PM on surveillance claims

September 15th, 2014 at 5:55 pm by David Farrar

John Key has done a release stating:

Prime Minister John Key tonight corrected misinformation that has been put in the public domain concerning the operations of the Government Communications Security Bureau.

“Claims have been made tonight that are simply wrong and that is because they are based on incomplete information,” Mr Key says.

“There is not, and never has been, a cable access surveillance programme operating in New Zealand.

“There is not, and never has been, mass surveillance of New Zealanders undertaken by the GCSB.

“Regarding XKEYSCORE, we don’t discuss the specific programmes the GCSB may, or may not use, but the GCSB does not collect mass metadata on New Zealanders, therefore it is clearly not contributing such data to anything or anyone,” Mr Key says.

“I am setting the record straight tonight because I believe New Zealanders deserve better than getting half of a story, embellished for dramatic effect and political gain, and based on incomplete information.

“The GCSB undertakes cyber security operations to protect individual public and private sector entities from the increasing threat of cyber-attack and this is very important work.

“It does not, however, remotely resemble what has been claimed,” Mr Key says.

The GCSB’s cyber security operations occur within its legal framework and only when the following conditions are met: 

  • Each entity must provide individual legal consent to be protected by the GCSB;
  • The independent Commissioner of Security Warrants must be satisfied each individual case is within the law, and a legal warrant must be co-signed by the Prime Minister and the Commissioner;
  • Warrants are subject to a two-step process, as outlined by the Prime Minister when legislation was passed last year. A warrant is required for high level cyber protection for an individual entity, and the content of a New Zealander’s communications cannot be looked at by a GCSB employee unless a specific cyber threat is identified which relates to that communication. If that is the case, the GCSB must return to the Prime Minister and the Commissioner to make the case for a second warrant in order to access that communication.

In addition to this, the Inspector General of Intelligence and Security has substantially stronger powers to monitor the GCSB’s activities and ensure they are appropriate and within the law.

“Our cyber security programme began operating this year after a lengthy process of assessing options for protection,” Mr Key says.

“The process began in late 2011 when the GCSB made it clear to me that cyber-attacks were a growing threat to our country’s data and intellectual property and the Government needed to invest in addressing that.

“The Bureau assessed a variety of options for protection and presented an initial range to Cabinet for consideration in 2012.

“These options ranged from the highest possible form of protection to a much weaker form of security, with some in between.

“The Cabinet initially expressed an interest in GCSB developing a future business case for the strongest form of protection for our public and private sectors, but it later revoked that decision and opted for what we have now – something known as Cortex.

“The business case for the highest form of protection was never completed or presented to Cabinet and never approved. Put simply, it never happened,” Mr Key says.

The Prime Minister tonight also released declassified material, including a Cabinet minute to show what occurred.

“I can assure New Zealanders that there is not, and never has been, mass surveillance by the GCSB.

“In stark contrast, the Bureau actually operates a sound, individually-based form of cyber protection only to entities which legally consent to it,” Mr Key says.

The attachments are below.

1 2 3 4

Tags: , ,

Southern Cross Cable on the Dotcom allegations

September 15th, 2014 at 5:11 pm by David Farrar

A press release from Southern Cross Cable:

Claims of cable access total nonsense

The claims made today by journalist Glenn Greenwald that the Southern Cross undersea cables have been tapped into or accessed are total nonsense said the CEO Anthony Briscoe today.

The cables, which link New Zealand to Australia, the Pacific and the United States, are untouched, Mr Briscoe noted.

“I can tell you quite categorically there is no facility by the NSA, the GCSB or anyone else on the Southern Cross cable network.”

“Let’s be quite blunt. To do this, we would have to take the cable out of service and I can assure you there’s no way we are going to do that.

“It is a physical impossibility to do it without us knowing. There is just no way it can be done. I can give you absolute assurances from Southern Cross – and me as a Kiwi – that there are no sites anywhere on the Southern Cross network that have to do with interception or anything else the NSA or GCSB might want to do.”

He added, any breach of the cable would require temporarily shutting down its transmission for hours. Southern Cross has monitoring systems built into its computers watching for any such break and they would be triggered as soon as any attempt was made.

“There isn’t a technology in the world, as far as I am aware, that can splice into an undersea fibre optic cable without causing a serious outage and sending alarms back to our network operation centre, that something’s wrong.”

Southern Cross is obligated to comply with the well-established and public lawful surveillance requirements in the Communications Assistance for Law Enforcement Act and related laws in the United States. However there is no equipment installed in the New Zealand or United States landing stations, or on the cable itself, which could result in mass interception of communications.

We are very disturbed that such unfounded allegations have been made and feel that it’s important for all New Zealanders to understand that this outrageous claim is totally untrue.

The so called moment of truth is turning into a moment of farce.

Tags: , , ,

The Press on the Dotcom sideshow

September 15th, 2014 at 11:00 am by David Farrar

The Press editorial:

The much-promised announcement being staged by Kim Dotcom today must be one of the most ballyhooed in New Zealand political history. It is also one of the oddest.

It has been designed for maximum theatrics by a man who, ever since his arrival in this country, has shown he is well-versed in the dark arts of public relations and knows how to manipulate public opinion to his own advantage.

Coming just five days before most voting in the general election will take place, the timing is cynical. It is clear from Kim Dotcom’s signalling of the event more than six months ago that any information he has could have been released at any time since at least the beginning of this year, if not earlier. If today’s information does turn out to be anything of substance, and not just a damp squib, releasing it now leaves little time for effective rebuttal. Today’s exercise could be seen as a blatant attempt by two foreigners – a German millionaire and an American journalist – to influence the outcome of the election.

As The Press says, this info could have been released at any time, allowing time for scrutiny and rebuttal. This is all about increasing the party vote for Dotcom’s pet party, so they will have more influence in the next Parliament.

