Subscribe
Share
Share
Embed
Technology and Security (TS) explores the intersections of emerging technologies and security. It is hosted by Dr Miah Hammond-Errey. Each month, experts in technology and security join Miah to discuss pressing issues, policy debates, international developments, and share leadership and career advice. https://miahhe.com/about-ts | https://stratfutures.com
TS S02EP12 Jake Blight INSLM
Dr Miah Hammond-Errey: My guest today is Jake Blight. Jake has practiced in the field of national security law for almost 25 years. He has considerable experience in independent oversight and review of intelligence and security agencies. Most recently, Jake was the Deputy Inspector General of Intelligence and Security and an associate professor at Anu. Jake is also finishing his PhD at the Anu School of Cybernetics, looking at AI in the context of intelligence and security agencies. Your experience and research make you the perfect guest for this podcast. Thanks for joining me. Jake.
Jake Blight: Thank you. It's great to be here.
Dr Miah Hammond-Errey: We're coming to you today from the lands of the Gadigal people. I pay my respects to their elder’s past, present and emerging, and acknowledge their continuing connection to land, sea and community.
Dr Miah Hammond-Errey: So, given your depth of experience, I want to start by asking you to quickly untangle the oversight mechanisms for Australia, for intelligence in Australia, and briefly outline the functions of the Inspector General for intelligence and security IGIS and the Independent National Security Legislation Monitor INSLM, which is your current role?
Jake Blight: Thank you. Always a few acronyms. I think when you're looking at oversight in the national security community, you first need to understand what doesn't apply. Most of the usual mechanisms don't apply. Freedom of information administrative Appeals Tribunal reviews very limited. The Privacy Act doesn't apply. The Human Rights Commission doesn't have jurisdiction. The Ombudsman doesn't have jurisdiction. These matters almost never end up in front of the courts. So all those usual mechanisms, they're not there. But there's no there's not a vacuum. There's two specialist bodies that really operate in the National Security Agency context. One is the IGIS, sometimes called IGIS, where I was the deputy for nearly ten years. And that agency really looks at compliance. Are the agencies staying within the rules they've been set? My current role as monitor is different. It's to look at are those rules right. What should the law be? What should our agencies be able to do and what should they not be able to do?
Dr Miah Hammond-Errey: And we're obviously coming at this from a time moving from the Australian intelligence community, the six agencies to the national intelligence community, the four agencies. you're the first full time monitor. You've also come from the intelligence community and are based in Canberra, which is different to previous monitors. How does this shape your approach and what does it mean for the insulin model?
Jake Blight: I think it's a big change for the INSLM role. So I'm full time, I'm in Canberra and instead of having a secretariat, I actually have a team of lawyers. I have six lawyers. I'm still recruiting a couple more. We're actually doing the work in house, have a lot more time for engagement, spending more time with civil societies groups, human rights groups, law council, human rights law centre able to be enmeshed in those organisations, talk to them, do a lot more outreach. So that's one change. The other is the size of the office. And the other is that we're now generally running two reviews concurrently and we're doing them quicker. The government increased funding for the office, and not unreasonably, I expect they want a greater output for that. So we've already finished one review. A review of secrecy offences. We've got two reviews on foot at the moment, one about some high-end electronic surveillance powers and one about espionage and foreign interference.
Dr Miah Hammond-Errey: We're going to come to those shortly, but I really wanted to start this discussion with some big themes. you said there that the role of the INSLM is about determining of the boundaries around oversight are correct and right or appropriate for a democracy. So I want to start us off in a different place.
In October, the White House issued a national security memorandum on AI, and I'll put a link in the show notes. Notwithstanding the impending change in president and probable policy shifts, this is a momentous development in the securitization of technology. It escalates the infrastructure of AI to a top tier intelligence collection issue and it includes expands the, the concept of AI to include data connectivity, energy generation and access compute capacity, including data centres and semiconductors and workforce. You know, you and I have spoken before about the concept of securitization, but how do we effectively manage this expanding concept of security and democracies, often referred to as securitization? And what does it mean for democracies?
