13 January 2022
Ms Eliza Sorensen
By email:
xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx
Dear Ms Sorensen
Internal review request under the Freedom of Information Act 1982
I refer to your request of 14 December 2021 seeking internal review of the decision
of the eSafety Commissioner (
eSafety) made on 16 November 2021 under the
Freedom of Information Act 1982 (
FOI Act).
I am authorised under section 23(1) of the FOI Act to make decisions in relation to
requests for internal review.
Decision under review
On 17 September 2021, you requested access to:
'Any emails and correspondence from the eSafety Commissioner or final documents
that contain the following phrases:
"Apple CSAM", "CSAM detection", "Child abuse scanner", "On-device matching",
"On-device matching process", "NCMEC", "Thorn", "Regulation, here we come!"’
On 24 September 2021, you clarified that the scope of the request was limited to
documents dated from 13 August to 24 September 2021.
On 8 October 2021, we sent you a letter by email to the Right to Know email
address:
xxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx to advise you of the
requirement to consult third parties and the statutory time period for processing your
request would be extended for an additional 30 days to 17 November 2021.
Unfortunately, the email address omit ed parts of the email and, as you have
confirmed, it was not received by you. We were not notified the email was not
received and it did not come to our attention that you had not received it until receipt
of your request for internal review. We apologise for the error. As you sought a
request for internal review, we think it is appropriate to provide you with a decision
on your request. It remains open to you to seek Information Commissioner (IC)
review of my decision or to complain to the IC about how your request was handled.
Contact details for the Of ice of the Australian Information Commissioner are
included below under ‘Your review Rights’ and ‘FOI complaints’.
On 16 November 2021, you were provided with a decision on your request. A total
of 19 documents had been found to fall within the scope of your request.
2
In making my internal review decision, I have considered:
• the FOI Act
• the content of the documents that fall within the scope of your request
• your internal review request
• the Guidelines issued by the Australian Information Commissioner under
section 93A of the FOI Act (FOI Guidelines).
Decision on review
I have decided to release additional information in documents 4, 6, and 13 as
described in the enclosed schedule of documents.
I have otherwise decided to affirm the decision of the original decision maker in
relation to the remaining documents with some changes in the exemptions that I
have relied on. The exemptions are detailed in the enclosed schedule of documents.
Searches for documents
eSafety uses a centralised document management system that enables documents
to be stored and key terms searched. Searches for relevant documents were
conducted across the document management system using keywords taken from
your request. Physical checks for documents were also made and staff who could
potentially have documents were asked to conduct searches. I am satisfied there
are no additional documents and that all reasonable searches were undertaken.
Reasons for decision
My decision in relation to each document is described in the schedule of documents
enclosed with this decision. Any references to documents in this decision includes a
reference to parts of documents.
Irrelevant information – s 22
As described in the schedule of documents, the documents contain information that
is not about the subject matters described in your request and not otherwise within
the scope of your request. The information concerns unrelated topics that appear in
a document that contains otherwise relevant material.
That information has been redacted in accordance with s 22(1)(a)(i) and (b)(ii) on
the grounds that it would disclose information that would reasonably be regarded as
irrelevant to the terms of your request.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
3
Damage international relations – s 33(a)(iii)
Section 33(a)(i i) of the FOI states provides that a document is an exempt document
if disclosure of the document would, or could, reasonably be expected to cause
damage to the international relations of the Commonwealth.
‘International relations’ means the ability of the Australian Government to maintain
good working relations with other governments and international organisations and
to protect the flow of confidential information between them. The exemption is not
confined to relations at the formal diplomatic or ministerial level. It also covers
relations between Australian Government agencies and agencies of other countries.
This principle ensures that Governments can be confident in communicating openly
and frankly about matters, which is necessary to be able to properly understand and
address issues that have relevance and concern at an international level. This
expectation of confidentiality means that countries can be confident that
collaborations and discussion undertaken on an understanding of confidentiality will
be protected and kept confidential. Information wil be subject to confidentiality even
if the information later becomes public. It is the understanding that the
communication was conducted in confidence that is relevant, not the underlying
confidentiality of the information.
