Kiwiblog

The GCSB has said:

The Inspector-General of Intelligence and Security has completed an inquiry into potential breaches of the Government Communications Security Bureau Act (2003).

The GCSB Director, Ian Fletcher says, “The Inspector-General formed a view that there have been no breaches, although the law is unclear and the Inspector-General recommends amending it.”

The Inspector-General is Paul Neazor. He is a former New Zealand Solicitor-General and former Hgigh Court Judge who was appointed Inspector-General by Helen Clark.

The Kitteridge report never concluded the GCSB had broken the law. It reported that they may have broken the law, because the law is unclear. Crown Law had said they were uncertain whether the section on not intercepting communications of NZers over-rode the section on assisting other agencies when they had legal interception warrants.

The Inspector-General has said that basically on balance of probabilities he does not believe their actions have been  outside the law – but again, that it is not absolutely clear.

A recent review of compliance at the GCSB by Rebecca Kitteridge found difficulties of interpretation in the GCSB Act. Following the Prime Minister receiving that report, cases involving 88 New Zealanders were referred to the Inspector-General. All were cases where the GCSB had been asked to help another agency.

Mr Fletcher says the Inspector-General found that all of the cases were based on serious issues including potential weapons of mass destruction development, people smuggling, foreign espionage in New Zealand and drug smuggling.

Nothing to worry about then!

• 15 cases involving 22 individuals did not have any information intercepted by GCSB. 
• another four cases involving five individuals were the subjects of a New Zealand Security Intelligence Service warrant and the GCSB assisted in the execution of the warrants. The Inspector-General is of the view that there were arguably no breaches and the law is unclear.
• the Bureau only provided technical assistance which did not involve interception of communications, involving three of the individuals, so no breach occurred.
• the remaining cases involved the collection of metadata, and the Inspector-General formed the view that there had arguably been no breach, noting once again that the law is unclear.

It is worth noting that this is over around a 10 – 12 year period, so we are not talking a huge amount of activity.

Mr Fletcher says the Inspector-General is of the view that the interpretation of “communication of a person” is one of the issues where there are uncertainties in the interpretation of the GCSB Act, when it comes to metadata.

An example of metadata is the information on a telephone bill such as the time and duration of a phone call, but not the content of the conversation or identification of the people using the phone.

Now it is not good enough that interceptions happened when there was uncertainty over the law. The operations of the spy agencies must be beyond doubt legally. Hence the major changes being made to GCSB to ensure no repeat. But it is worth putting this into context, especially compared to the current scandals in the US with Associated Press and Fox news journalists having their communications intercepted to try and find out their sources on security issues.

As previously stated, Police have conducted a thorough check of all their systems. Police advise that no arrest, prosecution or any other legal processes have occurred as a result of the information supplied to NZSIS by the GCSB.

Which means no appeal against a conviction.

The House has moved into urgency for the GCSB and other bills.

The good thing is that this is the first time in around two years that the Government has used urgency. That is the longest period in recent times we have ever had without its use, thanks to new Standing Orders.

The bad thing is that one of the bills, the GCSB Bill, will pass through all stages under urgency. I think that is a bad decision. While I can appreciate that there is a need not to take the normal nine months to change the law, I don’t see why the bill couldn’t go to the Intelligence and Security Committee for a brief round of submissions They could report it back in a month, and it would be passed within say six weeks. That is not too long to wait.

Fortunately the sister bill around telecommunications interceptions will at least go to select committee. There are some very meaty issues in that bill to be worked through and absolutely vital it is fully scrutinised.

UPDATE: I am pleased to say I was misinformed and the GCSB is in fact going to the Intelligence and Security Committee for submissions. That is the right thing to do. So obviously my comments above are invalid.

Reuters reports:

Canadian security forces have thwarted an al Qaeda plot to blow up a rail line between Canada and the United States, police and intelligence agencies say.

US security and law enforcement sources said the suspects had sought to attack the railroad between Toronto and New York City. Two men had been arrested after raids in Toronto and Montreal.

With this plot and the recent terrorism in Boston, it seems a very bad time to be arguing that there should be no capability to do intercept domestic communications in New Zealand. One professor was recently in print saying that this would make us a totalitarian state in a hysterical rant.

Of course any domestic spying must be strictly controlled and have rigorous oversight.  But those who argue New Zealand never has and never will have domestic threats are dangerously naive.

John Armstrong writes:

He had originally said he had the phone number on hand. Then yesterday he said he did not have a clue how he had come to have the number. Then he said he had not had the number. Then he said he said he had rung directory services to get the number. Then he said he was not sure whether he or one of his staff had rung directory.

Yes, amazing he doesn’t recall the exact details of a one minute phone call three years ago.

Labour’s Grant Robertson asked Key whether he could understand why New Zealanders were struggling to believe anything he had to say on the matter when he could not even say how he came to have Fletcher’s phone number.

Yes, this is the issue that Labour has decided is of prime importance to New Zealand. Did John Key call Fletcher directly or go through an operator! Next they will focus on whether the phone call was one minute long or shock horror two minutes long.

But quite possibly with good reason. Most people could not really give a toss about how Key got hold of Fletcher’s phone number.

The very real danger for Labour is that in building a case against Key it is thus seen to be fixated by relative trivia; that Labour is so obsessed with destroying Key as a political force that it can no longer see the wood for the trees.

Indeed. I encourage Labour to keep asking questions about whether or not John Key used directory service. They should do so for at least the next six weeks.

Some people may say that they should focus on the Budget next month, but they are too smart too fall into the trap of focusing on the economy. After all we have a Budget every single year.

I’m disappointed that Labour have only dedicated half of their oral questions to this issue. I think they should use 100% of their questions.