Jake Blight: So that is a big question. I guess on the technology side. First, it's important to acknowledge that it's no surprise that security agencies are using AI. They've always been early adopters of technology. Right back to Turing's time. It should be no surprise that they're using these kind of technologies. What's challenging, I think, is that what was once kind of secretive work is now scooping up an overlapping with commercial work. Big data companies, you know, generate enormous amounts of data. We've seen increasing use of contractors and consultants, particularly in the US, in the intelligence community. So that idea that there was once a hard line between government and intelligence work and the rest of the world, I think is getting blurrier, and that may be part of what you're driving at with securitization. The other is I think we use words like national security and security quite loosely. You know, the broad concept of national security can include energy, environment, health, well-being. Whereas when I'm using them in the legal sense, they have quite a narrow meaning. And what we set our main intelligence agencies ASIS, ASD, ASIO up to do is a much narrower set of things. Their functions are growing. And I think that as from a legal perspective, if something we need to look at closely, we need to be precise in what we want these agencies to do and what things are not for them to do, but might be for other areas of government.
Dr Miah Hammond-Errey: I wondered, if you could share a little about your research into I, can you outline any findings or if you're not at that point, what have you found really interesting about the nexus of AI and security?
Jake Blight: Sure. Well, this is more in my work at ANU. It's very interesting to think about again, in the national security space, normal regulatory mechanisms generally don't apply. So the Privacy Act is doing a lot of heavy lifting in Australia at the moment. The Privacy Commissioner is out there talking about its impact on AI. The six main agencies are completely exempt, so their use of AI isn't regulated by that. I'm really interested in the gap that leaves.
Jake Blight: And it's not just the Privacy Act, it's the FOI act, it's the Administrative Decisions Judicial Review Act, the the volume of data and the functions of agencies have changed. Another point is to think about when we started regulating these agencies in the 1960s, we started regulating ASIO's use of technology. In those cases, technology was bulldog clips and copper wire to listen to someone's phone. But we really focused on that moment of interception as the invasive point. And that basic legal structure is still there in our legislation. But I would say that with AI, with bulk data, with the speed of processing, the speed of disclosure and sharing the volume, I think it's more the retention and analysis and dissemination that impacts people's privacy than collection alone. And that's a big paradigm shift I think we need to make in our understanding of electronic surveillance.
Dr Miah Hammond-Errey: It is a big conceptual leap to say that the collection a conscious or a significant. it is a big change to say that it's the retention and there will definitely be detractors in that space.
Jake Blight: Look, I think to be clear, collection is invasive, but it's perhaps the collection, some of which is covert, some of which is commercially available or freely available. It's the combination of those things. And it's not that collection is not invasive, it's just that we don't regulate the rest very well. And I think the rest is at least equally as invasive these days. Yeah.
Dr Miah Hammond-Errey: I think what is shifting is that once the very act of collection was conscious, whereas now as you're saying, there's so there's so much other there's so many other spaces beyond collection because that collection is happening irrespective.
Jake Blight: And also, I mean, technology has changed what the agencies need to collect. You know, my iPhone generates so much more data and information about me than my old copper wire telephone did. And also these days it is true that a lot of material is encrypted. They need to collect a lot in order to decipher and understand it, but having collected it. What happens then? Do we let them keep all of that ancillary data just in case it's useful one day?
Dr Miah Hammond-Errey: Yeah, I'm going to jump forward here. talk to you about your secrecy offense report. And I'm going to come to this because for the for the listeners, we've basically leapt into what is known as the mosaic effect. so we'll come to that in a second. But you recently published your secrecy offences, or you can finish the review and publish the report. It's over 300 pages. the top line seems to be that there are a lot of secrecy offences, and some are in conflict with the rule of law principles.
Jake Blight: So it is a 300 page report. But look, let me give you one example. And it's perhaps the most controversial recommendation. It needs a little bit of explaining at the moment. It's a crime to disclose information if it has secret stamped on top. Now, it might seem counterintuitive that I, as someone who's worked in this space for a long time, have a problem with that. I don't have a problem with genuinely harmful information being a crime. To disclose that and properly classified information will often be genuinely harmful, as long as it's a current classification. And we have already a pile of offences for that right next door in the Criminal Code, it's already definitely an offence to disclose harmful information. This offence of having it as a crime, just because it has secret stamped on it, that has some rule of law and some practical issues, practical issues. It's not going to be any easier to prosecute. You have to prove that classification was correct. That's hard, especially if you don't keep records of who classified and why. But the rule of law issue is really fundamental in our constitutional and legal system. The Parliament makes the rules. They decide when something's a crime, the police work out if someone's breached that, the courts then decide with these offences by making it a crime to. To disclose a document that's been classified under a policy, were effectively leaving it to the Department of Home Affairs to decide what the edges of the crime can be, because they can change the policy at any time. They can change the classification policy. And then we're leaving it to around. I don't know about 10,000 officials who have a clearance to make classification decisions.
