Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download Current HansardDownload Current Hansard    View Or Save XMLView/Save XML

Previous Fragment    Next Fragment
Wednesday, 8 February 2012
Page: 322


Mr STEPHEN SMITH (PerthMinister for Defence and Deputy Leader of the House) (17:20): by leave—On 16 May 2011, three contractors formerly employed at the Defence Security Authority's vetting centre in Brisbane made allegations on the ABC Lateline program concerning inappropriate security vetting practices. The vetting centre is part of the Australian Government Security Vetting Agency, which has provided security vetting for the majority of Commonwealth agencies since 2010. The former contractors alleged that while working at the vetting centre they were encouraged to insert false information into security clearance applications to enable those applications to be successfully uploaded for further security checking by the Australian Security Intelligence Organisation (ASIO).

The government has taken this matter very seriously since the allegations were brought to its attention on 16 May 2011. On 17 May 2011, I asked the Inspector-General of Defence to undertake an initial assessment to determine whether the matter should be referred for external review. Based on this initial assessment, on 27 May 2011, I recommended to the Prime Minister that she refer the allegations to the independent Inspector-General of Intelligence and Security for thorough investigation. The Inspector-General of Intelligence and Security commenced her investigation in June 2011.

On 21 September 2011, I issued a statement outlining the findings of a review undertaken by the Department of Defence's chief security officer into the management practices used in the vetting centre. The chief security officer's review was undertaken in response to requests from the Inspector-General of Intelligence and Security for information to support her inquiry. The chief security officer's review found:

inappropriate work practices were in place at the vetting centre. This related to the use of 'workarounds' to manage difficulties uploading data onto a new electronic link between Defence and ASIO. These 'workarounds' involved vetting staff entering into electronic vetting forms phrases or words to identify unclear or missing information when a security clearance applicant had not provided all of the required information;

documentation and management arrangements in place at the centre were inadequate and did not effectively record the 'workarounds'; and

almost none of the 'workarounds' had been discussed between Defence and ASIO.

The chief security officer's findings raised serious concerns around the management of security vetting within the Defence Security Authority. I made these concerns public at the time.

The Inspector-General of Intelligence and Security finalised her report late in December 2011 and I am taking my first available opportunity to table it in the House today. Evidence provided to the Inspector-General of Intelligence and Security's inquiry confirmed that the substance of the allegations by the former contractors was true: incorrect data had been inserted into the vetting process. Difficulties in uploading data led to the use by vetting staff of workarounds to address both database incompatibilities and situations where an applicant had not provided all the data required. This corrupted data was provided to ASIO and was used for security assessments.

The practice of workarounds was not confined to the three complainants; most if not all staff used workarounds to some extent. There was a wide variation in the use of incorrect data and little by way of documentation. Further, except in limited circumstances, the use of the modified data had not been agreed by ASIO. There was also no support for the suggestion that this data was used as a place marker to be corrected at a later stage.

In the course of the Inspector-General of Intelligence and Security's inquiry, other practices and incidents, unrelated to data entry, were also identified which were not consistent with good administrative practice. While there was no evidence that there had been any attempt to subvert or mislead the security clearance process, the report identifies a number of contributing factors that led to these practices, including:

inadequate management oversight, contributing to inadequate and inconsistent documentation, poor record keeping, poor management and inadequate quality assurance;

inadequate training for contractors and staff, poor maintenance of training records, and the use of staff in roles for which they had not completed their formal qualification;

delayed and inadequate systems upgrades, and poor IT systems user controls; and

sustained pressure for output.

The Inspector-General of Intelligence and Security found that the integrity of data in both the Defence Security Authority and ASIO had been undermined if not compromised. Incorrect data entered the databases and some persists today.

The Inspector-General of Intelligence and Security noted that the ASIO security assessment is but one part of a broader assessment of a person's suitability to hold such a clearance. For high-level clearances the process involves a personal interview, multiple referee checks, police record checks and often a psychological interview. This thorough assessment process is designed to pick up issues of security concern.