For these reasons, eSafety maintains a longstanding practice of not publicly
disclosing its confidential discussions with its international counterparts. The
documents contain deliberations with international governments and organisations
around the international response to CSAM and Apple’s initiative to stop its plan to
detect child sexual abuse images. Avoiding disclosures that diminish the confidence
which a foreign government or authority would have in Australia as a reliable
recipient of confidential information is a well-recognised basis for invoking
s 33(a)(ii ).
I consider disclosure of the documents would reasonably be expected to:
• undermine the confidence that international governments and organisations
have in eSafety’s ability to protect the confidentiality of communications
• more generally, lead to other countries concluding that eSafety could not be
relied upon to maintain the confidentiality of communications
• as a result, disclosure would, or could, reasonably be expected to, cause
damage to Australia’s international relationships with other countries.
Accordingly, I find the documents are exempt under s 33(a)(i i) of the FOI Act.
eSafety staff and third party names and contact details – s 47F
Section 47F conditionally exempts a document to the extent that its disclosure
would, or could, involve the unreasonable disclosure of personal information about
any person. The documents contain names and contact details of staff members
and other third parties. I am satisfied that information is personal information about
them.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
4
If information is personal information, it wil be conditionally exempt if disclosure
would be ‘unreasonable’. In considering whether disclosure would be unreasonable,
section 47F(2) of the FOI Act requires me to take into account:
a) the extent to which the information is well known
b) whether the person to whom the information relates is known to be (or to
have been) associated with the mat ers dealt with in the document
c) the availability of the information from publicly accessible sources
d) any other matter relevant information.
I am satisfied that the names and contact details are not well known or publicly
available. I have decided to conditionally exempt names of staff, other than the
eSafety Commissioner, who have an expectation that their personal information wil
not be made publically available.
In relation to third parties, I have taken into account that they communicated with
eSafety, or were contained in a confidential communication with eSafety, and also
have an expectation that their personal information would not be made publically
available.
There is no requirement under the FOI Act to replace titles with generic descriptions.
Where they appear in the documents, job titles have been disclosed.
I do not consider that the disclosure of the names and contact details of staff and
other third parties would shed light on the workings of eSafety or enhance
accountability or transparency of its operations. Relevant to this assessment is that
none of the staf or third parties were decision makers in relation to a particular
matter of public interest or were involved in a mat er or decision concerning you.
However, I find disclosure would disproportionately interfere with an individual’s
personal privacy. The information is not publically known and the individuals have
an expectation their personal information wil not be made publically available.
On that basis, I have concluded that disclosure of the information would be
unreasonable and the information is conditionally exempt under section 47F.
I must give access to the documents unless, in the circumstances, access at this
time would on balance be contrary to the public interest (subsection 11A(5) of the
FOI Act).
Conditionally exempt matter must be released unless, in the circumstances, access
to it at this time would, on balance, be contrary to the public interest (section 11A(5)
of the FOI Act).
The FOI Guidelines provide at paragraph [6.5] that the ‘public interest’ test is
considered to be:
• something that is of serious concern or benefit to the public, not merely of
individual interest
• not something of interest to the public, but in the interest of the public
Int ernal Re vie w Decis ion
e s afe t y.gov.au
5
• not a static concept, where it lies in a particular matter wil often depend on a
balancing of interests
• necessarily broad and non-specific, and
• related to matters of common concern or relevance to all members of the
public, or a substantial section of the public.
To find that, on balance, disclosure of a document would be contrary to the public
interest requires determining that the benefit to the public resulting from disclosure is
outweighed by the benefit to the public of withholding the information (see
paragraph [6.27] of the FOI Guidelines).
In weighing up the public interest, I have taken into account the mandatory factors in
section 11B(3) in favour of disclosure. I have not taken into account the irrelevant
factors in section 11B(4) of the FOI Act.
I consider disclosure could reasonably be expected to prejudice the protection of an
individual’s right to privacy and reduce the level of trust staff members and third
parties have in eSafety to look after and protect from public disclosure their personal
information. I consider disclosure of the names and contacts details would have a
negligible impact on transparency and accountability of the way eSafety carries out
its statutory functions. I consider that there is minimal public interest in this
information being disclosed.
On balance, I have concluded that disclosure would be contrary to the public interest
and the information is exempt under section 47F.
Recommendations about eSafety decision making – s 47C
Section 47C provides that a document is conditionally exempt if it would disclose
deliberative matter in the nature of opinion, advice or recommendation, consultation
or deliberation in the course of the deliberative processes of an agency.