Dr Miah Hammond-Errey: I also found this really fascinating and I'll quote, there is real uncertainty about when a classification is applied in accordance with the policy framework. The moment at which classification happens is, I mean, like a tree falling in the forest. these things aren't necessarily mandated at a particular time unless collection happens at a capability that is on a system that it's a really there's a really interesting, as you say, interesting nexus there within the capacity of changing a policy, but also when the application of that policy occurred.
Jake Blight: the policy itself was designed for administrative purposes to tell officials what kind of safe they need to lock it in, what kind of security clearance someone needs to access it. And sometimes those classification decisions are made automatically. The email system won't let you send some email. Systems won't let you classify as anything less than secret. Even if you're just saying, do you want to have lunch tomorrow? So you've got some questions about the way that those are applied, which are probably okay for administrative purposes. But this is the criminal law. We need our criminal laws to be clear and precise, and policies that can be changed in that kind of way are just not not meeting that test. Yeah.
Dr Miah Hammond-Errey: you have kind of highlighted the, proportionality in penalising non-officials, um, did which so that was particularly in relation to receiving or otherwise dealing with information that is really important. Are you able to just cover that quickly?
Jake Blight: Yeah, sure. So most secrecy crimes apply to Commonwealth officials and contractors, people who've voluntarily taken on a duty to look after Commonwealth information. It's a bit different when you're talking about the rest of the world, journalists and academics generally. We don't we don't require people to protect the Commonwealth unless they're part of the government apparatus. But at the moment, we've got two crimes that apply to journalists and academics and everyone else. One is if they recklessly deal with recklessly disclose information. I'm sorry that it's not unreasonable if they should know it's going to cause harm and they do it anyway. That's an offence. I've got suggested some tweaks, but that's not the one I'm most worried about. We've also got a dealing with offence and dealing with can include receiving, keeping, storing. So if a journalist, for example, who works in national security receives a classified document, the journalist committed a crime when they got it, and the journalist possibly commits another crime when they go to their lawyer to ask for advice, what to do about it. And if the lawyer says, let's lock it in the safe and think about it, well, that could be another crime, because that's concealing. And I think that dealing with crime just needs to go. It's not reasonable for non-officials. It's okay if you work in the system, but not if you're a journalist. The crime should come at the point you cause actual harm.
Dr Miah Hammond-Errey: I also found the mosaic effect description really fascinating, as I wasn't aware it had been presented in court before. So it reminds me of Rolington's book on strategic intelligence. but he proposes the mosaic network method. In my book I argued that because so much more is knowable and inferable about the world, the impact on intelligence production, including the very process of questioning and answering, is more profound than has previously been acknowledged. And I was really fascinated to see that those arguments had actually been presented in court in public immunity cases previously. Could you talk us through that?
Jake Blight: Yeah. So the argument in. So public interest immunity is usually in the course of litigation, like a prosecution where the Commonwealth wants to keep some materials secret. And they use the mosaic effect argument to say, look, this piece seems benign on its own, but if you combine it or an adversary combines it with all these other pieces that can cause harm. And the courts have accepted that argument in the context of public interest immunity, which is about the Commonwealth controlling when documents go in and out. It's different in the criminal context. The courts haven't accepted it so much in the criminal context, because the mosaic effect relies on many people's actions. If you let this one go now, then maybe another one goes later and they add up. But in the criminal law, we're only really usually responsible for our own actions. We're not responsible for the actions of other people and things that might happen in the future. So if I've got a document, the risk that a foreign intelligence agent might do something with it later and combine it to other things and commit espionage crimes generally, that's not my responsibility. And I don't go to jail in case other people commit a later crime. So it doesn't transfer easily from the civil to the criminal context.
