASIS officers that cover a range of different matters, and during 2018–19 the Inspector-General also presented to a gathering of all ASIS senior staff.


IGIS staff visited ASIS premises on a regular basis during 2018-19 to review ASIS’s operational case files. Generally these inspections occur monthly, however IGIS staff did not conduct an operational file inspection in each month during the financial year because the ASIS Inquiry in late 2018 was a higher priority for staffing.

Inspections of operational files involve reviewing a sample of files, focusing on higher risk areas as determined by the IGIS office. Considerations applied in the inspections include the appropriate application of the Privacy Rules, and consideration of how ASIS assesses and manages human rights matters. ASIS activities involve the use of human sources and ASIS officers are deployed in many countries to support a wide range of activities including counter terrorism, efforts against people smuggling and support to military operations. These activities are sensitive, and may be high-risk.

During the reporting period this office reviewed files relating to ASIS’s operational activities in a number of diverse countries. These inspections provide a deep insight into the operational environment in which field staff operate as well as the extent to which staff in ASIS headquarters evaluate risk and guide sensitive activities, and often indicates the health of inter-agency relations. These inspections typically focus on records created in the previous two years for a given station, source or operation. However, inspections may examine older matters when required. During the reporting period IGIS staff conducted a historical review of ASIS files relating to allegations of improper conduct by ASIS that occurred over ten years ago. That inspection did not identify any legality or propriety concerns.

The sensitive nature of ASIS’s operational activities means that specific detail of the topics inspected and matters identified cannot be provided in a public report. Overall, IGIS staff were satisfied with ASIS’s operational activities and that ASIS staff are appropriately identifying and considering risks associated with these activities. ASIS staff display high levels of awareness on how to handle possible incidents of torture and other cruel, inhumane or degrading treatment; ASIS’s management and record keeping in such cases was appropriate. Where IGIS staff identified areas for further investigation, ASIS was forthcoming in providing additional information or briefing this office, leading to constructive discussions to identify the compliance risks and subsequent mitigation strategies to ensure ASIS activities remain appropriate and consistent with legislation.


IGIS staff review all ministerial submissions provided by ASIS to the Minister for Foreign Affairs as part of a bi-monthly inspection activity. The majority of the submissions reviewed relate to ministerial authorisations (discussed below), however reviewing all submissions allows the office to consider whether the Minister is appropriately informed about ASIS matters. Overall, IGIS staff were satisfied that the information provided to the Minister was appropriate.


ASIS is a foreign intelligence agency and any intelligence activity it conducts on an Australian person is a key focus area for this office. In 2018-19, IGIS staff reviewed all ministerial authorisations obtained by ASIS from the Minister for Foreign Affairs. There were three cases where ASIS did not report to the Minister for Foreign Affairs within three months of the day on which an authorisation ceased to have effect as required under section 10A(2) of the ISA. This was due to internal administrative delays and human error. While IGIS staff identified two of the cases during inspection activities, in all three cases ASIS had independently identified these incidents and subsequently reported these to this office.

IGIS inspections also identified nine authorisations that were compliant with the ISA but non-compliant with ASIS’s own internal procedures. Specifically, these procedures require that the Minister for Foreign Affairs be informed promptly once the Attorney-General has agreed that the subject of an authorisation request is likely a threat to security. ASIS undertook to remind relevant staff of this requirement; the office was satisfied with this response but will continue to review authorisations in relation to all aspects of compliance.


There was one instance where ASIS sought an oral authorisation from the Minister for Foreign Affairs in an emergency using the section 9A provisions in the ISA. A written record of the oral authorisation was made within 48 hours and a copy of the record was provided to this office within three days in accordance with section 9A(5) of the ISA. The authorisation raised no concerns for this office.


When the ASIS Compliance Branch identifies a matter of concern, or when an ASIS officer self reports an issue relating to compliance or propriety, ASIS provides written notification of the matter to this office. These reports may relate to non-compliance with legislation, non-compliance with ASIS internal policies and procedures, or could merely record an event that was investigated but determined to be compliant with the law and internal policy. Such reports are an important element of the oversight arrangements between IGIS and ASIS.

While ASIS investigates the matter, IGIS does not normally conduct its own parallel review while awaiting the findings. As part of its investigation, ASIS will initiate remediation where required; this can include issuing corrections to reporting and additional training for the staff and teams involved. This office reviews all of ASIS’s investigation reports and undertakes its own independent review of incidents where necessary.

During the reporting period, ASIS provided this office with three reports which involved activities not conducted in accordance with section 10A(2) of the ISA, as mentioned above in the ‘Ministerial Authorisations to produce intelligence on Australian persons’ section. An additional nine reports provided by ASIS related to the non-application of the Privacy Rules, which are discussed below.


On 28 March 2019, the Minister for Foreign Affairs signed ASIS’s new Privacy Rules, in accordance with section 15 of the ISA, and the Rules took effect on 9 May 2019. As required by section 15(6) of the ISA, on 4 April 2019 the Inspector-General briefed the Parliamentary Joint Committee on Intelligence and Security on the content and effect of ASIS’s new Privacy Rules.

The Inspector-General was consulted on the proposed changes and is satisfied that the new Rules protect the privacy of Australian persons. The amendments to the ASIS Privacy Rules largely seek to bring the Rules in line with the ISA and the Australian Privacy Principles (APPs). Adopting similar terminology and phrasing across the APPs, Rules and the ISA aims to assist the interpretation and application of the Rules. The amendments also intend to provide practical changes and clarify certain Rules, while preserving the privacy of Australian persons. IGIS staff pay close attention to the distribution of intelligence about Australian persons by ASIS during regular inspection activities. ASIS continued to provide training to its staff on producing intelligence on Australian persons and introduced initiatives to mitigate against the risk of unintentionally reporting on Australian persons.

Compared to last year, in 2018–19 there was a small increase in the number of instances where ASIS did not apply the Privacy Rules prior to reporting on an Australian person. Nine of these matters were identified and reported to this office by ASIS, and two were identified by this office. Such cases are not in accordance with section 15(5) of the ISA. Some of these breaches occurred earlier than 2018-19, but were identified by ASIS during the reporting period. These incidents represent a very small proportion of the total reporting ASIS produced on Australian persons during 2018-19. All cases were due to combinations of human error and problems associated with an aging IT system. This office found no instances where reporting on an Australian person would not have been reasonable and proper had the Privacy Rules been applied at the time. Separately, there were other occasions where this office identified areas for improvement in ASIS’s recordkeeping with respect to the Privacy Rules. IGIS staff will continue to pay close attention to the application of the Privacy Rules by ASIS.

ASIS reported two occasions in 2018-19 where a ‘presumption of nationality’ was overturned; that is, information became known that an individual previously presumed to be foreign was actually an Australian person. These incidents are required to be reported to the IGIS under the ASIS Privacy Rules. In both cases ASIS’s initial presumption was reasonable and in accordance with Privacy Rule 1 as, at the time, there was no evidence that the individuals, located outside of Australia, were Australian.

