What happened
It was reported that in April 2024 the NSW Ombudsman tabled a special report in Parliament finding that Revenue NSW, the state’s debt and fines agency, had operated its garnishee order process contrary to law. A garnishee order lets the agency take money directly from a fine defaulter’s bank account. From January 2016 the agency automated the issuing of these orders at volume, with no human deciding any individual case; annual orders grew from 6,905 in 2010-11 to more than 1.5 million by 2017-18. The law required an authorised person to reach a state of satisfaction before each order was issued, and the Ombudsman’s earlier report, tabled in 2021, had already presented legal advice that no authorised person engaged in a mental process of reasoning to reach that state of satisfaction. Complaints that prompted the scrutiny came from people who found their accounts emptied, including people whose only income was Centrelink payments and whose balances were taken to zero.
It was reported that the agency’s fixes arrived in layers, each acknowledging part of the problem. In September 2018 it added a machine-learning model intended to exclude vulnerable people from garnishee action, trained on about 250,000 customer files. In March 2019 it added a manual sign-off step. The Ombudsman’s 2024 special report found the process was contrary to law from January 2016 to March 2019 and wrong, in the statutory sense, from March 2019 to March 2022; recovery of certain state debts between March 2018 and March 2019 contravened a second Act, the State Debt Recovery Act. A redesigned process introduced in 2022 was confirmed by the NSW Solicitor General as compliant, and the finance minister accepted all of the report’s recommendations, which centred on giving decision-makers complete recorded grounds for each order, protecting minimum amounts and Centrelink-derived funds in accounts, and publishing information about how garnishee orders work and can be challenged. By the time of the final report, the process had operated in configurations the Ombudsman found unlawful or wrong for more than six years.
What an auditable version would have shown
The legal question at the centre of the case, did an authorised person actually decide this, is a question about records. It was reported that Revenue NSW could not produce evidence of a human reaching the required state of satisfaction for any individual order, because the system was not built to involve one, let alone record one. An auditable version writes a signed record per order: the decision-maker, the material they considered, the vulnerability checks that ran, and the statutory authority relied on. With that record, investigators could have established quickly whether each order had a lawful decision-maker behind it, rather than contesting for years what the process even was, and the agency would know from its own logs, not from complainants, when an order is about to empty an account that holds someone’s entire income.
Where the gap was
An action the law reserved for a considered human decision was, on the Ombudsman’s findings, automated at scale with no human deciding individual cases, in a process that grew to more than 1.5 million orders a year by 2017-18. A ConstraintGate encodes the statutory precondition as a check that runs before the action: no recorded authorised decision, no order. A ConductRecord preserves each order with its authority and its inputs, including what the vulnerability model scored and why, so that when a machine-learning exclusion layer is later introduced, its performance is measurable against the harm it was added to prevent rather than taken on faith.
What governance should have looked like
Automating the paperwork of a legal power is not the same as automating the power itself, and the difference is exactly the human judgment the statute requires. The Ombudsman’s 2021 report sketched what regulation of government machines might one day include: a right to have a machine’s decision reviewed by a person, external validation of algorithms, and regular audits. The 2024 recommendations were more concrete and just as telling: complete recorded grounds for every order, protected amounts that automation cannot touch, and public information about how to challenge one. The scale that automation makes possible, from seven thousand orders a year to 1.5 million, is precisely why the authority behind each order has to be checkable, because at that volume, errors are not incidents; they are policy.
Failure Pattern: a statute reserved an action for a considered human decision, and automation executed it at scale with no recorded, authorised decision-maker.
Governance Principle: automation may prepare a legally reserved human decision but must not execute it without a recorded, authorised decision-maker.
The reference implementation of ConstraintGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.
Sources
- Revenue NSW: the lawfulness of its garnishee order process, report tabled in Parliament (NSW Ombudsman)
- Revenue NSW unlawfully collected debts using automated system (iTnews)
- Revenue NSW automated debt recovery unlawful, Ombudsman finds (Government News)