A harm-based approach

Duty not to disclose information

4.86       In considering how these new secrecy offences should be framed, the ALRC examined a range of existing provisions—including ss 70 and 79(3) of the Crimes Act—particularly those aspects of existing provisions that have drawn consistent criticism. One aspect that has attracted adverse attention is the lack of clarity and certainty around when a ‘duty not to disclose information’ might arise under s 70 of the Crimes Act.

4.87       Section 70 provides that it is an offence for a Commonwealth officer to disclose information ‘which it is his or her duty not to disclose’. As noted in Chapter 3, this duty is not found in s 70 itself, but must be found elsewhere. Most commonly, the source of the duty is a specific legislative provision giving rise to a duty not to disclose official information.

4.88       For example, s 13 of the Public Service Act, which sets out the APS Code of Conduct, provides that an APS employee must comply with any conduct requirement prescribed by the regulations.[91] Regulation 2.1(3) of the Public Service Regulations 1999 (Cth) sets out a duty not to disclose information:

an APS employee must not disclose information which the APS employee obtains or generates in connection with the APS employee’s employment if it is reasonably foreseeable that the disclosure could be prejudicial to the effective working of government, including the formulation or implementation of policies or programs.[92]

4.89       Regulation 2.1 provides an example of a provision that sets out a duty of non-disclosure and makes express reference to the application of s 70 of the Crimes Act in an accompanying note:

Note: Under section 70 of the Crimes Act 1914, it is an offence for an APS employee to publish or communicate any fact or document which comes to the employee’s knowledge, or into the employee’s possession, by virtue of being a Commonwealth officer, and which it is the employee’s duty not to disclose.

4.90       Other secrecy provisions are not expressly linked to s 70 in this way. For example, s 114(1) of the Food Standards Australia New Zealand Act 1991 (Cth) states that:

It is the duty of a person who is a member of the Board, a member of the staff of the Authority, a member of a committee or a person engaged as a consultant under section 136 not to disclose any confidential commercial information in respect of food that has been acquired by the person because of being such a member or consultant.

4.91       The provision does not specify a penalty for breach and makes no reference to the Crimes Act. Presumably s 70 applies, but its application is not readily apparent.[93] The ALRC has also identified 23 provisions that are not themselves criminal, but may give rise to a ‘duty not to disclose’ for the purposes of s 70.[94]

4.92       A duty may also arise from other sources, such as an employee’s general law duties[95] or, possibly, the terms and conditions of an employment contract. As discussed in Chapter 3, there is some doubt about whether the ‘duty’ in s 70 of the Crimes Act can arise from a contractual term, but it seems clear that it must be a legal—as opposed to a moral—duty.[96] The lack of clarity as to which duties may give rise to criminal liability under s 70 led McGinness to observe that:

The obscure nature of the duties was the subject of criticism when the Crimes Act was first enacted and has been put forward by prosecuting authorities as one reason for their failure to prosecute possible breaches.[97]

4.93       In his report on Integrity in Government Project—Official Information, Paul Finn expressed the view that the operation of s 70

simply attaches criminal sanctions to the breach of whatever secrecy obligation happens to bind a given public official. This, of itself, gives reason for pause. But what makes it particularly obnoxious is that … the secrecy obligations imposed by public service legislation are so all encompassing and unreasonable in their information coverage that strict compliance with them is practically impossible. In their current form those obligations have no place in a modern democratic State. There is an urgent need for their recasting. There is a like need to reconsider what their appropriate relationship should be to the criminal law even after that recasting.[98]

4.94       The AGD Guide to Framing Commonwealth Offences states that:

It is normally desirable that the content of an offence be stated in the offence itself, so that the scope and effect of the offence is clear to the Government, the Parliament and those subject to the offence.[99]

4.95       In DP 74, the ALRC expressed the view that it was not desirable for the scope of a central element of the general secrecy offence to be dependent on provisions in other legislation.[100] This approach leaves open the possibility that a single criminal penalty, set out in s 70, will apply to a wide range of circumstances set out in specific secrecy provisions. Although it is possible to include a cross-reference to s 70 in a provision giving rise to a duty of non-disclosure, this is not ideal. The ALRC expressed concern that, where no cross-reference to s 70 was included in legislation containing a duty of non-disclosure, it was unclear whether the Australian Parliament expressly considered the link with s 70 and the fact that a breach of the duty created had the potential to give rise to criminal liability and the imposition of the criminal sanctions set out in s 70.