The office’s review of one of these cases identified delays in ASIS overturning the presumption once the information was available; specifically, there was a six week delay between an ASIS officer learning that an individual might be an Australian and checks being conducted to confirm the individual’s nationality. Seven weeks then passed between ASIS confirming the individual was an Australian citizen, notifying parts of the Australian Intelligence Community (AIC) of this fact, and following internal processes to remedy the non-application of the Privacy Rules. Where ASIS believes that an individual might be an Australian person, checks to confirm the individual’s nationality must occur promptly to ensure legal and policy requirements are met. If, based on these checks, ASIS becomes satisfied that an individual is an Australian person and overturns the presumption of nationality, it would be proper for ASIS to share this information with other AIC agencies as soon as practicable. This was an isolated case and did not reveal any systemic problems.


The ISA prevents ASIS officers from undertaking activities that involve violence or the use of weapons. However, the Act allows ASIS to provide its officers with weapons, and to train officers to use weapons and self-defence techniques in certain circumstances, particularly in order to protect themselves or certain other people. In December 2018, provisions of the ISA relating to the use of force and weapons were amended to enable the Minister to specify additional persons outside Australia who may be protected by an ASIS staff member or agent, and allowed ASIS staff members or agents performing specified activities outside Australia to use reasonable and necessary force in the performance of an ASIS function. The Inspector-General was consulted on these changes in a detailed and cooperative manner, and suggestions made during this consultation were accepted by ASIS.

Schedules 2 and 3 of the ISA require that the Minister and Director-General provide certain documentation to this office related to the use of force and weapons, including approvals for weapons and self-defence training; copies of Director-General Guidelines issued for the purpose of weapons and self-defence; approvals in specific circumstances where the Minister approves the use of force; and if officers or agents use weapons or self-defence techniques other than in training or approved scenarios.

In the 2018-19 reporting period the Minister and Director-General of ASIS provided relevant reports required under the ISA. The Inspector-General continues to be satisfied that the need for a limited number of ASIS staff to have access to weapons for self-defence in order to perform their duties is genuine. ASIS did not report any cases where a weapon was discharged or self-defence techniques were used other than in training, nor any instances of non-compliance with internal weapons guidelines issued by the Director-General of ASIS. As at 30 June 2019 the Director-General of ASIS had not issued any new or updated guidelines relating to the use of weapons and self-defence techniques, including the use of force or threats of the use of force. In one case the Minister provided an approval for certain ASIS staff members to protect a number of persons under Schedule 2, Clause 1(3) of the ISA.

The IGIS office also examined ASIS weapons and self-defence policies, guidelines and training records during an inspection, and did not identify any issues of concern.


ASD’s activities subject to the office’s oversight are categorised according to the underlying functions of the agency as set out in section 7 of the ISA, namely:

  • foreign intelligence collection;
  • intelligence communication;
  • prevention and disruption of cybercrime;
  • provision of material, advice and assistance relating to security and integrity of certain information;
  • assistance to the Australian Defence Force;
  • protection of specialised technologies;
  • assistance to Commonwealth and State authorities; and
  • assistance to certain intelligence agencies and prescribed authorities.

In the 2018-19 reporting period IGIS staff met the target of inspecting at least 75% of these categories.

IGIS inspection of ASD activities is assisted by strong working-level relationships with ASD’s Oversight, Compliance and Legal teams, and regular access to required information and systems. Given the volume and complex nature of ASD activities, the IGIS inspection program is continuous and includes scheduled inspection activities, and proactive reviews of areas of risk or sensitivity. IGIS also reviews ASD’s existing and proposed policies to ensure they are appropriate and effective.

During 2018-19, the office inspected a number of ASD activities, including:

  • applications for ministerial authorisation to produce intelligence on Australian persons;
  • ASD’s compliance with the ASD Privacy Rules;
  • compliance incident reports; and
  • ASD’s access to sensitive financial information.

These inspections were supplemented by briefings on various matters across the year, regular meetings with the ASD Oversight and Compliance teams, engagement with ASD Legal staff, and visits to ASD staff posted outside Canberra. The Inspector-General and the Director-General of ASD meet formally on a quarterly basis to discuss oversight matters and developments.

The office also commenced two targeted inspection projects during the reporting period on ASD’s use and management of certain warrants under the TIA Act, and ASD’s compliance with particular administrative arrangements it has in place with the Australian Defence Force. These have been finalised and no systemic issues or concerns have been identified to date.


The ISA requires ASD to obtain authorisation from the Minister for Defence before conducting certain activities, including the production of intelligence on Australian persons. During 2018-19 the office inspected over 96% of the applications made by ASD for ministerial authorisation, an increase on the approximately 80% reviewed in the last reporting period. The submissions were generally of a high standard, and no significant issues were identified.

However, IGIS staff did identify several instances during the reporting period where ASD did not display appropriate administrative restrictions on certain database records. These lapses heightened the risk of an inadvertent breach of the ISA by omitting a layer of additional administrative assurance. ASD’s response to feedback on this issue was positive and IGIS staff continue to monitor this aspect of ministerial authorisations and associated records.

Once a ministerial authorisation has expired, ASD is required, within specified timeframes, to provide the Minister with a report on the activities it conducted under the authorisation. IGIS staff reviewed a number of these reports. In one case, ASD failed to provide the Minister with a section 10A report within one month of an emergency ministerial authorisation expiring. ASD investigated this case and reported its findings to the IGIS in a Compliance Incident Report, which is discussed in more detail below.


Situations may arise where, as a matter of urgency, ASD requires a ministerial authorisation to undertake certain activities. Emergency authorisations may be provided orally by the Minister for Defence, or other select ministers where the Minister for Defence is unavailable. Alternatively the Director-General of ASD can authorise such activities if the ministers are not readily available. Emergency authorisations are only valid for 48 hours after which any further activity will require a new authorisation if ASD is to continue that activity.

Three emergency ministerial authorisations were issued to ASD during the reporting period. IGIS staff reviewed all these applications for authorisation and found no issues of concern with their initial administrative management; however, as noted above, on one occasion ASD did not provide the Minister with a section 10A report within one month of the authorisation ceasing.


During the reporting period IGIS staff conducted a quarterly review of ASD’s submissions to the Minister for Defence. The office seeks to ensure the Minister is given timely and accurate information about critical ASD issues. Over this reporting period, IGIS staff found that the submissions were generally of a high standard, and were provided to the Minister within an appropriate time frame. IGIS staff appreciated ASD’s consultation with the IGIS office in relation to several submissions.


The Minister for Defence issues written rules (the ASD Privacy Rules) to regulate how ASD communicates and retains intelligence information about Australian persons. The ISA prohibits ASD from communicating intelligence information concerning an Australian person otherwise than in accordance with those rules.

The ASD Privacy Rules require ASD to: provide IGIS with access to all of ASD’s intelligence holdings concerning Australian persons; to consult the office about relevant procedures; to report to this office any breaches of the ASD Privacy Rules; and advise where ASD has revised its determination that a person is an Australian person.