According to what Greenwald has already said in interviews, the Government Communications and Security Bureau has engaged in mass electronic surveillance of New Zealanders. That would be contrary to the law and, more crucially, contrary to assurances given by Key. Greenwald’s credentials derive from stories he has written, many based on material given to him by the fugitive American National Security Agency worker now living in Russia, revealing questionable surveillance by the NSA and other western electronic intelligence agencies.

New Zealand is connected to those agencies by the so-called Five Eyes agreement. That agreement was established just after World War II and has been maintained by all governments since, presumably because of its value. Difficult as it may be to prove a negative, the Prime Minister has promised to declassify documents about the GCSB that will show conclusively that any allegations Greenwald makes of GCSB wrongdoing are false. Voters will have to judge for themselves as well as they can.

People who believe John Key is lying, also have to believe Helen Clark was lying – along with successive GCSB Directors, Inspector-Generals of Intelligence & Security, and probably half the GCSB staff.

Tags: , , , ,

Waa waa waa says Internet Mana

September 14th, 2014 at 12:00 pm by David Farrar

TVNZ reports:

The Internet-Mana Party says the Prime Minister’s reported intention to release documents showing spy officials may have considered mass surveillance is an abuse of his authority.

Waa, waa, waa.

They are seriously claiming that the PM should not release documents which prove their bombshell is a fizzer. What  planet are they on?

ONE News understands John Key will release documents showing spy officials may have considered mass surveillance but the proposal never went ahead.

How dare John Key reveal the truth. He must be impeached.

In a joint statement, Mr Harawira and Ms Harre say the reported intention of the Prime Minister “to arrange the selective declassification and release of documents for his own political purposes” represents an abuse of the Prime Minister’s authority in his capacity as the Minister in charge of the GCSB and the SIS.

Seriously, these people have lost their marbles. They think it is okay to release stolen classifed documents as part of their election campaign, but it is not okay for the Prime Minister to declassify a document in response, to show they are wrong.

Tags: , , ,

Finny on Five Eyes

September 14th, 2014 at 7:00 am by David Farrar

A guest post from Charles Finny:

On 3 September 1939 a Labour Government in New Zealand declared war on Germany in support of the UK and others following Adolph Hitler’s decision to invade Poland.  Until the war ended in 1945 New Zealand made enormous sacrifices and as we all know, and as happened in World War I a disproportionately large number of New Zealanders were killed and wounded.  From 1941, the war became as much a war in the Pacific as a war in Europe. 

One of the developments of this war was signals intelligence and cryptography.  New Zealand and New Zealanders played as big a role in these areas as we did in the wider conflict.  Because of this, and because of the staunchness of our commitment we found ourselves part of what is now known as the “five eyes agreement”.  As technology has developed we have received the same signals intelligence as the US, UK, Canada, and Australia.  And our own communications have been protected by the highest grade encryption technologies developed in association with these other four countries.  For a pipsqueak little country of only a few million people located in a distant corner of the globe we have been in an incredibly privileged position.

The Labour Government that saw us through World War II, and those from 1957-60, 1972-75, 1984-90 and 1999-2008 have not sought to change our position in “five eyes” because the leaders and senior Ministers of those Governments have realized how lucky we are to be part of this agreement and knew how fundamental the intelligence derived from it was to the security of New Zealand.  Ultimately the most important function of government is to protect the people.  “Five eyes” plays a very important role in our ongoing security.  There was a wobble under Lange which saw New Zealand denied access to some processed intelligence from the US, but access to the raw communications intercepted by the four allies continued throughout.  Under Helen Clark the full flow of processed intelligence resumed.

I cannot believe what I have just heard David Cunliffe saying about GCSB today.  What we now call GCSB is as much a creation of Labour as it is the National Party.  It is crucial to our continuing security.  It protects us against the hostile actions of foreign governments, terrorist organizations, and international criminals.  Of course the same foreign governments, terrorist organizations and criminals hate the ‘’fives eyes agreement” and want it dismantled because it stands in their way.  I can’t believe that a Labour Leader would align himself with these forces and put this agreement and our position in it so much at risk.  If his senior colleagues do not call Cunliffe on this, shame on them too.  Our national security is too important to be put at risk by short term political opportunism.

David Cunliffe is now trying to buddy buddy up to Kim Dotcom and his hired speakers. If Dotcom’s allegations are correct (which of course they are not), then this happened under the Cabinet David Cunliffe sat in. Is he saying Helen Clark lied to New Zealand? or is he just desperately trying to win back some votes on the left?

Tags: , , ,

IPCA on Police investigation of GCSB complaint

July 18th, 2014 at 2:00 pm by David Farrar

The IPCA have investigated the decision by the Police not to lay charges over the GCSB illegally spying on Kim Dotcom. Their report is here. Some extracts:

As has been noted above (para 22) the Police decision was based squarely on an opinion provided by the Solicitor-General, and it was an opinion that Police Legal Services recommended ought to be followed. As also noted above (para 26), it is not within the jurisdiction of the Authority to review the validity of that opinion or to determine whether the test used by the Police to determine legal liability was legally accurate: our task is confined to determining whether Police actions were appropriate. In our view they clearly were. The Police were entitled to rely upon advice as to the law provided by the Solicitor-General. Indeed, having received the opinion it would have been surprising if they had proceeded on any other basis.

However, even if the Police had proceeded on the basis that criminal liability did not depend upon proof of an intent by GCSB officers to act outside their statutory authority, we take the view that a decision not to prosecute would nevertheless have been warranted. There are two reasons for this.

First, the one interception of Mr Dotcom that the Police found to be unlawful in fact contained only metadata (being data embedded in a communication that relates to its form and time, date and circumstances of transmission rather than its content). As noted below (para 47), the report by the IGIS in May 2013 had expressed the view that the law was uncertain as to whether metadata fell within the scope of a private communication by a person. In the light of that uncertainty, a decision not to prosecute on that ground would not have been unreasonable.

Secondly, the Solicitor-General’s Prosecution Guidelines require not only that there be evidential sufficiency for a prosecution, but also that it be in the public interest. The evidential sufficiency threshold would have been met, but arguably the public interest threshold would not have been.