I consider information in the documents contains matter of opinion, advice,
consideration and recommendation about matters relevant to the functions of
eSafety regarding its strategy and approach around child sexual abuse material
(
CSAM) and related issues.
Some of the deliberations involve international organisations and government
counterparts who engaged with eSafety on the understanding that deliberations
were conducted in confidence and would not be made publically available.
Other deliberations concern internal assessments of online products that eSafety
does not disclose to the public. These include about limitations, suggested next
steps and proposed questions to the relevant entity. The deliberations include frank
assessments of products, some of which could be considered critical of the efficacy
of the product. eSafety is entitled to conduct its internal consideration of strategy
and approach in relation to its statutory functions without undue public oversight and
scrutiny until such time as it determines it is appropriate to make public
announcements or disclosures. This process ensures that eSafety is able to
deliberate and make assessments and decisions without needing to explain every
step in its consideration to the public.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
6
I find the information is deliberative in nature and conditionally exempt under section
47C.
I acknowledge that there are public interest factors in favour of disclosing this
material, including that disclosure would promote the objects of the FOI Act by
increasing scrutiny of eSafety’s handling of an issue of concern and interest and, to
some extent, promote public debate about the activities of eSafety and CSAM more
generally.
eSafety regularly liaises and collaborates with international regulators and other
government bodies in undertaking its activities. The nature of these exchanges is
often confidential, as was the case in relation to the documents in issue. In this
case, eSafety was consulted on the basis of its good standing, leadership and
strong reputation on the international stage in relation to combating online abuse. I
would be very concerned that disclosure of the deliberations would damage the
current strong standing and reputation of eSafety including its international
relationships. It is vital that eSafety be able to maintain its strong international
standing and relationships with its international counterparts so that it can continue
to work with international governments and organisations to combat online harm and
abuse.
There are a number of public interest factors that weigh against disclosure,
including:
• the public interest in eSafety’s ability to confidentially assess and critique
online products for internal purposes openly and frankly
• the public interest in international organisations continuing to openly and
freely engage with eSafety on topics and areas of mutual interest and
concern
• the public interest in eSafety’s ability to engage with international
counterparts in relation to its development of its CSAM strategy and its
strategy regarding its approach to its regulatory functions more generally
• the public interest in eSafety maintaining its strong international reputation
and as a leader in combating online abuse
• the public interest in maintaining confidentiality when collaborating and
communicating with international counterparts about matters of mutual
interest and concern.
I do not consider that disclosure would make a significant contribution to promoting
the objects of the FOI Act. While disclosure may shed some insight into the way
eSafety conducts its international collaborations, I am concerned disclosure would
significantly damage eSafety’s capacity to collaborate with international counterparts
in the future.
On balance, I have concluded that disclosure of the documents is contrary to the
public interest and the documents are exempt from disclosure under section 47C.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
7
Damage agency operations – s 47E(d)
Section 47E(d) conditionally exempts a document if its disclosure would, or could,
have a substantial adverse effect on the proper and efficient conduct of agency
operations.
Document 10 is a submission provided to eSafety on the understanding it was
provided in confidence and would not be made publically available. The submission
was provided in response to the request for evidence regarding a proposed age
verification system to limit access to online pornography to minors. Relevantly, the
eSafety’s submission form states that any submissions provided wil only be used
for internal purposes to help shape the public consultation process and that it wil not
be made publically available. Even though the submission also refers to the
potential for disclosure under the FOI Act, any disclosure would only be made with
the agreement of the submitter.
On the basis of this undertaking, persons and organisations provide open and frank
submissions in the knowledge that the information they provide is confidential to
eSafety and wil not be made publically available without their agreement. I would be
very concerned that disclosure under the FOI Act would undermine that undertaking
and damage the reputation of eSafety. I would also be very concerned that
disclosure would mean persons and organisations would no longer provide
submissions, or would confine or draft submissions with a view that they may be
made publically available, resulting in less candid and valuable information being
made available to inform the strategy and consultation processes of eSafety. I find
these consequences to be real and substantial.
I believe disclosure would limit the level and value of information provided in
submissions in the future, thereby impacting the ability of eSafety to properly and
effectively carry out its consultation and regulatory functions. I consider disclosure
would have a substantial adverse effect on the operations of eSafety and the
information is conditionally exempt under section 47E(d).
