12.07.2010

Protecting categories of information

8.28 Many secrecy offences currently prohibit the unauthorised handling of specific categories of Commonwealth information. These include, for example, offences that relate to the disclosure of:

· personal information,^[23] or information concerning or relating to the affairs of another person;^[24]
· confidential commercial information^[25] or other information that is supplied in confidence;^[26]
· defence or national security information, or information the unauthorised disclosure of which may prejudice defence or national security;^[27]
· law enforcement and intelligence information—information about the operations or investigations of law enforcement agencies;^[28]
· taxation information—information provided by a taxpayer to a person or an agency pursuant to a legislative requirement contained in taxation legislation;^[29]
· census and statistical information—information collected and maintained by the ABS under the Census and Statistics Act 1905 (Cth);^[30] and
· electoral information—information collected and maintained by the Australian Electoral Commission under the Commonwealth Electoral Act 1918 (Cth).^[31]

8.29 In the 2004 report, Keeping Secrets: The Protection of Classified and Security Sensitive Information, the ALRC recommended that a duty of secrecy should only be imposed in relation to information that genuinely requires protection and where unauthorised disclosure is likely to harm ‘the public interest’.^[32] The challenge is to determine what kinds of information are so sensitive that any unauthorised disclosure of information from within that category is sufficiently harmful to an essential public interest to justify the application of criminal sanction, without the express stipulation that the disclosure cause harm.

8.30 In DP 74, the ALRC asked in what circumstances is it inappropriate for a secrecy offence to require that a disclosure be reasonably likely to cause harm. The ALRC provided national security classified information, or information concerning the defence or international relations of the Commonwealth, as examples of possible categories of information that may justify this approach.

8.31 Submissions identified three general circumstances in which it may be appropriate for a specific secrecy offence not to include an express requirement of harm: first, where the secrecy offence regulates intelligence agencies; secondly, where the secrecy offence regulates law enforcement agencies; and thirdly, where disclosure would harm confidence in, and compliance with, key government regulatory bodies.

8.32 These three areas—and possible further categories—are discussed in turn below using the framework set out in Chapter 4. In relation to each, the ALRC considers whether an express requirement of harm is sufficient to prevent the harm to the public interest that arises from the disclosure of certain information. If not, the ALRC then considers how specific secrecy offences can be framed to ensure that the offence is necessary and proportionate to the protection of essential public interests.

Information obtained or generated by intelligence agencies

8.33 National security and intelligence information are frequently cited as special kinds of information that require stringent protection from unauthorised disclosure because of the inherent sensitivity of the information and the high risks associated with disclosure or misuse.

Overview of secrecy offences that apply to intelligence agencies

8.34 Information obtained or generated by the Australian Intelligence Community (AIC) is currently protected by several specific secrecy provisions.^[33] Section 18 of the Australian Security Intelligence Organisation Act 1979 (Cth) makes it an offence for a person to communicate information which was:

· prepared by or on behalf of the Australian Security Intelligence Organisation (ASIO) in connection with its functions, or in relation to the performance by ASIO of its functions; and
· acquired by the person by reason of his or her being, or having been, an officer or employee of ASIO, or having entered into any contract, agreement or arrangement with ASIO.

8.35 The Intelligence Services Act 2001 (Cth) contains similarly phrased offences for the disclosure of information by staff, contractors and others who handle information prepared by or connected with the Australian Secret Intelligence Service (ASIS), the Defence Imagery and Geospatial Organisation and the Defence Signals Directorate. Two agencies in the AIC, the Office of National Assessments and the Defence Intelligence Organisation, have not been regulated by separate specific secrecy offences.

8.36 These offences have limited application to particular kinds of information—information acquired or prepared by, or on behalf of, the organisation in connection with its functions, or information that relates to the performance of its functions—and to particular persons who, either through employment or agreement or arrangement, handle that information. These provisions do not expressly require that a disclosure cause, or was likely or intended to cause, any harm to the public interest. Rather, there is an implicit assumption that it is inherently harmful to disclose such information.

8.37 Section 1(1) of the Official Secrets Act 1989 (UK) takes a different, but comparable, approach to the Australian provisions. Section 1(1) provides that:

A person who is or has been—

(a) a member of the security and intelligence services; or

(b) a person notified that he is subject to the provisions of this subsection,

is guilty of an offence if without lawful authority he discloses any information, document or other article relating to security or intelligence which is or has been in his possession by virtue of his position as a member of any of those services or in the course of his work while the notification is or was in force.

8.38 Section 1(1) makes it an offence for members of the security and intelligence agencies to disclose information relating to security or intelligence. Section 1(1) also covers people who have been notified in writing by a Minister of the Crown that they are subject to the provision. A notice may be served if, in the Minister’s opinion, the work undertaken by a person is connected with the security and intelligence services and its nature is such that the interests of national security require that he or she should be subject to s 1(1).^[34] As in the Australian secrecy offences applying to the AIC, s 1(1) of the Official Secrets Act does not include an express requirement that the disclosure cause harm.

8.39 However, where the Official Secrets Act regulates the disclosure of security or intelligence information by Crown servants and government contractors who are not members of the security and intelligence services, a disclosure of information relating to intelligence or security is an offence only if it is a ‘damaging’ disclosure.^[35] That is, where a disclosure is made by a person outside the security and intelligence agencies, the prosecution has to show that the disclosure was likely to damage the operation of the security or intelligence service.^[36]

8.40 The reason for making a distinction between members and former members of security and intelligence services and disclosures by other persons was explained in the White Paper preceding the 1989 reforms to the Official Secrets Act:

While the government believes that this proposed test of harm is in general adequate to safeguard the interests both of the defendant and of the security and intelligence services, it considers that different arguments apply to the unauthorised disclosure of information by members or former members of those services. It takes the view that all such disclosures are harmful to the public interest and ought to be criminal. They are harmful because they carry a credibility which the disclosure of the same information by any other person does not, and because they reduce public confidence in the services’ ability and willingness to carry out their essentially secret duties effectively and loyally. They ought to be criminal because those who become members of the services know that membership carries with it a special and inescapable duty of secrecy about their work. Unauthorised disclosures betray that duty and the trust placed in the members concerned, both by the State and by the people who give information to the services.^[37]

8.41 The 1991 report Review of Commonwealth Criminal Law (the Gibbs Committee report), took a similar approach and considered that information obtained or generated by intelligence agencies ought to be protected by criminal sanctions:^[38]

Undoubtedly, a member of the intelligence and security services stands in a special position and it is not unreasonable, in the opinion of the Review Committee, that he or she should be subject to a lifelong duty of secrecy as regards information obtained by virtue of his or her position … [T]he Review Committee is satisfied that disclosures by such persons should be prohibited by criminal sanctions without proof of harm.^[39]

8.42 Specific secrecy offences relating to intelligence and security agencies which do not include an express harm requirement place a higher duty on members of those agencies, in recognition of the sensitivity of the information they handle, and the higher duties of secrecy associated with their work.

Compatibility with international human rights obligations

8.43 Laws that restrict the right to freedom of expression set out in the ICCPRare permitted where they are necessary and proportionate for the protection of national security.^[40] So, for example, the European Court of Human Rights has recognised that the ‘proper functioning of a democratic society based on the rule of law may call for institutions like [intelligence services] which, in order to be effective, must operate in secret and be afforded necessary protection’.^[41] The question is whether a law creating a criminal offence for the disclosure of any information obtained or generated by an intelligence agency is necessary and proportionate to the protection of national security.

8.44 There has been no consideration of the AIC secrecy provisions by the United Nations Human Rights Committee. However, the compatibility of s 1(1) of the Official Secrets Act 1989 (UK) with art 10 of the European Convention of Human Rights,^[42] which sets out the right to freedom of expression, was considered by the House of Lords in R v Shayler.^[43]This case concerned a former member of the security services who had disclosed documents relating to security or intelligence matters to a national newspaper. While the House of Lords’ decision relates to the European Convention of Human Rights, and is not therefore directly relevant to Australia, it gives some insight into issues that may inform the consideration of the AIC secrecy offences against human rights standards.

