Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Blick report into DSD and East Timor leak investigations.

Download PDFDownload PDF

MEDIA RELEASE SENATOR THE HON ROBERT HILL Minister for Defence Leader of the Government in the Senate


Thursday, 10 July 2003 88/2003


The Inspector-General of Intelligence and Security, Mr Bill Blick, has found claims that the Government eavesdropped on Labor’s former foreign affairs spokesman Laurie Brereton as part of an investigation into leaked intelligence about East Timor are without foundation.

Mr Blick investigated the activities of the Defence Signals Directorate in relation to leak investigations carried out by the Department of Defence and the Australian Federal Police in 1999-2001.

Mr Blick found: • DSD provided technical and other assistance, including accommodation, to the leak investigation. • This assistance did not extend to providing access to DSD’s overseas collection

capabilities and the investigation team did not seek such access. • Although the investigation team had an interest in obtaining information about domestic telecommunications, it pursued this with the Australian Security Intelligence Organisation, not DSD. • DSD has no capacity to intercept communications passing over the domestic

network. • The investigation team did not ask DSD to seek assistance from international partner agencies and DSD did not do so.

Mr Blick conducted the investigation after media suggestions in April this year that DSD monitored Mr Brereton’s or his staff’s communications and that DSD might have asked an overseas agency to monitor Mr Brereton’s communications because it was illegal for DSD to do so.

DSD collects foreign signals intelligence including, in certain limited circumstances, intelligence about the foreign communications of Australians. Its collection activities in relation to the communications are strictly regulated under the Intelligence Services Act 2001.

It is the usual practice of successive Governments not to comment on security and intelligence matters. However, today I am releasing Mr Blick’s unclassified report to set the record straight about misleading media reports.

I would like to thank Mr Blick for his work on this inquiry. It highlights the importance of the arrangements for independent oversight of the work of our security and intelligence agencies.

Mr Blick has sent a copy of his report to Mr Brereton.

Media contacts Catherine Fitzpatrick (Senator Hill) 02 6277 7800 0405 351 245

Report by the Inspector-General of Intelligence and Security into allegations that the Defence Signals Directorate illegally or improperly intercepted the communications of Mr Laurie Brereton and others











Background 1. This inquiry came about as a result of allegations in the Australian media relating to DSD cooperation with an investigation into leaks of intelligence material in 1999-2000.

2. The allegations were summarised in an article in The Australian newspaper on 30 April 2003, which stated that: The nation’s most powerful spy agency, the Defence Signals Directorate, eavesdropped on Labor’s former affairs spokesman, Laurie Brereton, as part of an investigation into material leaked on the East Timor militia rampages in 1999, a report claims.

3. The article from which the above quotation was taken referred to a piece in The Bulletin magazine of 6 May∗, headed OPERATION BRERETON.

4. This was an account of an episode said to have occurred during an investigation by the Australian Federal Police (AFP) into leaks of intelligence material about East Timor.

5. According to The Bulletin, the AFP wanted to: install a listening device in the Parliament House switchboard and listen to the calls of Brereton, his adviser Dr Philip Dorling and his receptionist. Unable to obtain permission to do so itself, the AFP asked the Australian Security Intelligence Organisation (ASIO) to assist.

6. The article says that ASIO refused the request: But the plot thickened: in the course of the investigation, it appears recourse was made to intelligence obtained by foreign governments. Because of its sensitivity, some of the investigators looking at Brereton’s office formed a secret task force and set up an office in the Canberra HQ of the Defence Signals Directorate, Australia’s eavesdropping agency.

7. Although this article did not, in fact, claim that DSD monitored Mr Brereton’s or his staff’s communications, that was the interpretation placed upon it by commentators in other media outlets as exemplified by the quotation at paragraph 7. There were also suggestions that DSD might have asked a cooperating agency overseas to monitor Mr Brereton’s communications because it would have been illegal for DSD to do so itself.