Submissions and consultations

4.96       In response to IP 34, the AGD submitted that:

It would seem preferable for a general secrecy offence to set out the circumstances when a duty of non-disclosure might arise, as this would provide greater clarity and certainty to Commonwealth officers and others. It would also tend to reduce the perceived need for including specific secrecy laws in other legislation on the basis that it is not sufficiently clear whether the general offence would apply, or to create a specific duty for the purpose of the general offence. However, it is unlikely to be possible to set out exhaustively all the circumstances that may give rise to a non-disclosure duty. Therefore, it seems advisable to retain a level of flexibility in the general offence to allow for non-disclosure duties to arise elsewhere, such as in other legislation, pursuant to contractual agreements or at common law.[101]

4.97       Other stakeholders expressed a level of concern that the duty not to disclose should be found separately from the provision imposing the criminal sanction.[102] The Community and Public Sector Union (CPSU) focused on the relationship between reg 2.1 of the Public Service Regulations and s 70 of the Crimes Act and submitted that only disclosure of classified or secret Commonwealth information should be subject to criminal penalties. Disclosure of other confidential information should be dealt with on an administrative level—as a breach of the APS Code of Conduct in the Public Service Act—in the same way as other employment-related disciplinary matters.[103]

4.98       Fraser agreed, stating that:

So long as s 70 continues to penalise breaches of duty to be found in other legislation, breaches of Public Service Regulation 2.1 will be subject both to administrative penalties and to possible prosecution under s 70. It is preferable for it to be restricted to the former.[104]

4.99       PIAC submitted that:

Any criminal secrecy provision of general application should not be triggered by breach of an obligation arising under the general law, but upon breach of a clearly identified duty of non-disclosure, set out in the relevant statute. …

All secrecy provisions should make clear on their face the consequences of breach. If the consequences of breach are contained in another piece of legislation, the secrecy provision should cross-reference it, although this is not the preferred approach.[105]

ALRC’s views

4.100   There are real concerns about the way that s 70 of the Crimes Act is framed—in particular, the need to establish a ‘duty not to disclose’ independently of the offence provision. In the ALRC’s view, where it is the Australian Parliament’s intention to impose criminal sanctions for disclosure of Commonwealth information, this should be done in a single offence provision so that there is a clear and certain link between the conduct being criminalised and the criminal penalty imposed.

4.101   In addition, it is not appropriate to impose criminal sanctions for breach of any duty not to disclose Commonwealth information. In the ALRC’s view, for example, the duties defined by an employee’s duty of loyalty and fidelity or those set out in reg 2.1 of the Public Service Regulations are too broad to form the basis of a criminal offence.[106]

Alternative approaches

4.102   In this section, the ALRC considers alternative approaches to framing secrecy offences and concludes that the duty not to disclose information should be set out in the provision itself, and that it should be framed as a duty not to disclose information that would harm, or is likely or intended to harm, essential public interests. This approach has the potential to address the issues identified above: that is, it will not be necessary to look to other legislation to define the duty not to disclose, and it will be possible to ensure that criminal penalties are only imposed in appropriate circumstances by identifying the public interests to be protected by each offence.

Past reports and recommendations

4.103   A number of past reports in Australia and overseas have considered various ways of framing secrecy provisions, including by defining protected categories of information or adopting a harm-based approach. In 1972, a United Kingdom (UK) departmental committee chaired by Lord Franks (the Franks Committee), reported on s 2 of the Official Secrets Act 1911 (UK).[107] Section 2 prohibited the unauthorised disclosure of ‘all information which a Crown servant learns in the course of his duty’.[108] The Committee noted that:

The leading characteristic of this offence is its catch-all quality. It catches all official documents and information. It makes no distinctions of kind, and no distinctions of degree. All information which a Crown servant learns in the course of his duty is ‘official’ for the purposes of section 2, whatever its nature, whatever its importance, whatever its original source. A blanket is thrown over everything; nothing escapes. The section catches all Crown servants as well as all official information.[109]

4.104   The Franks Committee concluded that ‘any law which impinges on the freedom of information in a democracy should be much more tightly drawn’.[110] The Committee concluded that change was essential, and that s 2 should be repealed and replaced by narrower and more specific provisions.[111] The Committee rejected ‘the notion that criminal sanctions should be retained for all official information which a Government may reasonably wish to withhold’ and, in particular, expressed the view that information about most of the domestic functions of government should not attract the protection of the criminal law.[112] This approach was intended to minimise the inhibiting effect of s 2 on the appropriate disclosure of information about these functions.

4.105   Instead, the Franks Committee concluded that only information that went to the fundamentals of government, and that had the potential to affect the nation as a whole and the safety of its citizens, should attract the protection of the criminal law:

A safe and independent life for a nation and its people requires effective defence against the threat of attack from outside. It requires the maintenance of the nation’s relations with the rest of the world, and of its essential economic base. It requires the preservation of law and order, and the ability to cope with emergencies threatening the essentials of life … It is information relating to these basic functions of a central Government which most requires protection. It is here that a threat to the nation can have the most serious consequences. The most appropriate general description for all these matters is that they concern the security of the nation and the safety of the people.[113]

4.106   The Franks Committee identified the following kinds of official information as requiring the protection of the criminal law:

  • classified information relating to defence or internal security, or to foreign relations, or to the currency or to the reserves, the unauthorised disclosure of which would cause serious injury to the interests of the nation;

  • information likely to assist criminal activities or to impede law enforcement;

  • Cabinet documents; and

  • information entrusted to the Government by a private individual or organisation.[114]

4.107   In relation to the first category, the Franks Committee recommended that the existing security classification system be adapted, so that information classified at ‘Secret’ and above would attract the protection of the criminal law.[115] The prosecution would be required to establish that the information was classified, but not that the disclosure of the information would harm the interests of the nation.[116] In relation to the second category, the prosecution would have to prove that the information was likely to assist criminal activities or impede law enforcement, thus imposing a requirement to prove that the disclosure was likely to cause harm. Cabinet documents and information provided by individuals or organisations were to be protected as categories of information and the prosecution would not be required to prove harm.