This is pretty resounding. First they say that to suggest the Police should ignore the advice of the Solicitor-General is stupid, as Dr Norman said. Then they point out that the law around meta data was unclear anyway, and thirdly there would be no public interest it is likely.

Kim Dotcom did have his rights broken by an illegal act by the GCSB. But this needs to be out in context. The Police were legally entitled to put him under surveilance and intercept his communications. The GCSB just shouldn’t have assisted them with this.

On the alleged conflict of interest:

As she interpreted her terms of reference, Ms McDonald’s role was a limited one. It did not involve the provision of advice about the law that was to be applied to the facts of the case.

Even if Ms McDonald had had a more extensive role, it is hard to see how this would have created a conflict of interest. A conflict of interest cannot arise from the mere fact that she was acting for or providing advice to the Police in two respects in relation to the same set of events. The Police investigation that she was overseeing was an independent investigation into the activities of the GCSB; the fact that she was acting for the Police in proceedings in which the GCSB was  involved as a separate party cannot preclude the ability to provide impartial advice in relation to that investigation.

And the third issue:

The other four interceptions that related to content all involved assistance to the NZSIS in the execution of a lawful issue of an intelligence warrant under the New Zealand Security Intelligence Service Act. Section 4D of that Act allows the NZSIS to obtain assistance from another agency to effect the execution of an intelligence warrant. Although there was some doubt about whether the GCSB was allowed to provide such assistance within the ambit of their Act as it then stood, there was sufficient statutory ambiguity to raise doubts about whether any unlawfulness was involved.

The Police determined, on the basis of that report, that the additional intercepts were not unequivocally unlawful and would clearly not reach the threshold to justify prosecution.

The Authority agrees with this view. Dr Norman argues that, since it can be said that there was, in the words of the IGIS, “arguably no breach”, it could equally be said that arguably there was a breach, and New Zealanders who were spied upon deserve to know whether the actions were lawful and justified. That may be so, but a full Police investigation into the GCSB’s activities in those cases would have been unable to provide such clarification, since the Police would not have been in the position to reach a determinative view on the statutory ambiguity. Only the courts could have done that, and the criminal prosecution of individuals in an attempt to clarify an inherently uncertain law would have been unjustified.

It is worth noting that there have been consequences for the GCSB failure. The Deputy Director was let go. The Inspector-General’s role has been beefed up, and there has been wholesale change due to the Kitteridge Report. And these things should happen. But that is different to saying that a staff member should face criminal prosecution for an honest error over someone’s residency status.

 

Tags: , ,

Two reports by the Inspector-General

May 30th, 2014 at 1:00 pm by David Farrar

The Inspector General of Intelligence and Security has published two reports, both interesting.

The first report is into the incorrect data in the GCSB annual report. It had previously been disclosed and corrected. This was a pretty serious error, and to be honest if it occurred again you’d expect the responsible staff to resign.

Frustratingly we are not told how the error occurred. The IG says “any worthwhile account of the processes involved carries severe security risks”.

The second report is about the SIS and their interactions with a resident whose house they had a warrant to search. The resident is not named, but it has been widely reported to be Rajesh Singh – a former Fiji Minister who was suspected of being involved in a plot to kill Commodore Frank Bainimarama. It is somewhat ironic that the official policy of the NZ Government is that the Commodore is an illegitimate traitor, yet they also help protect him from assassination plots (which is the correct thing to do).

Anyway Singh has multiple complaints about the SIS behaviour during the raid. The Inspector-General dismisses all but one of them, noting that the evidence of Mr Singh is less credible than those of the two SIS agents and two police officers.

The one thing the IG does ping the SIS for is Agent A saying:

“would not tolerate [redacted] whether in New Zealand or not. Anyone involved in planning would be dealt with by the NZ police … A told [the complainant] he should be careful who he spoke to about the topics which had been discussed.”

The IG says that the role of the SIS is to gather intelligence only, not enforce security.

Basically the SIS agent should have got the Police officer to tell Mr Singh not to get involved in assassination plots, rather than tell him directly. It’s not a huge issue, but it is important to have the roles clearly defined.

Tags: , ,

The Campbell Live Dotcom conspiracy episode

May 20th, 2014 at 8:33 pm by David Farrar

You have to all go and watch Campbell Live tonight and try and stop laughing.

It’s classic conspiracy theory stuff. It sort of goes like this:

  • Key appoints Mateparae Governor-General to create vacancy at GCSB – March 2011
  • Director of US National Intelligence, Jim Clapper, visits one week later and meets John Key
  • McCully visits Hillary Clinton May 2011
  • PM has breakfast with Ian Fletcher in June 2011
  • Key visits Obama July 2011 and shock horror asks Fletcher to apply for GCSB job the SAME MONTH!
  • Oct 2011 – Key, Fletcher, SIS Head, MFAT Head, NZDF  and DPMC Head have a meal at British High Commissioner’s place!
  • 12 Dec 2011 – Key meets GCSB (one of 10 meetings that year) and meets Ian Fletcher who is in NZ
  • 16 Dec 2011 – surveillance of Dotcom begins
  • Obama invites Key to White House – May 2014 – THE PAYOFF!

You especially have to like the spooky sinister music they played. They say they’ve been working on the story for three years. Seriously? They even make it sounds sinister that a civilian instead of military was made GCSB Head and an outsider was made MFAT Head. Yes Allan and Fletcher were both plants by John Key, so that they could all conspire with the US to spy on Kim Dotcom!!

Also part of the conspiracy is that Fletcher had worked for the UK Government (also in Five Eyes) in the Intellectual Property Office (which ties in to Dotcom!).

This is the funniest episode ever. Please please watch it, so you can laugh.

Kim Dotcom tweeted:

The answer is a lot more than that. More wet than Winston’s water pistol.