In accordance with its obligations under the Privacy Rules, ASD reported on cases during the reporting period where ASD had initially presumed in accordance with the guidance set out in the rules that a particular individual was not an Australian person, but where the presumption was subsequently rebutted and the person was shown to be Australian. These reports included details of the measures taken to protect the privacy of that person. IGIS staff reviewed these cases and found that the initial presumptions of nationality were reasonable given the information available to ASD at the time. ASD’s actions, including informing other intelligence agencies that the person is Australian, were appropriate and in accordance with the Privacy Rules. The office notes that ASD, as a propriety measure, began to inform second parties of overturned presumptions of nationality in mid-2018. The office acknowledges this extra step that ASD is taking to ensure the privacy of Australian persons is protected.

In July 2018, ASD informed the office that it had communicated intelligence information concerning an Australian person, otherwise than in accordance with the ASD Privacy Rules, thereby contravening the ISA. The incident occurred when ASD conducted intelligence activities without the appropriate authorisation, and conducted a subsequent activity without consideration of the ASD Privacy Rules. This incident is discussed in the section below.


ASD has a strong record of proactive self-reporting to the IGIS where it identifies breaches of legislation and significant or systemic matters of non-compliance with ASD policy. When this occurs, ASD provides written notification to the office, undertakes an investigation of the incident and provides its findings. The office reviews these reports and where necessary undertakes further independent investigation of the incident. ASD takes mitigation and remediation actions where required in consultation with the office.


The TIA Act prohibits agencies from intercepting communications passing over a telecommunications system, except in limited circumstances, including where there is a warrant in place allowing interception. In July 2018, ASD advised this office that it had intercepted communications without a warrant, thereby breaching the TIA Act, and had then communicated the intercepted material, also in breach of the TIA Act. The breach was the result of a system processing error. The office was satisfied with ASD’s investigation and the remedial action taken to prevent recurrence.

In May 2019, ASD notified the IGIS office that, on two occasions, ASD may have contravened section 7 of the TIA Act, by enabling interception without the correct warrant. ASD investigated this incident, and in June 2019 confirmed that the activity contravened section 7. As of 30 June 2019, ASD had not yet completed the associated compliance incident report. This office will report independent findings relating to this case in the next annual report.

In June 2019, ASD informed the IGIS office that ASD may have contravened section 7 of the TIA Act by unauthorised interception of a specific type of communication. ASD investigated this incident, and in late June 2019 confirmed that the activity likely contravened the TIA Act. As of 30 June 2019, ASD was still compiling the associated compliance incident report. This office will report independent findings relating to this case in the next annual report.

In addition to these confirmed instances of non-compliance, ASD also advises this office of ‘potential breaches’ where a breach is technically possible but cannot be proven. ASD categorises an incident as a potential breach when it is unclear, due to data limitations or the absence of essential details, whether a breach has occurred. The IGIS office reviews these matters in the same manner as it reviews compliance incidents. As outlined below, ASD advised IGIS of two potential breaches in the reporting period.

In October 2018, ASD advised this office of a potential breach of section 7 of the TIA Act as a result of the misconfiguration of an ASD system. ASD advised that it was not possible to confirm whether unauthorised communications had actually been intercepted. This office reviewed the incident and considers that ASD potentially breached section 7 and section 63; however, the office notes that ASD acted promptly to inform the IGIS and to rectify the incident. The office is satisfied with the proposed measures for mitigating future risk associated with this matter.

In October 2018, ASD also informed the IGIS office of its investigation into an incident whereby communications were potentially intercepted due to a system error. In December 2018, ASD confirmed its assessment that the incident was not a breach of legislation. This office conducted an independent review of the incident and considers that a component of the collection constituted a potential breach of section 7 of the TIA Act as it cannot be conclusively demonstrated that the suspect interception did not occur. ASD undertook appropriate mitigation measures following this incident.


The ISA requires the Minister for Defence to issue a written direction to ASD requiring ASD to obtain ministerial authorisation before conducting certain activities for the purposes of producing intelligence on an Australian person. The Act requires the Director-General of ASD to ensure that ASD complies with those directions. The ISA also prohibits ASD from communicating intelligence information concerning Australian persons, except in accordance with the ASD Privacy Rules. In July 2018, ASD advised this office of its investigation into a breach of these obligations. The incident occurred when ASD conducted intelligence activities in relation to two Australian persons without obtaining authorisation from the Minister. ASD then further contravened the requirements of the ISA by conducting a subsequent activity without consideration of the ASD Privacy Rules. The combination of human error and a failure to comply with ASD policy contributed to the breaches. This office was satisfied with ASD’s investigation and remedial action to prevent recurrence.

In August 2018, ASD advised this office of its investigation into another breach of its ISA obligation to obtain a ministerial authorisation. The breach involved undertaking activity to produce intelligence on an Australian person without obtaining ministerial authorisation to do so. The breach resulted from a failure to consider if there is a purpose to produce intelligence on an Australian person where there is more than one purpose. This office was satisfied with ASD’s investigation and remedial action to prevent recurrence.

In January 2019, following queries from this office regarding the status of a report under section 10A of the ISA, ASD confirmed an incident where it had failed to provide a report to the Minister for Defence in relation to activities conducted under an emergency ministerial authorisation. ASD assessed this to be a breach of the reporting requirements set out in section 10A, and sent its final report to the IGIS in March 2019. This office reviewed ASD’s investigation and considered the findings to be reasonable, and is satisfied that the remedial actions proposed and implemented by ASD will help to prevent similar errors in the future.


In late 2018, ASD advised the IGIS of an instance where it had contravened certain legislation. The sensitive nature of ASD’s operational activities mean that specific details cannot be included in this report.


The activity categories assigned to AGO are derived from AGO’s statutory functions under the ISA:

  • intelligence collection and other activities in support of the Australian Government;
  • intelligence collection in support of the Australian Defence Force;
  • intelligence collection in support of Commonwealth and State Authorities carrying out national security functions;
  • communication of intelligence;
  • provision of imagery and other geospatial products;
  • support to persons or bodies responsible for functions including emergency response, safety, scientific research, economic development, culture, and environmental protection;
  • assistance to certain intelligence agencies and prescribed authorities; and
  • the functions of the Australian Hydrographic Office.

During 2018-19, this office achieved the target of inspecting at least 75% of AGO’s activity categories. The inspections included:

  • applications for ministerial authorisation to produce intelligence on Australian persons;
  • Director’s approvals and post-activity reporting;
  • AGO’s compliance with the AGO Privacy Rules; and
  • AGO’s access to sensitive financial information (discussed later in the report).

The office received briefings from AGO teams in Canberra and Bendigo which enabled IGIS officers to gain a better understanding of the agency’s functions and to identify emerging issues. They also assisted this office to enhance working-level relationships within AGO and to follow up on matters observed during inspections. Visits to regional offices enable the office to conduct outreach and inform staff of our role in handling complaints and disclosures.

The Inspector-General held four meetings with the Director of AGO during the reporting period to discuss key issues and arrangements for oversight. The office also engaged with AGO on matters such as the Comprehensive Review of the Legal Framework Governing the National Intelligence Community and amendments to the AGO Ministerial Directions.

Based on inspection and review activities, the office is satisfied that AGO met its statutory obligations under the ISA during the 2018-19 reporting period, and that AGO has established systems and processes to encourage compliance.