8.45 As noted in Chapter 2, the House of Lords noted that the provision was broadly framed, did not include a public interest defence and, unlike other provisions of the Official Secrets Act, did not require that the disclosure be ‘damaging’.^[44] However, it held that s 1(1) was compatible with the freedom of expression guaranteed by the European Convention of Human Rights.^[45]

8.46 Critical to the House of Lords’ decision was the fact that the prohibition on disclosure was not an ‘absolute ban’, in that there were ‘sufficient and effective safeguards’ to allow a person to communicate information. Lord Bingham of Cornhill discussed two lawful avenues available to communicate any concerns about the work of the security service. The first was a disclosure to a Crown servant for the purposes of his functions under s 7 of the Act, which would include disclosure to:

· a staff counsellor or an independent high-ranking civil servant appointed specifically to address concerns of the security and intelligence services;^[46]
· relevant law enforcement authorities in the case of concerns about the lawfulness of the conduct; or
· several ministers, the secretariat to the Parliamentary Intelligence and Security Committee or to a number of integrity agencies in the case of concerns about misbehaviour or maladministration.^[47]

8.47 A second avenue for lawful disclosure was to seek official authorisation for the disclosure from a superior officer. Section 7 of the Official Secrets Act provides that a disclosure is made with lawful authority if it is made ‘in accordance with an official authorisation’. Lord Hope of Craighead noted, however, that this provision could be criticised, particularly on the basis that it does not identify criteria that officials should consider when deciding whether or not to authorise a disclosure. Despite this, their Lordships considered that a decision to grant or deny authorisation could be subject to judicial review, on human rights as well as administrative grounds.^[48] Thus, Lord Hope considered that an effective system of judicial review, compatible with the Human Rights Act 1998, could ‘provide the guarantees that appear to be lacking in the statute’.^[49]

8.48 The existence of these safeguards, the special position of members of the security and intelligence services and the highly sensitive material they handle, meant that, in their Lordships’ view, the interference with their right to freedom of expression did not go beyond that required to protect the public interest in national security.^[50]

8.49 Section 1(1) of the Official Secrets Act has also been considered by the United Nations Human Rights Committee. While the Committee did not state that the provision itself was incompatible with art 19 of the ICCPR, it expressed concern about the way in which the provision was enforced. It noted that disclosures of information may be penalised under the Official Secrets Act 1989 even where they are not harmful to national security, and that powers under the Act have been ‘exercised to frustrate former employees of the Crown from bringing into the public domain issues of genuine public concern’. The Committee observed that:

The State party must ensure that its powers to protect information genuinely related to matters of national security are narrowly utilized and limited to instances where the release of such information would be harmful to national security.^{^[51]}

Current classification system

8.50 In relation to intelligence information in Australia, it may be argued that a harm-based approach is already incorporated in the national security classification system, which governs all national security information held by government. The Australian Government Protective Security Manual requires all national security information to be given one of four national security markings based on an assessment of the consequences of the unauthorised disclosure of the information—the higher the classification, the greater the risk of perceived damage arising from unauthorised disclosure.^[52]

8.51 There are concerns, however, that documents are often over-classified, or not re‑classified as their national security sensitivity reduces over time.^[53] In recognition of this issue, the UK government, when developing the Official Secrets Act, was not prepared to rely on the security classification of information as a default indication of the harm likely to be caused by the disclosure of the information. The 1988 White Paper stated that:

The fact that a document will be classified at a certain grade is not evidence of likely harm; it is only evidence of the view of the person who awarded the classification. Moreover, it is evidence only of the view taken at the time of classification; circumstances may have changed by the date of the disclosure.^{^{^[54]}}

Submissions and consultations

8.52 Stakeholders provided differing views about whether information held by intelligence agencies, or national security information more generally, required the protection of secrecy offences without an express requirement of harm.

8.53 The AIC outlined several reasons why secrecy provisions protecting national security and intelligence information should not be subject to a test of likely, intended or actual harm. First, the AIC submitted that the nature of intelligence and national security information meant that the compromise of information held by AIC agencies could cause serious damage to Australia’s national security.^{^[55]} Secondly, the AIC noted that even small amounts of information could, when taken together with other information, compromise national security regardless of its initial security classification. For example, great care is required to ensure that intelligence officers are not publicly identified:

Even seemingly innocuous pieces of information, such as the amount of leave available to ASIS or ASIO staff or their salary, can yield significant counterintelligence dividends to a foreign intelligence service because such information may help to identify ASIS or ASIO officers. Protection of the identity of ASIS and ASIO officers is critical to human intelligence collection as those officers are either working in foreign countries beyond the protection of the Australian Government or their identification can lessen the ability of ASIO and ASIS to perform their national security functions.^[56]

8.54 The AIC also considered that individuals, within or outside the intelligence community, ‘should not be arbiters of which disclosures constitute damage to the public interest’. Such individuals are ‘not in a position to have an appropriate understanding or appreciation of the possible national security impact of releasing that information’.^[57]

8.55 Finally, the AIC submitted that the proposed harm element is inconsistent with legislative policy in other areas regulating national security information, including rules preventing the disclosure of intelligence and counter-intelligence information to a court or during government administrative and reporting processes. The AIC also submitted that a harm requirement would be inconsistent with the Freedom of Information Act 1982 (Cth) which currently exempts AIC information from disclosure.^[58]

8.56 The AIC recommended that the existing secrecy laws that govern intelligence agencies and protect the identity of ASIS and ASIO officers should be retained, and be consistent across all AIC agencies.

8.57 Further to the concerns expressed by the AIC, the AGD noted that the process of proving the harm caused by the disclosure of national security information during a prosecution may cause further harm:

In proving beyond a reasonable doubt that a disclosure was reasonably likely to cause harm to national security additional information in the form of evidence will need to be disclosed to the Court. Given the nature of this information, there will be a significant risk that further harm could be caused by the release of information, including through court processes.^[59]

8.58 On the other hand, a number of stakeholders submitted that even national security, intelligence and law enforcement information should be subject to a requirement that the information be likely to cause harm.^[60] Australia’s Right to Know coalition of media organisations argued that:

exemptions should not be crafted to apply as of right or merely because information is generated or held by intelligence and security agencies—the information itself, rather than simply its source, would need to be assessed to establish if it legitimately fell within a proposed exemption necessary for the protection of essential public interests.^[61]

8.59 Similarly, Dr Lawrence McNamara argued that the omission of a requirement of harm will:

shield security agencies in a way that, taken with the [National Security Information (Criminal and Civil Proceedings) Act 2004] and its effects, will remove information from the public eye which is not likely to cause harm if disclosed. AIC agencies have management, training, and administrative options available to them to ensure secrecy; criminal sanctions should be available only when harm from disclosure is intended, actual, or reasonably likely.^[62]

8.60 In relation to issues regarding the burden of proof, McNamara argued that where information is in fact of a sensitive nature the burden of proving that there is a reasonable likelihood of harm arising from its disclosure could be easily met:

While an individual may not be in a position to judge the likelihood of harm that could result from disclosure of any piece of information … this would itself be relevant to the recklessness component of a fault element. That is, ‘the circumstances’ would include the individual’s knowledge of the difficulty in judging the likelihood of harm when deciding to risk disclosing information, and thus it would be more easily established that a risk would be unjustifiable. As such, there is not that great a barrier to proving fault. Where information is in fact of such a sensitive nature that there is a reasonable likelihood of harm then the burden of proof should be met without great difficulty. …

In the context of information held by security agencies, where employees are aware of the difficulty of making judgments about its significance, it would be a very difficult argument [for a defendant] to sustain in a case where there was in fact a reasonable likelihood of harm, and where the fault element is recklessness.^[63]

ALRC’s views

8.61 The ALRC acknowledges stakeholders’ concerns about secrecy offences based on categories of information, particularly the concern that, while a category may be directed to protecting a legitimate public interest, the disclosure of information within that category will not always cause, or be likely to cause, harm. In addition, the ALRC notes the findings of previous reports that the security classification assigned to information is not necessarily an accurate indicator of the harm that could be caused by the unauthorised disclosure of the information. Therefore, the ALRC is not recommending the enactment of specific secrecy offences that cover ‘national security classified information’, preferring instead an approach that recognises that particular government agencies that obtain and generate sensitive information of this kind may need an agency-specific secrecy offence.