Tags: , , ,

GCSB boss at Privacy Forum

May 8th, 2014 at 12:00 pm by David Farrar

Radio NZ report:

Government Communications and Security Bureau (GCSB) head Ian Fletcher has emphatically denied his organisation carries out mass surveillance.

Mr Fletcher, speaking at a seminar organised by the Privacy Commission in Wellington on Wednesday, said the state had legitimate concerns with the prevention of terrorism, organised crime and nuclear non-proliferation. …

But he said this was a small list affecting few people.

Very small. In 2012/13 there were 11 interception warrants in force and 26 access authorisations.

Mr Fletcher denied this involved mass surveillance, which he said would be a huge task requiring his bureau’s salary budget to be increased 100-fold.

As well, it would be completely impractical; it would take 130,000 staff to listen to people’s phone calls and read their text messages, without even doing anything about them.

True.

The ODT also reports:

He also offered an assurance that neither the GCSB or any foreign agency was engaged in the mass collection of metadata or information about communications which can be sifted for patterns that might point to areas of interest for authorities.

He also said the GCSB does not receive funding from any foreign government.

Privacy Commissioner John Edwards was pleased by the speech, saying he hoped Mr Fletcher’s comments might dispel what he called conspiracies and misinformation.

Its a good thing that the GCSB Director was invited, and accepted.

Tags:

Hefty?

February 25th, 2014 at 9:00 am by David Farrar

Stuff reports:

But for two agencies that prefer not to spill their secrets, the SIS and GCSB have racked up a hefty bill for communications advice.

A hefty bill? How many millions have they spent?

In the 2012/13 year a contractor was paid $10,155 for three months’ work.

$10,155 for three months? That must be the most lowly paid contractor in the history of contracting.

The SIS also spent over $8000 printing three brochures since 2009, including ”A Guide to Weapons of Mass Destruction.”

Around $2,700 per pamphlet. $8,000 over five years. Frugal, not hefty, is the word that comes to mind.

Tags: ,

Bad spies

February 21st, 2014 at 12:55 pm by David Farrar

Stuff reports:

Spy boss Ian Fletcher has apologised to Prime Minister John Key for his agency bungling its report to Parliament on the level of its surveillance.

The Government Communications Security Bureau (GCSB) was forced to release an amendment to its annual report, which saw an increase in the number of interception warrants and access authorisations for the 2012-13 financial year.

A total of 11 interception warrants were in force for that year, up on the original amount which was reported at seven. Five interception warrants were issued, corrected from four.

A total of 26 access authorisations were also in force, compared to the originally-thought 14, and 11 were issued rather than nine.

A spokeswoman for Key said the prime minister was “unhappy” about the error and had received an apology from Fletcher, the GCSB director.

“The prime minister has been advised that the error stems from GCSB mistakenly counting the number of operations rather than the number of warrants on issue.,” the spokeswoman said.

“There was no attempt to deliberately mislead,. Further, he has been advised by the director that steps have been taken to ensure the error cannot happen again.”

It isn’t a huge error in itself. 11 issued instead of nine doesn’t change what we fundamentally know that the level is very low.

However the concern is that the GCSB doesn’t have a rigorous enough focus on checking and verification. Their annual report to Parliament is an important document and what goes into it should be vetted by multiple people. One person misinterpreting what should be reported, should be caught by someone else.

It isn’t good enough. These agencies especially need a very high level of confidence in their ability to understand the law.

What I’m not clear about is whether this error is long-standing or just occurred last year.

Tags:

Where Key got his info from

February 13th, 2014 at 7:06 pm by David Farrar

I’m enjoying the belief some have expressed that because John Key repeats something (that Winston had visited the Dotcom mansion three times) five days after the Herald printed it, that he must have found this out via the GCSB.

That is completely and totally rubbish.

He got told by Barack Obama over golf, and Obama found out from the NSA satellite permanently focused on following Kim Dotcom about.

That is far far more likely that the possibility that the Prime Minister actually reads the NZ Herald!

Tags: , , ,

Did Clark authorise mass spying on NZers for the US?

December 3rd, 2013 at 6:03 am by David Farrar

NewstalkZB reports:

The Prime Minister is playing down suggestions the public may have been targeted for data collection by domestic spy agencies.

Fresh revelations by former NSA contractor Edward Snowden have shown the Australian Defence Signals Directorate offered in 2008 to share data collected on Australian citizens with its intelligence partners

John Key called GCSB boss Ian Fletcher today to seek assurances that New Zealand had not done the same.

“I wasn’t Prime Minister (at the time), but I rang the head of the agency and said ‘can you confirm for me that New Zealand didn’t collect wholesale metadata about our ordinary New Zealanders.’

“The answer was ‘we didn’t, and because we didn’t we couldn’t have shared it.'”

The Australian offer was made in 2008, when Helen Clark was Prime Minister. So maybe someone should ask Helen Clark on the record if she ever authorised the collection of metadata from NZers, and the sharing of it with other countries.

Maybe the NZ Labour Party can confirm that when they were in Government, this did not happen on their watch.

Tags:

Changes to TICS Bill

October 15th, 2013 at 10:00 am by David Farrar

Amy Adams has announced:

Communications and Information Technology Minister Amy Adams has today tabled a Supplementary Order Paper to make further improvements to the  Telecommunications (Interception Capability and Security) Bill. …

Clause 39 of the proposed Bill currently allows the responsible Minister to direct that a network operator must not resell an overseas telecommunications service in New Zealand where the interception capability, or lack of interception capability, raises a significant risk to law enforcement or national security.

It is proposed to remove Clause 39 from the Bill altogether, and, instead, matters of non-compliance could be addressed through the compliance framework.

Part 3 of the Bill deals with the partnership approach between the GCSB and network operators to protect network security.

To ensure that this interaction occurs in a timely manner, it is proposed to introduce the ability for the Minister responsible for the GCSB to make regulations that require decisions to be made under specific timeframes, in the event that decisions are not being made in a sufficiently timely way.

It is also proposed to narrow the scope of the matters that must be notified to the GCSB, reducing compliance costs for network operators.

