17 March 2018

Speech, Reporting and Refugees

'Freedom of Speech under the Southern Cross—It Arrived and Departed by Sea?' by Wendy E. Bonython and Bruce Baer Arnold in (2018) The Round Table comments
Australian offshore processing of asylum seekers and others seeking to enter the country without authorisation has attracted substantive criticism for abuses of their human rights, particularly their mandatory detention in Australian-funded facilities located in Nauru and Papua New Guinea. Official and corporate disregard of the rights of Australians in dealing with those people—contrary to the official accountability that underlies the liberal democratic state—has attracted less attention. This article explores the offshore processing regime through an examination of how legislation that criminalises disclosure of information about mandatory detention is conceptually inconsistent with the freedom of political communication implied under Australia’s Constitution, and expected by Australian citizens. That legislation treats asylum seeking as a matter of national security rather than humanitarian law. It conflicts with the ethical obligations of health practitioners and others, and with Australian expectations about effective mandatory reporting intended to prevent abuse of children and other vulnerable people. It affects Australian and other officials, contractors, care providers, advocates, and journalists who deal with asylum seekers inside and outside Australia. Accountability and minimisation of harms to non-citizens can—and should—be achieved through an independent oversight mechanism reporting directly to parliament. 
Law is often a matter of conflicting values, interests, and rules. Freedom of speech and accountability (distinguishing features of the liberal democratic state), maintenance of sovereign borders (with the ability to exclude non-citizens), the protection of vulnerable people from harm, and respect for contract that restricts disclosure of information by employees are all governed by discrete bodies of law. Where those laws intersect in regard to Australian asylum seeker policy, tensions reflecting underlying values, interests, and rules become evident. This article explores those tensions by considering Australia’s offshore processing of refugees, particularly detention occurring in a privately operated facility on Nauru, a state that is formally independent but in practice heavily dependent on its Australian partner. Claims of sexual abuse, other violence, and self-harm at detention facilities are credible and concerning. Public discussion and investigation of those claims has been restricted through official disregard of access principles articulated in the national freedom of information statute, and more recently through ‘border protection’ law that criminalises unauthorised disclosure of information that is potentially relevant to both the exercise of human rights and the accountability of Australia’s executive. That border protection law co-exists uneasily with legal and ethical obligations binding professionals, including health and social workers and educators, to mandated reporting of child abuse. It also collides with the freedom of political communication that is discerned by Australia’s High Court in interpretation of the national constitution. 
The article begins by considering Australia’s recent history regarding exclusion of asylum seekers, an exclusion marked by public policy rhetoric about national security and existential threats to the state requiring both militarisation of border policing and restrictions on reporting about that policing. The rhetoric has culminated in establishment of the Australian Border Force within a national Department of Immigration and Border Protection, along with passage of the Australian Border Force Act 2015 (the ‘border protection law’) and associated Secrecy and Disclosure Rule. 
The article then considers Australia’s weak constitutional protection for dignity, official accountability, and public participation, in particular regarding an implied freedom of political communication rather than broader freedom of expression and the absence of a recognised ‘right to know’. It notes that the secrecy regime is inconsistent with the freedom of political communication that Australian citizens working as contractors or Australian government employees at Nauru or Papua New Guinea should enjoy in informing the Australian and international communities on matters of public interest. It identifies ethical and statutory obligations of health professionals and other individuals to support asylum seekers, in particular by reporting specific and systemic abuse, but identifies inconsistencies in the effectiveness of that reporting, likely to be further entrenched by the Border Force secrecy provisions. Secrecy provisions criminalising the dissemination of information about the mistreatment of vulnerable people impermissibly reduce the accountability of the Australian government and its agents, irrespective of whether that mistreatment occurs within Australia or in a client state. 
The article concludes by suggesting an alternative model of reporting that would be consistent with international obligations and assuage political concerns regarding national security whilst fostering public confidence in the transparency and lawfulness of government action regarding Australia’s asylum seeker policy.

16 March 2018


The 'Great Beast' (or great fraud) Aleister Crowley reappears yet again.

In Bottrill v Sunol (Discrimination) [2018] ACAT 21, dealing with the latest dispute over the Ordo Templi Orientis (OTO), the ACT Civil and Administrative Tribunal considers what is a 'religion' and thus potentially covered under vilification regimes. There had been earlier appearances in eg Ordo Templi Orientis v Legg (Anti Discrimination) [2007] VCAT 1484 and Bottrill v Sunol & Anor (Discrimination) [2017] ACAT 81

The OTO had been characterised as a satanic cult that featured child sacrifice.