4.108   The Committee stated, in relation to repealing and replacing s 2 of the Official Secrets Act:

We propose its replacement by provisions reduced in scope and less uncertain in operation. We believe that these provisions provide the necessary minimum of criminal law required for the security of the nation and the safety of the people, and for the constructive operation of our democracy in the conditions which obtain today.[117]

4.109   A 1978 UK Government Home Office White Paper[118] set out proposals for legislation that closely followed the Franks Committee’s recommendations, but legislation introduced in 1979 based on this White Paper was withdrawn due to lack of support. A second Home Office White Paper was published in 1988, taking a different approach. The 1988 White Paper proposed that the legislation should

identify those areas in which disclosure of at least some information may be sufficiently harmful to the public interest to justify the application of criminal sanctions. The number of such areas is in fact small. For the most part, even if disclosure may obstruct sensible and equitable administration, cause local damage to individuals or groups or result in political embarrassment, it does not impinge on any wider public interest to a degree which would justify applying criminal sanctions.[119]

4.110   In addition, the 1988 White Paper proposed that various tests of harm should be developed:

The Government considers that as far as possible any test of harm should be concrete and specific if it is to be applied by the courts. At this practical level, the harm likely to arise from the disclosure of different kinds of information is not the same in all respects in each case. The Government therefore proposes separate tests of likely harm for the different categories of information to be covered by future legislation.[120]

4.111   The White Paper proposed that the legislation should apply in the areas of:

  • security and intelligence;

  • defence;

  • international relations;

  • information obtained in confidence from other governments and international organisations;

  • information useful to criminals; and

  • interception information.

4.112   The White Paper proposed a harm element in relation to each of these areas except disclosures of security and intelligence information by members of the security and intelligence services; information obtained in confidence from other governments and interception information. The Official Secrets Act 1989 (UK) was based to a large extent on the approach outlined in this White Paper and is discussed further below.

4.113   The UK developments were considered in Australia by the Gibbs Committee. In its final report, the committee discussed the need for secrecy offences in Australia to include a requirement to prove that the unauthorised disclosure caused some harm and, in this regard, drew a distinction between different categories of protected information. In relation to information dealing with defence or foreign relations, for example, the Gibbs Committee stated that:

Obviously, the description of information as relating to defence or foreign relations would be so wide that, unless qualified in some way, [the provisions] would apply to information of an innocuous nature. Thus, no submission disputed that these descriptions needed to be qualified by a requirement to prove harm.[121]

4.114   The Gibbs Committee recommended that the prosecution should be required to prove harm in the case of a disclosure of information:

  • relating to defence or foreign relations; or

  • obtained in confidence from foreign governments and international organisations.[122]

4.115   In some areas, however, the Committee considered it was appropriate to impose criminal sanctions without having to establish any harm to the public interest—notably, in relation to intelligence and national security information.[123]

4.116   In the 2004 report, Keeping Secrets: The Protection of Classified and Security Sensitive Information, the ALRC recommended that criminal penalties should be imposed only in relation to information that genuinely requires protection and where unauthorised disclosure is likely to harm the public interest.[124] As discussed in Chapter 3, this is the approach that the courts have adopted in considering the extent to which government information is protected by the equitable duty of confidence.[125]

Australian secrecy offences

4.117   Most existing secrecy provisions in Australia do not expressly indicate the public interest they are seeking to protect or the harm they are seeking to prevent. For example, s 51(2) of the Australian Crime Commission Act 2002 (Cth) provides that:

A person to whom this section applies who, either directly or indirectly, except for the purposes of a relevant Act or otherwise in connection with the performance of his or her duties under a relevant Act, and either while he or she is or after he or she ceases to be a person to whom this section applies:

         (a)     makes a record of any information; or

         (b)     divulges or communicates to any person any information;

being information acquired by him or her by reason of, or in the course of, the performance of his or her duties under this Act, is guilty of an offence punishable on summary conviction by a fine not exceeding 50 penalty units or imprisonment for a period not exceeding 1 year, or both.

4.118   This provision binds the Chief Executive Officer, staff and others associated with the Australian Crime Commission, and applies to any information acquired in the course of their duties under the Act. It is not necessary to show that the unauthorised conduct—making a record of, divulging or communicating information—would cause, was likely to cause or was intended to cause any harm. While this issue might be taken into consideration by the Commonwealth Director of Public Prosecutions (CDPP) in deciding whether to prosecute a person for a breach of the provision,[126] or by the court in deciding on an appropriate penalty,[127] they do not form an element of the offence itself.