As a last resort, where network operators and the GCSB are unable to agree on how to respond to a network security risk, Clause 54 of the Bill currently provides that the responsible Minister may issue a direction.

Before the GCSB can ask the Minister to make a direction, a further check and balance will be introduced.  The Commissioner of Security Warrants will now be required to carry out an independent review of the material that informed the GCSB’s risk assessment, and report on whether, in their opinion, the risk amounts to a significant risk to national security.

These looks like very welcome changes. The requirement for the Commissioner of Security Warrants (currently former Court of Appeal Judge Sir Bruce Robertson) to do an independent review in the very very unlikely event of the Government believing that what a network operator is planning could threaten national security, is sound.

“Although public input has resulted in significant improvements to the Bill, some of the submissions received did not reflect an accurate understanding of what the Bill does and does not do,” Ms Adams says.

“In particular, I would like to reassure people that this Bill does not change the authority of agencies to intercept telecommunications, it does not change existing privacy protections, and it does not require data to be stored or require stored data to be disclosed. The Bill only relates to real time interception.

This is a key point that many have missed – it is about real-time interception. The major users of this ability are the Police for ongoing criminal investigations.

There’s also a comparison table between the current law (TIC Act) and this proposed law (TICS Bill). I think they show that in some areas the law change actually reduces compliance costs on ISPs. There is no expansion of powers in terms of surveillance. There is an expansion in terms of the GCSB’s role in syber-security where they can (ultimately) ask for a Government order if they believe a proposed action would be a threat to national security.

Ironically that proposed power has its genesis in the opposition scaremongering over Huawei winning some contracts in New Zealand. They kept demanding the Government do something on the basis the Australian Government had excluded them from the NBN build there. The Government doesn’t believe there are any national security issues around Huawei, but it was the scaremongering that highlighted that even if there were, they actually had no power to exclude a company that did have national security issues. So a bit rich for opposition MPs to complain about a clause that their scaremongering created.

There’s still some elements of the bill which I’m not enthusiastic on. I don’t think ISPs (or network operators) should have to register with the GCSB as it sets a bad precedent. As far as I know there’s never been an issue with locating an ISP, and its directors. I’d prefer that clause to be removed. As I said, a precedent of an ISP needing to register with the Government is not healthy – even if well intentioned.

But the SOP by Amy Adams is a significant improvement to the bill, especially having the Commissioner of Security Warrants do an independent assessment if there is ever a stand off between the Government and an ISP over a proposed network build decision.

Also a useful read are these two diagrams showing how the interception and network security processes will work.

Tags: , ,

The Privileges Committee inquiry into the leak inqiuriy

August 23rd, 2013 at 1:00 pm by David Farrar

My interpretation of the two days of hearings into the leak inquiry is that it was basically a SNAFU. By that I mean there was no malicious intent by everyone – just that many parties involved made incorrect assumptions, and/or didn’t check.

I think the first error was not an appreciation that this inquiry was a bit different to other leak inquiries as the major focus was on whether a Minister leaked it, not a government employee (like in the MFAT leak). When you are dealing with employees a leak inquiry is on far more solid ground – the employers have total authorised access to all work data around their employees – their swipe card records, their e-mails, their photocopier logs and the like. But Ministers and MPs are different, as are journalists when it involves their use of parliamentary resources.

So some criticism to DPMC for not seeing (but hindsight is wonderful) that this inquiry is different to others, and having more specific terms of reference and powers about what the inquiry should and should not be able to seek.

Some criticism also to David Henry for not setting clear processes around seeking of data with agency chief executives. It seems the approach as along the lines of let’s ask for everything we can think of, and up to them to say no. Again, no appreciation of the senstivity when dealing with MPs that they are not in the same constitutional position as employees.

And also some criticism for Parliamentary Service for not having clear policies on when data can and can not be released, and who should be consulted or approve any release. Also the fact that data was being exchanged it seems at pretty much a junior staff level. PS should have recognised the sensitivity of such requests and made sure no data was handed over unless it was operating on a clearly understood basis of who should be saying yes to what.

So no malice involved anywhere, just a lack of overall co-ordination both within agencies and between them. I hope Privileges Committee will have some useful recommendations on how to avoid a repeat.

Tags: ,

The GCSB law

August 21st, 2013 at 9:00 am by David Farrar

The GCSB law has completed its committee stage, and will pass its third reading today.

Some people would have you believe that this law is a massive change from the current GCSB law passed by Helen Clark. Well, they are partially right. It is significantly different. I’ve detailed below my analysis of some of the major differences between the 2003 Helen Clark law and the 2013 John Key law.