The Tribunal comments
In the dictionary of the Discrimination Act the following definition occurs
religious conviction includes— 
(a) having a religious conviction, belief, opinion or affiliation; and 
(b) engaging in religious activity; and 
(c) the cultural heritage and distinctive spiritual practices, observances, beliefs and teachings of Aboriginal and Torres Strait Islander people; and 
(d) engaging in the cultural heritage and distinctive spiritual practices, observances, beliefs and teachings of Aboriginal and Torres Strait Islander peoples; and 
(e) not having a religious conviction, belief, opinion or affiliation; and 
(f) not engaging in religious activity. 
In Church of the New Faith v Commissioner of Pay-Roll Tax (Vict.) (1983) 154 CLR 120,(the Scientology case), the High Court found that Scientology was a religion and canvassed the varying criteria that might be sufficient to satisfy that description. There were three separate decisions and the tests were not exactly the same. Mason ACJ and Brennan J said at [17]:
...for the purposes of the law, the criteria of religion are twofold: first, belief in a supernatural Being, Thing or Principle; and second, the acceptance of canons of conduct in order to give effect to that belief, though canons of conduct which offend against the ordinary laws are outside the area of any immunity, privilege or right conferred on the grounds of religion. Those criteria may vary in their comparative importance, and there may be a different intensity of belief or of acceptance of canons of conduct among religions or among the adherents to a religion. The tenets of a religion may give primacy to one particular belief or to one particular canon of conduct. Variations in emphasis may distinguish one religion from other religions, but they are irrelevant to the determination of an individual’s or a group’s freedom to profess and exercise the religion of his, or their, choice. (emphasis added)
At [23] it was said not to be limited to theistic religions and the test of religious belief was satisfied by belief in supernatural ‘Things’ or ‘Principles’ and not to limited to belief in God or in a supernatural ‘Being’. 
Wilson and Deane J gave similar but not identical tests and said at [18]:
One of the more important indicia of a religion is that the particular collection of ideas and/or practices involves belief in the supernatural, that is to say, belief that reality extends beyond that which is capable of perception by the senses. If that be absent, it is unlikely that one has a religion. Another is that the ideas relate to man’s nature and place in the universe and his relation to things supernatural. A third is that the ideas are accepted by adherents as requiring or encouraging them to observe particular standards or codes of conduct or to participate in specific practices having supernatural significance. A fourth is that, however loosely knit and varying in beliefs and practices adherents may be, they constitute an identifiable group or identifiable groups. A fifth, and perhaps more controversial, indicium (cf. Malnak v. Yogi [1979] USCA3 125; (1979) 592 F (2d) 197 is that the adherents themselves see the collection of ideas and/or practices as constituting a religion.
They also said at [19]:
As has been said, no one of the above indicia is necessarily determinative of the question whether a particular collection of ideas and/or practices should be objectively characterized as a religion. They are no more than aids in determining that question and the assistance to be derived from them will vary according to the context in which the question arises. All of those indicia are, however, satisfied by most or all leading religions. It is unlikely that a collection of ideas and/or practices would properly be characterized as a religion if it lacked all or most of them or that, if all were plainly satisfied, what was claimed to be a religion could properly be denied that description. Ultimately however, that question will fall to be resolved as a matter of judgment on the basis of what the evidence establishes about the claimed religion. Putting to one side the case of the parody or sham, it is important that care be taken, in the exercise of that judgment, to ensure that the question is approached and determined as one of arid characterization not involving any element of assessment of the utility, the intellectual quality, or the essential Truth or worth of tenets of the claimed religion.
In Harrison and Commissioner for Social Housing in the ACT and Minister for Community Services and Minister for Aboriginal and Torres Strait Islander [2012] ACAT 10 at [50] it was said:
There is no definition of the phrase in the Discrimination Act 1991. The word conviction is used in this context in its ordinary meaning - to indicate a settled or strongly held belief.
In fact, there is a definition as set out above for religious conviction and it is much wider. 
Conclusion about religious conviction 
The test is wider than that explained in the Scientology case as it extends to non-belief. No doubt atheism was intended to be covered. Thus, the element of the supernatural is not essential. On the undisputed evidence in this case the OTO did satisfy the criteria described in the Scientology Case and the applicant had a conviction based on its teachings. If the crimes attributed to the applicant and OTO in the blog complained of were true, it would be likely that it would not be regarded as a religion as they would constitute: ...canons of conduct which offend against the ordinary laws are outside the area of any immunity, privilege or right conferred on the grounds of religion


No great surprises in the report that Meow-Ludo Disco Gamma Meow-Meow has been unsuccessful after brouhaha over his bodyhacking of a Transport for NSW (TfNSW) travel card.