4.119   By way of contrast, a small number of Australian secrecy provisions expressly require that the unauthorised conduct cause, be likely to cause, or be intended to cause, harm to a specific public interest.[128] An example is s 58 of the Defence Force Discipline Act 1982 (Cth), which provides that it is an offence to make an unauthorised disclosure of information that ‘is likely to be prejudicial to the security or defence of Australia’. Strict liability applies to this element of the offence and so it is not necessary to establish that the person was reckless or intended to prejudice the security or defence of Australia, just that the disclosure was likely to do so.

4.120   Another example is s 193S(3) of the Aboriginal and Torres Strait Islander Act 2005 (Cth), which makes it an offence for an Indigenous Land Corporation officer to disclose information ‘considered sacred or otherwise significant by a particular group of Aboriginal persons or Torres Strait Islanders’, where ‘the disclosure would be inconsistent with the views or sensitivities of those Aboriginal persons or Torres Strait Islanders’.

4.121   As noted above, and discussed in Chapters 2 and 12, reg 2.1(3) of the Public Service Regulations was amended in 2006 to incorporate a harm element. The revised regulation prohibits an APS employee from disclosing Commonwealth information ‘if it is reasonably foreseeable that the disclosure could be prejudicial to the effective working of government’. Although this provision does not itself give rise to criminal sanctions, it does establish a ‘duty not to disclose’ that can be used as the basis for a criminal prosecution under s 70 of the Crimes Act.

4.122   The requirement to establish that the unauthorised disclosure could be prejudicial to the effective working of government was introduced following a decision of the Federal Court of Australia in Bennett v President, Human Rights and Equal Opportunity Commission.[129] Finn J found that reg 7(13)—a predecessor to reg 2.1—was a ‘catch-all’ provision that did not differentiate between the types of information protected or the consequences of disclosure and was therefore inconsistent with the implied constitutional freedom of communication about government and political matters.[130]

4.123   The constitutional validity of the amended reg 2.1 was challenged in the Supreme Court of the ACT in R v Goreng Goreng (Goreng Goreng).[131] The regulation was upheld on the basis that it was much more limited than its predecessor and targeted the protection of a legitimate public interest in the effective working of government.[132]

Case study: R v Goreng Goreng[133]

Tjanara Goreng Goreng was a Commonwealth officer with the Office of Indigenous Policy Co-ordination in the Department of Families, Housing, Community Services and Indigenous Affairs (FaHCSIA). Goreng Goreng was charged with seven counts of breaching a duty not to disclose information which came into her possession in her capacity as a Commonwealth officer. Goreng Goreng sent her daughter three documents relating to the rights of Indigenous peoples, to assist her with an essay she was writing for school. Goreng Goreng also forwarded a number of work related emails—having removed the ‘confidential’ marking on one email—to the payroll/finance officer in the community administration at the Mutitjulu community.

The jury found Goreng Goreng guilty of a breach s 70 of the Crimes Act. The prosecution argued that the ‘duty not to disclose’ under s 70 was activated by the duty set out in reg 2.1 of the Public Service Regulations; the common law duty of an employee to serve her employer in good faith and fidelity; the equitable duty of confidence imposed on recipients of confidential information; and the obligation under s 13(10) of the Public Service Regulations not to use information for personal benefit.

Goreng Goreng was convicted and released upon entering into a recognizance in the sum of $2,000 to remain of good behaviour for three years and to pay a penalty in the sum of $2,000 within six months.

International secrecy offences

4.124   The Official Secrets Act 1989 (UK), the Crimes Act 1961 (NZ) and the Summary Offences Act 1981 (NZ) have each adopted a harm-based approach to the disclosure of certain categories of official information.

4.125   The UK Official Secrets Act requires the prosecution to prove that an unauthorised disclosure of information in the following categories is ‘damaging’:

  • security and intelligence information disclosed by Crown servants and government contractors;

  • defence;

  • international relations; and

  • criminal law enforcement.

4.126   As discussed further below, there is no requirement under the Act to prove harm in relation to disclosures of security and intelligence information by members of the security and intelligence services; telecommunications interception information; and information obtained under a warrant issued under the Security Services Act 1989 (UK).

4.127   Section 78A of the New Zealand Crimes Act establishes an offence for unauthorised communication of official information ‘likely to prejudice the security or defence of New Zealand’. In addition, s 20A of the Summary Offences Act 1981 (NZ) establishes an offence for unauthorised communication of official information likely:

(a)    to endanger the safety of any person; or

(b)    to prejudice the maintenance of confidential sources of information in relation to the prevention, investigation, or detection of offences; or

(c)    to prejudice the effectiveness of operational plans for the prevention, investigation, or detection of offences or the maintenance of public order, either generally or in a particular case; or

(d)    to prejudice the safeguarding of life or property in a disaster or emergency; or

(e)    to prejudice the safe custody of offenders or of persons charged with offences; or

(f)     to damage seriously the economy of New Zealand by disclosing prematurely decisions to change or continue Government economic or financial policies relating to:

         (i)      exchange rates or the control of overseas exchange transactions;

         (ii)     the regulation of banking or credit;

         (iii)    taxation;

         (iv)    the stability, control, and adjustment of prices of goods and services, rents, and other costs, and rates of wages, salaries, and other incomes;

         (v)     the borrowing of money by the Government of New Zealand;

         (vi)    the entering into of overseas trade agreements.