8.62 The ALRC considers that a prohibition on the disclosure of information obtained or generated by intelligence agencies is justified by the sensitive nature of the information and the special duties and responsibilities of officers and others who work in and with such agencies. The existing AIC secrecy offences cover a limited range of people who handle intelligence information, namely officers and employees, and people with whom the agency has an agreement or arrangement. The ALRC considers that it is appropriate for people in this position to be subject to higher responsibilities to protect inherently sensitive intelligence information.

8.63 The ‘mosaic approach’ argument put by the AIC—the argument that isolated disclosures of seemingly innocuous information, when combined with other information, together disclose sensitive information that could cause harm to national security—suggests that a secrecy offence that included an express requirement of harm would be insufficient to protect against harm to national security.

8.64 In coming to this view, the ALRC is not persuaded by the argument put by some agencies that a requirement that the prosecution prove harm, or likely harm, to national security in establishing an offence will necessarily cause further harm through the disclosure of sensitive information to the court. The National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth) establishes procedures to protect information likely to prejudice national security from disclosure in federal criminal proceedings.^[64]

8.65 However, while the ALRC accepts that specific secrecy offences covering the disclosure of information obtained or generated by or on behalf of the AIC by officers in AIC agencies, or people subject to an agreement or arrangement with the AIC, do not necessarily need an express requirement of harm, care must be taken to ensure that this approach is consistent with Australia’s human rights obligations.

8.66 As discussed by the House of Lords in R v Shayler, it is important that secrecy offences do not constitute an absolute bar on the disclosure of information and, in order for the restriction on freedom of expression to be necessary and proportionate, some safeguards are required. R v Shayler considered two safeguards: first, avenues for authorised disclosures of concerns by officers in the intelligence services; and secondly, procedures for seeking authorisation for making particular disclosures.

8.67 In relation to the first safeguard, the Inspector-General of Intelligence and Security (IGIS) is an independent statutory officer with responsibility for reviewing AIC agencies.^[65] As part of this oversight role, the IGIS can receive reports and complaints concerning AIC activities and undertake formal inquiries. The IGIS may also undertake ‘own motion’ investigations into any matter that relates to an agency’s compliance with the law, the propriety of the agency’s actions and procedures, and any act or practice that may be inconsistent with human rights and discrimination law. However, the ability of the IGIS to inquire into particular matters varies according to which AIC agency is involved.^[66]

8.68 An additional avenue for the disclosure of concerns by AIC officers could be created through proposed whistleblower protection laws. The House of Representatives Standing Committee on Legal and Constitutional Affairs has recommended that the Australian Government introduce public interest disclosure legislation to provide ‘whistleblower’ protections in the Australian Government public sector.^[67] The Standing Committee recommended that a broad range of Australian Government officials, including officers in intelligence agencies,^[68] be able to make public interest disclosures about ‘serious matters’^[69] to their agency, or to designated external authorities such as the IGIS. A person who makes a public interest disclosure in accordance with the legislation would receive protection including immunity from criminal liability under secrecy offences and administrative sanctions.^[70] As discussed in Chapter 2, the recommendations in this Report are premised on the desirability and existence of strong protections for whistleblowers.

8.69 In relation to the second safeguard, the Australian Security Intelligence Organisation Act 1979 (Cth) includes an exception to the prohibition on disclosure for communications made with the approval of the Director-General of ASIO or an officer having the authority of the Director-General to give such approval.^[71] The provisions of the Intelligence Services Act include similar exceptions.^[72]

8.70 Australia’s international obligations under the ICCPR do not only cover the way in which laws are framed, butextend to the way in which those laws are enforced. The Commonwealth Director of Public Prosecutions is required to consider a number of factors before deciding to prosecute a matter, including whether prosecution of the offence is in the public interest. International human rights standards are not expressly included as a factor in the list of matters relevant to determining public interest, but other factors include whether the consequences of a conviction would be unduly harsh or oppressive and the availability and efficacy of any alternatives to prosecution, such as disciplinary or civil proceedings.^{^[73]}

8.71 If an individual was prosecuted under one of the AIC secrecy offences, and the power to prosecute was exercised in a way that was inconsistent with the individual’s rights under art 19 of the ICCPR, the individual would be able to lodge a complaint with the United Nations Human Rights Committee under the First Optional Protocol to the ICCPR, once all domestic remedies had been exhausted.

8.72 Agencies outside the AIC may obtain or generate information that could, if disclosed without authority, harm national security. The ALRC’s view is that the disclosure of this information should be regulated by the general secrecy offence, which makes it an offence to disclose information which did, was reasonably likely to, or was intended to harm national security, defence or international relations of the Commonwealth.

Information obtained or generated by law enforcement agencies

8.73 The unauthorised disclosure of law enforcement information has the potential to prejudice investigations and operations, and, as is the case in witness protection, compromise people’s safety. Law enforcement agencies like the Australian Federal Police (AFP) obtain and generate a variety of information, ranging from information that relates to national security and federal offences, protective security services and all policing matters in the Australian Capital Territory.

8.74 Current secrecy offences relating to law enforcement information are fairly broad. For example, s 60A of the Australian Federal Police Act 1979 (AFP Act)makes it an offence for a police officer to make a record of, or divulge or communicate, information obtained in the course of performing his or her duties under the AFP Act, the Law Enforcement Integrity Commissioner Act 2006 (Cth) or the Witness Protection Act 1994 (Cth).

8.75 Secrecy provisions governing the Australian Crime Commission (ACC)—whose role is to collect, correlate, analyse and disseminate criminal information and intelligence and undertake criminal intelligence operations and investigations^[74]—and the Australian Commission for Law Enforcement Integrity (ACLEI)—a federal anti-corruption body—similarly cover all information obtained by officers in the course of their duties.^[75] These provisions do not include an express requirement that the disclosure of information cause, or is likely or intended to cause, harm.

8.76 Other offences dealing with the disclosure of law enforcement information are narrower and more targeted. For example, it is an offence for any person to disclose information about the identity or location of a person in the National Witness Protection Program, or information which compromises the security of such a person.^[76] Similarly, it is an offence for a person to disclose information that reveals, or is likely to reveal, that a person is using an assumed identity where that disclosure endangers or is likely to endanger the health or safety of any person, or prejudices or is likely to prejudice the effective conduct of an operation.^[77] While these offences cover disclosures by ‘any person’, they are limited to particular information the disclosure of which causes, or is likely to cause, harm.