Mr Meow-Meow was noted here, here and in a piece for The Conversation.

TfNSW had taken action against him for not using a valid  ticket (using public transport without a valid ticket and for not producing a ticket to transport officers).

Despite hyperbole about 'cyborg rights',  he today pleaded guilty to both offences at Newtown Local Court.

The ABC reports that  Mr Meow-Meow
was fined $220 for breaching the Opal Card terms of use and was ordered to pay $1,000 in legal costs. 
The lawyer representing Mr Meow Meow argued that transport legislation had advanced to include methods of contactless payment through MasterCard and some smart phones. He said that the law should adapt to all available technologies including implantable tech. 
But Magistrate Michael Quinn said, while the legislation may catch up with technology in the future, the law of the day must be followed. 
Outside court, Mr Meow Meow said he was disappointed both offences were not dismissed and that he was ordered to pay legal costs. 
Despite the decision, Mr Meow Meow said he would continue to experiment with implanted technology. He said he was planning to push the boundary even further, replacing his Opal chip with one that will hold all of his personal information, including credit cards and memberships. 
DIY unauthorised modification of credit card and membership cards will breach the terms and conditions of his account with the credit card providers, so he can expect to see those businesses restricting or cancelling the relevant accounts.

Carceral Theory

Liberal to Carceral Feminism' by Karen Engle in Janet Halley, Prabha Kotiswaran, Rachel Rebouch√© and Hila Shamir (eds) Governance Feminism: Notes from the Field (University of Minnesota Press, 2018) comments 
Feminist legal theory came to international law and discourse later than it came to many other legal fields. It primarily emerged in international human rights where, in a surprisingly short amount of time, it went from being extremely marginal to relatively mainstream. Not unrelatedly, it has primarily grown, and also developed significant influence, in the doctrinal areas of international humanitarian and criminal law. This piece, written as a chapter in a book on governance feminism, chronicles the trajectory of feminist engagement with international law, paying special attention to how both feminisms and feminists have played governing roles in its development and operation.
The chapter provides an account of three distinctive feminist approaches to women’s human rights that developed from the mid-1980s through the mid-1990s. Each of the three approaches is identified according to its distinctive concern: liberal inclusion, structural bias, and the Third World, respectively. During the early period of feminist engagement, these approaches variously competed, complemented, and exchanged with each other in the push for a feminist foothold in human rights law. But the end of the Cold War, a compromise around “culturally sensitive universalism,” the emergence of a preoccupation with sexual violence in conflict, and the pursuit of criminal law as the primary response to it all ultimately functioned to favor a strand of structural bias feminism focused on female sexual subordination and to suppress and sideline the other feminist critiques, especially their material dimensions.
Tracing this genealogy, the chapter calls into question a dangerous common sense about sexual violence in conflict, a common sense that bears upon culture, sex, economic distribution, and criminalization, and that still dominates human rights law and discourse today. It seeks to motivate a return to, and reevaluation of, other possibilities of feminist critique that were left by the wayside when the structural bias critique prevailed, and when sexual violence and carceral responses became central to feminist approaches to human rights law.

Spatial Privacy and Anonymity

Waters v Transport for NSW [2018] NSWCATAD 40 is a landmark case regarding privacy in Australia.