The ISA requires AGO to obtain authorisation from the Minister for Defence before conducting certain activities, including the production of intelligence on an Australian person. This authorisation is usually requested in conjunction with ASD. During 2018-19, IGIS reviewed all applications made by AGO for ministerial authorisation. IGIS inspections did not identify any concerns relating to AGO’s applications for ministerial authorisation, renewals, or circumstances in which AGO sought to cancel an authorisation. One emergency ministerial authorisation was issued to AGO during the reporting period; IGIS staff reviewed this emergency authorisation and did not identify any issues of concern.


The Minister for Defence requires the Director of AGO to approve AGO activities intended to produce geospatial or imagery intelligence on a person or body corporate in Australian territory or subject to Australian jurisdiction, unless the activity is one for which AGO must seek ministerial authorisation. The Director of AGO is also required to provide the Minister with quarterly reports on the activities conducted in accordance with such approval. The accuracy of these and other reports provided to the Minister for Defence were reviewed during the reporting period by IGIS staff, and no issues were identified.

At the conclusion of approved activities, AGO staff prepare a post-activity compliance report for the Director, which this office examines. During 2018-19, IGIS staff identified no significant issues with these reports. However, one instance was noted of non-compliance with the Ministerial Directions where a Director’s Approval was not approved at the appropriate level of delegation. This office subsequently recommended to AGO that it would be prudent to put in place a formal delegation procedure that makes clear the circumstances in which another officer may sign as acting Director. The office is satisfied that AGO has taken appropriate remedial action in response to this matter.


The Minister for Defence issues written rules (the AGO Privacy Rules) to regulate how AGO communicates and retains intelligence information concerning Australian persons. During the 2018-19 reporting period IGIS staff did not identify any concerns in relation to AGO’s compliance with the Privacy Rules. This is the third consecutive year in which AGO has been fully compliant with the AGO Privacy Rules.


In May 2019, IGIS staff visited AGO offices in Bendigo, Victoria. This visit enabled the office to learn about the work conducted in Bendigo, including the AGO traineeship program, and to provide briefings to the staff regarding the role and responsibilities of the IGIS office.


In October 2017 the Australian Hydrographic Office (AHO) functions were transferred from the Royal Australian Navy to AGO. This transfer meant that the IGIS office assumed oversight of the functions of the AHO in relation to any intelligence collection or application of the AGO Privacy Rules. The AHO has fully incorporated ISA requirements into its daily workflows and has received relevant compliance training. However, due to current differences in task tracking and recording in separate systems, this office has not yet reviewed any AHO office products. IGIS staff will conduct outreach and inspections at the Wollongong site once infrastructure upgrades are completed.


Inspections of DIO are less frequent than for ASIO, ASIS, ASD and AGO, as the office focuses its limited resources on inspecting and reviewing the activities of the intelligence collection agencies in preference to those of the assessment agencies DIO and ONI.

In this reporting period the office inspection of DIO’s activities included following up on matters identified during the inquiry into the analytic independence and integrity of DIO conducted in 2017, as well as routine inspections of DIO’s compliance with the Guidelines to Protect the Privacy of Australian Persons. IGIS staff also reviewed DIO’s access to sensitive financial information from AUSTRAC, which is discussed later in this report.

In addition to these inspection activities, the office attended relevant compliance training run by DIO, and monitored the percentage of DIO staff that have completed mandatory compliance training requirements.


DIO’s compliance with its Privacy Guidelines was reviewed twice during the reporting period by IGIS staff. These guidelines, which are available on the DIO website, are similar to the Privacy Rules established under section 15 of the ISA for ASIS, ASD and AGO. They allow DIO to perform its role while protecting the privacy of Australians. This office did not identify any significant issues or concerns in this reporting period, and there was no evidence that DIO breached the Privacy Guidelines.


During 2018-19 this office had oversight of the Office of National Assessments (ONA) which subsequently became the Office of National Intelligence (ONI). ONI was established on 20 December 2018 following the passage of the Office of National Intelligence Act 2018 (ONI Act), and was established to provide Government with a better coordinated and more integrated intelligence community. It subsumed the role, functions and staff of ONA. ONI is responsible for enterprise level management of the National Intelligence Community. It also produces all-source intelligence assessments for government and maintains the Open Source Centre; it is these functions that are of particular interest for the inspection and review activities of this office.

The Office of National Intelligence Rules to Protect the Privacy of Australians (the ONI Privacy Rules) were made by the Prime Minister in accordance with section 53 of the ONI Act; the Rules replaced the Privacy Guidelines in place for ONA. Given the focus on the development of the Rules, IGIS staff undertook one less on-site inspection than usual of ONA’s application of the Privacy Guidelines.

The functions of ONI, and formerly ONA, mean that it is less likely than intelligence collection agencies to intrude on the privacy of Australian persons or operate in breach of legislation. As such the office made fewer inspections of ONA and ONI compared to the intelligence collection agencies. ONA had three broad statutory functions, whereas ONI has 11 different functions under the ONI Act. This office did not meet the target of inspecting at least 75% of ONA’s or ONI’s activity categories; however not all of ONI’s functions were a focus for this office during the reporting period. For this financial year, IGIS staff focused on the areas considered to be of highest risk, namely ONI’s implementation of the new ONI Privacy Rules and the associated policies and guidelines. This office will continue to review its approach to ONI inspection and review activity to ensure it focuses on key areas of legality and propriety risks.


On 18 December 2018, the Prime Minister signed the ONI Privacy Rules. ONI published the Rules on its website as required by section 53(4A) of the ONI Act. In accordance with section 53(6) of the ONI Act, the Inspector-General provided a brief to the PJCIS on the content and effect of the Rules. This office was consulted extensively in the preparation of the ONI Privacy Rules and the Inspector-General is satisfied that the Rules protect the privacy of Australian persons. The Inspector-General also had relevant discussions with the Privacy Commissioner during the consultation period.

IGIS staff focused on the distribution of information about Australian persons during the inspection of ONI. The ONI Privacy Rules require that it only retain or communicate information about an Australian person where it is necessary to do so for the proper performance of ONI’s functions, or where retention or communication is authorised or required under another Act. ONI must advise this office if it identifies a breach of the Rules, and include information about the measures taken to protect the privacy of the affected Australian person, or of Australian persons more generally. Adherence to this reporting requirement provides the office with sufficient information upon which to decide whether appropriate remedial action has been taken, or further investigation and reporting back to the IGIS is required. No breaches were reported to our office by ONI.

The office’s one on-site inspection during 2018-19 did not identify any breaches of the Privacy Rules, and the majority of ONI’s records reviewed were of a high standard. The inspection did identify some minor areas where ONI could improve its compliance with relevant ONI policy. During the inspection IGIS staff were also briefed on activities of ONI’s Open Source Centre, ONI’s progress in establishing a framework to use assumed identities, and other matters.


During the reporting period this office conducted inspections that covered activities common to a number of agencies.


Part IAC of the Crimes Act 1914 and corresponding State and Territory laws enable ASIO and ASIS officers to create and use assumed identities for the purpose of performing their functions. The legislation protects authorised officers from civil and criminal liability where they use an assumed identity in circumstances that would otherwise be considered unlawful. Similarly, the legislation protects the Commonwealth, State and Territory agencies responsible for issuing identity documents in relation to an assumed identity in accordance with the Act. In December 2018, the Crimes Act 1914 was amended to extend authority to acquire and use assumed identities to ONI.