Dr Miah Hammond-Errey: I'd like to go to a segment. What are some of the interdependencies and vulnerabilities in intelligence that you wish were better understood.
Jake Blight: Well, because I'm an intelligence lawyer, I think the interdependencies and vulnerabilities are the sheer complexity of the law in this area. We recently did a count, and we estimate there's about 5500 pages of national security law in Australia. That's an extraordinary amount. And that's a problem. It's a problem for the agencies. I'm not the first to say that our electronic surveillance laws are almost incomprehensible. the Telecommunications Interception Act, more than 700 pages long. And that's not the end. You then have to read it with the ASIO act, with the Intelligence Services Act, with some state and territory laws, with police powers. It's almost incomprehensible. And that leads to confusion, complexity, unintended breaches. And just as importantly, it's pretty much impossible for someone who's not a specialist lawyer in this area to understand what the law is. And in a democracy, the law should be knowable. People should be able to understand it. So I think one of the interdependencies and vulnerabilities is the sheer complexity of our legal framework here.
Jake Blight: I think some of it is, again, this change in technology, our laws, some of these laws were baked in decades ago. The interception, the roots of that act are in the 1960s. The roots of our metadata access laws are in the early 80s, you know, decades before the iPhone was even conceptualized. So I think part of the problem is that our technology and law are out of sync here. Sometimes that allows really significant privacy intrusions that were never imagined when the law was created. On the flip side, sometimes it stops our agencies from being able to do the things they quite reasonably and necessarily need to do. So a significant overhaul of our electronic surveillance laws is needed and is underway and has been underway for some time.
Dr Miah Hammond-Errey: And so this is the review electronic surveillance framework recommended in the Denis Richardson Review,
Jake Blight: That has led to a review started in the Department of Home Affairs, now in the Attorney-General's Department. It's been going on since about 2019. That's not me. I'm looking forward to that review being completed, and I'm sure a lot of other people are. I'm just at the moment looking at a very small segment of our electronic surveillance laws. Right.
Dr Miah Hammond-Errey: So I'll jump to that. because we're jumping around. my understanding is you can either do statutory reviews or own motion reviews, and I'll come to one of those later. So this is a statutory review into surveillance legislation amendment Identify and Disruption Act 2021, also known as SLAID. Before we get into the detail of the warrants, I note they sunset in 2026 is the intention that they are a temporary or a trial measure before the review of the electronic surveillance framework? Or was it just like why do they sunset then?
Jake Blight: So national security laws generally go through the parliamentary Joint Committee on Intelligence and Security. And it's not uncommon for that committee to put a sunset clause on to force a review to force a reconsideration point. They did that with these laws. They've done it with a range of others. And they also put into my act a requirement that I review it after three years. They'll then review it themselves. Hopefully the government will develop a bill based on my recommendations. It'll go to the committee. So it's not uncommon to have a sunset. Many powers, even ASIO's questioning and apprehension powers, very famously, were introduced after nine over 11 had a sunset clause. It's been extended multiple times, but it isn't an uncertain or unusual mechanism.
Dr Miah Hammond-Errey: Thank you. So, under SLAID, what we're looking at are three different kinds of warrants. The data disruption warrant, the network activity warrants for intelligence only, and the account takeover warrant. I do want to say I think these are fairly unique powers globally. and they are attempting to deal with complex modern problems. They are far reaching. And before you bring us all the problems, I also do just want to applaud thinking differently about legislation and things like data disruption. We're definitely not going to get it right first go, but I really rate parliamentarians trying different unique powers. I hope that you can share a little bit now about what those powers are, how they've been used, and some early thoughts from your review.
Jake Blight: So normally our legal framework has just had surveillance powers. These are really not surveillance powers. They go further and as you say, they respond to some pretty unique problems and changing technology. So data disruption warrants actually enable the AFP or the Acic to intentionally damage, disrupt, modify, add, copy, delete data in order to frustrate a crime. Now, it's not unusual for police to do things to disrupt crime, but usually They do things that are otherwise lawful. They might drive around in a marked patrol car. They might arrest someone for a drug offence rather than a firearms offence, or vice versa. What's unusual about the data disruption ones is that they actually can cause damage. Do something that's otherwise illegal. It's illegal for you or I to damage someone's computer data. But the police can do that under this warrant. The second kind, the network activity, was really a response to complicated encryption and the need to gather a lot of, often hard to decipher data in order to identify likely criminal networks. So again a technology driven but very broad power. And then account takeovers.