8.77 Because of the breadth of information obtained or generated by police services, the seriousness of the harm caused by the unauthorised disclosure of information in law enforcement agencies may range from negligible to severe, depending on the nature of the information and the timing and context of the disclosure. In 2008, the New South Wales (NSW) Police Integrity Commission conducted research into the unauthorised disclosure of confidential information by NSW police officers.^[78] The research used data sourced from complaints about the conduct of police officers to describe the incidence, detection, characteristics and harms associated with unauthorised disclosures by police officers. The research found that in 54% of cases, the unauthorised disclosure resulted in the compromise of an individual’s privacy. As the report notes, the seriousness of this consequence can vary—one instance resulted in an assault. Very few unauthorised disclosures compromised an investigation (3%) or involved criminals evading the law (1%).^[79] In six cases, the disclosure was deemed to have resulted only in the ‘reputation of the NSW police force being tarnished’.^[80]

8.78 By way of comparison, the Official Secrets Act takes a harm-based approach to the disclosure of law enforcement information, and makes it an offence for an officer to disclose information that does, or is likely to:

· result in the commission of an offence;
· facilitate an escape from legal custody or the doing of any other act prejudicial to the safekeeping of persons in legal custody; or
· impede the prevention or detection of offences or the apprehension or prosecution of suspected offenders.^[81]

Submissions and consultations

8.79 Several law enforcement agencies argued that the secrecy offences governing their agencies should not include an express requirement of harm.

8.80 The AFP, for example, submitted that, because of the nature of their work—including the investigation of serious criminal activity—it is essential that the AFP ‘maintain operational security and absolute integrity’ of their information. The AFP submitted that because the ‘likelihood of harm from disclosure is self-evident’, secrecy provisions in the AFP Actshould not include an express harm requirement.^[82]

8.81 Similarly, the ACC submitted that while harm was not an element of the secrecy offences in the Australian Crime Commission Act 2002, the harm of unauthorised disclosure was

clear from the context which establishes a national criminal intelligence and investigative body authorised to exercise coercive powers in strict secrecy and operate a national criminal intelligence database.^[83]

8.82 The ACC submitted that, as is the case with national security intelligence agencies, individual officers may have a limited view of the significance of particular information and are therefore not in a position to judge the harm likely to be caused by its disclosure. The ACC also noted that secrecy laws were necessary to protect information provided to law enforcement agencies under information-sharing arrangements as the agencies need absolute confidence that information will be tightly controlled within an agreed sharing network.^[84]

8.83 Other submissions sought to explain why information contained or generated by law enforcement agencies required a high level of protection. For example, ACLEI submitted that:

Those who would give information in secret to law enforcement agencies are commonly concerned for their own safety, particularly against reprisals from those whose interests could be adversely affected by the information they provide. These people seek assurance that their information will not be disclosed, whether through inadvertence or corruption.^[85]

8.84 Some government agencies handle information which, if disclosed, could harm the operations or investigations of law enforcement agencies. For example, AUSTRAC noted that current secrecy offences in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) protect information on the basis that its disclosure may adversely affect the prevention, detection, prosecution and punishment of criminal offences, the recovery of criminal assets and protection of the national revenue. AUSTRAC submitted that it would not be necessary to extend this approach to all information accessed by AUSTRAC officers in the course of their employment. Rather, the secrecy provisions should be limited to a subset of information, the disclosure of which will cause harm of the kinds described.^[86]

ALRC’s views

8.85 As discussed above, consistency with Australia’s international obligations under the ICCPR, laws that infringe on freedom of expression must be necessary and proportionate to the protection of specific public interests.^[87] This means that while some information is justifiably subject to close protection, there cannot be an absolute ban on all disclosures.

8.86 In the ALRC’s view, s 60A of the AFP Act, which covers all information obtained in the course of performing an officer’s duties, is not proportionate to the protection of public interests in public safety and effective law enforcement. In contrast to the ‘mosaic’ arguments made in relation to information handled by intelligence agencies—that even the unauthorised disclosure of seemingly innocuous information may, when put together with other information, cause harm to national security—the ALRC is not convinced that the disclosure of any and allinformation handled in the course of a police officer’s duties is likely to cause the same degree of harm.

8.87 The ALRC is not persuaded by arguments that an express requirement of harm is inappropriate because of the potential difficulties in proving harm and the possibility that further harmful information might be disclosed during a prosecution. These issues arise in the course of many prosecutions and are commonly dealt with by prosecutors and courts.

8.88 Rather than covering all information obtained or generated by a law enforcement agency, a criminal secrecy offence should attach only to disclosures of information that cause, or are likely to cause harm to law enforcement operations or objectives. The ALRC notes that it is common to describe law enforcement information deserving of protection by criminal sanction in terms of the harms that its disclosure may cause—the secrecy offences in relation to witness protection and assumed identities, noted above, already take this approach, as does the UK Official Secrets Act.

8.89 The ALRC therefore considers that secrecy offences relating to law enforcement agencies should generally include an express requirement that the disclosure cause, or is likely or intended to cause, harm to the interests or operations of law enforcement. This harm is articulated in the recommended general secrecy offence as ‘prejudice [to] the prevention, detection, investigation, prosecution or punishment of criminal offences’.^[88]

8.90 The ALRC recognises that certain categories of information handled in the law enforcement context are particularly sensitive, and the harm caused by disclosure potentially very serious. The ALRC considers that the current offences that protect information about the identity and location of people in witness protection, or the identity of officers with an assumed identity, are examples of offences that are necessary and proportionate to the protection of essential public interests because they are confined to particular information or framed in terms of the harm caused by the disclosure of that information. Criminal intelligence information handled by the ACC may also warrant special protection akin to information obtained and generated by national security intelligence agencies—with the appropriate safeguards discussed above in relation to those offences.

8.91 Where there is no express harm requirement included as an element of a secrecy offence, it is important to ensure that the category of information covered by the offence is narrowly and clearly defined in order to confine the offence only to information that, by its nature, would cause harm if disclosed without authority.

8.92 The secrecy offences in legislation governing the Australian Defence Force, which are also aimed at protecting essential public interests—namely defence and national security—may provide a useful model for the protection of information held by law enforcement agencies by taking both a harm-based and categories approach. Section 73A of the Defence Act 1903 (Cth) is confined to particular information. It prohibits a member of the Defence Force or a person engaged under the Public Service Act 1999 (Cth) from communicating a narrowly defined category of information, being:

any plan, document, or information relating to any fort, battery, field work, fortification, or defence work, or to any defences of the Commonwealth, or to any factory, or air force aerodrome or establishment or any other naval, military or air force information.

8.93 At the same time, s 58 of the Defence Force Discipline Act 1982 (Cth) takes a harm-based approach and makes it an offence for a member or officer of the Defence Force to disclose information where ‘the disclosure is likely to be prejudicial to the security or defence of Australia’.

8.94 For other Commonwealth officers who handle law enforcement information, the general secrecy offence will make it an offence to disclose information which causes, is likely to cause, or is intended to cause harm to law enforcement activities and outcomes.

Personal and commercial information

8.95 As summarised in Chapter 3, a large proportion of specific secrecy offences cover personal and commercial information. In Chapter 4, the ALRC expresses the view that the unauthorised disclosure of personal or commercial information does not, without more, warrant criminal sanctions under the general secrecy offence.

8.96 The disclosure of personal and commercial information generally would not attract criminal sanctions in the private sector, unless, for example, fraud was involved. Parity with the private sector is particularly relevant where government agencies compete, or work together, with private business entities, and do not have a regulatory or oversight role. Such agencies can effectively use similar legal mechanisms to protect sensitive personal and commercial information as private sector organisations, such as confidentiality agreements and protections under the general law.

8.97 In addition, other offences protect against the misuse of personal and commercial information by Commonwealth officers. For example, the Criminal Code (Cth) makes it an offence for a Commonwealth public official to use information with the intention of dishonestly obtaining a benefit or causing a detriment.^[89] At an agency level, the Privacy Act 1988 (Cth) protects personal information about individuals and establishes rules for handling personal information.