The legislation also imposes reporting, administration and audit regimes on those agencies using assumed identities. Section 15LG of the Crimes Act 1914 requires ASIO, ASIS and ONI to conduct six-monthly audits of assumed identity records and section 15LE requires that each agency provide the Inspector-General with an annual report containing information on the assumed identities created and used during the year. During 2018–19 the Director-General of Security and the Director-General of ASIS each provided this office with a report covering the activities of their respective agencies for the 2017-18 reporting period. There was nothing in the reports to suggest that ASIO or ASIS were not complying with their legislative responsibilities or which otherwise caused concern. ONI was not required to submit a report for 2017-18. Agency reports covering the period 2018-19 will be submitted during 2019-20.


The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act) provides a legal framework in which designated agencies are able to access and share financial intelligence information created or held by the Australian Transaction Reports and Analysis Centre (AUSTRAC). All intelligence agencies and IGIS are designated agencies for the purposes of the AML/CTF Act.

The IGIS is party to a memorandum of understanding (MOU) with AUSTRAC. This MOU establishes an agreed understanding of IGIS’s role in monitoring agencies’ access to, and use of, AUSTRAC information.

In overseeing the agencies’ use of AUSTRAC information, the office checks that there is a demonstrated intelligence purpose pertinent to the agencies’ functions, that access is appropriately limited, searches are focused, and the passage of information to both Australian agencies and foreign intelligence counterparts is correctly authorised. In 2018-19, as in previous years, the Inspector-General prepared a statement summarising compliance monitoring in respect of each of the intelligence agencies concerning their access to, and use of, AUSTRAC information in the preceding financial year and provided this to relevant ministers and the AUSTRAC Chief Executive Officer.

During 2018-19, the office inspected ASIO’s use of AUSTRAC material during 2017-18 and identified multiple breaches of section 133 of the AML/CTF Act. These breaches were consistent with the findings of an earlier ASIO internal review (conducted during 2017-18) that identified systemic deficiencies in ASIO’s compliance with the requirements of the AML/CTF Act and ASIO’s MOU with AUSTRAC. Additional detail about this review and the identified deficiencies can be found in the IGIS annual report for 2017-18. As reported last year, the ASIO internal review prompted measures to address these deficiencies and the office saw some evidence in 2018-19 that these measures are improving ASIO’s handling of AUSTRAC material. In particular, the office noted an improvement in ASIO officers’ understanding of the procedural requirements for the communication of AUSTRAC information, however, the quality of record-keeping related to the dissemination of AUSTRAC information remains inconsistent.

In 2018-19 the office conducted a specific inspection of ASIS records concerning AUSTRAC information, as well as incidentally reviewing ASIS’s use of AUSTRAC material during inspections of operational files throughout the year. The inspections found that ASIS’s governance and record-keeping in relation to AUSTRAC information continued to be effective.

Inspections of ASD, AGO and DIO relating to AUSTRAC information did not reveal any issues of concern. There were no instances of non-compliance by ASD, AGO and DIO regarding access to and use and protection of AUSTRAC information. ASD, AGO and DIO continued to have limited interaction with AUSTRAC material during the reporting period, and did not access any information directly via online access to AUSTRAC databases. All three agencies have effective procedures in place with regard to handling of this information.

The office reviewed ONI’s use of AUSTRAC material and found that, overall, ONI’s governance and record-keeping continued to be effective. ONI self-reported an issue where AUSTRAC was disseminating reports to an ONI email distribution list containing individuals not authorised to receive the reports. This activity did not constitute a breach of the AML/CTF Act as, in accordance with section 121(3)(b) of the Act, staff of AUSTRAC are able to disclose product to ONI staff to assist in the performance of their duties.



The 2017 Independent Intelligence Review recommended far-reaching changes for Australia’s intelligence bodies. One recommendation of that Review is that the jurisdiction of the IGIS be expanded to include the intelligence functions of the Australian Criminal Intelligence Commission (ACIC), Australian Federal Police (AFP), AUSTRAC and the Department of Home Affairs. The Government has allocated additional funding to this office since 2017-18 to implement this recommendation, however expansion of IGIS jurisdiction will require amendments to the Inspector-General of Intelligence and Security Act 1986 (IGIS Act). The timing and final form of any amendments is a matter for the Government and the Parliament, however, in anticipation of some expansion of jurisdiction the office has commenced planning and preparation for these new responsibilities.


During 2018-2019 the office continued engagement with key contacts and senior managers within ACIC, AFP, AUSTRAC and the Department of Home Affairs to assist this office in developing an in-depth understanding of the intelligence activities of each of these agencies and how these activities fit within their broader functions. This engagement has included briefings at the agency, branch and team level as well as specific operational briefings, capability briefings and regional visits. IGIS staff have attended agency induction programs as well as training specific to intelligence areas within the agencies. Additionally, IGIS is placing staff with the agencies to build a more detailed and practical understanding of the agencies’ intelligence functions and the internal policies and procedures that support those functions.

Outreach activities conducted by the office during this period have also focused on explaining the role of the Inspector-General and the office’s approach to the role, including through all-staff briefings by the Inspector-General and IGIS staff briefings to line areas.


While the final form and timing of any expanded jurisdiction of the office remains a matter for the Government and Parliament, this office has continued to build the relationships and understanding of agency activities and is developing interim inspection plans accordingly. The IGIS is well placed to have interim inspection plans for the intelligence functions of ACIC, AFP, AUSTRAC, and the Department of Home Affairs by the time the relevant amendments commence.

Objective 4 - Complaints


For practical purposes communications received by the office expressing a grievance are categorised either as ‘contacts’ or ‘complaints’. Contacts are communications raising grievances that fall outside the jurisdiction of the office, or which otherwise cannot be progressed for various reasons including that they are clearly not credible or not intelligible.

The office categorises a matter as a complaint if it raises an initially credible allegation of illegal or improper conduct or an abuse of human rights in relation to an action of an intelligence agency within the jurisdiction of the office. Complaints can be made orally or in writing and they may be made anonymously.

Each communication is assessed to determine the most appropriate course of action and whether it falls within the public interest disclosure (PID) scheme. Complaints are usually handled administratively in the first instance. In most cases, complaints and other matters can be resolved quickly and efficiently by IGIS staff contacting the relevant agency or reviewing their records. This approach can determine whether a particular matter is within jurisdiction and reduce the procedural burden of an Inquiry. Administrative resolution usually gives the complainant a timely response, and information sought from agencies in this way can help the Inspector-General determine whether to conduct an inquiry for more serious or complex matters.

Each person who contacts the office is given advice about actions taken in response to their concerns and the outcomes, to the extent possible within the security obligations of this office.


Figure 2.2 Timeliness of response to complaints









Other IGIS Act complaints




Public Interest Disclosures









The Department of Home Affairs processes visa and citizenship applications. There are occasions when applications will be referred to other government agencies to conduct necessary background checks. When asked to do so by the Department of Home Affairs, ASIO may make a security assessment or provide advice in support of the visa process. IGIS has the role of reviewing these actions to ensure they are legal and meet the required propriety standard.