The Tribunal considered Privacy and Personal Information Protection Act 1998 (NSW), commenting
These proceedings concern whether the requirements of Transport for NSW in respect of electronic (Opal) ticketing for public transport concession entitlement holders contravene an Information Protection Principle (IPP) under the Privacy and Personal Information Protection Act 1998 (the PPIP Act). The dominant concern is that the introduction of electronic ticketing removed the ability of certain concession entitlement holders to travel anonymously under that entitlement, with their movements tracked by the respondent agency (as an arm of the Government), contrary to the privacy protections of citizens under the PPIP Act. One issue is whether the collection of personal information for that purpose is reasonably necessary having regard to the stated purpose that the information is collected. ...
The applicant’s general grievance is that this change in the policy has introduced an effective form of surveillance over his ingress and egress within the relevant parts of the State by the lack of any equivalent option for anonymous travel. The applicant ties this grievance to various IPP’s but predominantly his grievance is that the ‘requirement’ of collection of his personal information is not reasonably necessary for the unstated purpose of travel on public transport as an eligible Senior. This central argument equates to a breach of IPP 1 and as a result is contrary to the requirements in s 8 of the PPIP Act
The Australian Privacy Foundation comments
The Foundation has long argued that the requirement for registration for concession Opal users is a breach of the privacy laws. All users of the public transport system in NSW should have the right to travel anonymously and not be tracked.
A case was brought against Transport for NSW by Nigel Waters (life member and a former board member of the Australian Privacy Foundation) in 2016. Mr. Waters objected to a record of his travel being kept that was clearly linked to his identity. Mr. Waters wanted to be able to use public transport anonymously (an option available for Adult Opal Card users).
The NSW Civil and Administrative Tribunal agreed that the travel information was not reasonably necessary. This is a big win for Mr. Waters and tens of thousands of Gold Opal Card users in NSW.
Nigel Waters said: “This is major win for privacy rights in NSW. It clearly raises the bar for all NSW government agencies to apply ‘Privacy by Design’ principles to complex new data driven systems.”
David Vaile, Chair of the Australian Privacy Foundation said: “You shouldn’t have to put up with being potentially spied on as you travel just because you verify your eligibility for a concession.”
Kat Lane, Vice-Chair of the Australian Privacy Foundation said: “The big question is now what Transport for NSW will do? Will they do the right thing and finally recognise the human rights of NSW residents to use public transport anonymously?”
The Australian Privacy Foundation calls on Transport for NSW to immediately disconnect identity details from travel records so that all residents of NSW have their privacy rights respected.


The Australian Competition and Consumer Commission remains the most effective gatekeeper in Australia's privacy regime, indicated in today's announcement that the ACCC is acting against Equifax, the profiling giant that absorbed the controversial Australian business Veda Advantage (noted here and here) and that in the US attracted substantive criticism over its handling of a major data breach.

The ACCC states
The ACCC has today instituted proceedings in the Federal Court against credit reporting body, Equifax Pty Ltd (formerly Veda Advantage Pty Ltd), alleging breaches of the Australian Consumer Law (ACL).
The ACCC alleges that from June 2013 to March 2017, Equifax made a range of false or misleading representations to consumers, including that its paid credit reports were more comprehensive than the free reports, when they were not.
Equifax also allegedly represented that consumers had to buy credit reporting packages for it to correct information held about them, or to do so quicker. In fact, Equifax was required by law to take reasonable steps to correct the information in response to a consumer’s request for free.
In addition, the ACCC alleges that Equifax represented that there was a one-off fee for its credit reporting services, when its agreement provided that customer’s subscriptions to the services automatically renewed annually unless the consumer opted out in advance. We allege this renewal term is an unfair contract term, which is void under the ACL. In all the circumstances, it is alleged that Equifax acted unconscionably in its dealings with vulnerable consumers including by making false or misleading representations, and using unfair tactics and undue pressure when dealing with people in financial hardship.
“We allege that Equifax acted unconscionably in selling its fee-based credit reporting services to vulnerable consumers, who were often in difficult financial circumstances,” ACCC Commissioner Sarah Court said.
“We allege that Equifax told people they needed to buy credit reporting services from them in situations when they did not. It is important for consumers to know they have the legal right to obtain their credit report and to correct any wrong information for free.”
By law, consumers are entitled to access their credit reporting information for free once a year, or if they have applied for, and been refused, credit within the past 90 days, or where the request for access relates to a decision by a credit reporting body or a credit provider to correct information included in the credit report.