4.128   All of these offences in the New Zealand Crimes Act and Summary Offences Act require the prosecution to prove harm.

Discussion Paper proposal

4.129   In DP 74, the ALRC considered the need to reduce significantly the scope of s 70 of the Crimes Act.[134]The ALRC suggested that this could be achieved in a number of ways. One option would be to target the unauthorised disclosure of specific categories of information—for example, information relating to national security or defence; classified information; information provided in confidence by other governments or international organisations; or Cabinet documents.

4.130   The ALRC did not, however, adopt this approach, expressing the view that—in relation to the general secrecy offence—it was important to ensure that only disclosures of information that genuinely required protection, and which were likely to be harmful, should attract criminal sanctions. Not all information in any one of the categories above would meet this test. Instead, the ALRC proposed that the new general secrecy offence should apply to unauthorised disclosures of Commonwealth information that were reasonably likely to, intended to, or did in fact:

  • harm the national security, defence or international relations of the Commonwealth;

  • prejudice the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction, the enforcement of laws relating to the confiscation of the proceeds of crime, or the protection of the public revenue;

  • endanger the life or physical safety of any person;

  • pose a serious threat to public health or public safety;

  • have a substantial adverse effect on personal privacy; or

  • have a substantial adverse effect on a person in respect of his or her lawful business or professional affairs or on the business, commercial or financial affairs of an organisation.[135]

Submissions and consultations

In support of an express harm requirement

4.131   A number of stakeholders expressed support for the ALRC’s proposed approach of imposing criminal sanctions under the general secrecy offence in relation to unauthorised disclosures that cause harm, or are likely or intended to cause harm, rather than simply relying on protected categories of information.[136] The CPSU, for example, considered that the approach ‘provides an appropriate balance between secrecy, and transparency and openness of government’ and that the proposed provision was a ‘significant improvement upon s 70 of the Crimes Act in providing clarity and consistency for regulating secrecy of government information’.[137]

4.132   PIAC had previously submitted that the mere fact that information fell into a particular category (such as information relating to defence) or was held by specific agencies (such as those in the AIC) was not sufficient to justify the protection of the criminal law if disclosure would not, and could not reasonably be expected to, harm specific public interests:

In PIAC’s view, the principles developed under the equitable duty of confidence should be regarded as the touchstone for principled protection of government information. An approach based on the equitable duty of confidence requires a focus on the material in question and the nature of any detriment caused by its release, and has the decided advantage of leaving open an exception where disclosure would expose serious wrongdoing or iniquity.[138]

4.133   PIAC noted the tension between very broad secrecy provisions—such as s 70 of the Crimes Act—and the access regime established by the Freedom of Information Act 1982 (Cth) (FOI Act), which is ‘limited only by exceptions and exemptions necessary for the protection of essential public interests and the private and business affairs of persons’.[139]

4.134   The Law Council of Australia also noted this tension, stating that it is anomalous that criminal sanctions may be imposed on a public servant for releasing information which a member of the public could successfully request under the FOI Act. The Law Council expressed support for including a harm requirement in secrecy provisions, stating that:

Whilst it is important that governments are able to maintain secrecy over information that affects national security or national interests (which, properly characterised, tips the balance in favour of collective, rather than individual, rights), the Law Council contends that, in many areas of Executive power, the case for secrecy is far less obvious. Information should only be characterised as ‘secret’ if its release could reasonably be expected to damage the national interest, where that damage is not outweighed by the public interest in release of the information or ensuring individual rights are not infringed.[140]

4.135   The AGD submitted that it should not be necessary to establish proof of harm in relation to some categories of information, such as intelligence information, but that in relation to the general secrecy offence:

it may be appropriate to focus upon disclosure of information that could have some specified harm. This would prevent secrecy laws being too broad and taking a ‘blanket’ approach. The public interests that require protection may include things such as the effective working of government, prejudice to national security or defence, international relations, and the effective working of law enforcement agencies.[141]

4.136   The AGD noted that this approach had been taken in reg 2.1 of the Public Service Regulations, discussed above. The AGD suggested that ‘reasonably likely to cause harm’ would be a useful model to adopt in relation to the general secrecy offence as it establishes an objective test. The AGD submitted, however, that a requirement to prove actual harm may create evidential difficulties, ‘particularly when the harm may not necessarily be obvious or easily quantifiable (such as with the disclosure of Cabinet documents)’.[142] The AGD also noted that evidential difficulties can arise in establishing that a person acted with an intention to cause harm:

Requiring proof of such intention in all cases would be too high a threshold and would be likely to reduce the effectiveness and potentially the deterrent effect of secrecy laws. An option that could be considered is having tiered offences, so a higher penalty applies where it can be proved that a person acted with intention to cause harm to the public interest. [143]

4.137   AUSTRAC also expressed support for the proposed general secrecy offence, noting that it captured those public interests that should be afforded protection by the criminal law. AUSTRAC submitted, however, that a different approach is required in relation to the general secrecy offence and specific secrecy offences:

AUSTRAC considers that to extend the specific secrecy offences to ‘all information’ which a Commonwealth officer has, or had, access to by reason of being a Commonwealth officer, is too broad in the context of the discussion of harm in regard to specified public interests. The current secrecy provisions of the [Anti Money Laundering and Counter-Terrorism] Act and [Financial Transaction Reports] Act protect a sub-set of information on the basis that its disclosure may adversely impact national security, international relations and the prevention, detection, prosecution and punishment of criminal offences, the recovery of criminal assets and protection of the national revenue.[144]

4.138   ASIC submitted that criminal liability should be limited to unauthorised disclosures of information that genuinely requires protection and that is likely to harm a public or private interest, but emphasised that, if a harm element were introduced, the provisions should be explicit about the public interests they are intended to protect.[145]

4.139   The ARTK coalition acknowledged that criminal sanctions are likely to be justified in circumstances where unauthorised disclosure of information causes or is reasonably likely to cause:

  • harm to national security, defence or international relations;

  • prejudice to law enforcement activities or the protection of the public revenue;

  • danger to the life or physical safety of any person; or

  • a serious threat to public health or safety.[146]

4.140   While supporting the proposed focus on the harm caused by unauthorised disclosures, the ARTK coalition suggested that the offence should also be limited to defined categories of information, as suggested by the Gibbs Committee.[147]

4.141   The Australian Press Council acknowledged that certain government information needed to be kept confidential, but expressed the view that information should be available to the public, unless it was foreseeable that disclosure was likely to result in harm to the public interest:

The Council recognises that it may be impractical to abolish all laws restricting access to government information. What the Council seeks is a thorough overhaul of existing legislation to minimise its potential to restrict accountability of government action and to remove, to the greatest extent possible, the legislation’s vulnerability to be exploited by governments and officers seeking to evade public scrutiny.[148]

4.142   Whistleblowers Australia agreed, stating that:

In our system of representative government it is essential that the functions and activities of the public sector are as transparent as possible. It is a right of Australian citizens to be as informed as they wish about matters of public administration.[149]

Concerns raised in relation to an express harm requirement

4.143   A number of stakeholders were concerned that the introduction of an express harm requirement would lead to a lack of clarity and certainty for Commonwealth officers and other stakeholders.[150] The Department of Immigration and Citizenship, for example, stated that:

There may be a degree of subjectivity in assessing whether the disclosure of information would cause harm to a specified public interest, which could be difficult to apply in practice. For example, assessing potential harm caused by unlawful disclosure of information about asylum seekers will be subjective and difficult to measure given sensitive issues such as removal and possible impact on family members in country of origin.[151]

4.144   FaHCSIA noted that the test may be difficult to apply in practice, and especially difficult to prove beyond reasonable doubt. FaHCSIA expressed support for s 70 of the Crimes Act, noting that the strength of the provision lay in its broad application. The Department referred to the successful prosecution in Goreng Goreng,[152]expressing the view that criminal sanctions were appropriate in that case, and noting that it would have been difficult to achieve the same result under the proposed new general secrecy offence.[153]

4.145   FaHCSIA acknowledged, however, that there may be merit in improving the clarity and certainty of s 70, in particular by clarifying how the ‘duty not to disclose’ might arise:

This could be done, for example, by codifying the core elements of the ‘duty not to disclose’ in subsection 13(10) of the Public Service Act 1999, regulation 2.1 of the Public Service Regulations 1999, and the common law duty of an employee to serve in good faith and fidelity.[154]

4.146   The CDPP echoed FaHCSIA’s concerns in relation to prosecuting the proposed new general secrecy offence and, in particular, the requirement to prove harm:

the issue would be one for the trier of fact (ie a jury on indictable matters). Specific evidence would need to be lead on the harm (or likely harm) to the public interest. It would then be open to a defendant to rebut the prosecution case by arguing the disclosure did not (or was not reasonably likely to) cause harm to the public interest.[155]

4.147   The CDPP argued that the discussion in open court of whether a disclosure of sensitive Commonwealth information caused, or was reasonably likely, or intended to cause, harm to the public interest did not seem consistent with the protection of that public interest. In the national security context, for example, the CDPP stated that the act of giving evidence about such matters would be likely to further prejudice the public interest.