In 2018-19, the office received 750 complaints about visa or citizenship applications, nearly triple the number of similar complaints (279 visa or citizenship complaints) in 2017-18. In 2018-19, the average number of visa or citizenship complaints received per month was 63, compared to an average of 23 complaints per month in 2017-18, 21 complaints per month in 2016-17 and 10 complaints per month in 2015-16.

Figure 2.3: visa/citizenship complaint trends 2016-17 to 2018-19Bar chart depicting visa/citizenship complaint trends between 2016-17 to 2018-19

In 2017-18, the largest number of complaints made to this office related to delays in citizenship applications, accounting for approximately 37% of all visa and citizenship-related complaints. As signalled in last year’s report, staff from the office explored the reason for this trend in 2018-19, including meeting regularly with the Office of the Commonwealth Ombudsman to develop an understanding of the issue beyond the confines of IGIS jurisdiction. For almost every citizenship case reviewed by the office in 2018-19, the office was able to determine that no Australian intelligence agency was the cause of delay in processing the application. In 2018-19 the largest number of complaints related to student visas, accounting for half of all visa and citizenship-related complaints, compared to 22% the previous year.

The number of complaints received from individuals seeking skilled business or work visas continued to decline. There was a 53% increase (from 15 to 23) in complaints received about protection and refugee visa applications.

The most frequent complaint about visa and citizenship applications continues to be the length of time taken to finalise an application beyond the indicative timeframes listed on the Department of Home Affairs’ website.

In 2018-19 the Inspector-General extended the minimum time that must pass before the office will inquire into a visa or citizenship application in response to a complaint. In 2017-18, the office would only take action in relation to applications for citizenship and permanent visas that were lodged more than 12 months prior, and temporary visas lodged more than three months prior. The experience of the office in 2018-19 has been that these timeframes are resulting in reviews that are premature. In the ordinary course of events complaints to the office about visa or citizenship applications are not generally affected by issues of legality or propriety within an Australian intelligence agency within these time periods, and most cases reviewed by the office within these timeframes will not be resolved for a further several months. For these reasons, and in light of the significant increase in complaint volumes, the office will now only take action on a citizenship complaint when two years have passed since the citizenship application was lodged with the Department of Home Affairs. In the case of visa applications, the office will review complaints for permanent visas, student visas and temporary activity visas when six months have passed since the application was lodged, or three months since the application was lodged for any other temporary visa class.

During the reporting period, 97% of visa and citizenship-related complaints received by the office were acknowledged within five working days, well above the office’s performance indicator of 90%. Of the visa and citizenship complaints received in 2018-19, 93% were resolved within 14 days of receipt, also well above our target of 85%. The office considers a complaint about a delay in visa or citizenship security assessments to be resolved once IGIS staff have completed consideration of the complaint and responded to the complainant.


The Department of Home Affairs may request ASIO to make a security assessment or provide advice in support of the visa process. It is not possible to predict how long it will take to complete a security assessment. In a number of cases, this office found that some processes for following up requests for information contributed to delays in finalising assessments. This office has not identified any illegality or impropriety in the processes. Nevertheless, IGIS has noted the impact of the delay on applicants and has requested that delays be addressed.


The office received 29 non-visa/citizenship-related complaints in the reporting period (excluding PID matters), continuing a downward trend since the 2016-17 reporting period. Ten complaints received in 2017-18 were carried into the 2018-19 reporting period, while at the end of 2018-19 one complaint remained open. The average time taken to acknowledge these complaints was three business days. IGIS staff responded to 93% of such complaints within five business days, exceeding the performance measure of 90%.

Figure 2.4: Other complaint statistics 2016-17 to 2018-19Column chart depicting "other" complaints 2016-17 to 2018-19

Figure 2.5: Other complaint trends 2018-19





Communication issues




Delay – security assessment




Detriment to member of public arising from agency action




Employment – internal security




Employment – management action












During the reporting period, we sought agency information about complaints by speaking with relevant agency staff, reviewing files and undertaking independent searches of agency databases to identify issues of legality or propriety, and where possible, to facilitate a resolution to the complaint. IGIS staff have established effective relationships with agency staff which ensures most matters are able to be resolved efficiently. Where complex issues are identified, discussions are constructive.

On finalisation, all complainants were given advice about the action the office had taken in response to their complaints, our consideration of agency briefings and records, and how any concerns were resolved. Where appropriate, complainants were also invited to contact the office again if their concerns persisted.

The majority of complaints (22) were about ASIO, while five were about ASD and two concerned ASIS. No complaints were received concerning AGO, DIO or ONI. The complaints covered a wide range of matters, including allegations about:

  • security assessments for employment;
  • recruitment irregularities;
  • obstruction in obtaining software certification; and
  • harassment.

Half of the 22 complaints about ASIO concerned delay in security assessments for security clearances required for employment in Australian Government agencies or for an Aviation Security Identification Card. ASIO information revealed that, of the 11 complaints about delay, five concerned cases that did not meet the criteria for priority assessment and had not progressed faster due to competing priorities. No concerns were identified as to the legality or propriety of any ASIO action, and this office does not interfere with the assessment itself or comment on agency resourcing decisions. Where complainants advised their work was affected by the delay, IGIS staff suggested alternative action for complainants to take, such as seeking prioritisation through their employer and the Australian Government Security Vetting Agency (AGSVA).

For security reasons it is usually not possible to give complainants a complete picture of how their matters have been handled by the agency concerned and by this office. Understandably this may leave complainants dissatisfied with the complaint process even where everything possible has been done. It should be noted that few complainants contact the office to report either satisfaction or disappointment with the outcome of their complaints. Where IGIS staff are aware that an issue remains unresolved when a complaint is closed, IGIS staff may monitor agencies’ actions through the office’s inspection program. In all cases, the office provides advice about its role, and the role and functions of relevant Australian intelligence agencies. Where the concerns raised are outside the office’s jurisdiction, IGIS staff provide details of alternative avenues that might be pursued, if this is appropriate.



A lawyer complained on behalf of an asylum seeker in detention. Correspondence from the Department of Home Affairs and ASIO had given the asylum seeker conflicting advice about which agency was responsible for telling him the outcome of his ASIO security assessment. IGIS staff sought ASIO advice about the matter and it appeared ASIO understood, wrongly as it happened, that the Department of Home Affairs would notify the individual of the outcome. The result was that neither agency had informed him of the non-prejudicial outcome of the assessment which had been issued more than a year before the complaint was made. IGIS staff subsequently advised the lawyer for the asylum seeker the outcome of ASIO’s security assessment


A member of the public complained of irregularities in an ASIO recruitment process. Following inquiries from the office, ASIO identified a database error which had resulted in no written advice being sent to the complainant concerning the outcome of a 2018 recruitment process. The same database error also led to ASIO giving incorrect verbal advice to the complainant. ASIO corrected the database error and sent a letter of apology to the complainant


An individual complained that ASIO had interviewed a member of the public several times without an Auslan interpreter, despite multiple requests for an interpreter to be used.