8.98 For these reasons, the ALRC is not recommending that the general secrecy offence cover disclosures that harm personal privacy or commercial affairs. However, the ALRC recognises that this may give rise to the need for separate specific secrecy offences to provide criminal sanctions for the disclosure of personal or commercial information in particular contexts, where the disclosure of such information is likely to cause serious harm to public interests. In developing the reforms to the Official Secrets Act—which does not protect against the disclosure of information that harms personal or commercial interests—the UK government also noted that there may be a public interest in protecting private information in some circumstances, such as information provided to government under a statutory requirement.^[90]

8.99 Some functions of government require individuals and companies to provide sensitive personal and commercial information to government. For example, laws relating to taxation and social services require individuals to provide government with detailed information about their personal affairs. Other bodies that regulate commercial activities, such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC), require companies to provide information that is commercial-in-confidence.

8.100 Taxation information—that is, information provided by taxpayers pursuant to taxation legislation—is often said to warrant the protection of secrecy offences to encourage willing compliance with taxation laws. The Treasury’s review of taxation secrecy provisions states that:

taxpayers provide this information expecting it to be kept confidential. Compliance with tax laws is more likely if taxpayers know that the information they provide can only be used for limited purposes.^{^[91]}

8.101 This view is reflected in the objects clause for the Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth). The first object of the legislation is ‘to protect the confidentiality of taxpayers’ affairs by imposing strict obligations on taxation officers (and others who receive protected tax information), and so encourage taxpayers to provide correct information to the Commissioner’.^[92]

8.102 While there have been some empirical studies into the factors that impact on taxpayers’ voluntary compliance with taxation laws, the ALRC has not found any studies dealing with the particular question of the relationship between secrecy offences and voluntary compliance with taxation or other laws. However, Professor Valerie Braithwaite, of the Centre for Tax System Integrity, has conducted an empirical study into the effect of a taxpayers’ charter on compliance with taxation laws.^[93]

8.103 The Taxpayers’ Charter sets out 13 principles that govern how officials in the ATO should deal with taxpayers. The principles cover obligations to treat taxpayers fairly and reasonably and as honest in their tax affairs, to provide professional service, explain decisions and to respect taxpayers’ rights to complain and seek review of decisions. Relevantly, the Charter also includes obligations to respect taxpayers’ privacy and keep information confidential in accordance with the law.^[94]

8.104 Braithwaite’s study found that the Charter was a meaningful element in a taxpayer’s relationship with the tax office. When taxpayers rated the ATO’s performance against the Charter highly, they were cooperative with the authority’s demands. In contrast, low Charter ratings led to resistance to regulation.^[95]

8.105 While Braithwaite’s study found that respect for privacy and confidentiality was an important part of ensuring cooperation, the most important factors influencing high Charter ratings were ‘core procedural justice concerns—being treated with respect, as trustworthy, and being consulted in tax related issues’.^[96] Confidentiality of taxpayers’ information can therefore be seen as one of several factors that encourage the provision of information and voluntary compliance with taxation laws.

Submissions and consultations

8.106 Some government agencies considered that the protection of personal and commercial information by criminal sanctions was integral to their commercial work. For example, Indigenous Business Australia (IBA) submitted that the existence of secrecy provisions

facilitate IBA’s commercial competitiveness with the private sector and enable IBA to perform its commercial functions effectively by creating a high degree of confidence amongst its business partners that information received by IBA will not be subsequently disclosed or published, including under Freedom of Information laws.^[97]

8.107 The Australian Human Rights Commission submitted that the ‘protection of personal information is of utmost importance and [specific secrecy] provisions help to strengthen the integrity of the complaints process’.^[98]

8.108 Other government agencies identified areas in which secrecy offences operate in a regulatory environment and argued that including a requirement of harm in these kinds of secrecy offences may weaken the protection of information and compromise the flow of information from a regulated community to the government. Some stakeholders argued that, in this situation, the benefits of including a harm requirement in the offence were outweighed by the public interest in ensuring the free flow of information from regulated entities to regulators, or from individuals to government.^[99]

8.109 For example, APRA submitted that a requirement for harm would be inappropriate in the context of the secrecy provision in the Australian Prudential and Regulatory Authority Act 1998 (Cth) (APRA Act):

APRA considers that if a requirement to show that a disclosure caused harm were to be adopted in relation to s 56 of the APRA Act then it would weaken in both perception and reality the protection s 56 affords to regulated entities. Further, APRA staff may not necessarily be in a position to understand the significance of certain information to regulated entities and thus it may be difficult to assess the likelihood of harm to the entity’s business, commercial or financial affairs.^[100]

8.110 Responding to a similar issue in IP 34, the Australian Bureau of Statistics (ABS) referred to the secrecy offence in the Census and Statistics Act 1905 (Cth)^[101] and submitted that:

The absolute nature of these provisions is its strength. If an approach were to be adopted that required proof of harm … it would certainly have the impact of weakening (in both perception and reality) the ABS’s ability to maintain the secrecy of identifiable information.^[102]

8.111 The ABS argued that without a strong secrecy provision in the Census and Statistics Act, the effective production and quality of national statistics would be hindered.^[103]

8.112 Similarly, AUSTRAC submitted that:

From a regulatory perspective, AUSTRAC believes that the perception that the disclosure of information is arbitrary would result in a loss of confidence in the regulator’s ability to maintain the confidentiality of commercial information.^[104]

8.113 Agencies that rely on the voluntary provision of personal information, such as taxation, health and social security agencies, expressed concern that including a harm requirement would lessen public confidence in their ability to protect personal information.^[105] They argued that this in turn could affect voluntary compliance with laws requiring the provision of information. As noted by the Treasury:

The operation and integrity of the tax system is dependent on voluntary compliance from the public. A cornerstone of this voluntary compliance model is public confidence that confidential information provided to the Government is subject to a high level of protection and may only be used in appropriately limited circumstances.^[106]

8.114 In light of this, the Treasury submitted that ‘when dealing with public confidence in the tax system (promoting voluntary compliance), any unlawful release of information is arguably harmful’.^{^[107]}

8.115 In addition, FaHCSIA emphasised the importance of maintaining public confidence in the protection of information held in departmental records, and the potential for unauthorised disclosure to erode it:

This has particular implications for FaHCSIA where personal information about individuals is commonly held. For example, the social security, family assistance and child support laws authorise the collection of sensitive personal information, including information about a person’s health, income and assets, and the nature of the person’s relationship with their spouse. It is possible that lack of public confidence in the protection of customer’s sensitive personal information could lead to attempts to withhold relevant information. Accordingly, FaHCSIA considers that imposing an additional ‘harm’ requirement to be met in each particular case of unauthorised disclosure would be undesirable.^[108]

8.116 Some stakeholders put a contrary view. Civil Liberties Australia, for example, disputed whether the public would lose confidence in the integrity of the system or that the future supply of information would be prejudiced. It submitted that a public harm of this kind was ‘incongruent with the purpose of secrecy legislation’.^[109]

8.117 The Office of the Privacy Commissioner noted that the ‘existence of robust protections around personal information held by government is vital and an important aspect of ensuring community confidence and continued engagement with government’.^[110] While the Office considered that ‘strong protections must be implemented around the handling and disclosure of personal information held by agencies’, it emphasised that sanctions for mishandling personal information should be proportionate:

The Office suggests that in many instances, administrative penalties could act as a sufficient deterrent against inappropriate handling and disclosure of personal information. However, in the event that an individual suffers harm from a disclosure, the ability for such activity to attract criminal penalties is an important avenue of redress to have available.^[111]

8.118 Similarly, Ron Fraser considered that while the need to ensure the future supply of information to government agencies to carry out their functions was an important interest, criminal penalties were not required to achieve this goal. He submitted that administrative penalties and the protection of the general secrecy offence should provide sufficient reassurance to individuals and bodies that provide information to government.^{^[112]}

ALRC’s views

8.119 The ALRC considers that the unauthorised disclosure of personal or commercial information held by government has the potential to cause harm to private interests, but, in some regulatory contexts, it may also impact on essential public interests. In these circumstances, the harm of the unauthorised disclosure may be better characterised as harm to the ability of the regulatory agency to effectively perform its regulatory function.