Other documents as described in the Schedule of Documents also contain
deliberations and communications with an international government and
organisations around the international response to CSAM and Apple’s initiative to
stop its plan to detect child sexual abuse images. Those discussions and
deliberations were conducted on the understanding they were confidential and
would not be made publically available.
On the basis of this undertaking, international governments and organisations
engage openly and frankly with eSafety in the knowledge that the information they
provide is confidential and wil not be made publically available. I would be very
concerned that disclosure under the FOI Act would undermine that understanding
and damage the reputation of eSafety for the same reasons I give in relation to the
s 33(a)(iii) exemption discussed above. I find these consequences to be real and
substantial.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
8
I believe disclosure would limit the level and value of information provided in
submissions and discussions in the future, thereby adversely impacting the ability of
eSafety to properly and effectively carry out its consultation, international
cooperation and regulatory functions. I consider disclosure would have a substantial
adverse effect on the operations of eSafety and the information is conditionally
exempt under section 47E(d).
Public interest factors in favour of disclosing this material include that disclosure
would promote the objects of the FOI Act by increasing scrutiny and public debate in
relation to eSafety’s functions and activities.
I consider the public interest factors considered under s 47C above are also relevant
here.
In addition, there are a number of other public interest factors against disclosure,
including:
• disclosure could reasonably be expected to prejudice eSafety’s reputation
and consultation processes, including at an international level
• the public interest in the ability of eSafety to be able to conduct its functions
effectively and efficiently.
I do not consider that disclosure would make a significant contribution to promoting
the objects of the FOI Act. Disclosure would contribute to some degree to public
oversight and debate about the way eSafety conducts its activities. However I am
concerned disclosure would significantly damage eSafety’s capacity to effectively
conduct its consultation and regulatory functions, both within Australia and
internationally.
On balance, I have concluded disclosure of the documents is contrary to the public
interest and the documents are exempt from disclosure under section 47E(d).
Your review rights
If you are dissatisfied with my decision, you may apply to the Australian Information
Commissioner for review. An application for review by the Information
Commissioner must be made in writing within 60 days of the date of this letter, and
be lodged in one of the following ways:
onli
ne:https:/ forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode
=ICR_10
email:
xxxxx@xxxx.xxx.xx post: GPO Box 5218 Sydney NSW 2001
More information about Information Commissioner review is available on the Office
of the Australian Information Commissioner website. Go to
https://www.oaic.gov.au/freedom-of-information/reviews-and-complaints/information-
commissioner-review/.
Int ernal Re vie w Decis ion
e s afe t y.gov.au
9
FOI Complaints
If you are unhappy with the way we have handled your FOI request, please let us
know what we could have done better. We may be able to rectify the problem. If you
are not satisfied with our response, you can make a complaint to the Australian
Information Commissioner. A complaint to the Information Commissioner must be
made in writing. Complaints can be lodged in one of the following ways:
online:
https:/ forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode=ICCA
_1
email:
xxxxx@xxxx.xxx.xx
post: GPO Box 5218 Sydney 2001
More information about complaints is available on the Office of the Australian
Information Commissioner at https:/ www.oaic.gov.au/freedom-of-
information/reviews-and-complaints/make-an-foi-complaint/.
If you are not sure whether to lodge an Information Commissioner review or an
Information Commissioner complaint, the Of ice of the Australian Information
Commissioner has more information at:
https://www.oaic.gov.au/freedom-of-
information/reviews-and-complaints/. Yours sincerely
SHARON TROTTER
Int ernal Re vie w Decis ion
e s afe t y.gov.au
10
SCHEDULE OF DOCUMENTS
Date
No. of
Pages
Description
Decision
Exemptions
Section 47F
Briefing note for
Section 22 - information not
1.
19 Aug
relevant to keywords in request
2021
4
meeting between
Release in part
eSafety and AFP
and outside scope of the terms of
the request
Partially irrelevant to scope of
request
Section 47F
Briefing for
Section 22 – information not
discussion
relevant to keywords in request
2.
17 Aug
and outside scope of the terms of
2021
19
regarding the
Release in part
Future of Tech
the request
Commission
Partially irrelevant to scope of
request
Section 33(a)(ii )
Meeting Brief with
Section 22 – information not
Korean
relevant to keywords in request
3.
