Applicant alleged breaches of academic freedom and privacy arising from a 2018 cyber-attack
The Federal Court has dismissed two judicial review applications brought by a former Australian National University (ANU) PhD candidate who sought access to documents connected to the university’s 2018 cyber-attack and alleged breaches of his academic freedom and privacy.
In Garvey v. Australian Information Commissioner [2026] FCA 614, the Federal Court held that the applicant had failed to establish any administrative error in decisions made by the Administrative Review Tribunal (ART) and the Australian Information Commissioner concerning his Freedom of Information Act requests. The court found the applications impermissibly sought merits review rather than judicial review.
The applicant had made Freedom of Information (FOI) requests in 2019 and 2023 seeking documents he believed would show that he was experimented upon without consent, his academic freedom was infringed, his email account was hacked, and emails were sent in his name following a cyber-attack affecting ANU systems.
The first proceeding concerned a 2019 FOI request for documents held by the office of the ANU vice-chancellor relating to the applicant, his conduct, scholarship, and alleged infringements of academic freedom. ANU identified 31 documents, with disputes arising over redactions and claims that additional documents existed. The ART affirmed an earlier Information Commissioner decision upholding ANU’s treatment of the documents and found no evidence, beyond the applicant’s assertions, of any further documents.
The applicant alleged the university had withheld material, including a purported video recorded in Hong Kong, correspondence allegedly connected to academic decisions, and emails he claimed had been fabricated after his account was hacked. The tribunal rejected requests to summon witnesses, finding the allegations speculative and unsupported by evidence.
In the second proceeding, the applicant challenged the Information Commissioner's decision not to continue reviewing ANU’s refusal of his 2023 FOI request regarding possible breaches of his personal information during the cyber-attack. ANU had refused access on the basis that, after reasonable searches, no relevant documents could be located. The university nonetheless provided an incident report stating it could not confirm which records had been accessed or exfiltrated during the breach.
The Federal Court held that the applicant’s submissions did not engage with the legal grounds required for judicial review under the Administrative Decisions (Judicial Review) Act 1977 (Cth). The court said his arguments instead sought to have the Federal Court determine factual questions afresh, including whether additional documents existed and whether ANU had adequately responded to the FOI requests.
The court also refused applications for subpoenas seeking production of various documents connected to the applicant’s allegations. The Federal Court found the requests lacked a legitimate forensic purpose and amounted to a “fishing expedition” unsupported by evidence that the documents existed.
The applicant also sought a suppression order allowing him to proceed under a pseudonym, arguing publication of his identity would cause humiliation and distress. The court refused the application, finding the statutory threshold for suppression orders had not been met and emphasising the public interest in open justice.