8.120 It is an important part of the relationship between citizens and government that if a person or entity provides government with sensitive personal or commercial information, government will protect the information from misuse and unauthorised disclosure. This is particularly important where regulators require sensitive information from individuals and entities, as in the case of the ATO, Centrelink and corporate regulators, and where large amounts of personal and commercial information are collated, as in the case of the ABS. This is recognised, for example, in the Privacy Act 1988 (Cth) which protects personal information about individuals.

8.121 While an isolated unauthorised disclosure is unlikely to affect the voluntary provision of information, a culture in which sensitive personal and commercial information is not treated with strict confidence by government could undermine essential public interests in effective regulation. However, as noted by the submission from the ATO quoted above, including this kind of harm as an express element of a criminal offence could make the offence unworkable.

8.122 Therefore, the ability to impose criminal penalties for the unauthorised disclosure of personal or commercial information in certain regulatory contexts is necessary to support community confidence in the ability of government to protect the information. The ALRC does not, however, consider that all current secrecy provisions in every regulatory agency are necessary to achieve this purpose—each secrecy provision should be examined in accordance with the ALRC’s recommended framework. The ALRC recognises that there is a fine line between the protection of personal and commercial information in regulatory contexts with criminal sanctions and the perceived need to protect information in order to maintain public confidence in, and compliance with, other government activities. If this argument is taken too far, there is a risk that the ‘culture of secrecy’ in government will remain unchanged.

8.123 In the ALRC’s view, individuals in agencies that operate in commercial contexts and do not have a regulatory role should not generally be subject to criminal sanctions for the disclosure of personal or commercial information. In these contexts, personal and commercial information should be protected in the same way that the individuals and organisations with which such agencies interact protect information of this kind—that is, through the imposition of disciplinary sanctions and the use of contractual and general law remedies.

8.124 The ALRC considers that specific secrecy offences may be appropriate in some limited circumstances where the disclosure of personal or commercial information may cause harm to important regulatory activities of government. Further, such secrecy offences need not include an express requirement that the disclosure cause harm to a specified public interest.

8.125 Unlike the ALRC’s recommended approach to the categories of information obtained or generated by intelligence agencies (where any information obtained or generated by these agencies should be subject to secrecy offences), secrecy offences in taxation or social security laws, or laws relating to regulatory bodies, should not be expressed in such broad terms. The category of information protected should be narrowly defined, so that the secrecy provision is not so wide as to cover information that would not harm the regulatory functions of the agency.

8.126 For example, the definition of ‘protected information’ for the purposes of the proposed taxation secrecy laws is confined to information disclosed or obtained under a taxation law which relates to the affairs of an entity and which identifies that entity.^[113] Similarly, the information protected by the secrecy provisions in the APRA Act is limited to information disclosed or obtained under, or for the purposes of, a prudential regulation framework law and relating to the affairs of a regulated entity or other specified bodies. Therefore, the definition of protected information would not include information relating to the policies, governance or administration of the agency.^[114]

Other categories of information

8.127 In developing the recommended general secrecy offence, the ALRC has identified four public interests that it considers warrant protection by that provision.^[115] However, as the preceding discussion demonstrates, there may be a need for specific secrecy offences to address other harms not included in the general offence.

8.128 This section examines three other categories of information the protection of which may justify criminal sanctions, but which are not covered by the general secrecy offence. The categories discussed are Indigenous sacred or sensitive information, and cockpit voice recordings and telecommunications interception information. However, these categories do not exhaust the categories of information that may warrant protection by specific secrecy provisions.

Indigenous sacred or sensitive information

8.129 The ALRC has identified two criminal secrecy provisions relating to the unauthorised disclosure of Indigenous sacred or culturally significant information.^{^[116]}The provisions make it an offence for an officer of the Indigenous Land Corporation to disclose information that is considered sacred or otherwise significant by a particular group of Aboriginal persons or Torres Strait Islanders if the disclosure would be inconsistent with the views or sensitivities of those persons.

8.130 In a submission to this Inquiry, IBA submitted that culturally sensitive information, such as information about Indigenous sacred sites, should remain protected by secrecy provisions.^{^[117]} Other inquiries into the protection of Indigenous traditional knowledge have noted that Indigenous peoples are concerned about the unauthorised use and reproduction of secret or sacred material for commercial purposes, resulting in the disclosure of information to those not authorised to know or view it.^{^[118]} Article 31 of the Declaration of the Rights of Indigenous Peoples in part provides that ‘Indigenous peoples have the right to maintain, control, protect and develop their cultural heritage, traditional knowledge and traditional cultural expressions’.^[119]

8.131 The ways in which Indigenous cultural information may be shared, and to whom it may be transmitted, are of great importance to some Indigenous peoples. For example, under some traditional laws and customs, certain information may be disclosed only to a defined category of people—for example, the women of a particular Indigenous group.^[120] In addition, it may be contrary to the traditional laws and customs of an Indigenous group to broadcast the name or image of an Indigenous person who is deceased.

8.132 There are several kinds of harms that may arise from the misuse or unauthorised disclosure of Indigenous information. Because cultural knowledge and traditions are such an important part of Indigenous identity, fracturing traditional information-sharing processes has the potential to ‘threaten the cohesiveness and security of an Indigenous group’.^[121] The damage caused by the inappropriate disclosure of Indigenous sacred and sensitive information is broader than harm to personal privacy—it harms the structure and identity of Indigenous groups. The harm could also be characterised as a failure to recognise the cultural importance of Indigenous information and knowledge—particularly where there has been past misappropriation and misuse of that information.^[122]

8.133 However, it is not easy to answer the question whether Indigenous sacred and sensitive information provided to government requires a criminaloffence for its protection. As is the case in many areas of Indigenous law and custom, Australian laws are often unable to protect Indigenous rights and customs adequately. Further, the issue of protection of Indigenous information extends beyond information provided only to government. ‘Indigenous sacred and sensitive information’ is also a problematic description of the protected information—it is not an agreed or defined term and may encompass a wide variety of material and communications. Acknowledging the difficulties in this area, in For Your Information: Australian Privacy Laws and Practice, the ALRC recommended that the Australian government undertake an inquiry to consider whether legal recognition and protection of Indigenous cultural rights is required and, if so, the form such recognition and protection should take.^[123] This recommendation was not accepted by the Government.^[124]

8.134 The ALRC has also made previous recommendations that the Archives Act 1983 (Cth) and the Freedom of Information Act include ‘information that, under Indigenous tradition, is confidential or subject to particular disclosure restrictions’ as a category of information that may be exempt from disclosure under those regimes.^[125] This issue, and the protection of Indigenous information held by government, could be considered as part of an inquiry of the kind recommended by the ALRC. The review or creation of secrecy provisions to protect this kind of information should be developed in consultation with Indigenous peoples, as recommended by the Declaration on the Rights of Indigenous Peoples.^[126]

Cockpit voice recordings and telecommunications interception information

8.135A number of specific secrecy provisions make it an offence to disclose on-board recording and cockpit voice recording information without authority.^[127] Cockpit voice recording is used to assist investigations into serious aviation incidents. However, as noted in the explanatory memorandum to the Transport Safety Investigation Bill 2002 (Cth):

[i]t is acknowledged that such recordings constitute an invasion of privacy for the operating crew of an aircraft that most other employees in workplaces are not subject to. Such recordings, therefore, must be treated with the utmost confidentiality and continue to be used for safety investigation purposes only.^[128]

8.136 Cockpit voice recording information has been given a high level of protection, to the point that it cannot be used in disciplinary proceedings or as evidence in criminal proceedings against crew members.^[129] The risk is that the unauthorised disclosure of cockpit voice recording information could lead to aircrews rendering recording devices inoperative, which would deny access to vital information during safety investigations. These policy considerations would support the retention of secrecy provisions which make it an offence to disclose cockpit voice recording information without authority.