23 Aug
and outside scope of the terms of
2021
4
Communications
Exempt in full
Standards
the request.
Commission
Partially irrelevant to scope of
request
Section 47F
Section 22 – information not
Release in part
relevant to keywords in request
14
Briefing for Global
and outside scope of the terms of
4.
Sept
7
Coalition for Digital Additional text
the request.
2021
Safety
on page 5, 6
Partially irrelevant to scope of
and 7 released
request
Email chain with
internal government
and organisations
Exempt in full
Section 33(a)(ii ) and
5. 8 Sept
S 47C
2021
4
regarding Apple’s
initiative to scan to
find matches of
CSAM
Email regarding
Release in part Section 47F and s 47C
6. 8 Sept
NetSmartz NCMEC
2021
4
series and Thorn
Attachment to
Section 22
for Parents
email is
Partially irrelevant to scope of
document 14
request
Int ernal Re vie w Decis ion
e s afe t y.gov.au
11
Date
No. of
Pages
Description
Decision
Exemptions
Additional text
on page one
released
Email chain with
internal government
and organisations
regarding Apple’s
Exempt in full
initiative to scan to
7. 8 Sept
Section 33(a)(i i) and s 47C
2021
8
find matches of
Partially
CSAM
irrelevant to
scope of request
Part duplicate of
document 5, 7, 17
and 18
Section 47F
Internal email
Section 22
8. 25 Aug 15
discussing digital
Release in part
Partially irrelevant to scope of
platforms
request
Email chain with
Section 33(a)(i i) and s 47C
internal government
and organisations
Exempt in full
Section 22
Partially irrelevant to scope of
9. 7 Sept
regarding Apple’s
2021
5
initiative to scan to
Part duplicate of request
find matches of
documents 5, 7,
CSAM
17 and 18
Submission in
response to the
10. N/A
3
Age Verification
Exempt in full
Section 47E(d)
Roadmap
Consultation
24
eSafety
Released in full
11. Sept
10
Commissioner’s
in the primary
2021
INHOPE Speech
decision
Section 22
Release in part
Partially irrelevant to scope of
request
12. 3 Sept
2021
3
Briefing on Twitch
for Media Interview Partially
irrelevant to
scope of request
Release in part Section 47F
24
Covering email and
13. Sept
11
Agenda for meeting Partially
Section 22
2021
with Apple
irrelevant to
Partially irrelevant to scope of
scope of request request
Int ernal Re vie w Decis ion
e s afe t y.gov.au
12
Date
No. of
Pages
Description
Decision
Exemptions
Additional email
released
Release in part
Section 47C
Partially
Section 22
14. 24 Aug
irrelevant to
2021
31
Product Update
Briefing
scope of request Partially irrelevant to scope of
request
Attachment to
document 6
Section 33(a)(i i) and s 47C
Email with
Section 47F
24
international
15. Sept
5
stakeholder
Exempt in full
Section 22
2021
regarding an event
Partially irrelevant to scope of
request
Section 33(a)(i i)
Section 47F
Email
16. 2 Sept
correspondence
Section 22
2021
2
with a digital
Exempt in ful
Partially irrelevant to scope of
platform
request
Exempt in full
Email chain with
Section 33(a)(i i) and s 47C
internal government Part duplicate of
20
and organisations
documents 5, 7, Section 47F
17. Sept
11
regarding Apple’s
9 and 18
2021
initiative to scan to
Section 22
find matches of
Partially
Partially irrelevant to scope of
CSAM
irrelevant to
request
scope of request
Exempt in full
Email chain with
internal government Part duplicate of Section 33(a)(i i) and s 47C
14
and organisations
documents 5, 7,
18. Sept
11
regarding Apple’s
9 and 17
Section 22
2021
initiative to scan to
Partially irrelevant to scope of
find matches of
Partially
request
CSAM
irrelevant to
scope of request
Draft response to
1
Apple’s New Policy
8
Exempt in ful
Section 33(a)(i i) and s 47C
a
Attachment to
document 18
Int ernal Re vie w Decis ion
e s afe t y.gov.au
13
Date
No. of
Pages
Description
Decision
Exemptions
Section 47F
23
Email
Section 22
19. Sept
2
correspondence
Release in part Partially irrelevant to scope of
2021
with Thorn
request
Int ernal Re vie w Decis ion
e s afe t y.gov.au
Document Outline