Helen Clark GCSB law 2003 John Key GCSB law 2013
   
Inspector-General sole independent oversight two person advisory panel to assist the Inspector-General of Intelligence and Security
Inspector-General has no staff resources Inspector-General has a Deputy
Inspector-General role is essentially reactive Inspector-General to proactively annually review GCSB procedures, policies and compliance and do unscheduled audits
Inspector General not informed when a warrant is put on the register relating to a New Zealander Inspector General is informed when a warrant is put on the register relating to a New Zealander
GCSB can’t intercept the communications of a NZ citizen or permanent resident but can assist “any public authority” on any matter relevant to their functions, and unclear if the former prevents the latter GCSB can’t intercept the communications of a NZ citizen or permanent resident but can assist (only the) Police, Defence Force or SIS even if it involves a NZer.
No reporting of assistance given to other agencies GCSB will be required to report annually on the number of instances when it has provided assistance to the Police, SIS or NZ Defence Force
No reporting on number of warrants and authorisations GCSB will also be required to report annually on the number of warrants and authorisations issued
Intelligence and Security Committee has secret hearings to discuss the financial reviews of the performance of the GCSB and the SIS Intelligence and Security Committee will hold public hearings annually to discuss the financial reviews of the performance of the GCSB and the SIS
ISC does not have to publicly report to Parliament ISC to report annually to Parliament on its activities
No regular reviews of GCSB An independent review of the operations and performance the GCSB and the NZSIS and their governing legislation in 2015, and thereafter every 5-7 years
GCSB has a function to protect any information that any public authority or other entity produces, sends, receives, or holds in any medium GCSB function to protect any communications that any public entity processed, stored, or communicated in or through information infrastructures
No specification of limits of GCSB assistance Specifies that GCSB can assist Police, Defence Force and SIS, but only for lawful activities such as where warrants have been granted
IPCA has no jurisdiction Gives the IPCA and the IGIS jurisdiction to review any assistance given to Police and SIS respectively
No references to according to human rights standards Specifies all functions of GCSB must accord with NZ law, and all human rights standards recognised by NZ law.
No references to not undertaking partisan activity Specifies GCSB can’t be involved in any action that helps or harms a political party
No requirement to brief the Leader of the Opposition GCSB Director required to brief Leader of Opposition regularly on major activities of GCSB
Requires GCSB to destroy any records not relating to GCSB objectives or functions Required GCSB to not retain any information on NZers collected incidentally as part of foreign intelligence operations unless relates to serious crime, loss of life or national security threats
No special protection for legally privileged communications Legally privileged communications explicitly exempted from scope of an interception warrant
No requirement to have a policy on personal information retention and use GCSB required to work with Privacy Commission to have a policy on personal information retention and use

 

No restrictions in GCSB Act on retaining personal information GCSB can only retain personal information for a lawful purpose, and can’t keep longer than required for any lawful purpose

This is not a complete analysis. I was hoping the Government may have such a document themselves, but it seems they don’t. So I put it together last night by comparing the 2003 Act and the latest SOP from the Government. I am sure I have missed out a couple of things, and over-simplified in a couple.

The point is to point out that the 2013 law is including a huge number of protections that the 2003 law is silent or, or missing. Those demanding the law not pass would have you implicitly think the status quo is superior. They are quite wrong, and mischievously so. Recall the current law does not ban the GCSB from assisting the Police and SIS. It has merely been said by lawyers to be unclear, and in fact the Inspector-General has said the assistance has been legal.

I think the Government has bent over backwards to put protections into the law, partly as a result of their coalition partners. Have a read of the existing law, and decide for yourself.

So my question to all the people demanding National MPs cross the floor and vote against the bill, is where were you in 2003? Where were the protests against the 2003 law? Where were the demands Labour MPs in 2003 voted down Helen Clark’s law?

Also I ask how many media stories have focused on an actual side by side analysis of the old and laws, detailing all the changes? Or have they just live-streamed protest meetings?

Now this is not to say I think the law being passed today is perfect. If I was Prime Minister I’d actually make the GCSB responsible for interceptions only, and give their cybersecurity role to another agency such as DIA. It would probably mean some loss of expertise, but it would reassure people that when GCSB are assisting agencies with cybersecurity they are not accessing personal communications. Worth remembering though that it is the 2003 law again which gave the GCSB this role. The 2013 law just clarifies the powers that can be used in that role.

I also think the focus on the GCSB law has been mis-placed. Far more focus should be on the companion TICS bill which I do have greater concerns about – such as requiring approval of network architecture, ISPs having to register with GCSB and the like. My hope is the select committee make some changes to that bill, which is due to be reported back on 20 September.

Tags:

GCSB Protest Meeting

August 20th, 2013 at 11:00 am by David Farrar

The Herald reports:

Auckland’s Town Hall filled with hundreds of supporters to hear legal experts and Opposition politicians speak out against the GCSB bill tonight.

The Government Communications Security Bill is expected to pass its committee stages and third reading this week with a one-vote majority.

Speakers took to the stage for seven minutes at a time to explain why they believed the Bill was flawed and unnecessary.

“Well this is what democracy looks like”, MC Martyn `Bomber’ Bradbury told a Town Hall at full capacity.

“Tonight we hear the other side of the argument.”

It’s impressive to fill the town hall up. I was in Auckland yesterday and saw posters all around town for it.

I wouldn’t say that people haven’t heard the other side of the argument though. I’d say most people have only heard the “other” (anti) side of the argument. Interesting that TVNZ did a live stream of the meeting. Would they also live stream a protest meeting against say a carbon tax?

Orcon founder Seeby (EDS: correct) Woodhouse said the National Party mistook George Orwell’s dystopian novel 1984 as a guide book.

While New Zealand was rated as the “free-est country in the world” that would change if the GCSB bill passed, he said.

“We must lead the world … we must do it again.”

With respect to Seeby, I doubt our rating will change at all.

The remainder of the committee stage will be debated this afternoon and evening, and I expect the third reading will occur tomorrow.

Also of relevance is:

Prime Minister John Key said last night that Opposition members of the Intelligence and Security Committee would be able to find out how many times the GCSB spy agency had received warrants to intercept the content of communications under its cyber security function.

Mr Key said that under changes to the bill, every year the number of warrants issued in categories would be declared to the Intelligence and Security Committee, which included the leader of the Opposition, David Shearer, and his nominee, Greens co-leader Russel Norman.

“At that committee, somebody would be able to ask the very obvious question – ‘when it comes to cyber security, have any warrants been issued that sought to look at content for New Zealanders?”‘ he said.

What I’d find useful is someone doing a side by side comparison of what would the law be if the bill did not pass, and did pass. People may be surprised by what such a comparison would show.

Tags:

Key on Campbell Live on GCSB

August 15th, 2013 at 12:00 pm by David Farrar

Campbell Live have been running a week long jihad against the GCSB Bill. I’m actually fine with that. Media are allowed to take stands on issues, and I prefer media to be upfront about their leanings, than pretend they are neutral when they are not. It is no secret that John Campbell’s politics, and the show, lean far to the left of Labour.

As I said that’s fine, just as NBR leans to the right.

But considering Campbell Live is clearly crusading against the bill, it is was quite remarkable that the PM agreed to go on the show. But he did so last night, you can watch the video at this link.