8.137 As with Indigenous sensitive and sacred information, cockpit voice recording information is a category of information that does not easily fall within the general secrecy offence. While the protection of cockpit voice recording information serves the public interest in air safety, it is unlikely that a particular disclosure would, in itself, endanger public safety. The protection of cockpit voice recording information is therefore not amenable to an express requirement of harm, because any disclosure, however innocuous, has the potential to compromise the integrity of the systems and procedures for investigating air safety.

8.138 Information obtained by telecommunication interceptions is also subject to strict secrecy offences.^[130] Because telecommunications interception involves a serious invasion of a person’s privacy, the information has been given a high degree of protection both in Australia and internationally. The UK Official Secrets Act makes it an offence for a Crown servant or government contractor to disclose information obtained through a telecommunications interception or entry and search warrant.^[131] It is not necessary to show that the disclosure of this kind of information was ‘damaging’ in order to prove the offence.^[132]

8.139 In this case, the category of information protected is precisely defined, and there are persuasive policy arguments for its absolute protection. On this basis, there is a strong argument that a secrecy offence prohibiting the disclosure of information obtained by way of telecommunications interception does not need to include an express requirement that the disclosure cause, or be likely or intended to cause, harm.

^[1] Recommendation 5–1.

^[2] Recommendation 5–1.

^[3] This provision continues the operation of s 5E of the now repealed Wheat Marketing Act 1989 (Cth).

^[4] Food Standards Australia New Zealand Act 1991 (Cth) s 114(1).

^[5] Ibid s 4(1). However, the meaning of ‘confidential commercial information’ is not always defined: see, eg, the National Health and Medical Research Council Act 1992 (Cth) s 80.

^[6] Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Proposal
10–1.

^[7] Australian Law Reform Commission, Review of Secrecy Laws, Issues Paper 34 (2008).

^[8] Law Council of Australia, Submission SR 30, 27 February 2009.

^[9] Attorney-General’s Department, Submission SR 36, 6 March 2009.

^[10] Ibid.

^[11] Community and Public Sector Union, Submission SR 57, 7 August 2009; Liberty Victoria, Submission SR 50, 5 August 2009; Civil Liberties Australia, Submission SR 47, 27 July 2009.

^[12] Community and Public Sector Union, Submission SR 57, 7 August 2009.

^[13] R Fraser, Submission SR 78, 21 August 2009.

^[23] See, eg, Higher Education Support Act 2003 (Cth) s 179-10 sch 1 (definition of ‘personal information’); Aged Care Act 1997 (Cth) s 86-2(1).

^[24] See, eg, Aboriginal and Torres Strait Islander Act 2005 (Cth) s 193S(3)(a); A New Tax System (Australian Business Number) Act 1999 (Cth) ss 30, 41; Income Tax Assessment Act 1936 (Cth) s 16(2).

^[25] See, eg, Gene Technology Act 2000 (Cth) s 187; Agricultural and Veterinary Chemicals Code Act 1994 (Cth) s 162(1).

^[26] See, eg, Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth) ss 604-15, 604-20; Equal Opportunity for Women in the Workplace Act 1999 (Cth) s 32.

^[27] See, eg, Criminal Code (Cth) s 91.1; Designs Act 2003 (Cth) s 108; Defence Force Discipline Act 1982 (Cth) s 58; Defence Act 1903 (Cth) s 73A.

^[28] See, eg, Law Enforcement Integrity Commissioner Act 2006 (Cth) s 92; Australian Crime Commission Act 2002 (Cth) s 29B; Australian Federal Police Act 1979 (Cth) s 40ZA.

^[29] See, eg, Inspector-General of Taxation Act 2003 (Cth) s 37(2); A New Tax System (Bonuses for Older Australians) Act 1999 (Cth) s 55; Child Support (Assessment) Act 1989 (Cth) s 150(2).

^[30] Census and Statistics Act 1905 (Cth) ss 19, 19A.

^[31] Commonwealth Electoral Act 1918 (Cth) ss 90B, 91B, 189B, 323.

^[32] Australian Law Reform Commission, Keeping Secrets: The Protection of Classified and Security Sensitive Information, ALRC 98 (2004), Rec 5–2.

^[33] The Australian Intelligence Community comprises the Office of National Assessments, the Australian Security Intelligence Organisation, the Australian Secret Intelligence Service, the Defence Intelligence Organisation, the Defence Imagery and Geospatial Organisation and the Defence Signals Directorate.

^[34] Official Secrets Act 1989 (UK) s 1(6).

^[35] Ibid s 1(3).

^[36] Ibid s 1(4).

^[37] United Kingdom Government Home Office, Reform of Section 2 of the Official Secrets Act 1911 (1988), [41].

^[38] H Gibbs, R Watson and A Menzies, Review of Commonwealth Criminal Law: Final Report (1991), 317.

^[39] Ibid, 323.

^[40] International Covenant on Civil and Political Rights, 16 December 1966, [1980] ATS 23, (entered into force generally on 23 March 1976), art 19(3).

^[41] Vereniging Weekblad Bluf! v The Netherlands (1995) 20 EHRR 189, [35].

^[42] Article 10 of the European Convention of Human Rights is in similar terms to art 19 of the International Covenant on Civil and Political Rights.

^[43] R v Shayler [2003] 1 AC 247.

^[44] Ibid, 276–277.

^[45] Convention for the Protection of Human Rights and Fundamental Freedoms, 4 November 1950, ETS No. 5, 213 UNTS 221, (entered into force generally on 3 September 1953).

^[46] A non statutory office introduced in 1988: see House of Commons, Parliamentary Debates, 21 December 1988, col 467.

^[47] R v Shayler [2003] 1 AC 247, 270.

^[48] Ibid, 271, 284.

^[49] Ibid, 284–288.

^[50] Ibid, 276, 283–288, 296–299.

^[51] United Nations Human Rights Committee, Consideration of Reports Submitted by States Parties under Article 40 of the Covenant: Concluding Observations of the Human Rights Committee-United Kingdom of Great Britain and Northern Ireland, CCPR/GBR/CO/6, 30 July 2008, [24]. The Human Rights Committee made similar observations in 2001.

^[52] Australian Government Attorney-General’s Department, Australian Government Protective Security Manual (PSM) (2005). The Protective Security Manual is discussed in Ch 14.

^[53] See, eg, Australian Law Reform Commission, Keeping Secrets: The Protection of Classified and Security Sensitive Information, ALRC 98 (2004); Australian National Audit Office, Operation of the Classification System for Protecting Sensitive Information, Audit Report 7 (1999).

^[54] United Kingdom Government Home Office, Reform of Section 2 of the Official Secrets Act 1911 (1988), [75].

^[55] Australian Intelligence Community, Submission SR 77, 20 August 2009.

^[56] Ibid.

^[57] Australian Intelligence Community, Submission SR 37, 6 March 2009.

^[58] Australian Intelligence Community, Submission SR 77, 20 August 2009. However, two stakeholders commented that the secrecy and freedom of information regimes seek to achieve different outcomes and may not be comparable: R Fraser, Submission SR 78, 21 August 2009; L McNamara, Submission SR 51, 6 August 2009. Chapter 16 discusses the interaction between secrecy provisions and freedom of information legislation.

^[59] Attorney-General’s Department, Submission SR 67, 14 August 2009.

^[60] Community and Public Sector Union, Submission SR 57, 7 August 2009; R Fraser, Submission SR 78, 21 August 2009.

^[61] Australia’s Right to Know, Submission SR 72, 17 August 2009.

^[62] L McNamara, Submission SR 51, 6 August 2009.

^[63] Ibid.

^[64] The National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth) was enacted following a report by the ALRC on protecting national security information during court proceedings: Australian Law Reform Commission, Keeping Secrets: The Protection of Classified and Security Sensitive Information, ALRC 98 (2004). However, the Act deals only with certain aspects of federal criminal proceedings and does not canvass the broader range of issues considered by the ALRC.