Dr Miah Hammond-Errey: Can't be used in evidence right.
Jake Blight: Yeah. So network activity warrants uniquely can't be used in evidence. They're used mostly to get evidence to get another warrant. Account takeovers of course, didn't exist before we had online accounts. And these warrants let them take over an online account. And then with a complicated arrangement of other authorities, they can operate that to gather other evidence.
Jake Blight: the general need for these powers. There's quite a good case for them. We are looking at it with an open mind. But there is a difference between the AFP, which is a criminal, it's a law enforcement agency that has an intelligence function, and the ACIC, which is an intelligence agency. And just in the last couple of weeks, the review of the ACIC has come out, pushing them more and more towards intelligence. So there's a question of whether they need the law enforcement disruption and takeover or just the intelligence warrants.
Dr Miah Hammond-Errey: That's a really interesting distinction.
Jake Blight: I my staff have looked at all of the warrants that have been issued and not many have been used. And some of that might be because it's quite technologically complex to do this. Some of it could be good internal controls, making sure they're not being used for the wrong reasons.
Dr Miah Hammond-Errey: But it could also be the complexity of the process. The complexity of the investigation requiring that kind of like the seriousness of the crime, the, you know, I mean, I'm just wondering how frequently these would even be an option on the table for an investigator.
Jake Blight: Well, I think from a legal perspective, and this is one of the issues we're looking at is that can theoretically be used for any crime of three years or more. Now, that's a lot of crimes. When the business case was put up to the parliament, it was about terrorism. It was about serious drugs. It was about child abuse material. And those are, you know, very serious crimes. But that doesn't really match with the three-year bar. So that's one of the.
Dr Miah Hammond-Errey: I misunderstood that I didn't know that it was a three-year minimum.
Jake Blight: So that's one of the things we're looking at. Is that an appropriate safeguard or does that need to be raised. Another thing is how these warrants are issued. So these warrants are usually issued by an administrative review tribunal member. And again these are very high technology warrants. I have questions about whether that person is getting enough information to be in the best position to make a good decision. Do they need independent technical advice? Do they need access to a public interest advocate to sort of hear the other side?
Dr Miah Hammond-Errey: I've been calling for a national advisory body of tech experts to provide advice to agencies and, judicial and executive bodies for a very long time, so I would very much welcome that as well.
Jake Blight: And as you would know, the UK has a technical advisory panel, and there has my predecessor, James Renwick, recommended that that certain kinds of things be done through a branch of the Iet that could develop expertise, and that's on the table for us to consider. As well as technology changes, our judicial and quasi judicial decision makers, you know, brilliant minds, but are they getting the right information to ask the right questions?
Jake Blight: And for example, account takeover warrants are in the Crimes Act, which is where search warrants are. And all their provisions are modeled on search warrants, which are, you know, knocking down someone's door and searching their house. And there was a case made that, oh, it's just the same online, but I don't think it is. I think it's a bit more complex and it's often covert online. You don't necessarily know someone's done it. You know, if they've searched your house, they've served the warrant on you.
Dr Miah Hammond-Errey: Unless it's a delayed search warrant. But anyway, you also have another review into espionage, sabotage and foreign interference offences in the Criminal Code as they've recently been used. Given the increasing threat of espionage and foreign interference in Australia, a review of these laws is timely. What are you looking at.
Jake Blight: So we're looking at the effectiveness of the laws. So there's an angle there. Are they effective for online foreign interference. Online espionage. But we're also looking at their breadth. Are they excessively wide? I mean, espionage can be life imprisonment. Is this a is this offence correctly targeted? Do we have the foreign involvement element described properly? We've brought forward the point of criminal responsibility. So originally in terrorism offences we in response to the terrible attacks of nine/11, we made it a crime to prepare to commit a crime, but only for terrorism. We've now extended that into foreign interference and espionage. It's pretty alien to our criminal law system, but it's starting to get out there into others. And in fact, the only verdict, the only criminal conviction we've had, the Duyong case in Victoria. He was convicted last year of preparing for foreign interference.