I thought the PM did an excellent job of calmly explaining the bill, to fairly frenzied questions or statements from John Campbell. The PM is much better when he is the “explainer-in-chief” than when he is swiping at people who disagree on the bill.

As for John, I leave the commentary to his biggest fan:

Again, I recommend people take the time to watch the video. Here’s Wallace Chapman on it:

I agree with Wallace that the PM was superb. Cool, calm, collected, factual and reassuring.

If I was in the Labour Party, I’d be getting quite worried about next year’s election debates.

Tags: , ,

The Campbell Live GCSB poll

August 12th, 2013 at 9:00 am by David Farrar

Campbell Live is trying to run what they call the biggest opinion poll in NZ history.

That neutral observer on such issues, is promoting it of course:

However expert pollster Grumpollie points out that the so called poll is meaningless in terms of accuracy:

Here’s a really important point for anyone wanting to judge the accuracy of this poll –big numbers do not provide representative data!

Here’s why…

This poll commits the ultimate sin of survey research – it uses a self-selecting sample.

People choose to take part based on the topic. This means that the poll only represents the New Zealanders who feel strongly enough about the GCSB bill to take part in the poll.

He points out that having a self-selecting sample, rather than a random sample, makes a huge difference. For example all the polls on same sex marriage with random samples showed a majority or plurality in favour. But the Campbell Live text in poll found only 22% in favour and 78% against. A result that has no scientific usefulness. Note that particular poll also had a huge number of responses. What counts is whether the sample is random – now how many people take part.

But the problems are even worse than that for the Campbell Live so called poll. Thomas Lumley at Stats Chat points out that to vote through their website you need to give Campbell Live your name, e-mail address and postal address. He points out:

Wouldn’t you expect that people unhappy with the prospect of increased (legal) surveillance of New Zealanders might be less willing to give all their personal details with their vote?

But you can understand why a Mediaworks show goes with an unscientific poll than a scientific poll. A scientific poll actually costs money to do. But those who use the text option for their bogus polls end up paying money to Mediaworks, so Mediaworks makes money out of the bogus poll.

Tags: , ,

Classy

August 7th, 2013 at 10:00 am by David Farrar

Stuff reports:

A group protesting at the Government Communications Security Bureau bill have taken their fight to the Wellington home of United Future MP Peter Dunne, prompting him to call them “irresponsible scum”.

Eight protesters were outside his home in Khandallah yesterday afternoon, calling on him to cross the floor and vote against the bill.

Mr Dunne, who was not home at the time of the protest, said the “hardcore group” were at his house with a loudhailer on Sunday, past 11pm on Monday night, and also yesterday morning at 7am.

MPs have electorate office swhere people can protest. To target someone’s home, and at 11 pm at night, is a very unclassy look. In fact, pretty scummy.

Protester Ariana Paretutanganui-Tamati said they were at Mr Dunne’s home “to give him a taste of what it feels like to have your privacy intruded on”.

I think Peter already has a fair idea!

Ariana Paretutanganui-Tamati is a Mana Party activist. She doesn’t seem to play well with others, as you can read on this blog post. She’s so disruptive the other protesters think John Key has paid her to infiltrate and disrupt them :-)

 

Tags: , ,

Dunne sums ups Labour’s logic

August 4th, 2013 at 12:00 pm by David Farrar

Stuff reports:

Peter Dunne should withdraw his support for the prime minister’s controversial GCSB Bill in the wake of the widening spy scandal, Labour leader David Shearer says. …

“I find it extraordinary that he would still support the bill given the Government has actually gone behind his back and tried to access his emails.

Actually the Government is on record as saying the e-mails should not be released without Dunne’s permission.

But Dunne is sticking to his guns, yesterday saying the two issues were unrelated and he will vote for the bill.

“Saying that the GCSB Bill should not be passed because of this is like saying that because some people jaywalk, we shouldn’t build more motorways.”

That appears to be exactly the Labour (and Green) view on transport!

Tags: ,

Clark on GCSB

August 4th, 2013 at 4:59 am by David Farrar

Stuff reports:

Former Prime Minister Helen Clark has confirmed the GCSB executed intercept warrants for the SIS during her Government but spying on New Zealanders “wasn’t their remit”.

Clark, speaking in advance of the release of her new book At The UN, about her first four-year term as Administrator of the United Nations Development Programme, said she was always “loyally and diligently” served by the intelligence services.

Clark said the Government Communications and Security Bureau acted within the law “as it was understood to be” and this included executing warrants for the Security Intelligence Service.

“I can assure you that I was always advised that what was being signed was legal.”

Yet Labour and Greens are opposed to the GCSB doing what it did under Helen Clark – assist the dSIS. The problem is the law passed by Clark does not make it clear if the clause saying it will not monitor NZers over-rides the clause saying it can assist other agencies such as the SIS.

She rejected that the Government Security Communications Bureau routinely spied on New Zealanders as that was “not part of their remit”.

And still will not be, despite the hysteria. In fact the bill will provide greater transparency than in the past over what work the GCSB does do.

Her book, At The UN, is a collection of speeches Clark has given in her first four-year term at the UN.

Am sure it will be a best seller. Sadly not yet available on Amazon.

Tags: ,

When is a repeal not a repeal?

July 27th, 2013 at 11:00 am by David Farrar

Stuff reports:

Labour says it will repeal the controversial GCSB law if it wins the next election.

Sounds like a clear policy. If you read that, you would think that means they will return the law to its current state.

A Labour spokesman confirmed this afternoon the party would commission a review of the legislation and implement any changes that came out of that although the new law would remain in place until that process was completed.

So they’ll keep it for a bit, and then are they going to repeal it?

Well read this Herald story:

“We would have an independent review and legislation would come out of the review. The current legislation would need to be repealed, modified or whatever.”

So in fact Labour are not promising any sort of repeal. They are saying we will review the law after the election and maybe make some amendments to it then. They can’t details what actual changes they want.

