In the age of terror, rights and freedoms are being inexorably eroded in the name of national security. In April, the federal government's data retention laws came into effect, compelling telecommunication companies and internet service providers to retain metadata on their customers' usage for two years.
Just last month, Prime Minister Malcolm Turnbull announced the government's intention to enact legislation that would oblige Facebook and WhatsApp to give Australian security agencies access to encrypted messages. Together with the extension of the military's power to intervene in domestic terrorist incidents, and the contemporaneous transfer of several security agencies to the Immigration Minister's portfolio, these events continue the trend away from government transparency in the name of public protection.
Agencies can bandy about the term 'national security' to circumvent many procedural fairness requirements, and this is perhaps no more salient for public servants than in relation to security clearances. To be engaged by the APS, it is often a requirement that one holds a security clearance, or is able to obtain one within a reasonable time. Security clearances comprise four classifications, from lowest to highest clearance: baseline (protected), negative vetting levels 1 (secret) and 2 (top secret), and positive vetting (all).
The Australian Government Security Vetting Agency is responsible for reviewing security clearance applications, vetting individuals and granting security clearances for workers in all APS departments other than in certain agencies which conduct their own. The application process is invasive and protracted, the more so the higher the classification applied for. Benchmark timeframes range from one month for baseline to six months for positive vetting.
To obtain a security clearance, an individual also needs to be sponsored by an agency, which causes headaches for those trying to break into the APS without one. The Australian Public Service Commissioner has stated that "potential candidates should not be excluded from applying for a vacancy in the APS on the basis that they do not hold a security clearance", to ensure that "all eligible members of the community are given reasonable opportunity to apply". However, this has not prevented agencies from requiring a current security clearance when advertising for vacancies.
Perhaps the more vexing question concerns the dearth of options available to public servants or prospective public servants in the event of an adverse security clearance decision. As a security clearance file contains personal information, an individual is entitled to access its contents under the Privacy Act and Freedom of Information Act. However, any request for disclosure of such material is subject to exceptions, including one exemption that precludes the release of documents that "would, or could reasonably be expected to, cause damage to the security of the Commonwealth".
This provision has been tested in a number of cases, and unfortunately for those who have recently had security clearances denied or revoked, both the Office of the Australian Information Commissioner (which decides the matter at first instance) and the Administrative Appeals Tribunal (the first-tier appellate body) have fallen down strongly against disclosure.
Their reasoning is that documents which constitute the security clearance material would almost always reveal the nature of the tests administered, the questions asked of referees and the methods used by the AGSVA to gather information about the clearance subject. This, in turn, would disclose the kinds of characteristics that are relevant to assessing suitability for clearance, which people with devious machinations contrary to the "national interest" could then use to subvert the vetting process. If the vetting process was compromised and clearances were inadvertently granted to undesirables, the Commonwealth's ability to protect sensitive information would be diminished. And then if sensitive information were to end up in the wrong hands, it could reasonably be expected to cause damage to the security of the Commonwealth. The logic is sound.
But what is the 'security of the Commonwealth'? The legislation defines it as "matters relating to the detection, prevention or suppression of activities, whether within Australia or outside Australia, subversive of, or hostile to, the interests of the Commonwealth or of any country allied or associated with the Commonwealth". In other words, it is anything that damages the Commonwealth's interests. Those interests are ever-changing and lack precise definition.
This leaves career APS employees in an unfortunate position. If the AGSVA comes across adverse information about them and cancels their security clearance as a result, it is very unlikely that they will ever be able to find out what was said about them, or by whom. Under section 33 of the Public Service Act a public servant can seek primary review of the decision to cancel the security clearance, although the utility of that process is debatable – agencies rarely seem willing to override their own decisions, especially those shrouded in a thick cloud of mystique.
The only recourse remaining is to commence proceedings in the Federal Court of Australia, for either disclosure of the documents under the Freedom of Information Act, or judicial review of the clearance decision under the Administrative Decision (Judicial Review) Act. Yet one could understand the hesitation in staking tens of thousands of dollars on the chance to have a decision remade on the basis of unseen documents.
The better alternative would be for the Privacy Commissioner and the AAT to be braver about releasing material that is not likely to reveal much about the AGSVA's processes – surely a great deal of the presumptive harm could be avoided through the prudent use of redaction. As it stands, a person's APS career can be easily destroyed by a scurrilous antagonist, whose identity remains undisclosed. Does the affected individual not deserve some protection?