8. In view of this widespread perception I concluded that an independent investigation was warranted. Accordingly I decided to conduct an inquiry, as provided for under subsection 8(2) of the Inspector-General of Intelligence and Security Act 1986 (IGIS Act).

∗ Actual date of publication was 30 April

Object and scope of the inquiry

9. The IGIS Act provides the Inspector-General with powers equivalent to those of a royal commission for the purpose of conducting inquiries into the activities of Australia’s intelligence and security agencies.

10. The object of the inquiry was to establish whether DSD had engaged in any improper or illegal activity in relation to Mr Brereton or his staff, including monitoring or attempting to monitor their communications.

11. This inevitably involved examining all relevant surrounding circumstances, including the conduct of investigations into leaks of intelligence material, as described below.

Inquiry methodology

12. As is customary with inquiries under the IGIS Act, I first sought comments from the head of the relevant agency ie the Director, DSD. Mr Merchant replied, inter alia, that: The claims by the media that DSD monitored the communications of Mr Brereton or his staff are totally without foundation, as are the allegations that DSD attempted to gather information on Mr Brereton or

his staff through its international partners.

13. The Director also informed me that the Defence Department’s Defence Security Branch (DSB) and the AFP were responsible for conducting the investigation into the 1999 leaks of intelligence material about East Timor. He said that the joint DSB/AFP team was located within DSD headquarters in order to allow it access to the highly classified material that had been the subject of the original leaks. The team did not have the ability or the authority to task the signals intelligence system.

14. DSD still had custody of the files of the leak investigation and the inquiry accessed these.

15. The inquiry also accessed the draft and final reports compiled by the leader of the Defence side of the investigation and the separate AFP report prepared at the conclusion of the investigation.

16. The Director, DSD at the time of establishment of the investigation was Mr Martin Brady, who left DSD in September 1999 and has since retired. I obtained from him a written account of his recollection of the circumstances of the location of the investigation team in DSD premises and whether the team made or sought to make any use of DSD collection capabilities.

17. The inquiry obtained an affidavit from Mr Ron Bonighton, who succeeded Mr Brady in September 1999 and affidavits from four DSD staff who would have been responsible for processing any requests to overseas agencies for assistance in relation to the investigation.

18. I took sworn evidence from the head of DSB at the time of the investigation, the person engaged as a consultant by DSB to lead the team conducting the investigation and from the DSD officer who was primarily responsible for assisting the investigation team while it was located in DSD premises.

19. The inquiry also obtained a statement from an ASIO officer about an incident in which an officer involved in the investigation asked whether ASIO could obtain a warrant to intercept the telecommunications of possible recipients of leaked material.

20. The results of the inquiry are summarised below.

Operation Arbite/Keeve

21. In April 1999 the Secretary of the Department of Defence tasked the Defence Security Branch of the department (DSB) to investigate the leak of a Defence Intelligence Organisation (DIO) document relating to East Timor that had been the source for media reporting.

22. The task fell to a special investigation unit that DSB had just established following a direction from the Secretary that all leaks of classified information be investigated.

23. More leaks in subsequent weeks led to further tasking and in June 1999, with the investigation becoming wider and more complex, DSB engaged a consultant to lead the investigation, which became known as Operation Arbite.

24. Also in June, DSB approached ASIO for assistance with the investigation and ASIO agreed to help. The Director-General of Security informed the Attorney-General of this.

25. In July 1999 DSB also sought assistance from the Australian Federal Police (AFP), which had separately been investigating leaks of other sensitive Timor-related material at the request of another agency in an operation known as Keeve.

26. The AFP continued with Operation Keeve, while also providing advice and assistance to Operation Arbite. 27. In August 1999 DSB engaged a second consultant to assist its investigation.

28. In October 1999, with the original Keeve investigation drawing to a close, Defence decided that it was desirable to retain AFP involvement and arranged for its minister to refer additional leaks to the AFP through the Minister for Justice and Customs.