15 March 2018

Public Sector Fraud

The 'Fraud against the Commonwealth: Report to Government 2014-15' by Penny Jorna and Russell G Smith comments on
the level of fraud risk affecting Commonwealth entities and the government’s approach to preventing and responding to acts of dishonesty perpetrated within and against the Commonwealth. For the three years 2012-13 to 2014-15, 417,480 incidents of suspected fraud were detected worth over $1.208b with more than one third of Commonwealth entities experiencing fraud. During the three years, 3,699 defendants were prosecuted for fraud by the Office of the Commonwealth Director of Public Prosecutions. In 2014-15, almost one third of sentences imposed involved actual imprisonment.
The report deserves to be read in detail, noting that not all fraud involves welfare recipients and that there aren't detailed findings about the cost of enforcement (of interest given past claims by Canberra than large-scale fraud justifies the erosion of privacy and incidents such as the #CentrelinkFail). The report states
Key findings 
During the three years examined, 2012–13 to 2014–15, more than one-third of Commonwealth entities reported experiencing fraud. The proportion of entities experiencing fraud increased from 40 percent of responding entities in 2012–13 to 42 percent of entities in the 2014–15 financial year. As with previous reports, the majority of incidents were alleged to have involved people external to the entities.
Over the three years, 417,480 incidents of suspected or proved fraud were reported by Commonwealth entities.
During the same period, entities reported monetary losses totalling approximately $1.208b, comprising $207m in 2012–13, $673m in 2013–14 and decreasing to $329m in 2014–15. Entities recovered $50.4m during the reference period, although this may have included monies recovered from fraud losses sustained in earlier years.
Experience of fraud
Between 2012–13 and 2014–15, the percentage of entities experiencing internal fraud increased, (from 28% to 31%). The percentage of entities experiencing external fraud also increased, but to a lesser extent, from 30 percent to 32 percent. Each year, entities with more than 1,000 staff experienced more fraud than smaller entities with 500 or fewer staff.
Extent of fraud 
In each year, the number of internal fraud incidents reported declined, with a 12 percent total reduction from 1,685 incidents of internal fraud in 2012–13 to 1,485 incidents in 2014–15. This decline was generalised across all entities that experienced internal fraud, rather than a few entities experiencing reductions in large numbers.
As with earlier reports, substantially larger numbers of external fraud incidents were reported than internal fraud incidents. In 2014–15 there were 154,221 incidents of suspected external fraud detected, compared with 1,485 incidents of suspected internal fraud. There were some ffluctuations in the numbers of external fraud incidents detected over the three years. In 2012–13 there were 133,969 incidents detected, and in 2013–14 the number of incidents reported reduced to 123,876; however, in 2014–15 the number of reported external fraud incidents increased substantially, to 154,221, representing a 24 percent increase between 2013–14 and 2014–15.
In addition to questions asked about suspected incidents of internal or external fraud, respondents answered questions about their experience of fraud involving collusion between staff and individuals outside the public sector. The number of incidents involving collusion fluctuated over the three years, ranging from 17 in 2012–13, down to four in 2013–14 and increasing substantially in 2014–15 to 107. The percentage of entities experiencing collusion over the three-year period remained steady at 2–3 percent.
The number of incidents of fraud that could not be classified (as either internal, external or collusion) also varied over the three-year period, from one incident in 2012–13, to 428 in 2013–14 and decreasing to 30 in 2014–15.
In addition to incidents of fraud experienced, the census also asked about the number of individuals suspected of committing fraud. Over the three-year period the number of suspects identified was lower than the number of incidents reported. In 2014–15 there was a reduction of 26 percent in the number of suspects identified for internal fraud incidents and a 91 percent reduction in the number of suspects identified with external fraud incidents. The reasons for this decline may include entities not always being able to identify suspected individuals, particularly when investigations have just commenced, or changes in fraud reporting processes within some large entities that resulted in fraud allegations being handled differently. 
How fraud was committed
Respondents were asked to indicate two main aspects of how the fraud incidents they detected had been committed: their focus (that is, the target of the alleged fraudulent activity, or the benefit to be derived from the illegal conduct) and the method of carrying out the alleged fraud (such as misuse of technology, information, identity etc). 
Internal fraud 
The largest number of entities reported suspected internal fraud incidents involving financial benefits, such as obtaining cash without permission, or misuse of government credit cards, with around 20 percent of entities reporting this type of internal fraud each year. Although more entities experienced an incident of fraud targeting financial benefits, in terms of the numbers of incidents experienced, the most prevalent type involved misuse of information. 
Over the three years there was a steady increase in the number of incidents categorised as misuse of information, from 721 incidents in 2012–13 to 811 incidents in 2014–15. In relation to the methods by which internal fraud incidents had allegedly been committed, the method affecting the highest percentage of entities was misuse of documents and/or information. However, between 2013–14 and 2014–15 there was a slight increase in the number of entities experiencing fraud committed through the misuse of information and communications technologies (ICT) and corruption (increasing from 11% of entities in 2013–14 to 12% of entities in 2014–15 inclusive). The number of internal fraud incidents overwhelmingly involved the misuse of ICT. In 2014–15 there was an increase in the number of incidents of internal fraud committed via misuse of identity and misuse of documents/ information. 
