26 Aug 2019
Balancing secrecy and openness: getting it right and getting it wrong
The following is an address given by Michael Shoebridge to the Press Freedom Summit in Sydney, September 2019
Balancing the protection of sensitive information against openness is a perennial challenge for governments and their national security agencies. Too little disclosure damages public trust in institutions. Too much undercuts important capabilities that keep Australians safe.
At a time of declining public trust in all kinds of institutions – government, corporate and private – getting the balance between openness and secrecy right is essential, if government agencies are to retain the ‘licence to operate’ from the public and the parliament.
The public need to know that Australia’s national security agencies operate ethically and legally.
This includes ensuring that the steps taken to secure information about what they do and how they do it are necessary to their effective operation, as well as ensuring that what can be disclosed about their functions and purposes is disclosed.
Public trust is a valuable commodity and it must be built and retained. Like reputations, it is hard to build and easy to damage.
The national security community in Australia operate within a body of governance, that includes the laws, regulations and policies applicable to other Australian citizens, and to public servants, as well as some specific legal frameworks – like the ASIO Act and the Intelligence Services Act.
This framework involves accountability to—and direction by—Ministers, and accountability through Ministers to Parliament and the people of Australia.
In addition, in the case of intelligence agencies, there is a powerful Inspector-General for Intelligence and Security who has extensive powers of investigation and access whose role is to ensure the ethical and legal operation of these agencies. The current Inspector General is former Federal Court Judge Margaret Stone.
A forensic, independent, intellectually capable and well-resourced IGIS is an important way of ensuring that national security agencies operate as intended within our democratic framework of institutions and laws.
National security involves the protection of a nation state, its people, institutions and interests from threats from state and non-state sources that might affect its ability to function in the way its people and government desires.
National security agencies’ focuses range from measures to provide for the defence of Australia, its people and interests, through border protection and threats from non-state actors like terrorists and transnational criminal networks. Cyber security, counter espionage and countering foreign interference fall within the responsibilities of Australia’s national security agencies.
Foreign and defence agencies are key to this, as are law enforcement and intelligence agencies.
The changing international environment and the effects of technological change and globalization have brought closer and closer connections between domestic security and international security. However, the guiding principles Justice Hope’s Royal Commissions in the 1970s established for organizing the intelligence community remain.
A core principle is that there is a distinction between foreign and domestic security and intelligence, and agencies like the ASD and ASIS are focused on foreign intelligence collection, while domestic security has clear lead agencies – ASIO and the AFP.
Cyber security is the most obvious example of domestic and international environments getting closer, as it allows state and non-state actors to create effects and conduct activities within others’ domestic systems and territories without ever stepping foot there.
There is also a protective role that ASD plays in cyber security – providing advice and assistance to protect government and corporate networks within Australia – notably through the Australian Cyber Security Centre.
It’s true everyone lives in interesting times, so our world is not uniquely troubled when compared with past times – like the period of the Cold War when the threat of catastrophic nuclear war was real.
However, the speed and intensity of threats from terrorism, transnational crime and the defence and intelligence activities of sophisticated state actors has increased with a more interconnected, globalized and technologically-based world. This has added an urgency and difficulty to measures to protect Australians and their national security.
The close connection of domestic and foreign also enables new methods for old activities – like foreign states interfering in domestic functioning – whether of critical infrastructure and institutions or even of domestic debate and decision making. This is a reason for the enactment of the new Foreign Interests Transparency laws by the Commonwealth Parliament, for example.
Why is national security information classified?
Because keeping certain information secure provides advantage against state and non-state actors who do not share Australian interests and who may seek to harm Australians or act against our interests.
And because revealing such classified information outside the secure boundaries of the people, systems and facilities that hold it could cause damage to Australia’s national interests, organisations or individuals.
Claims of classification can be tested in tribunals and courts, with a ‘Top Secret’ label not being enough – the substance of the material itself needs to be classified.
Embarrassment is not a ground for classification.
Done well, national security enables democracy as it protects our people and our democratic institutions from coercion and allows us to operate a free and open society governed by parliament and law in an environment of healthy, open debate.
Examples of things that are almost certain to cause damage to national security if leaked include:
- Revealing that Defence can counter particular types of IEDs would result in types of IEDs being manufactured that were harder to counter, and so expose members of the ADF to risk of casualties or death in places like Afghanistan and Iraq.
- Revealing the capabilities of the Joint Strike Fighter would enable potential adversaries to counter it and so be more confident in using their military power against Australia and our allies and partners who also operate the JSF. This would reduce the deterrent power of our militaries, which can make conflict more likely.