29. In December 1999 the DSB and AFP investigations were combined into a joint operation, which effectively concluded early in 2001. In its latter stages the investigation was under AFP control and direction although the consultants referred to at paragraphs 23 and 27 remained part of the investigation team and, as noted at paragraph 15, the first consultant produced a final report for DSB.

30. It is not possible to describe in an unclassified report specific details of the investigative methodologies applied by the Arbite/Keefe investigations. In general terms, however, they involved: a. identifying the likely documentary sources of the large number of media reports apparently relying on classified information; b. establishing, so far as possible, who would have had access to the documents; and c. identifying and following up likely connections between people with access to the documents

and those who made public use of the classified information, such as journalists.

31. On 15 December 1999, at a meeting attended by ASIO, a member of the team asked whether ASIO was able to assist the investigation by obtaining a warrant to intercept certain telephone services at Parliament House.

32. The ASIO representatives replied in the negative and provided a report to the Director-General of Security. The Director-General annotated the report saying, inter alia: It is important that the AFP and Defence understand that, unless there is relevance to our functions under the Act, we cannot engage in such activity.

33. The Director-General subsequently directed that, since it had become clear that the investigation did not raise security intelligence issues, ASIO should have no further role in the investigation.

34. In due course the Arbite/Keeve team’s work led it to tentative conclusions about possible involvement of particular individuals in the transmission of classified information.

35. In September 2000, consequently, the AFP obtained and executed search warrants on premises associated with people whom the team had identified.

36. By the time the investigation concluded in 2001 it had identified to its satisfaction at least one person as a source of leaked classified material and one or more likely means whereby such material had found its way into the public domain.

37. The consultant appointed to head the Arbite operation and the responsible AFP officer both prepared detailed reports of the investigation, including recommendations for further action, both in relation to individual personnel and at the systemic level.

DSD involvement

38. At the time of establishment of the Arbite investigation the officer in charge of DSB approached the Director, DSD (Mr Brady) who offered DSD assistance.

39. The Director agreed that the leader of the Arbite team could be located on DSD premises and be provided with certain facilities. He instructed the DSD security officer to provide any necessary assistance.

40. The file document containing the nearest thing to a description of the arrangements is a note from the head of DSB in May 1999, seeking cooperation from the Director, DIO. The note says: The investigation is being undertaken with the assistance of DSD for those distribution systems under its control. The reference to distribution systems is evidently to the systems whereby DSD disseminates its product, either electronically or in hard copy.

41. In the absence of further details on file the inquiry asked each of those involved what they could recall of the reasons for DSD providing such assistance. Their accounts provided the following reasons: a. the investigation would require access to material with the highest classification as it would be necessary to examine a range of documents, including DSD-sourced documents, to determine

the origins of the leaked information. DSD premises are highly secure and suitable for storage of such material and DSB did not have available accommodation with this level of security; b. the team leader would need ready access to DSD personnel who were familiar with the arrangements for creating and distributing DSD product; c. the team would also have access to DSD’s considerable in-house expertise in information

technology to assist in analysing the material it accumulated; d. there were space restrictions within DSB premises; and e. it was necessary for security reasons to restrict knowledge of and access to the activities of the investigation, even to the extent of segregating it physically from other DSB activities. Since

DSD appeared a less likely source of the leaks than other agencies, location in DSD improved the chances of the investigation not becoming known to possible perpetrators.

42. From June 1999 the Arbite team leader was located in an office adjacent to that of the DSD security officer. DSD provided him with a stand-alone computer and printer and a secure telephone. The other members of the team were in another Defence building close by.

43. Plans for demolition of this building led in March 2000 to a request for the balance of the team to be located in DSD premises. A file note records that accommodation would be needed for 2 case officers, 2 investigators and an analyst and that the Arbite team leader could continue to work from the DSD security office.

44. The note also records the equipment for which accommodation would be needed. This included a dedicated local area network, several stand-alone computers and a computer linked to the AFP by modem.

