A private company tasked with security vetting government officials has four foreign-born directors, raising concerns about government oversight of its vetting program.
But the Defence Department says none of the companies involved are foreign-owned, nor has it identified issues with their foreign engagement.
The Australian Government Security Vetting Agency's management of the years-long backlog of security clearances and the practices of the 22 contractors used to dig into the pasts of officials is under scrutiny, after it was revealed contractors use commercial couriers due to cybersecurity concerns.
In a hearing this week, Labor MP Julian Hill revealed AIM Screening, one of the companies that does top-level positive vetting, had two directors born and living in the United States, a director born in Britain living in Australia and a director born in China and living in Australia. But an official assured Mr Hill that the company had met Defence's requirements.
In a tense and confusing exchange, one of the department's assistant secretaries, Daniel Fortune, said foreign-born and foreign-resident directors could be considered an "issue identified with foreign engagement", but foreign citizens could be on the staff at a security-vetting company if they were not involved in the vetting process.
The vetting process ensures public servants' pasts can be verified and they aren't vulnerable to blackmail or coercion.
Highly sensitive personal information is required to be revealed and verified in the clearance process, including sexual history, financial history and drug use, and Mr Hill is concerned information could fall into the wrong hands, through lax oversight or poor cybersecurity and document-handling practices. He has called for the process to be brought back under government control.
"Quite simply, top-secret security-clearance checks should be a core function of government, not given to mysterious private contractors," Mr Hill said.
"Sensitive personal information of Australia's most senior public servants, including sexual behaviour, financial, medical, drug and alcohol issues, is being whizzed around by Toll couriers to private contractors."
While the vetting companies aren't allowed to retain hard copies of documents about officials, lists of people interviewed in relation to clearances can be kept on private IT systems for 90 days after a check has been completed. Mr Fortune said the companies kept only "disaggregated information".
By the end of Tuesday's hearing, the public accounts and audit committee's chairman, Liberal senator Dean Smith, joined Mr Hill and Labor MP Gai Brodtmann in expressing frustration at the answers given to their questions.
Mr Hill is incensed by Defence, after it took three months to answer questions taken on notice.
"For six months, the government has failed to explain why private contractors retain information in their firms including lists of people spoken to during security clearances," he said.
"For six months, the government has failed to explain how contractors comply with minimum cybersecurity standards. Things would be much safer if the most sensitive checks were conducted by Department of Defence officials not mysterious private contractors."
The Australian Government Security Vetting Agency is in the middle of reforming its panel of contractors for security vetting, removing the option for companies to only work on clearances at lower levels, and requiring companies to be available to work across the whole country.