4.148   The CDPP was also concerned about who would be able to give evidence of harm, or the likelihood of harm—for example, ministers or senior Commonwealth officials—and what sort of evidence would be necessary to prove the matters beyond reasonable doubt. The CDPP noted that it is likely that the views of ministers or senior government officers would be considered opinion evidence, and that opinion evidence is only admissible when it is given by persons who fall within the various categories of ‘experts’ recognised in the Evidence Act 1995 (Cth).[156]

4.149   The Australian Federal Police stated that it opposed the requirement to prove harm in all cases in light of the difficulty of discharging the evidential burden:

For certain types of information the harm caused by disclosure will be apparent, for example, the release of police intelligence to the targets of an investigation. However, there will be large grey areas where showing the harm from disclosure will be complex, for example, the release of the architectural plans of a Commonwealth government building. Proving beyond reasonable doubt to a court that the release of such plans is likely to cause harm may require the production of evidence showing the agency and activities carried on in the building, the motivations of the person receiving the information and the context of its release. While it may be easy to argue intellectually that a disclosure caused, or is likely to cause, harm, quantifying the harm in court through admissible evidence may be difficult.[157]

4.150   APRA and the ABS suggested that an express harm requirement was not desirable in their own context-specific legislation. In APRA’s view, it is implicit in s 56 of the Australian Prudential Regulation Authority Act 1998 (Cth) that unauthorised disclosure would harm the public interest.[158] The ABS expressed the view that the absolute nature of the ABS specific provisions was their strength, but noted that some contexts could allow for a public interest element:

The unauthorised disclosure of identifiable information provided for statistical purposes should be subject to criminal penalties. Unauthorised disclosure of other statistical information (eg unauthorised disclosure of aggregated statistical results prior to their official release) should be subject to criminal penalties where such disclosure is detrimental to the public interest.[159]

ALRC’s views

The need for reform

4.151   Despite the views of some stakeholders that s 70 of the Crimes Act is relatively straightforward to enforce and should be retained, the ‘catch-all’ nature of the provision is seriously out of step with public policy developments in Australia and internationally. As discussed in Chapter 2, there is also an argument to be made that a law that imposes criminal liability on all Commonwealth officers for unauthorised disclosure of any official information—and does not differentiate between the types of information protected or the consequences of disclosure—does not sit comfortably with the implied constitutional freedom of communication about government and political matters, or with Australia’s international human rights obligations.[160]

4.152   An attempt to codify or define the ‘duty not to disclose’, as suggested by one stakeholder, is unlikely to avoid the problem of having to establish that a disclosure had the potential to cause harm. An employee’s duty of loyalty and fidelity, for example, requires that an employee must not use or disclose information obtained in the course of his or her employment to the detriment of the employer.[161] Regulation 2.1 requires that APS employees must not disclose information that could be prejudicial to the effective working of government.

4.153   The ALRC has identified two ways in which the general secrecy offence could be framed. First, the offence could identify categories of information that require protection. For example, a number of stakeholders suggested that various categories of information—such as Cabinet documents and information supplied in confidence by a foreign government—should be protected by the general secrecy offence. If this approach were adopted, it would not be necessary to prove that a disclosure caused harm, but rather that the information disclosed fell within the protected category.

4.154   Alternatively, the offence could be structured so that only those unauthorised disclosures that caused harm, or were reasonably likely or intended to cause harm, would attract criminal sanctions.

Categories of information

4.155   The weakness of the ‘categories of information’ approach is that it is indiscriminate. While the choice of category may reflect a sense that disclosure of any information in the category would inherently or potentially cause harm, the emphasis is not on the harm, but on the category. The ALRC is not convinced that all the information in the categories suggested would cause harm if disclosed, or warrants the protection of the criminal law.[162]

4.156   The alternative approach, recommended by the ALRC, is that the new general secrecy offence should expressly identify the harms that the provision seeks to prevent.[163]

The harm-based approach

4.157   In the ALRC’s view, criminal secrecy provisions should only impose liability on Commonwealth officers for disclosure of Commonwealth information where the disclosure caused harm, was reasonably likely to cause harm, or was intended to cause harm, to an essential public interest. This approach balances the need to protect certain Commonwealth information with the public interest in an open and accountable system of government. It also means that the sanctions of the criminal law are reserved for the more serious cases of unauthorised disclosure.

4.158   The ALRC acknowledges, however, that in some limited circumstances, the way in which specific secrecy offences are framed, and the context in which they operate, provide a sufficient likelihood that harm will be caused by an unauthorised disclosure, making an express requirement to prove the harm unnecessary. In these circumstances, it may be appropriate to frame the secrecy offence in relation to a particular category of information. This issue is discussed in relation to specific secrecy offences in Chapter 8.

4.159   It is not possible to adopt this approach in the general secrecy offence, however, because it is intended to apply to all Commonwealth officers and all Commonwealth information. In these circumstances, the harm to the public interest that would be caused by an unauthorised disclosure is not implicit. The unauthorised disclosure of any Commonwealth information should not be sufficient of itself to found a criminal offence, particularly in light of the Australian Government policy of encouraging a pro-disclosure culture in the public sector, and the fact that harm is unlikely to arise in relation to much of the information held by government.

