What conduct should be regulated?

9.33       In Chapter 6, the ALRC recommends that the general secrecy offence should cover only the ‘disclosure’ of information.[48] As discussed in Chapter 3, 85% of secrecy offences prohibit disclosing, divulging or communicating Commonwealth information. In addition, approximately 60% of secrecy offences cover conduct other than—and usually in addition to—the disclosure of information, including unauthorised soliciting,[49] receipt or possession of information,[50] as well as obtaining,[51] making a record of,[52] or using[53] information.

9.34       For example, the majority of taxation secrecy provisions refer to both the disclosure and recording of taxpayer information.[54] The Exposure Draft Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill (Tax Laws Exposure Draft Bill) proposes that it would be an offence to disclose or ‘make a record’ of taxation information. This recognises that ‘it is important not only to ensure that information is not disclosed unlawfully, but that the information is not recorded in another form that can be readily accessed by others’.[55] An example of the potential application of this offence is also provided:

In the course of her duties as a taxation officer, Stacey found herself working with the taxation files of a musical artist whom she very much admired. Stacey copied some details from the taxation files into her private diary. Even though Stacey has not disclosed that information, she has still committed an offence through the recording of the information.[56]

9.35       Section 79 of the Crimes Act also imposes criminal sanctions for conduct other than disclosure. As noted in Chapter 3, s 79 protects three categories of information. Two categories relate to information that could be described as defence and national security information, namely information:

  • ·                made or obtained in contravention of s 91.1 of the Criminal Code (Cth) (ie, by espionage) or pt VII of the Crimes Act (ie, in contravention of s 79 itself, or by ‘unlawful soundings’ prohibited by s 83); or

  • ·                relating to a prohibited place or anything in a prohibited place.[57]

9.36       Section 79 criminalises a range of conduct other than disclosure in relation to this information, including where a person:

  • ·                retains information when he or she has no right to retain it or when it is contrary to his or her duty to retain it;[58]

  • ·                fails to comply with a direction given by a lawful authority with respect to the retention or disposal of the information;[59]

  • ·                fails to take reasonable care of the information or to ensure that it is not communicated to a person not authorised to receive it or so conducts him or herself as to endanger its safety;[60] and

  • ·                receives information knowing or having reasonable ground to believe, at the time when he or she receives it, that the information is communicated to him or her in contravention of s 91.1 of the Criminal Code or s 79(2) or (3) of the Crimes Act.[61]

9.37       The espionage offences in s 91.1 of the Criminal Code also cover conduct other than disclosure. It is an offence to make, obtain or copy a record of information concerning the Commonwealth’s security or defence, or the security or defence of another country.[62] Espionage offences differ from s 79 of the Crimes Act in that it is an aspect of the offences that the information be communicated, or intended to be communicated, to another country or organisation.

Case study: R v Dowling[63]

Simon Lappas was an Intelligence Analyst with the Defence Intelligence Organisation (DIO). He had a security clearance which allowed him to access information classified as ‘Top Secret’.

Lappas had visited Sherryll Dowling, a prostitute, on several occasions. On one occasion, Lappas gave Dowling two copies of an intelligence document for her to attempt to sell to a foreign power. They made several unsuccessful attempts to sell the documents, but then informed the DIO of what he had done. The documents were recovered from Dowling’s home.

Dowling pleaded guilty to two offences against s 79 of the Crimes Act of receiving information knowing or having reasonable ground to believe, that the information was communicated in contravention of the espionage offences in the Criminal Code, or the official secrets offences in s 79 of the Crimes Act.

In sentencing, Gray J found that Dowling’s actions did not involve ‘espionage intent’. He considered that Dowling did not seek the documents, nor was she involved in planning to sell the documents; ‘rather, they were pressed upon her’. Dowling was convicted and released on condition that she pay a $2,000 bond to be on good behaviour for a five year period.[64]

9.38       As discussed in Chapter 6, some activities, where they are ancillary to a primary offence, will be covered by provisions in the Criminal Code which extend criminal responsibility to a person who attempts, aids, abets, counsels, procures or urges the commission of an offence.[65] For example, the offence of incitement may apply where a third party solicits the unauthorised disclosure of information from a Commonwealth officer.[66]

9.39       Further, other provisions of the Criminal Code may apply to some unauthorised uses of Commonwealth information. For example, the use of official information with the intention of dishonestly obtaining a benefit or causing a detriment to another person is covered by the provisions dealing with abuse of public office.[67] Unauthorised access to, or modification of, data held in a Commonwealth computer is also the subject of existing offence provisions.[68]