45. DSD provided the requested accommodation and facilities and the team moved in in April 2000.

46. DSD also provided some assistance from members of its staff: • The DSD security officer, who was familiar with DSD systems and personnel, acted as a liaison point between the team and DSD: and • Several DSD personnel with analytical and information technology skills, including IT

security specialists, assisted with analysis of data the team obtained and provided audit information from DSD’s report distribution systems.

47. A statement to the inquiry from one of these specialists describes how he received data from the team, processed the material and copied the results of his analysis to floppy disk because the team had no access to DSD’s computer systems. At the conclusion of the exercise he removed all data from the DSD computer systems.

48. Another specialist described in his statement how his primary role was to provide responses to requests from the investigation team for audit records of DSD’s IT-based systems for delivery of its end product reports. He also helped the team understand the report delivery systems and how the auditing records were processed.

Use of DSD signals intelligence collection capability

File records

49. There is no evidence or suggestion on the investigation files of any use, or proposed use, of DSD’s signals intelligence collection facilities to target the communications of Mr Brereton, members of his staff or, indeed, anyone.

50. There was, however, material on the files and in the reports referred to at paragraph 37 to lend weight to the view that such action was never contemplated and, if contemplated, would not have taken place.

51. The file that contains records of meetings, consultations and briefings about the investigation has several documents that, at various times during the investigation, discussed the lines of inquiry the investigation was pursuing, the methods it was using and what the next steps might be.

52. Some of these documents included discussion of the concept and practicalities of obtaining warrants, including telecommunications interception warrants. Had there been any thought that DSD’s interception capabilities might be useful to the investigation one would expect there to be references to it in these documents.

53. The files also contain records of specific requests to DSD for assistance with analysis of data and audit material and the results of the analysis. Had DSD been using its interception capabilities to assist the investigation, similar records would need to have been generated.

54. The reports compiled after completion of the investigation by the AFP and the DSB consultant (see paragraph 23) both alluded to the proposals during the investigation to seek telecommunications interception warrants and the reasons for not pursuing such warrants. In addition, they described in detail the other methodologies and lines of inquiry considered and used during the investigation. Again, had use of DSD interception capabilities taken place or been contemplated one would have expected it to be mentioned in these reports.

55. As to whether, if the proposal had been put to DSD, it would have attempted to comply, a file note of a conversation in August 1999 involving the Director DSD is relevant.

56. In that conversation, the note records, the team leader briefed Mr Brady on the progress of the investigation and discussed a number of issues relating to it including DSD’s access to intelligence on East Timor.

57. The note also records that the team was contemplating, in relation to a leaked DSD report, a process that would lead to a case being made to the Attorney-General and/or ASIO for warrants against telecommunications services of known individuals.

58. Mr Brady’s response was that for DSD the damage from a leak about the intelligence services being involved in an intrusive operation against a journalist or politician’s office would be far greater than the damage from the leaked DSD report. It was clear from the note that he was not supportive of the warrant proposal.

59. The rules applying at the time required approval from the Director, DSD for any operation involving collection of intelligence on Australians. That approval could only be provided in certain restricted circumstances. One can infer from Mr Brady’s comments that, had he received a request to use DSD interception capabilities to assist the investigation, he would not have agreed.


60. Paragraph 12 above reports the comments of the current Director, DSD to the effect that claims that DSD monitored the communications of Mr Brereton or his staff are totally without foundation.

61. As mentioned at paragraphs 16 and 17 the inquiry also received statements from Mr Brady, the Director, DSD at the time the leak investigation began and his immediate successor Mr Bonighton.

62. Mr Brady’s statement included the following: I have no recollection that any possibility of using DSD’s interception capabilities was ever raised with me. Such use would be contrary to law and to extant Government instructions. And in practice DSD had no relevant capabilities.

63. Mr Bonighton’s statement included the following: At no time was there any suggestion by [the consultant] that he had access or required any access to DSD computing facilities or operational systems. My recollection is that the team of about three had their own stand-alone PC network.