Concerns with the harm based approach

4.160   A number of stakeholders expressed concern that an offence including a harm element would be difficult for Commonwealth officers to apply in practice. While there is scope for the exercise of an officer’s judgement in deciding whether the disclosure of certain Commonwealth information would, for example, damage national security, defence or international relations, the ALRC is not convinced that this will make the provision unworkable. The Australian Public Service Commission has noted that APS employees are already required to consider on each occasion whether the disclosure of information could damage the effective working of government.[164]

4.161   However, most disclosures will be routine and cause no harm. If the disclosure occurs in the course of an officer’s functions and duties, for example, it is expressly excluded from the general secrecy offence.[165] If a Commonwealth officer is unsure whether a certain disclosure is likely to cause harm, then a certain amount of consideration and consultation would be appropriate. In most agencies, this situation is likely to arise only rarely, if ever. It may be that the issue can be resolved at officer level but, if not, disclosures made with the authority of the agency head or the minister are also expressly excluded from the general offence.[166]

4.162   The ALRC has considered stakeholder concerns that a requirement to prove harm would give rise to evidential difficulties. The CDPP, for example, noted that it is likely to require the use of ‘opinion evidence’ as to the harm or the reasonable likelihood of harm. Section 76 of the Evidence Act 1995 (Cth) sets out the ‘opinion rule’, and provides that evidence of an opinion is not admissible to prove the existence of a fact. There are a number of exceptions to this rule, however, including s 79 of the Act, which provides that the ‘opinion rule’ does not apply where a person has specialised knowledge based on the person’s training, study or experience, and the person’s opinion evidence is wholly or substantially based on that knowledge.

4.163   As discussed in the report, Uniform Evidence Law (ALRC 102), there is not a clear distinction between factual evidence and opinion evidence, but rather there exists a continuum with evidence of a purely factual nature at one end and evidence that is essentially someone’s opinion at the other.[167] This would be true of the harm elements that the ALRC is recommending should form part of the general secrecy offence. In some cases the harm will be a matter of fact, for example, where an unauthorised disclosure compromises a criminal investigation because it alerts suspects to the investigation and gives them the opportunity to evade arrest; or where an unauthorised disclosure of a person’s contact details results in threatening behaviour towards that person. At the other end of the continuum will be cases where the harm will have to be proved by the use of expert opinion evidence, for example, where it is alleged that the unauthorised disclosure was reasonably likely to harm international relations.

4.164   Section 79 of the Evidence Act provides scope for senior Commonwealth officers with relevant training or experience to be called to give evidence of harm or likely harm in areas such as national security, defence, international relations, or public safety. The ALRC notes that under s 60A of the FOI Act—amended by the Freedom Information (Removal of Conclusive Certificates and Other Measures) Act 2009 (Cth)—the Inspector-General of Intelligence and Security may be asked to appear before the Administrative Appeals Tribunal to give evidence on the damage that would, or could reasonably be expected to, be caused to the security, defence or international relations of the Commonwealth by the release of a document. This provision recognises that the Inspector-General does have relevant specialised knowledge in these areas.

4.165   The CDPP also expressed concern that proving harm in open court might require the introduction of evidence that would further harm the public interest. In some cases, this issue will simply not arise, for example, where the information and context is already in the public domain because of the disclosure, or where the need for secrecy has passed due to the passage of time.

4.166   Where there is a need to introduce sensitive information into evidence, courts have developed processes and rules to deal with the situation—including the closing of courts and the use of suppression orders to restrict publication of proceedings and access to court files. These processes are discussed in detail in the ALRC report, Keeping Secrets: The Protection of Classified and Security Sensitive Information (ALRC 98).[168] The ALRC also notes that the National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth) establishes procedures to protect information likely to prejudice national security from disclosure in federal criminal proceedings.[169]

Specific secrecy offences

4.167   In Chapter 8 the ALRC expresses the view that specific secrecy offences prohibiting the disclosure of information obtained or generated by intelligence agencies—without the need to prove harm in every case—are justified by the sensitive nature of the information and the special duties and responsibilities of officers and others who work in and with such agencies. The ALRC also states that in some very limited cases, and where the category of information protected is narrowly defined, certain agencies—such as the ATO, Centrelink and the ABS, as well as some corporate regulators—may also be able to justify specific secrecy offences that do not include an express harm requirement. Generally, however, the ALRC recommends that specific secrecy offences should include an express requirement that the unauthorised disclosure of information caused, or was likely or intended to cause, harm to an essential public interest.[170]


4.168   For these reasons the ALRC considers that most secrecy offences, and the general secrecy offence in particular, should include an express requirement to establish that an unauthorised disclosure of Commonwealth information caused, or was likely or intended to cause, harm to specified public interests. This approach balances the need to protect some information by means of the criminal law, with the public interest in open government and the fostering of a pro-disclosure culture in the Australian public sector.

Recommendation 4–1               Sections 70 and 79(3) of the Crimes Act 1914 (Cth) should be repealed and replaced by new offences in the Criminal Code (Cth)—the ‘general secrecy offence’ and the ‘subsequent disclosure offences’.