Jake Blight: it is complicated though. I mean, in terrorism where you're looking at causing mass harm, it's not it's perhaps more nuanced in foreign interference. At what point do we shift from being lobbying engagement to being foreign interference? It's a more subtle shift than it is for terrorism. Terrorism always is clearly a crime.
Dr Miah Hammond-Errey: Quite right. I'd like to jump and talk a little about tech and Intel broadly. What emerging technologies are you thinking about it the most?
Jake Blight: Well, thinking about AI a lot. I'm thinking about the way that in AI that's used. I mean, even in Bunnings recently we had that case. We have these mechanisms for oversight in the UK. There's been some cases, the bridges line of cases about police use of facial recognition, because in Australia we don't have that sort of human rights framework for litigation. How are we going to test our police and security agencies use of these technologies? How can the public have sufficient assurance that there are appropriate safeguards? Is it enough to say, oh, don't worry, we've got a secret oversight body that did an inspection? I don't know, we need to think about do we have these settings right? Are our leaders asking the right questions. So I think AI and the use and I'm using the term AI loosely. You could do a whole PhD on what that means. But these very advanced analytic technologies, the biases and risks they bring as well as the benefits they bring, bring, how are we going to test those? How can the public have that assurance?
Dr Miah Hammond-Errey: What are the biggest changes you've seen in your career in intelligence?
Jake Blight: I think the changes around technology, the changes around the volume of law and the complexity of law. So that's two, two answers. The technology simply has changed. I've been working in this area for a quarter of a century. We didn't have iPhones when I started, and the volume of law has changed dramatically every year there's more and more national security laws.
Dr Miah Hammond-Errey: finally, what are some of the biggest threats and opportunities of technology for security?
Jake Blight: Look, I think there are enormous opportunities. And our agencies, I'm sure, are seeking to reap those. I think one of the challenges, though, is making sure that our our leadership in those agencies is keeping up with this. It's one of the reasons that when I retired from IGIS, I went off and did a master's in cybernetics because as a person who'd worked in oversight, I could see that one of our big vulnerabilities was whether our oversight apparatus was keeping up and in fact, needed to be right at the edge of understanding what the agencies are doing so that they can ask the right questions and contribute to building better systems. So I would encourage people to think about, as leaders in this field, do they have enough technology knowledge?
Dr Miah Hammond-Errey: Well, you've segued perfectly to my next segment.
Dr Miah Hammond-Errey: called Emerging Tech for Emerging Leaders. what do you see as the biggest challenge for leaders in the current technology environment?
Jake Blight: I think the biggest challenge is knowing the right questions. You don't need to have a PhD in engineering to ask the right questions, but you do need to ask the right questions. a lot of that is around connecting people, questions and technology together so that we're building and governing systems in a holistic way. You don't need just lawyers. You don't need just engineers. You don't need just analysts, you need all of them together. So I think one of my kind of messages for emerging leaders and current leaders is, take some time to really build your own technology skills. You don't have to be able to write an AI program, but you should be able to use one. You should be able to make it break. You should be able to do these things so you can ask the right questions. You should be able to ask who built this? What assumptions did they build it under? Many of the segment components of our AI systems are built by contractors for another purpose. They're not built for intelligence.
Dr Miah Hammond-Errey: Where does the data come from?
Jake Blight: Why was the data collected? Who categorized it? Why did they categorize it that way? It looks like magic when it's working on your computer. But it isn't magic. It's maths. It's engineering, and you need to be able to ask the right questions about it.
Dr Miah Hammond-Errey: Integrating complex technologies ethically asks a lot from us as leaders. You've held some significant leadership roles during major technology and security developments. How have you led others through changes in your career?
Jake Blight: I think one of the things is to think about the fundamental values we're protecting. We need our national security agencies to protect our national security, to protect our way of life. And those are underpinned by the rule of law. We mustn't let go of that rule of law value which really underpins our democracy. And that's those basic things like Parliament makes the rules. People should be able to understand the rules. Only a court can decide if someone's breached the rules. We have open justice as one of the fundamentals of our legal system. Every time we modify and adapt that, and every little modification is needed for national security. But as a leader and a sort of emerging leaders, you need to take that bigger picture. What's the mosaic effect? What's the overall harm to our values and system of government through just one more change, just one more exception? What is it we're trying to protect?
