Although there are doubts over whether the Irish Examiner of Security Legislation, as it’s called, will actually have the powers that Mr Donaldson has, the office marks a landmark in Ireland, where security services have escaped the oversight and public glare that policing has had to accept.

The proposal for a security examiner was made by the Commission on the Future of Policing in Ireland, which reported in September 2018 — and included in the General Scheme of the Policing, Security and Community Safety Bill, published in April 2021.

I spoke to Mr Donaldson before his address at a major security conference at the University of Galway on Friday, attended by other monitors and security professionals and Justice Minister Helen McEntee.

A key feature of the security landscape in Australia, and one at odds with Ireland, is that the various security agencies are governed by extensive laws.

And Australia has a suite of six agencies — including those involved in foreign intelligence, domestic intelligence and what’s called ‘signals’ intelligence, which covers cyber security — in addition to the criminal intelligence within the police services.

There is also an intelligence unit within the Government, the Office of National Intelligence (ONI), which is also governed by legislation.

To oversee them, there are various oversight bodies, the INSLM being one, with is concerned exclusively with the practical operation of the various national security and counter-terrorism laws.

“We have had, for some time, the intelligence and national security agencies subject to legislative regimes and restrictions,” Mr Donaldson said.

“And in more recent times, there has been the creation of two [oversight] bodies — the INSLM office and the Inspector General of Intelligence and Security [IGIS], which is a much larger office than mine.” 

IGIS has two functions, one to conduct inquiries into complaints involving any of the agencies and a broader role in conducting inspections and monitoring of agency activities.

Mr Donaldson said that from his examination of the draft proposals for the Irish security examiner it will combine his role and much of that of IGIS.

“From what I apprehend the Irish reviewer role is going to be something of a hybrid between my role in Australia and the inspector general’s role — and that’s going to be a very big job.” 

Under the draft bill, the Irish reviewer will:

It says security services “will be obliged” to co-operate with the examiner and can be summoned before them, but the bill does not, yet, detail specifics on legal compulsion powers.

“In Section 195 of the bill, [the examiner is tasked] to act as a reviewer in respect of requests for information made by oversight bodies. We wouldn't do any of that,” Mr Donaldson said.

He said that, in addition, the Irish reviewer is charged with examining “whether the delivery of security services is to the highest levels of efficiency and effectiveness, having regard to international standards”.

His office doesn’t do that either and it is performed by IGIS.

“I could certainly imagine [these tasks] as being onerous,” Mr Donaldson said and pointed out that IGIS had a staff of around 55 and that there were plans to expand it towards 100 staff.

One thing that IGIS does do — investigate individual complaints about agencies — is precluded from the Irish reviewer in the draft bill.

Alarming provision in bill

Mr Donaldson has spotted a provision in the bill that has alarmed him, a provision that has avoided public or political attention here.

“It’s something I marked up when I was looking through it — head 198, section five," he said.

This provision relates to the ‘information holders’ — ie the security service — and the release of information by them to the monitor.

The section says: “In fulfilling their obligations under this head, information holders shall ensure that any information, document or thing provided to the examiner is subject to any exclusions or redactions the information holder considers are necessary to safeguard international intelligence sources and/or conceal the identity of a person, where revealing the person’s identity might endanger the life or safety of any person.” 

In legal language, “shall” is an obligation. In this provision, it means that the information holder is legally obliged to withhold information where they — the holder alone — considers it necessary to safeguard its sources, whether at home or abroad.

“We don’t have any equivalent of that,” Mr Donaldson said. “There are no exclusions or redactions on the provision of information to my office.

“We see everything and anything we want to see. And then the decision is ours as to what is publicly disclosed or not, with proper restrictions on us.

But if you are giving the bodies that are being reviewed the right to redact information, that is not the right way to do it.

This suggests that unless this provision is changed in the full bill, it threatens to cripple, or at least weaken, the security examiner from the start.

“I could see that if you had developed a poor relationship with some of the bodies whose legislation you were reviewing, I could imagine that you could have endless problems with a provision like that,” Mr Donaldson said.

He pointed out that the law setting up the INSLM office does have restrictions on what it can publish in an “unclassified report”, in that it cannot include information that is “operationally sensitive” or reveal cabinet deliberations.

“It’s a restriction on the publication in a report, it’s not a restriction on the information provided to the reviewer. Frankly, the provision [in our legislation] is not really necessary as nobody would do it.” 

The Irish bill also has a provision that before submitting a report to the Taoiseach, the security examiner is obliged to consult security services to check if it contains "sensitive information [as listed in the bill] not suitable for publication".

Under Australian law, the INSLM can issue a notice compelling production of information “irrespective of national security classification or sensitivity” and it is a criminal offence not to produce information or attend a hearing when summoned.

Public hearings

And this touches on another key power Mr Donaldson has — which is not, so far, in the Irish bill — where he can hold public hearings (in addition to private hearings) and can direct security service bosses to attend.

“It’s far and away one of the most important tools that we have and a very large part of the good work that my office has done has been in public hearings. They’re critical.” 

Mr Donaldson points out he produces classified reports for the Government, which are not published.

He said the agencies need to trust the security of the computer and communication systems in INSLM:

That’s really important, they have to have confidence that we can maintain the integrity of the information.

In the Irish bill, the security examiner must "secure the agreement" of information holders regarding the security of their systems before information is shared.

Mr Donaldson said his office in Canberra is in an “extremely secure location” in a very secure building along with other high profile oversight agencies.

Another key issue for the Irish reviewer is whether the person should work part-time or full-time. There is also the background of the person, whether they are a senior counsel (as in Mr Donaldson’s case and the British equivalent) or a judge/retired judge or a prominent academic, as in Northern Ireland.

He said three of the four monitors in Australia have had very busy legal practices and he boasts a national reputation as a leading commercial barrister.

Not a judicial role

He believes a barrister would be preferable to having a judge or a retired judge.

“It’s not a judicial role, that’s not what the job is about," he said. "I think it takes somebody who’s prepared to roll the sleeves up a bit more, have a pretty good bullshit monitor and somebody who’s quite happy to ask difficult questions and require them to be answered and be interested in how things work practically.” 

He believes the person should not previously have acted as counsel for the State or ideally have worked in security-related cases.

He thinks the reviewer should be an “outsider” to the security and intelligence world, which can be a bit of a bubble.

He said his is a three-year term, but believes five years would be better.

He does believe it is necessary to have advisers and staff that do have that expertise and knowledge of the security landscape.

While his office is small, with three staff, he says there is “no shortage of budget” if he needs to hire in senior barristers or technology professionals in assist in reviews.

In order to attract senior barristers, he believes it is better to have a part-time role, rather than full time, so that it doesn’t damage their private practice.

“There are people who you would not be able to attract if it was a full time job,” he said.

He is due to hold discussions with Irish officials during his trip to Galway and Dublin.