IGIS staff sought advice from the Australian Human Rights Commission before raising the complaint with ASIO. The IGIS found there were some deficiencies in ASIO’s arrangements for ensuring an appropriately independent Auslan interpreter was made available for interviews. However ASIO considered sensitive interviews should be undertaken by a security-cleared interpreter and had difficulty in obtaining one, and the IGIS formed the view that it was for ASIO to decide if the interpreter needed to be security-cleared.

In response to an IGIS recommendation, ASIO agreed not to interview the person again without an interpreter, developed a policy on interviewing people with disabilities to ensure reasonable adjustments are made in future cases, and amended its practice manual to include arrangements for interviewing persons with a disability in compliance with the Disability Discrimination Act 1992.


A member of the public applied to the Australian Cyber Security Centre (ACSC, a division of ASD) for certification of encryption software and complained to the IGIS about the ACSC’s lack of response. The ACSC informed IGIS staff of their prior contact with the individual; the person’s emails had been blocked permanently due to their offensive language and threatening conduct towards ACSC staff.

ASD’s functions require little interaction with members of the public and the ACSC, which provides a range of services requiring public engagement, was unfamiliar with strategies for managing such problems. IGIS staff provided advice (and resources available from the Office of the Commonwealth Ombudsman) about appropriate management of unreasonable conduct to ASD. As a result, the ACSC wrote to the individual formally advising the communication restrictions, the timeframe during which the restrictions would be imposed, and conditions to be met in regard to any future contact. The ACSC expressed appreciation for the guidance IGIS staff provided and indicated an intention to incorporate it in staff training.



The Public Interest Disclosure Act 2013 (PID Act) is intended to promote integrity and accountability within the Commonwealth public sector, including by encouraging public interest disclosures by public officials, providing appropriate support to disclosers to ensure that they are not subject to adverse consequences as a result of their disclosures and ensuring that disclosures by public officials are properly investigated and addressed.


The office has key responsibilities under the PID scheme, including:

  • Receiving, and, where appropriate, investigating disclosures about suspected wrongdoing within the intelligence agencies;
  • Assisting current or former public officials who work for, or who previously worked for, the intelligence agencies in relation to the operation of the PID Act;
  • Assisting the intelligence agencies in meeting their responsibilities under the PID Act, including through education and awareness activities; and
  • Overseeing the operation of the PID scheme in the intelligence agencies.

The office has nine authorised officers under the PID scheme in addition to a principal officer (the Inspector-General). These officers are accessible to intelligence agency staff due to their regular attendance at agencies for routine activities such as inspections and briefings.

Figure 2.6: Number of public interest disclosure (PID) received 2016-17 to 2018-19Column chart depicting public interest disclosures received 2016-17 to 2018-19

Figure 2.7 Number of public interest disclosure (PID) received 2016-17 to 2018-19















Figure 2.8: Public interest disclosures by agency and source in 2018-19

















There were five public interest disclosures concerning intelligence agencies during the reporting period, reflecting a downward trend since the commencement of the scheme in the 2016-17 reporting period. No disclosable conduct was reported in relation to the IGIS.

All five of the public interest disclosures raised allegations of maladministration in security assessment processes, including procedural fairness, bias and other unprofessional conduct. One related to the conduct of a pre-employment security assessment, one to conditions for contractors seeking to work across multiple agencies, and three concerned the withdrawal of clearances. One of these also alleged maladministration in relation to reported concerns about staff well-being.

Investigation of one case did not proceed as the discloser withdrew the claim in order to pursue other internal avenues. Section 48 of the PID Act provides the principal officer of the agency with discretion not to investigate. As the disclosure related to a decision by the employer to withdraw the complainant’s Positive Vetting security clearance and thus terminate their employment, the Inspector-General was satisfied there was no merit in investigating the case at this time.

Investigation of the remaining disclosures was conducted in accordance with the IGIS Act, rather than the PID Act, to enable the use of the IGIS inquiry powers if required. Recommendations were made in one case. Two of the five PIDs remained open at the end of the reporting period.

Despite what appears to be a cluster in reporting about maladministration in security clearance processes, no trends have been identified through the cases examined by this office.


A PID relating to ASD concerned maladministration resulting in the denial of a contracting position. The discloser alleged ASD did not provide procedural fairness and was concerned the denial could be reprisal action for having made a previous complaint.

Investigation under the IGIS Act found no evidence to prove the allegations. While the investigation found some areas for improvement in ASD’s communication and processes, these would not have changed ASD’s decision in the case. The Inspector-General made two recommendations relating to ASD’s internal processes and two relating to the specific case, all of which were accepted by ASD.


In accordance with section 44(1A)(b) of the PID Act, the intelligence agencies are required to meet certain reporting requirements including by informing IGIS when a public interest disclosure is allocated for investigation by an intelligence agency.

IGIS was informed of one PID received by ASD in the 2018-19 reporting period. The remaining intelligence agencies reported having received no PIDs in the same period.

IGIS also has a role in meeting annual reporting obligations by collecting and collating the intelligence agencies’ responses to the Commonwealth Ombudsman’s annual PID survey. IGIS performs this role to ensure the protection of classified details relating to the intelligence agencies.


In 2018-19 the office also received contacts from approximately 200 individuals seeking advice or expressing concern about matters affecting them that were assessed to be outside the jurisdiction of the office or did not require action. This represents an increase of around 23% over the previous reporting period. Over one-third of these individuals made repeated contact raising the same or similar issues. IGIS staff apply a consistent, fair approach to managing such matters.

When the office is contacted about matters that it cannot pursue, IGIS staff provide written or oral advice about the office’s jurisdiction and alternative action that can be taken to resolve concerns, including reference to other complaint-handling bodies, police and the National Security Hotline. In cases where there has been previous contact about matters that have already been assessed, the office takes no further action unless substantially new and credible information is provided.

Objective 5 - Infrastructure and Relationships


In March 2019 IGIS relocated from its premises at One National Circuit, Barton to new larger premises co-located with the Attorney-General’s Department at 3-5 National Circuit, Barton. The increased size of the new premises was necessary to accommodate the projected growth in staff numbers in line with the office’s corporate plan. The office move was completed on time, within budget and with no security concerns.


The office frequently liaises with other accountability and integrity agencies, both in Australia and overseas, to discuss matters of mutual interest, learn from each other’s practices, and to keep abreast of significant developments in other jurisdictions.


The focus of our engagement with other domestic accountability and integrity agencies has been the practicalities of implementing the recommendations from the 2017 Independent Intelligence Review that the jurisdiction of the Inspector-General be expanded to include the intelligence functions of the ACIC, AFP, AUSTRAC and the Department of Home Affairs. During the reporting period the office worked with the Australian Commission for Law Enforcement Integrity (ACLEI), the Australian Human Rights Commission (AHRC), the Inspector-General of the Australian Defence Force (IGADF), the Office of the Commonwealth Ombudsman (OCO) and the Office of the Australian Information Commissioner (OAIC) on measures to ensure that our future oversight activities are complementary and to avoid overlap to the greatest possible extent. An agreement-in-principle has been reached and set out in a Statement of Cooperation. The Statement of Cooperation will be finalised once legislation expanding the jurisdiction of IGIS has commenced.