^[65] Inspector-General of Intelligence and Security Act 1986 (Cth) s 4.

^[66] Ibid s 8.

^[67] Australian Parliament—House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower Protection: A Comprehensive Scheme for the Commonwealth Public Sector (2009), Rec 1.

^[68] Ibid, Rec 3; [3.83].

^[69] Ibid, Rec 7.

^[70] Ibid, Rec 14.

^[71] Australian Security Intelligence Organisation Act 1979 (Cth) s 18(2)(c).

^[72] Intelligence Services Act 2001 (Cth) ss 39(1)(c)(iv), 39A(1)(c)(iv), 40(1)(c)(iv).

^[73] Commonwealth Director of Public Prosecutions, Prosecution Policy of the Commonwealth (2009), [2.10].

^[74] Australian Crime Commission Act 2002 (Cth) s 7A.

^[75] Ibid s 51; Law Enforcement Integrity Commissioner Act 2006 (Cth) s 207.

^[76] Witness Protection Act 1994 (Cth) s 22.

^[77] Crimes Act 1914 (Cth) s 15XS.

^[78] J People, Unauthorised Disclosure of Confidential Information by NSW Police Officers (2008) NSW Police Integrity Commission.

^[79] Ibid 21, 26.

^[80] Ibid 21.

^[81] Official Secrets Act 1989 (UK) s 4(2).

^[82] Australian Federal Police, Submission SR 70, 14 August 2009.

^[83] Australian Crime Commission, Submission SR 75, 19 August 2009.

^[84] Ibid.

^[85] Australian Commission for Law Enforcement Integrity, Submission SR 18, 18 February 2009.

^[86] Australian Transaction Reports and Analysis Centre, Submission SR 73, 17 August 2009.

^[87] International Covenant on Civil and Political Rights, 16 December 1966, [1980] ATS 23, (entered into force generally on 23 March 1976) art 19(3).

^[88] Recommendation 5–1.

^[89] Criminal Code (Cth) s 142.2.

^[90] United Kingdom Government Home Office, Reform of Section 2 of the Official Secrets Act 1911 (1988), [35].

^[91] The Treasury, Discussion Paper for the Review of Taxation Secrecy and Disclosure Provisions (2006), 1.

^[92] Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth) sch 1 pt 1 355‑10.

^[93] V Braithwaite, Are Taxpayers’ Charters ‘Seducers’ or ‘Protectors’ of Public Interest? Australia’s Experience (2005) Working Paper 70, Centre for Tax System Integrity.

^[94] Australian Taxation Office, The Taxpayers’ Charter <www.ato.gov.au> at 30 November 2009.

^[95] V Braithwaite, Are Taxpayers’ Charters ‘Seducers’ or ‘Protectors’ of Public Interest? Australia’s Experience (2005) Working Paper 70, Centre for Tax System Integrity, 23.

^[96] Ibid, 16–17, 23.

^[97] Indigenous Business Australia, Submission SR 64, 13 August 2009.

^[98] Australian Human Rights Commission, Submission SR 61, 10 August 2009.

^[99] Social Security Appeals Tribunal, Submission SR 79, 24 August 2009; The Treasury, Submission SR 60, 10 August 2009; Australian Taxation Office, Submission SR 55, 7 August 2009; Australian Prudential Regulation Authority, Submission SR 52, 6 August 2009.

^[100] Australian Prudential Regulation Authority, Submission SR 52, 6 August 2009.

^[101] Census and Statistics Act 1905 (Cth) s 19.

^[102] Australian Bureau of Statistics, Submission SR 28, 24 March 2009.

^[103] Australian Bureau of Statistics, Submission SR 58, 7 August 2009.

^[104] Australian Transaction Reports and Analysis Centre, Submission SR 73, 17 August 2009.

^[105] Department of Human Services, Submission SR 83, 8 September 2009; Department of Health and Ageing, Submission SR 81, 28 August 2009; Department of Families, Housing, Community Services and Indigenous Affairs, Submission SR 68, 14 August 2009.

^[106] The Treasury, Submission SR 60, 10 August 2009.

^[107] Ibid.

^[108] Department of Families, Housing, Community Services and Indigenous Affairs, Submission SR 68, 14 August 2009.

^[109] Civil Liberties Australia, Submission SR 47, 27 July 2009.

^[110] Office of the Privacy Commissioner, Submission SR 66, 13 August 2009.

^[111] Ibid.

^[112] R Fraser, Submission SR 78, 21 August 2009.

^[113] Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth) sch 1 pt 1 355‑25.

^[114] Australian Taxation Office, Submission SR 55, 7 August 2009.

^[115] Recommendation 5–1.

^[116] Aboriginal and Torres Strait Islander Act 2005 (Cth) ss 193S(3)(b); 193S(3)(d). A number of other secrecy provisions in that Act regulate when Indigenous sacred or sensitive information may be disclosed—for example, in an annual or other reports (ss 144ZB(4), 196(2)) or material laid before Parliament (ss 151, 191L). In addition, the Australian Institute of Aboriginal and Torres Strait Islander Studies Act 1989 (Cth) s 41 prohibits the Institute from disclosing information where it would be inconsistent with the views or sensitivities of relevant Aboriginal persons or Torres Strait Islanders.

^[117] Indigenous Business Australia, Submission SR 64, 13 August 2009.

^[118] T Janke, Our Culture: Our Future Report on Australian Indigenous Cultural and Intellectual Property Rights (1998), 19.

^[119] Declaration on the Rights of Indigenous Peoples, GA Res 61/295, UN Doc A/RES/47/1 (2007) art 31.

^[120] See, eg, Wilson v Minister for Aboriginal and Torres Strait Islander Affairs (1996) 189 CLR 1.

^[121] E Mackay, ‘Indigenous Traditional Knowledge, Copyright and Art—Shortcomings in Protection and an Alternative Approach’ (2009) 32(1) University of New South Wales Law Journal 1, 3. See also T Janke, Our Culture: Our Future Report on Australian Indigenous Cultural and Intellectual Property Rights (1998).

^[122] T Janke, Our Culture: Our Future Report on Australian Indigenous Cultural and Intellectual Property Rights (1998), 19.

^[123] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108 (2008), Rec 7–2.

^[124] Australian Government, Enhancing National Privacy Protection—Australian Government First Stage Response to the Australian Law Reform Commission Report 108 For Your Information: Australian Privacy Law and Practice (2009).

^[125] Australian Law Reform Commission, Australia’s Federal Record: A Review of the Archives Act 1983, ALRC 85 (1998), Recs 164, 165. Compare, however, Australian Law Reform Commission and Administrative Review Council, Open Government: A Review of the Federal Freedom of Information Act 1982, ALRC 77 (1995), [10.34] which considered, but did not recommend, a specific exemption in the Freedom of Information Act 1982 (Cth) for documents that would disclose sensitive Aboriginal and Torres Strait Islander cultural information.

^[126] Declaration on the Rights of Indigenous Peoples, GA Res 61/295, UN Doc A/RES/47/1 (2007) art 31(2).

^[127] Inspector of Transport Security Act 2006 (Cth) s 63(4); Transport Safety Investigation Act 2003 (Cth) s 53; Civil Aviation Act 1988 (Cth) s 32AP.

^[128] Explanatory Memorandum, Transport Safety Investigation Bill 2002 (Cth), 65.

^[129] Civil Aviation Act 1988 (Cth) ss 32AQ, 32AR.

^[130] Telecommunications (Interception and Access) Act 1979 (Cth) s 63.

^[131] Official Secrets Act 1989 (UK) s 4(3).

^[132] See R v Shayler [2003] 1 AC 247, [11] citing United Kingdom Government Home Office, Reform of Section 2 of the Official Secrets Act 1911 (1988), [53].