Dr Miah Hammond-Errey: It is such an important question and one that I find coming from the national security community. When you say national security is ultimately about values, people seem quite surprised. And, you know, I'm going to take this opportunity to link the principles of Australian democracy and the show notes, because I think they're really important.
Jake Blight: And I think it's important in motivating people in that work. My experience is that the people who work in these communities have strong values. They they work here not because it's the highest paying job. They work here because they genuinely care about Australia's security. But as leaders, our job is to lift above the day to day. They're often dealing with terrible things. The police deal with terrible crimes. Asio is constantly addressing threats, but you're always, as a leader, need to lift above to that bigger picture of what is it we're protecting and how do all of these pieces fit together?
Dr Miah Hammond-Errey: Yeah, incredible advice for leaders.
Dr Miah Hammond-Errey: I wanted to quickly discuss the NIC and intelligence community broadly. You mentioned it, and we kind of briefly touched on it earlier about the fact that the AIC agencies remain exempt from the Privacy Act, and that this exemption in a data driven world means a lot more than it did. What are the tensions there and how do you see it?
Jake Blight: I think the important thing about the Privacy Act is that it has principles that cover not only collection of data, but retention and use, and it's very transparent about what those principles are, what the intelligence agencies will say. Certainly ASD, AGIO and ASIS have privacy rules. Actually ONI does as well, and those are available on the internet. But when you look at them, there's so many exceptions in those rules, and they allow pretty much anything that they're not doing the work that the Privacy Act does for the rest of the country. So I do think the intelligence agencies do need to be regulated differently. But there's an enormous difference between an act made by Parliament that regulates a whole spectrum of things and rules made by a minister that have very, very narrow regulatory effect. So I think an exemption from the Privacy Act, along with other exemptions, need to be rethought of. And I'm not saying those agencies need to have the Privacy Act apply holus bolus, but we need to think about the principles and values underpinning it and only accept the agencies where there's a real need. We need a mechanism that applies much the same values into the national security legal framework.
Dr Miah Hammond-Errey: What do you make of ASD's primary classification as a foreign intelligence agency, but increasingly having a large domestic role.
Jake Blight: So I think this is a really good example of where laws were made some time ago and other things have moved. So ASD is like the other intelligence agencies, completely exempt from the Privacy Act from Administrative Decisions Judicial Review Act. And these things make sense for the Sigint function. But since those exceptions were granted, the cyber security function has grown. It's very domestically focused. Naturally. It also does things. You know, many of those functions could be done by any other bit of government. You could have the cyber security function sitting in another part of government. It's not a uniquely intelligence function. So why does it need the uniquely intelligence exceptions? That's I'm not sure what the answer is, but that question needs to be asked. It came up in the secrecy review. At the moment, it's a crime to disclose anything to do with any of the functions of ASD, and that made sense back when its functions were limited to SIGINT. But does that apply equally to all of their information or should other. I mean, this is a ten year crime that applies to rightly to intelligence. Should the more ordinary two year crimes that apply to the rest of government apply to most of their cyber security facing functions? And that's what I've actually recommended in the secrecy report that the high end, really serious secrecy offenses for intelligence should be about intelligence capabilities, sources, methods, relationships. Whatever you're using that for, that should be in the crime. But that's a narrower category than everything to do with every agency.
Dr Miah Hammond-Errey: I'm really interested in leadership and culture, and the moving from the AIC to the NIC brings up some really immense cultural challenges. I actually have some interesting data on this from my own research, but I feel like it's outdated now. And so I'd like to at some point update it post implementation. The key themes, though, were around variance in standards and professionalization. Um, the variance in centrality of intelligence as an organization. Um, and obviously different cultures and, you know, ways of working. What are your key kind of interests in the move and from your perspective, how will we know it's working well?