At no time did [the consultant] approach me for assistance in tasking DSD systems to assist with the investigation: in particular, no request or suggestion was made that we should do anything in relation to Mr Brereton or his communications. Nor did any DSD officer approach me with any such request. I would like to make clear that had anyone actually approached me with a request to target Parliament House in relation to an internal security investigation, they would have swiftly received counselling on DSD’s role and the illegality of any such action.

You might recall that the terms of the cabinet-approved rules under which DSD operated at that time required that any proposal to target the communications of an Australian had to be referred to me for consideration. Without my written authorisation it was forbidden to use DSD facilities to target or report on the communications of Australians. As a practical aside, I would add that the particular accusation apparently relates to DSD intercepting communications from Parliament House: our systems are focused on international connections, so it is unclear to me how we could have achieved this even if we had tried - which we did not.

64. The inquiry also took sworn testimony from the head of DSB at the time and the consultant who led the investigation team. Both denied that any consideration was given to accessing DSD interception capabilities.

65. A number of respondents to the inquiry also made the point that the Arbite/Keeve leak investigations were into leaks of material within Australia and had a strictly domestic focus. There was, therefore, no logical reason for the investigation to seek to access foreign communications of people who might have been involved with disseminating leaked material.

66. The former directors quoted at paragraphs 62 and 63 also pointed out that DSD does not have the technical capability to intercept domestic telecommunications. Such interception, undertaken under warrants issued by, for example, the Attorney-General in the case of ASIO, is a terrestrial activity utilising the facilities of the Australian domestic telecommunications carriers.


67. The rules that applied at the time of the Arbite/Keeve investigations required DSD to keep records of all instances of targeting of Australian citizens’ communications, for inspection by the Inspector-General of Intelligence and Security. I regularly inspected these records and reported on the results in my annual report.

68. Had there been any targeting of Mr Brereton’s or his staff’s communications, therefore, it would have come to our notice as part of the inspection regime. No such activity came to our notice.

Use of overseas agencies’ facilities

69. An implication of some of the media reporting was that, rather than conduct interception of Australians' communications itself, DSD might have asked cooperating agencies overseas to do so.

70. The Director, DSD informed me that this suggestion was totally without foundation.

71. Mr Bonighton’s statement contained the following: There is also a suggestion that we might have asked a cooperating agency of a foreign government to undertake such a task. At no time was any suggestion made to me that we should make such a request in respect of Mr Brereton. Nor is it clear to me how another government could hope to successfully target internal Australian communications. And my experience is that cooperating governments are extremely wary of targeting nationals of partner countries and require high level assurance that any such request has a legal basis.

72. Mr Brady did not cover this issue in his original statement but, after reading the first draft of this report, wrote: My response is the same as Ron’s [Mr Bonighton], that is, it wasn’t raised with me. If it had been, my response would have been that we don’t ask partners to undertake tasks that we are

not prepared to do ourselves from Australian resources, that they wouldn’t have any relevant capabilities, and that they would want to be satisfied at a high level as to the legality and authority of any request to target Australians.

73. The inquiry also received statutory declarations from each of the liaison officers who would have needed to pass on, or at least be aware of any such requests. None knew of any requests and all said they did not believe there were any.

74. It would have been possible to approach the overseas agencies to obtain confirmation but, in light of the above statements and the abundant evidence that the leak investigators had no interest in utilising DSD’s collection resources, that was unnecessary.


75. Leak investigations carried out by the department of Defence and the AFP in 1999-2001 received technical and other assistance from DSD, including assistance with accommodation.

76. The assistance did not, however, extend to providing access to DSD’s overseas collection capabilities and the investigation team did not seek such access.

77. Although the investigation team had an interest in obtaining information about domestic telecommunications it pursued this with ASIO, not DSD. DSD has no capacity to intercept communications passing over the domestic network.

78. The investigation team did not ask DSD to seek assistance from international partner agencies and DSD did not do so.

Inspector-General of Intelligence and Security June 2003