Tags: ,

GCSB views

July 26th, 2013 at 1:00 pm by David Farrar

The Press editorial:

Contrary to the assertions of opposition parties, the changes Prime Minister John Key has made to the Government Communications Security Bureau bill are not merely cosmetic.

Among other things, the changes will require the GCSB to make an annual report on the number of warrants and access authorisations it gets and pro-actively tell the inspector-general of intelligence, whose post has itself been beefed up, whenever it has acquired a warrant to spy on a New Zealand citizen or resident.

In addition, while rejecting the opposition call for an inquiry now into the GCSB, the bill will require a review of its operations, and those of the Security Intelligence Service, the domestic spy agency, a couple of years from now and thereafter every five to seven years.

The GCSB will also have to make an annual report on the number of times it has been called on to help the police, the SIS and other agencies use its specialised surveillance equipment.

If any expansion is required of the agencies that can call on the assistance of the GCSB, new legislation will be needed rather than, as had been proposed, merely executive action. The Prime Minister has also promised to make it clear that the collection of metadata – information about the time and location of a call rather than its content – will be treated as communication and require a search warrant.

All these changes make substantial modifications to the bill as it was first presented to Parliament. While they have not been enough to persuade opposition parties to support the bill, they are sufficient to satisfy Peter Dunne, formerly a strong critic of the bill, which means it will pass.

I agree that the changes are not inconsequential. I note that Labour seem unable to articulate what actual changes to the bill would make it acceptable to them. I think they just hope this will be finally be the silver bullet that gets them out of the poll doldrums. Bit sadly for them, people are more interested in policies on jobs, hospitals and schools than this.

Pete George points out the recent protest action against the bill was organised by Mana’s Martyn Bradbury and Greens’ Max Coyle. I think it is safe to conclude both fall into the camp of would never ever support something done by this Government. The meeting they organised was interesting though:

Labour MP David Cunliffe sat in the front row last night. His party leader, David Shearer, watched unnoticed from the rear of the hall with Labour’s finance spokesman, David Parker.

However the Herald disagrees with The Press and wants more changes. However they also say the changes are substantial:

The Government Communications Security Bureau and Related Legislation Amendment Bill will be an improved piece of legislation when it is amended by Parliament. The changes go much further than the “cosmetic” tag attached by the Greens. Two stand out. The first dictates that the country’s foreign intelligence agency will be the subject of an independent review in 2015 and an automatic review every five to seven years after that. A five-year review echoes the situation in Australia. It also goes quite some way towards satisfying the call by Labour and the Greens for an independent inquiry into the country’s security services, even if they wanted this to precede the passage of the legislation.

The second important alteration states that if a government wants to expand the domestic agencies which the GCSB will be able to help beyond the police, the Security Intelligence Service and the Defence Force, it will have to get the support of Parliament for another amendment bill, rather than Cabinet simply ticking it off via regulation. That negates the possibility of the likes of Customs, the Immigration Department or Inland Revenue using the GCSB’s sophisticated cybersecurity equipment without a considered debate on the ramifications. 

I think that last change was very important.

According to the Prime Minister, the bill represents “a balancing act between national security and doing our best to keep New Zealanders safe, and the privacy of New Zealanders”. Considerable reservations voiced earlier this month by the Privacy Commissioner, the Human Rights Commissioner and the Law Society confirmed the first draft fell far short of this objective. The changes in the bill as reported back yesterday and those achieved by Mr Dunne improve that situation somewhat. It is a real shame, however, that they do not go further. The public deserves stronger reassurance.

In another story the Herald notes a further change:

The activities that the GCSB undertake in assisting the police will be subject to review by the Independent Police Complaints Authority under changes to the GCSB bill, which was reported back to Parliament this afternoon by the Intelligence and Security Committee.

It is one of the few changes to the bill in the committee’s report that has not been previously announced.

A further useful addition.

Tags: , , ,

GCSB Changes

July 23rd, 2013 at 7:00 am by David Farrar

John Key has announced the following changes to the GCSB Bill after negotiations with John Banks and Peter Dunne:

  • A set of guiding principles will be added, in line with requests from Mr Banks and Mr Dunne.
  • The Inspector General will be supported by a two-person advisory panel.
  • The removal of the proposed Order in Council mechanism which would have allowed other agencies to be added to the list of agencies able to request assistance from the GCSB. Any additions beyond the Police, NZSIS and NZ Defence Force will now be required to be made by a specific amendment to the legislation.
  • To ensure effective oversight in the issuing of a warrant, the Bill will be amended so the Inspector General is informed when a warrant is put on the register relating to a New Zealander.
  • The GCSB will be required to report annually on the total number of instances where it has provided assistance to the Police, NZSIS or NZ Defence Force.
  • The GCSB will also be required to report annually on the number of warrants and authorisations issued.
  • The Intelligence and Security Committee will hold public hearings annually to discuss the financial reviews of the performance of the GCSB and the NZSIS.
  • There will be an independent review of the operations and performance of the GCSB and NZSIS and their governing legislation in 2015, and thereafter every 5-7 years.
  • Mr Dunne will have a role in the Government’s upcoming work to address the Law Commission’s 2010 report Invasion of Privacy: Penalties and Remedies. This work will include a review of the definition of ‘private communication’, which was highlighted as an issue by submitters on the GCSB legislation.

These are good changes. I had talked on TV about one area of concern being the proposed ability for the Govt to add other agencies onto the list of agencies the GCSB can assist with interceptions. Having Parliament, not the Government, make any changes is desirable.

Despite these significant changes, Labour appears to still be voting with the Greens against the bill. Ironic as it was a Labour Government that caused this problem with their 2003 law change.

Dunne and Banks have shown how you can have a constructive role in improving legislation.

Also the Herald reports:

Mr Key said today that he did not believe that the GCSB had engaged in the mass collection of metadata and he confirmed that it should be treated the same as communication and any collection of it would require a warrant. He planned to make a clear statement about it in the bill’s second reading.

Also welcome.

 

Tags: , , ,