During the reporting period the office continued to strengthen our relationship with ACLEI ahead of proposed changes to our jurisdiction. An IGIS officer completed a six-month Immersive Development Placement with ACLEI to enhance our understanding of their activities, practices and procedures. Additionally, IGIS officers attended ACLEI’s Community of Practice for Corruption Prevention meeting as observers.


The AHRC is required by section 11(3) of the Australian Human Rights Commission Act 1986 to refer human rights and discrimination matters relating to an act or practice of the intelligence and security agencies to the Inspector-General. During 2018-19 no such matters were referred by the AHRC.


During the reporting period IGIS officers attended training conducted by the IGADF on the conduct of administrative inquiries in the Australian Defence Force.


In December 2018 the Deputy Inspector-General met with the Australian Information Commissioner and Privacy Commissioner to discuss the development of privacy rules for ONI.


The work of the OCO and this office is complementary and there is a memorandum of understanding that provides guidance on handling complaints that overlap the jurisdiction of each office. A review of the memorandum was conducted during the reporting period with a view to updating the guidance and broadening its scope, in particular to address the proposed expansion of the jurisdiction of this office. During the reporting period, IGIS continued to hold regular face-to-face meetings at the Deputy Inspector-General/Deputy Ombudsman level as well as working level engagement. At the working level our engagement with OCO has focused on the measures to avoid duplication of future oversight and has included IGIS officers observing elements of Ombudsman inspections of agencies within the scope of the proposed expansion of IGIS jurisdiction. During 2018-19 one IGIS staff member completed an Immersive Development Placement with OCO.



In October 2018 the Inspector-General hosted the annual meeting of the Five Eyes Intelligence Oversight and Review Council (the Council) in Canberra. The Council is comprised of the following intelligence oversight, review and security entities of the Five Eyes countries: the Office of the Inspector-General of Intelligence and Security of Australia; the Office of the Communications Security Establishment Commissioner and the Security and Intelligence Review Committee of Canada; the Commissioner of Intelligence Warrants and the Office of the Inspector-General of Intelligence and Security of New Zealand; the Investigatory Powers Commissioner’s Office of the United Kingdom; and the Office of the Inspector General of the Intelligence Community of the United States. Council members exchange views on subjects of mutual interest and concern; compare best practices in review and oversight methodology; where appropriate explore areas where cooperation on reviews and the sharing of results is permitted; encourage transparency to the largest extent possible to enhance public trust; and maintain contact with political offices, oversight and review committees, and non-Five Eyes countries as appropriate. The Council meets in person at least once per year.

The 2018 Council meeting agenda focused on the themes of independence and keeping up with technology. During the first day discussion focused on the importance of, and challenges associated with, intelligence review and oversight entities maintaining their institutional independence. Issues covered included the importance of independence, the security of their independence and its limitations, the relative importance of actual and perceived independence, the potential for compromise of independence, and how review and oversight bodies demonstrate their independence. On the second day of the conference, discussion focused on the importance of, and challenges associated with, the intelligence review and oversight entities’ abilities to keep up with technology. Issues discussed included challenges associated with hiring, training, and retaining their workforces, the potential for accountability capture by the intelligence services, and developing cultures of compliance with intelligence services subject to intelligence review and oversight. Sessions on unauthorised disclosures and exchange programs were also held on the second day.

During the conference Alexander W. Joel, the Chief of the Office of Civil Liberties, Privacy, and Transparency with the United States Office of the Director of National Intelligence, delivered a keynote address on the importance of transparency. This address was attended by the Council members as well as senior representatives from Australian and New Zealand intelligence communities and a member of the Australian parliament.

During the reporting period, the Council has also liaised via teleconference in preparation for its October 2019 meeting, which will take place in the United Kingdom. This activity will be reported in the 2019-20 annual report.


In early May 2019 the Inspector-General and a senior officer travelled to the United Kingdom to meet with the Investigatory Powers Commissioner and members of his office. Discussions covered the formation and functioning of the Investigatory Powers Commissioner’s Office and the ‘double-lock’ mechanism, the Technology Advisory Panel, oversight of covert effects and bulk data, oversight of policing bodies, and dealings with civil society groups. This engagement also saw the Inspector-General meet with agencies within the oversight jurisdiction of the Investigatory Powers Commissioner’s Office.

In late May 2019 the Inspector-General and Deputy Inspector-General travelled to Wellington to meet with the New Zealand Inspector-General of Intelligence and Security and her office. This engagement enabled discussion on key national developments and matters of mutual interest, including changes to the National Intelligence Community, outreach with civil society groups, collaborative projects, and the conduct of overseas inspections.

Objective 6 - High-performing Workforce


IGIS maintains a strategic human resources (HR) plan to ensure that the office recruits, develops and retains a workforce that effectively supports the Inspector-General in current activities as well as preparing the office for its anticipated expansion of jurisdiction. In 2018-19 the average staff turnover for the office was 8.4%. The office is partially meeting its recruitment targets in the strategic HR plan and several candidates are undergoing relevant pre-employment suitability and security checks.

In 2018-19 the office continued its program of internal training in job-specific skills and knowledge including recent changes to legislation, complaints handling and security awareness. In order to manage increased recruitment activity and larger staff numbers overall, in 2018-19 the office implemented a formal five day induction program for new staff. The office also provided opportunities for staff to attend training courses and seminars relevant to their role. The IGIS Enterprise Agreement 2016-2019 provides a studies assistance scheme for employees who pursue studies relevant to the work of the office.

The office conducts regular staff surveys to seek feedback on the office’s performance management and training arrangements. In a staff survey conducted in June 2019, roughly 70% of staff agreed or strongly agreed that performance management, training and development and leadership provided by the IGIS executive adequately support employees to perform the duties of the office.


During 2018-19 this office has undertaken Immersive Development Placements with other Commonwealth government agencies, including the Australian Commission for Law Enforcement Integrity (ACLEI), the Australian Criminal Intelligence Commission (ACIC), the Australian Federal Police (AFP), the Australian Transaction Reports and Analysis Centre (AUSTRAC), and the Office of the Commonwealth Ombudsman (OCO). These placements have been undertaken in accordance with arrangements developed in a memorandum of understanding with each host agency, and further tailored to each individual placement. A Memorandum of Understanding for Immersive Development Placements has also been negotiated with the Department of Home Affairs.

These placements were designed to improve the expertise of this office ahead of the commencement of its expanded jurisdiction. They also enabled the office to enhance its understanding of the host agencies’ internal policies, procedures and organisational structures. The placements have likewise provided host agencies with an understanding of the organisational structure of this office and its approach to oversight. Where individuals have been hosted in the ACIC, AFP and AUSTRAC, it has also improved the office’s understanding of the intelligence functions of these agencies, and developed the skills and capability of our employees in relation to those functions. The placement of IGIS employees with other oversight bodies (ACLEI and OCO) has assisted this office in its work to prepare for the de-confliction of oversight when the expanded jurisdiction commences. Placements have primarily been undertaken by newly recruited staff who are in the process of obtaining the security clearance for IGIS roles.