- Revealing knowledge of an emerging terrorist attack would allow the planners to change plans or avoid arrest.
- Revealing knowledge of an espionage network and its activities in Australia would allow the state operating it to change its activities and prevent its disruption—as well as empowering the foreign state to know where its activities remain covert.
Trust that Australian agencies can keep classified information secure is essential to intelligence sharing partnerships and to accessing advanced technologies and methods.
Sources and methods need protection if they are to remain effective.
Sources include humans whose life or liberty would be at risk if their identities were revealed.
Similarly, the identities of members of intelligence agencies like ASIO or ASIS need to be protected because revealing them would expose them to the risk of coercion, blackmail or violence – by state actors or by non-state actors like terrorists or transnational criminal networks. Their activities require them to be covert to be effective – in penetrating terrorist or espionage networks for example.
Methods can include things like techniques for breaking encryption or accessing others’ classified information, as well as methods for defeating others military or intelligence capabilities. Revealing them results in the methods being ineffective and so reduces national capability.
The underlying principle for establishing whether something is classified or not is whether its compromise or release would damage Australia’s national interests, institutions or people, with higher classifications relating to the gravity of damage from compromise.
Damage can be greater when the value of the source or method is higher.
Judgements about likely damage and whether there is wrongdoing or unethical behavior are best reached collectively, as we are all prisoners of our own experience and views. Officials with security clearances must remember that they do not own the information they have been entrusted with, so it is not theirs’ to leak.
Nevertheless, there is a distinction between classified matters and matters of public policy about the purpose and administration of national security agencies.
Were the roles or functions of intelligence agencies to be changed, to me this would be a matter of high public policy interests that would require public and parliamentary discussion and debate. It would also require the balance between privacy and security to be assessed and understood.
We saw exactly this happen over the course of the defining Royal Commissions that Justice Hope conducted into the structure, purposes and operations of Australia’s intelligence agencies.
I think it would be entirely appropriate for discussion and consideration of agency roles to occur within the agencies themselves or through reviews like that being conducted by former Secretary Richardson at present - but any actual proposals for change would be matters for the government of the day, and would involve parliamentary (including by the PJCIS) and public discussion and debate if they were being seriously considered – this would be necessary in any case as it would almost certainly involve legislative change.
The current parliamentary inquiry into press freedoms and classified information revolves around leaked national security being provided by officials to journalists.
A complementary area for inquiry and debate is how to achieve a more open approach to public disclosure by Australia’s national security agencies. This is about information leaving through the front door, not the back door.
Officials must have policy and legal incentives and permissions to disclose what they can, while protecting genuine secrets.
As an example, the Australian Defence organisation has struck this balance differently at different times over its history. Since the first principles review in 2016, in my view, the Defence organisation has come to view disclosure of information about its operations, policies and projects as just creating risk, and so is reluctant to release anything not required by law.
A high point of this is a recent quarterly performance report of Defence’s acquisition organisation—which uses so much black ink to censor the text that a toner warning and reorder form should accompany the link to the document.
Much of the inked-out material on project implementation challenges and issues would be provided publicly in answers by Defence officials to senators’ questions at any estimates committee hearing. But it seems none of this can be provided to the public through an FOI process—an odd and telling indicator of the risk-averse mindset now governing Defence’s public engagement.
And a lot of very similar information to that behind the wall of black ink will almost certainly be in the next major projects report from the Australian National Audit Office. Defence has less discretion to say no to the ANAO than it does when dealing with a member of the public or a journalist.
My view is that there is a need to reinvigorate a healthy disclosure culture within government agencies so that the spirit of frameworks like the FOI Act is delivered on by its operation. Such a reinvigoration needs to be led by Ministers – and by the Secretaries and senior leadership of the government agencies themselves.
It involves recognizing that the benefits of transparency are high. While risks need to be understood, so do the benefits of strong public understanding and trust in government institutions and their operation.
I know from personal experience that the culture of compliance with the legal and ethical framework is strong within our security agencies.
But I also recognise that reinvigoration of important principles is necessary from time to time to drive behaviours. In my view, it is time to reassert the priority of healthy public disclosure. It helps journalists and officials understand issues and perspectives without breaching classification rules, and so helps set important behaviours and understandings.
Given the rise of authoritarian powers in the world, with very active repressive security and intelligence regimes who, as the European Commission noted in March this year, pose a systemic challenge to the liberal democratic model, it’s more important than ever that we invest in the functioning of our open democratic system.
So Australia needs to model the values and principles we see as important – and open debate and accountability before Parliament, the law and the public are key here. As is a strong independent media with capable, inquiring journalists.
A strong security culture operates best when it is combined with a health disclosure culture.