External fraud 
Fraud involving financial benefits was the most frequently reported type of external fraud over the three years, with the proportion of entities experiencing such fraud increasing from 21 percent in 2012–13 and 2013–14 to 25 percent in 2014–15.
The greatest number of external fraud incidents related to government entitlements. This category of external fraud continued to increase, from 90,773 incidents in 2012–13, to 110,698 incidents in 2013–14 and to 125,047 in 2014–15. Fraud of this nature most often involved three subtypes: revenue fraud, visa/citizenship fraud and social security fraud.
Misuse of documents was the most commonly reported method of committing external fraud. The number of entities experiencing external fraud involving corruption declined from 17 percent of entities in 2012–13 to 10 percent of entities in 2014–15. While the largest percentage of entities experienced external fraud involving misuse of documents, the number of incidents experienced within that category declined from 62,382 incidents in 2012–13 to just 2,908 incidents in 2014–15, while at the same time the number of incidents involving misuse of identity rose from 16,967 incidents in 2012–13 to 98,573 incidents in 2014–15. These changes were largely due to one large entity changing the way in which it classified misuse of documents and misuse of identity, and to an increased government focus on identity crime and misuse (AGD 2012). 
Cost of fraud 
The total reported cost of fraud each year is likely to be an underestimate of actual losses incurred. There are a number of reasons for this difference:
• The research findings are limited to entities that participated in the census and were able to detect (and then quantify losses from) fraud incidents. 
• Fraud investigations are becoming longer, which may mean details will not be known for several years to come. 
• Some types of fraud cannot be quantified in dollar terms, such as loss of information or accessing ICT systems. While these may cause substantial reputational damage to entities, there is generally a low dollar value (in terms of entity losses) associated with such frauds, although other non-financial impacts can be substantial. 
• In addition, there are many associated costs involved with fraud incidents and investigations which are not quantified in the present research, such as time and cost of investigation, monetary value associated with replacing employees, and other indirect costs that may arise with a fraud investigation. 
Therefore, the present report was only able to provide an estimate of the cost of fraud to the Commonwealth based on data provided by entities from the questionnaires.
Over the three-year period, between 20 and 34 percent of entities were unable to quantify the value of the losses experienced.
The present study asked respondents to indicate the total amount thought to have been lost from fraud incidents, prior to the recovery of any funds and excluding the costs of detection, investigation or prosecution. The responses indicated estimated losses at the time of reporting, as opposed to final losses determined once investigations or criminal action was concluded. Separate questions asked about amounts recovered by entities.
For the three years included in the report, entities reported fraud losses totalling approximately $1.208b, increasing from $207m in 2012–13 to $673m in 2013–14 and reducing to $329m in 2014–15. The large amount in 2013–14 was due to one entity attempting to quantify the cost of fraud incidents for the first time in 2013–14, while the reduction in 2014–15 was due to the same entity changing the way its losses were quantified.
External fraud caused the vast majority of fraud losses, with external fraud totalling $1.2b over the three years (99% of all losses incurred). The total reported amount lost due to internal fraud incidents totalled $11.3m.
Over the three years, internal fraud losses increased by 23 percent between 2012–13 and 2014–15. Losses due to external fraud incidents fluctuated over the three years. Entities were also asked to indicate how much had been recovered using various means. Their responses related to amounts recovered during the financial year in question and did not necessarily reflect amounts lost due to fraud incidents in the same financial year that recoveries were made. Over the three years, $1.8m of internal fraud losses and $48.6m of external fraud losses were recovered, totalling $50.4m. This equates to approximately four percent of the total losses reported over the three financial years. However, because the recovery process may in some cases take years to finalise, monies recovered within any given financial year may not necessarily align with monies lost in that financial year. As such, it is difficult to determine how much money is ultimately recovered by entities that relate to frauds included in any specific year.
The majority of funds were recovered through the use of criminal proceedings, although administrative remedies and other means were also common ways of recovering lost monies. 
How fraud was detected 
Between 2012–13 and 2014–15 fraud was most often detected through internal controls, such as auditing or internal investigation of both internal and external fraud incidents. The next most common method used for detecting fraud incidents was by staff. Detection of external fraud incidents differed from internal fraud, with ‘other’ methods being the second most commonly reported method of detection; however, a large number of those related to community notifications, which might be considered external whistleblowers. Only three incidents of internal fraud were detected via the media over the three years. In contrast, the number of external fraud incidents detected via the media increased, from five incidents in 2012–13 to 31 incidents in 2014–15.