Jake Blight: Look, I can't answer all of that question. I come from a legal and an oversight and regulatory Position. I think it's still a work in progress. And there are real differences between law enforcement functions, which are traditionally overseen through the courts. You can't get a conviction if you've done it wrong, and intelligence functions which don't see the light of day. I think you've got some bodies like the ASIC, the Australian Criminal Intelligence Commission, that will fit fairly easily in. And in fact, the review that's just come out recommends that there's a bill before Parliament that will shift their oversight out of the Ombudsman and into the inspector general completely. It's more complex legally, when you're trying to deal with agencies that are law enforcement agencies and are historically regulated by publicly transparent means, we shouldn't let go of publicly transparent oversight unless we really, really have to. The kind of specialised role that I perform that the Inspector general performs should be for when there's no other real choice.
Dr Miah Hammond-Errey: Is. under your purview in terms of the legislation that brought ONI into being.
Jake Blight: No, it's not part of the current mandate of the national security legislation monitor. Interestingly, the definition of national security law in my act is quite narrow. It's mostly counter-terrorism laws. So as monitor, I can get work by statutory referrals, things like the secrecy offences. I can get work because the attorney or the prime minister or the parliamentary joint committee refers it to me, or I can exercise my own motion powers. And there's a list of acts in my legislation and the only acts not in it, the Intelligence Services Act is not in it, and most of the ASIO act is not in it.
Dr Miah Hammond-Errey: Was that that just an oversight or is it a conscious choice?
Jake Blight: I imagine it's historical. So in 2010, when my act was set up, it was very much modelled on the English reviewer of counter-terrorism.
Jake Blight: So the original role of my office was much more counter-terrorism than national security in general. And that's just an evolution in time, 15 years later, national security has shifted.
Dr Miah Hammond-Errey: I'd like to go to a segment on alliances. Is there scope to engage closely with global oversight mechanisms and monitors?
Jake Blight: in the Five Eyes community there's only one other country that has a role like mine, and that's the UK. And I do engage with Jonathan Hall, the reviewer of terrorism But there's also more generally, there's an inspector general of intelligence and security, rough equivalent in every one of the Five Eyes countries. And in fact, this week they're having a conference here in Australia. So they do get together regularly. And in my past role I was part of that.
Dr Miah Hammond-Errey: And what makes the Five Eyes relationship so unique and important? And do you think there are any oversight concerns in its current format?
Jake Blight: I think lots of people can speak to how unique and important and just long. The Five Eyes relationship is that depth of trust, the depth of interconnectivity. I think in oversight there are similar challenges. But as the agencies become more and more interconnected, do more and more joint activity. We need to make sure that our oversight can do joint oversight and joint activity. And that, I think, is still evolving.
Dr Miah Hammond-Errey: Um, let's go to a segment now called disconnect. How do you wind down and unplug?
Jake Blight: Oh, gee, I ride a motorcycle, so I like to go on long motorcycle trips, and I like to do things with my border collies. I do agility training and a whole bunch of other things that have absolutely nothing to do with law or national security.
Dr Miah Hammond-Errey: what technology brings you the most joy.
Jake Blight: I think just being able to access music anywhere, any time, any music, it brings me a lot of joy to be able to to listen to music. And my partner and I do a bit of dancing so they're able to just touch the iPhone and have the music you want. Brings me a lot of joy.
Dr Miah Hammond-Errey: We're going to a segment called Eyes and Ears. What have you been reading, listening to, or watching lately that might be of interest to the audience?
Jake Blight: Look, this is going to sound a bit nerdy, but it's annual report season, and I love reading annual reports. There's fascinating information.
Dr Miah Hammond-Errey: So nerdy. I have got no retort for that.
Jake Blight: But this is where especially an oversight report.
Dr Miah Hammond-Errey: Is on your perusing table.
Jake Blight: Well, it's one of the few windows into things like the role and the work of the Inspector general. You can find out a lot of information there. And I also like to read the Five Eyes counterpart ones.
Dr Miah Hammond-Errey: Although I will note I went searching for the use of data disruption warrants in AFP's annual report to find only that it had its own special annual report. So look, they can be. Sometimes a let down too
Dr Miah Hammond-Errey: The final segment is need to know. Is there anything I didn't ask you today that would have been great to cover?
Jake Blight: I don't think so. It's been very thorough and it's been a pleasure being here talking to you.
Dr Miah Hammond-Errey: Thanks so much for joining me today, Jake.
Jake Blight: Thank you.