9.40       In DP 74, the ALRC proposed that specific secrecy offences should generally not extend to conduct other than the disclosure of information, such as making a record, receiving or possessing protected information, without justification[69] on the basis that the harm involved in such conduct is not immediately obvious, and administrative action may provide an adequate sanction in such circumstances.[70]

9.41       Recognising that, in relation to defence and security information, there is a risk that conduct other than disclosure could cause harm to essential public interests, the ALRC also proposed a new offence to be included in the Criminal Code making it an offence for a person, without lawful authority and intending to prejudice the Commonwealth’s security or defence, to:

  • ·                disclose or obtain information concerning the Commonwealth’s security or defence; or

  • ·                fail to comply with a direction given by a lawful authority with respect to the use of information concerning the Commonwealth’s security or defence.[71]

Submissions and consultations

Conduct other than disclosure

9.42       Some stakeholders agreed that secrecy provisions should focus on disclosure alone.[72] A number of stakeholders expressed the view that the mere receipt of information should not attract criminal sanctions.[73] In submissions on IP 34, other stakeholders commented that it may be sufficient to proscribe disclosure, rather than other aspects of information handling.[74] In this context, the DHS noted that:

Relevant agencies, including Medicare Australia, suggest that the absence of a prohibition on use causes no practical difficulties as other sanctions (including under the Public Service Act and the Privacy Act) apply to unauthorised collection and use.[75]

9.43       However, some government agencies submitted that conduct other than disclosure may cause harm in certain circumstances, and should be subject to criminal sanction. Commenting on the discussion in IP 34, the AGD observed that:

The conduct that should be regulated by secrecy provisions will depend upon the policy rationale and harm sought to be avoided. If harm can be caused by unauthorised handling, access or use of information, then it would seem appropriate for these actions to also be prohibited.[76]

9.44       In response to the proposal in DP 74, a number of government agencies argued that specific secrecy offences in their areas of responsibility should extend to conduct other than disclosure of information.[77] For example, the ATO submitted that taxation secrecy offences should extend to conduct such as accessing, making a record of, or receiving protected information:

The ATO firmly believes that it is necessary to maintain this level of protection over such conduct because it should be considered to be just as inappropriate to access a taxpayer’s record, out of mere personal interest … as it is to record or disclose information. Indeed, making a record of a person’s income information may indirectly result in a disclosure of that information (if the record is misplaced) and, as such, this conduct should be regulated in the same manner as disclosures.[78]

9.45       The Treasury noted that ‘criminalising the unauthorised recording of information acts as a strong deterrent’, and that such offences were important ‘given the vast amount of information held by the Tax Office’.[79]

9.46       The Australian Federal Police (AFP) made a similar argument with respect to their area of operation, submitting that:

The AFP Act regime operates in a context in which it is appropriate to criminalise making a record of prescribed information. Creating unauthorised records of information creates a serious risk of compromise to AFP information holdings. This risk is unacceptable given our role, functions and responsibilities within Government and the community.[80]

9.47       The ACC disagreed with the proposal that specific secrecy offences should generally cover only the disclosure of information. The ACC expressed concern that ‘this approach risks creating a position where a person detected preparing to make a disclosure, but not yet attempting to do so, may not be subject to a criminal sanction’:

When dealing with information that may represent a risk to personal safety, it is desirable to be able to intervene at any point in the disclosure and onward disclosure process so as to prevent harm from being done. Such intervention would be of limited effectiveness if it could not be backed up by sanctions.[81]

9.48       With respect to social security and family assistance laws, the Department of Families, Housing, Community Services and Indigenous Affairs (FaHCSIA) considered that it was important that secrecy offences continue to apply to unauthorised access to information and suggested that the term ‘obtaining’ might best describe the prohibited conduct.

FaHCSIA accepts that, in many cases, it may not be appropriate to impose a criminal penalty on a person who receives, or is in possession of protected information, particularly where they have received the information without soliciting it. However, the term ‘obtaining’ is capable of referring to someone being proactive in acquiring the protected information. It is appropriate for criminal liability to attach to a person who knowingly obtains protected information for unauthorised purposes.[82]

Proposed security offence

9.49       In relation to the ALRC’s proposed re-working of s 79 of the Crimes Act, the AGD expressed some concerns that the proposed security offence did not cover some conduct currently included in s 79, such as the retention of information, failure to comply with a lawful direction, failure to take reasonable care, and receipt of protected information. The AGD considered that these provided ‘an important protection against espionage and other unlawful access to information’ and their omission may result in weakening protection for national security information:

For example, if someone fails to comply with a lawful direction about storage of information, this could mean the information is vulnerable to those who might seek to obtain the information unlawfully.[83]

9.50       The AGD supported placing higher obligations on people who have access to this kind of information:

In view of the damage that could be caused, it is important that those who have access to such information are vigilant in ensuring it is appropriately protected at all times. Given that people who have access to such information will generally have been required to go through a rigorous security clearance process and security awareness training, it is reasonable that they be subject to these higher standards of care with respect to certain information.[84]

9.51       Other stakeholders argued that a security offence was unnecessary, given the scope of the proposed general secrecy offence, which would make it an offence to disclose information that caused, or was likely or intended to cause, harm to national security or defence.[85]

9.52       In response to IP 34, the Australian Intelligence Community (AIC) commented on the espionage offences in s 91.1 of the Criminal Code, which prohibit making, obtaining or copying certain information:

This formulation provides scope to prevent espionage activities or possible unauthorised disclosures of national security-classified information that would not be possible if the provision was limited to the disclosure itself. Without the current formulation, a person could only be prosecuted after they had committed the act of espionage or unauthorised disclosure of information. By that time, any damage to national security would have occurred.[86]

ALRC’s views

9.53       In accordance with the ALRC’s framework for the reform of secrecy provisions, specific secrecy offences should be confined to circumstances where they are necessary to protect essential public interests.[87] The ALRC considers that, in most cases, harm is only likely to be caused by the disclosureof information, but acknowledges that there may be contexts that justify applying criminal sanctions to other conduct.

9.54       For example, the espionage offences in the Criminal Code cover conduct other than disclosure, including copying or obtaining information. Importantly, however, these provisions also require an intention to deliver the information to another country or foreign organisation, and an intention to prejudice the Commonwealth’s security or defence, or advantage another country’s security or defence. In the ALRC’s view, these provisions are warranted because they are limited to the national security context and clearly indicate the essential public interest they are seeking to protect.

9.55       Similarly, s 79(2) of the Crimes Act, which covers the unauthorised retention of information and the failure to comply with a direction with respect to the disposal or retention of information, require that the person engaging in the conduct act with ‘the intention of prejudicing the security or defence of the Commonwealth or part of the Queen’s dominions’. However, the other offences in s 79 do not require an intention that the conduct cause harm to security or defence.

9.56       In the ALRC’s view, criminal offences for conduct other than disclosure in relation to security or defence information may be justified by the sensitive nature of the information and seriousness of the damage that may result from the misuse of the information. However, the ALRC considers that these offences should expressly require that the conduct did, or was likely or intended to, damage the security or defence of the Commonwealth.

9.57       There appears to be no justification for retaining the offences of receiving information currently set out in s 79(5) and (6) of the Crimes Act. It is difficult to identify any harm that may be caused by the mere receipt of information, particularly as there is no need to show that the person intended to use the information in any way. Where there is an intention to use the information, an ancillary offence, such as aiding and abetting or procuring the commission of an offence, may apply. The Official Secrets Act 1989 (UK) does not make receipt of official information an offence.

9.58       In the context of law enforcement, it may also be appropriate to impose criminal sanctions for conduct other than disclosure. Again, such offences should include an express requirement that the conduct cause, or is likely or intended to cause, harm to an essential public interest—for example, where the conduct is likely to prejudice the prevention, detection, investigation, prosecution or punishment of criminal offences.

9.59       However, in relation to personal and commercial information, the ALRC is not persuaded by arguments that other conduct—such as accessing or making a record of information—without more, is sufficient to warrant criminal penalty. Although such conduct may be preliminary to unauthorised disclosure, without more this kind of behaviour is properly an internal disciplinary matter and should be dealt with through the imposition of administrative sanctions.

Recommendation 6–3               Specific secrecy offences should not extend to conduct other than the disclosure of information—such as making a record of, receiving or possessing information—unless such conduct would cause, or is likely or intended to cause, harm to an essential public interest.

[4]           See, eg, National Health Act 1953 (Cth) s 135AAA.

[5]           See, eg, Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) s 123.

[6]           See, eg,  Taxation Administration Act 1953 (Cth) s 13J.

[7]           See, eg, Inspector of Transport Security Act 2006 (Cth) s 35(7); Epidemiological Studies (Confidentiality) Act 1981 (Cth) s 4.

[8]           See, eg, Aged Care Act 1997 (Cth) s 86-5; Crimes Act 1914 (Cth) s 3ZQT.