Entities with a dedicated fraud control section were more likely to detect fraud incidents than entities without a dedicated fraud control section. This may be because entities with a dedicated fraud control section are likely to be larger entities with more fraud risks, and because an entity with a dedicated fraud section may actively look for incidents involving fraud and potential misconduct. 
Investigations within entities 
The Commonwealth Fraud Control Framework (AGD 2014) requires entities themselves to investigate routine or minor instances of fraud, and to discipline responsible parties. The findings presented in this report indicate that entities do indeed conduct the vast majority of initial investigations or reviews of fraud allegations. For example, over the three-year period, between 83 and 93 percent of internal fraud incidents were investigated internally by the entity, using an investigation, review or administrative review. As noted above, only a small number of entities without a dedicated fraud control section reported detecting fraud incidents; in 2014–15 over half of those entities still conducted a review/assessment or investigation of the alleged fraud incident.
As with internal fraud investigations, the vast majority of external fraud incidents were primarily investigated by entities themselves, accounting for between 65 and 97 percent of alleged external fraud over the three-year period.
Between 2012–13 and 2014–15, the number of fraud control staff engaged in fraud prevention and investigation duties steadily decreased, from 843 people employed in a fraud prevention capacity in 2012–13 to 804 people in 2014–15. 
Police investigations 
Over the three years, just over five percent (5.4%) of detected internal fraud incidents were referred to police, prosecution or other organisations for investigation or prosecution (259 incidents referred in total), with just under four percent (3.8%) of external fraud incidents referred to other organisations for investigation or prosecution (15,626 incidents). Information about the number of referrals received and accepted by the Australian Federal Police (AFP) was also gathered. The AFP accepted 203 of the 239 fraud referrals made to it over the three years. In 2014–15 there was a decrease in the number of matters referred to the AFP and the subsequent matters accepted by the AFP. As of 30 June 2015 the AFP was investigating 160 fraud-related matters with an estimated loss value of $1.8b. 
Prosecution of fraud 
Over the three years, 4,214 defendants in fraud-type cases were referred to the Office of the Commonwealth Director of Public Prosecutions (CDPP). Of these, the CDPP prosecuted 3,699 defendants, the majority involving direct referrals from entities rather than referrals via law enforcement agencies.
Between 2013–14 and 2014–15, there was an increase of 17 percent in the number of defendants referred to the CDPP for prosecution. In total, however, the number of defendants prosecuted declined, from 1,271 in 2013–14 to 1,033 in 2014–15.
The total amount initially charged in fraud-type prosecutions decreased from $41m in 2013–14 to $25m in 2014–15. The number of convictions declined during the census period, by 22 percent between 2012–13 (1,062 defendants convicted) and 2014–15 (833 convictions). In 2014–15 there was a change in the most frequently imposed sentence for proved fraud offences. In previous years (2012–13 and 2013–14) the most frequently imposed sentence was a recognisance order; however, a fully suspended term of imprisonment was the most frequently imposed sanction in the current year, followed by recognisance orders. The use of custodial sentences again increased over the three-year period, from 12.5 percent of cases in 2012–13 to 17.3 percent of cases in 2014–15. The sentence imposed depended greatly upon the nature and seriousness of the offence(s) and the various factors relating to each individual defendant, although the increase in harsher sentencing may indicate a change in courts’ views regarding fraud offences. 
Fraud compliance and prevention 
Most non-corporate entities (over 92% each year) met the Commonwealth Fraud Control Framework (AGD 2014) requirement to provide the Australian Institute of Criminology (AIC) with data on fraud incidents and compliance with the terms of the framework.
Over the three years, there was a slight increase in the percentage of entities with a dedicated fraud control section to deal with the prevention, investigation and control of fraud risk—from 74 percent of entities in 2012–13 to 77 percent in 2014–15. The number of staff employed in fraud control activities increased overall, from 3,160 staff in 2012–13 to 3,588 staff in 2014–15. However, the number of fraud control staff with a specific fraud qualification reduced, from 45 percent of all staff in a fraud control section in 2012–13 to 33 percent in 2014–15. The Commonwealth Fraud Control Framework (AGD 2014) requires a fraud risk assessment to be conducted by entities regularly or when there has been a substantial change to the activities or functions of the entity. Over the three years examined, the percentage of entities complying with this requirement remained high. In 2012–13, 94 percent of entities had completed a fraud risk assessment within the previous two years; in 2013–14, 95 percent of entities had done so; in 2014–15, the percentage reduced slightly to 92 percent.
A high proportion of respondent entities in 2014–15 had completed a fraud control plan within the previous two financial years (91%, N=140). This was similar to the 92 percent (N=152) which had done so in 2013–14, although it was a decline from the 94 percent (N=153) which had done so in 2012–13.
Fraud awareness training (43% of respondents), compliance with the Commonwealth Fraud Control Framework (39% of respondents) and strong internal controls (21% of respondents) were some of the most frequently cited suggestions for what had made a difference to an entity’s fraud prevention in 2014–15. 
Fraud risks for the Commonwealth 