The Inspector-General of Intelligence and Security noted that it was not possible for her inquiry to determine whether any particular ASIO security assessment had been compromised by the provision of incorrect data. The extensive review and validation of clearances already underway will identify whether any such cases exist. So far, approximately 3,100 high-level security clearances have been reviewed and validated of around 5,300 applications made during the period. The Inspector-General of Intelligence and Security made 13 recommendations and the government has accepted them all.

In accepting all of the 13 recommendations, Defence has taken immediate action to rectify the problems identified by the Inspector-General of Intelligence and Security. These remediation efforts are focused in two areas: remediation of vetting processes, improvement of documentation and updates to information technology systems, and validation of data affected by the inappropriate work practices. Firstly, Defence has stopped all inappropriate data entry practices and is finalising agreed data entry protocols with ASIO for instances where vettees genuinely do not know, or cannot provide some information or evidence. Defence has already taken steps to strengthen the management and oversight of the Defence Security Authority and the Australian Government Security Vetting Agency. Steps have also been taken to:

centralise the control and management of vetting documentation;

ensure all managers involved in the vetting process are formally qualified;

develop a comprehensive training program to ensure vetting staff have the necessary professional skills and development;

introduce an updated electronic vetting program with a thorough program of training support; and

update the online vetting pack to reduce the need for data entry protocols to support the transmission of data to ASIO.

Secondly, Defence has commenced the careful process of checking and validating each and every one of the security assessments that were subject to the inappropriate practices.

If this validation process identifies that information has been changed without justification then the correct information will be obtained from the clearance holder and provided to ASIO under an agreed remediation strategy. This is a significant task. Care also needs to be taken not to unduly divert resources from ongoing security assessments and clearance processes.

Finally, the Secretary of Defence has written to the three former staff members who raised the allegations to acknowledge their allegations in respect of data-entry were true and to provide them with a copy of the Inspector-General of Intelligence and Security's report. The report of the Inspector-General of Intelligence and Security identified management practices and process deficiencies that do not reflect well on Defence. The report's findings provide a sound framework for addressing the shortcomings that have been identified. It has been very important not to wait for the inquiry of the Inspector-General of Intelligence and Security to be finalised before getting on with the job of addressing these problems. The review and validation process for clearances commenced in September last year.

The government will ensure that the Department of Defence fully addresses the issues identified by the Inspector-General of Intelligence and Security and that all recommendations are implemented in a comprehensive manner. Assurance of Defence's security-vetting efforts will be provided by annual audits of compliance with security-vetting policy conducted by the Defence chief audit executive for at least the next three years. The first audit will be completed by 30 June this year and its results will be published in the Defence annual report. This will provide ongoing public reporting and assurance of Defence's security-vetting practices.

The government takes its national security responsibilities very seriously. The allegations about inappropriate security-vetting practices were first brought to the government's attention on 16 May last year and by the end of May last year had been referred to the Inspector-General of Intelligence and Security. She commenced her inquiry in June. Preliminary findings of a Defence review conducted in support of the inquiry of the Inspector-General of Intelligence and Security were released publicly by me in September last year. Defence's review and validation of security clearances commenced that month ahead of the final report, which, as I have indicated, I received in late December last year. The report of the Inspector-General of Intelligence and Security presented today sets out the work Defence has already undertaken and will need to undertake to remediate the shortcomings identified by the Inspector-General of Intelligence and Security in Defence's security-vetting practices and processes.

I present Inquiry into allegations of inappropriate vetting practices in the Defence Security Authority and related matters by the Inspector-General of Intelligence and Security. I also present a letter to me by the Secretary of Defence, dated today, detailing the implementation of the recommendations of the Inspector-General of Intelligence and Security.

I ask leave of the House to move a motion to enable the member for Paterson to speak for 10 minutes on behalf of the member for Fadden.

Leave granted.

Mr STEPHEN SMITH: I move:

That so much of the standing and sessional orders be suspended as would prevent Mr Baldwin speaking in reply to the ministerial statement for a period not exceeding 10 minutes.

Question agreed to.