[48]         Recommendation 6–3.

[49]          See, eg, A New Tax System (Family Assistance)(Administration) Act 1999 (Cth) s 165.

[50]          See, eg, Defence (Special Undertakings) Act 1952 (Cth) s 9(2); Crimes Act 1914 (Cth) ss 79(4)–(6), 83.

[51]          See eg, A New Tax System (Family Assistance)(Administration) Act 1999 (Cth) s 163.

[52]          See, eg, A New Tax System (Australian Business Number) Act 1999 (Cth) s 30.

[53]          See, eg, Aged Care Act 1997 (Cth) s 86-5.

[54]         See, eg Taxation Administration Act 1953 (Cth) s 8XB; Income Tax Assessment Act 1936 (Cth) s 16(2).

[55]         Explanatory Material, Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth), 24.

[56]         Ibid, 24.

[57]         Crimes Act 1914 (Cth) s 79(1)(a),(c). ‘Prohibited place’ is defined in Crimes Act 1914 (Cth) s 80 and includes defence property and installations.

[58]         Crimes Act 1914 (Cth) ss 79(2)(b), 79(4)(a).

[59]         Ibid ss 79(2)(c), 79(4)(b).

[60]         Ibid s 79(4)(c).

[61]         Ibid ss 79(5), 79(6).

[62]         Criminal Code (Cth) ss 91.1(3), 91.1(4).

[63]         Transcript of Proceedings, R v Dowling, (Supreme Court of the Australian Capital Territory, Gray J, 9 May 2003).

[64]         Ibid. Lappas was convicted of offences against ss 78(1)(b) and 79(3) of the Crimes Act 1914 (Cth). Section 78(1)(b) has since been repealed and a similar offence enacted in s 91.1(4) of the Criminal Code (Cth). On appeal, he was sentenced to two years imprisonment for the offence against s 78(1)(b) and six months for the offence against s 79(3): R v Lappas (2003) 152 ACTR 7.

[65]         Criminal Code (Cth) pt 2.4.

[66]         Ibid s 11.4.

[67]         Ibid s 142.2.

[68]         Ibid ss 477.1, 478.1.

[69]         Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Proposal
10–5.

[70]         Ibid, [10.94].

[71]         Ibid, Proposal 12–2.

[72]         Liberty Victoria, Submission SR 50, 5 August 2009; Civil Liberties Australia, Submission SR 47, 27 July 2009.

[73]         L McNamara, Submission SR 51, 6 August 2009; Public Interest Advocacy Centre Ltd, Submission SR 38, 9 March 2009; Law Council of Australia, Submission SR 30, 27 February 2009; The Treasury, Submission SR 22, 19 February 2009; Australian Press Council, Submission SR 16, 18 February 2009.

[74]         Law Council of Australia, Submission SR 30, 27 February 2009; Department of Human Services, Submission SR 26, 20 February 2009; Australian Prudential Regulation Authority, Submission SR 12, 13 February 2009.

[75]          Department of Human Services, Submission SR 26, 20 February 2009.

[76]         Attorney-General’s Department, Submission SR 36, 6 March 2009.

[77]         Department of Health and Ageing, Submission SR 81, 28 August 2009; Australian Intelligence Community, Submission SR 77, 20 August 2009; Australian Crime Commission, Submission SR 75, 19 August 2009; Australian Federal Police, Submission SR 70, 14 August 2009; Department of Families, Housing, Community Services and Indigenous Affairs, Submission SR 68, 14 August 2009; The Treasury, Submission SR 60, 10 August 2009; Australian Taxation Office, Submission SR 55, 7 August 2009.

[78]         Australian Taxation Office, Submission SR 55, 7 August 2009.

[79]         The Treasury, Submission SR 22, 19 February 2009.

[80]         Australian Federal Police, Submission SR 70, 14 August 2009.

[81]         Australian Crime Commission, Submission SR 75, 19 August 2009.

[82]         Department of Families, Housing, Community Services and Indigenous Affairs, Submission SR 68, 14 August 2009.

[83]         Attorney-General’s Department, Submission SR 67, 14 August 2009.

[84]         Ibid.

[85]         R Fraser, Submission SR 78, 21 August 2009; Liberty Victoria, Submission SR 50, 5 August 2009; Civil Liberties Australia, Submission SR 47, 27 July 2009.

[86]         Australian Intelligence Community, Submission SR 37, 6 March 2009.

[87]         The ALRC’s framework for reform of secrecy provisions is set out in Ch 4.