In the Commonwealth, fraud may be perpetrated by employees or contractors of an entity (internal fraud) as well as by members of the public who have dealings with the government (external fraud), such as when they are obtaining benefits or paying taxes. Fraud risk factors are diverse when dealing with the Commonwealth, as fraud may arise through third-party contractors, procurement processes, provision of government-funded grants, or even overseas cyber attacks.
The principal risks of internal fraud arise from inadequate or outdated internal controls, poor recruitment practices, and insider threats (where staff are compromised or groomed by external parties). External fraud risks arise in connection with the provision of new benefits, failing to build appropriate prevention measures into program and policy design, inadequate procurement practices, new government-funded programs where fraud risks have not been adequately assessed, and Machinery of Government (MoG) changes resulting in new and changing functions for entities.
Between 2012–13 and 2014–15, the number of incidents of external fraud involving the misuse of identity rose by over 450 percent. Identity crime and misuse of documents and information are ongoing areas of risk for Commonwealth entities. Potentially, with more government services moving online, establishing one’s identity and the use of identity documents will remain a concern for entities, with effort required to reduce fraud involving these activities. 
Belcher review and changes to the questionnaire 
The Belcher Red Tape Review was undertaken in 2015, and the report recommended several changes in relation to fraud reporting and the AIC’s annual census (Belcher 2015). These included suggestions for reducing the burden associated with completion of the online questionnaire, and combining the Attorney-General Department’s (AGD’s) annual fraud control compliance report to government with the AIC fraud report to government. Consultations were undertaken with entities to determine how best to improve and streamline the questionnaire. As a result, the key changes to the 2016 questionnaire will include:
• changing the unit of measurement in the new questionnaire to fraud ‘investigations’ undertaken each year rather than fraud ‘incidents’; 
• moving the questions about fraud control, in the previously identifiable section collected for the AGD, to the start of the 2016 questionnaire; 
• including additional conditional response questions in the online questionnaire, to enable those for whom a section is not applicable to proceed quickly to other sections without having to provide responses; 
• adding a new section that examines the most costly external fraud investigations in addition to the previous questions about the most costly internal fraud investigations; 
• enabling respondents to respond to both internal and external fraud questions in the one set of questions, to reduce the overall burden of the questions; and 
• changing the categories of fraud ‘focus’ and ‘methods of committing fraud’ to ensure the categories are mutually exclusive and as exhaustive as possible.
The purpose of these changes is to increase the internal consistency of how entities report fraud to allow for greater comparisons between census years. 
How the information was gathered 
Each year Commonwealth entities were invited to participate in an annual census about their experience of fraud incidents, how they managed fraud risks and the entities’ compliance with the former Commonwealth Fraud Control Guidelines (AGD 2011) and the new Commonwealth Fraud Control Framework (AGD 2014) that came into effect on 1 July 2014. The period examined in this report covers the earlier guidelines and the new framework and the differences they may involve. The framework (AGD 2014) consists of:
• section 10 of the Public Governance, Performance and Accountability Rule 2014 (Fraud Rule); 
• Commonwealth Fraud Control Policy (Fraud Policy); and 
• Resource Management Guide No. 201: Preventing, detecting and dealing with fraud (Fraud Guidance).
Although the three-year period examined is covered by both the guidelines and the framework, for the purposes of this report reference will be made to the 2014 framework now applicable throughout the Commonwealth.
Under the 2014 framework (AGD 2014), fraud against the Commonwealth was defined as ‘dishonestly obtaining a benefit, or causing a loss, by deception or other means’ (AGD 2014: 4.1). Entities were asked to provide information about all suspected and proved incidents of internal and external fraud against the Commonwealth. Further details relating to the data collection procedures are provided in the Methodology section ... 
Information was provided by 163 entities in 2012–13 (with 162 responses included for analysis), 166 entities in 2013–14 and 154 entities in 2014–15 (for 2013–14 and 2014–15, all responses were included for analysis). Each year, this represents over 80 percent of those invited to participate. The data collection periods for all three years covered a period of considerable change for the Australian Public Service, as the government implemented a number of MoG changes. A MoG change consists of a variety of organisational or functional changes affecting the Commonwealth (Department of Finance 2015). These changes were relevant to the collection of fraud information because of the alteration in the number of responding entities as well as changes in their functions during the financial years in question. In some instances MoG changes may have led to investigations being terminated by one entity and taken over by another, which may occasionally have led to inaccuracies in reporting.
Respondents were asked to provide information by completing a secure, online questionnaire that recorded results anonymously (without naming individual entities or individual suspects). The aim was to canvass the experience of fraud across the Australian government as a whole, rather than by identifying what each individual entity had experienced.
Further information on the investigation and prosecution of fraud incidents within the Commonwealth was also provided by the AFP and the CDPP for matters handled within each year (regardless of when they were committed).