The Herald reports:

New Zealand First will support law changes allowing the GCSB to spy on Kiwis, giving the Government a comfortable majority on the controversial legislation.

That means either 69 or 72 votes in favour.

Prime Minister John Key last night briefed Mr Peters, Labour leader David Shearer, Green co-leader Russel Norman, United Future’s Peter Dunne and Act’s John Banks on his proposed amendments to the GCSB Act.

The major change will make it clear the GCSB can intercept New Zealanders’ communications when assisting other agencies including the SIS, police and Defence.

I’ve been waiting for someone to make a principled case that the GCSB should not be able to assist those other agencies, but am yet to see it.

That co-operation has occurred for many years but questions about its legality were publicly raised in Cabinet Secretary Rebecca Kitteridge’s GCSB report last week.

The key thing is any assistance must only be under conditions where a warrant has been signed off.

Here’s a question for Labour and the Greens. If they win office in 2014 – will they pledge to change the law to ban the GCSB from assisting the SIS, Police and Defence?

John Key has announced changes to the oversight of the GCSB and SIS:

1: The pool of candidates who are able to perform the role of Inspector General will be widened, by removing the requirement that the person be a retired High Court judge. This will broaden the range of experience and capability available to the role. For example, Australia’s equivalent is a former ombudsman.

2: The Inspector General’s office will be made more proactive, taking it a step further from the role it currently has, which is more review-focused. The office would be able to undertake its own inquiries more easily, and it will be expected to specifically note publicly each year its view on whether or not the agencies it oversees are compliant with the law.

The Government will increase the scope of the Inspector General’s active review programme to include a much broader range of the agencies’ activities. This will have the effect of making the Inspector General’s role more proactive.

3: The resourcing and staffing of the Inspector General’s office will be increased, and the new role of Deputy Inspector General will be created.

4: Legislation will explicitly expand the Inspector General’s work programme, including compliance audits and greater reporting responsibilities. GCSB’s own quarterly reporting processes will be tightened up.

5: The Inspector General’s work will become more transparent, through greater availability of its reports and views publicly.

These all look like good changes, in line with what Kitteridge recommended.

I presume these proposed changes be open for submissions, and there may be further changes that can be proposed and considered.

“It is now the responsible thing to do to clarify the legislation, to make it clear the GCSB can provide support to agencies which are undertaking their lawful duties.

“To do anything less would be to leave our national security open to threat, and as Prime Minister I am simply not willing to do that. To do nothing would be an easy course of action politically, but it would be an irresponsible one.”

Mr Key says thetre proposed changes to the GCSB Act will clarify its long-standing practices, so the GCSB can provide assistance to other agencies, subject to conditions and oversight.

I think this is inevitable and desirable. It would be silly to allow what was basically a drafting error in the 2003 law, neuter our capacity to respond to potential security threats.

However it is important that any legislation restricts the GCSB to assistance where an independent warrant has been granted to the other agency. And the changes above must include specific disclosure of such assistance as part of regular reporting so that one can see that any assistance is rare and only in line with warrants issued by the appropriate authorities.

I assume and hope that the legislation will follow the normal legislative path, including committee submissions. Of course it will go to the Intelligence and Security Committee, rather than a select committee.

The ISC comprises (I think) John Key, David Shearer, Peter Dunne, John Banks and Russel Norman

Today, Mr Key also released the terms of reference into the unauthorised disclosure of Ms Kitteridge’s report.

The Commissioners of the report, DPMC Chief Executive Andrew Kibblewhite and GCSB Director Ian Fletcher, have appointed David Henry to conduct the inquiry.

Good. It is outrageous that the draft report was leaked, and there are only a few people who could have had access to it. Hopefully the inquiry will discover the person responsible.

There’s some very interesting questions about the passing of the GCSB Act in 2003, and whether Labour lied to New Zealanders about what the Act would do, or if they told the truth and Helen Clark allowed the GCSB to break the law.

Grant Robertson was Clark’s second most senior advisor, so he may be able to assist!

The GCSB was created in 1977. From the beginning its role has been focused on foreign intelligence, but we have been told that for some decades it has also assisted other agencies (SIS and Police) with communications intercepts when those agencies have gained warrants authorising them to do so.

In May 2001, Helen Clark introduced the GCSB Bill to give the GCSB legislative backing. Helen Clark said:

In the absence of a legislative framework for GCSB, for example, some have wrongly inferred that the Bureau’s signals intelligence operations target the communications of New Zealand citizens; that the GCSB exists only as an extension of much larger overseas signals intelligence agencies; and that the Bureau’s operations are beyond the scope of Parliamentary scrutiny.

For the record, I reiterate again today that the GCSB does not set out to intercept the communications of New Zealand citizens or permanent residents. Furthermore, reports of the Inspector-General of Intelligence and Security have made it clear that any allegations to the contrary are without foundation. The Inspector-General has reported his judgement that the operations of the GCSB have no adverse or improper impact on the privacy or personal security of New Zealanders.

Now we know that after this law was passed, the GCSB continued to assist the SIS and Police with interceptions – where those agencies had gained a warrant.

This means there can be only two interpretations of what Helen Clark did.

1. She misled New Zealanders on the GCSB. She knew that the GCSB assisted the SIS with interceptions. She should have said that the GCSB doesn’t intercept communications of NZers, except when acting on behalf of an agency that has gained a warrant to do so. She made a conscious decision not to mention this, and misled Parliament on what the GCSB does, and Parliament voted on a law not aware of what the GCSB does.
2. She ignored the law. She was aware that the GCSB had traditionally assisted the SIS, and knew the law would stop them being able to do so legally when it involved a NZ resident. But then after the law was passed, she allowed the GCSB to break the law.

My belief is (1). I think Clark misled New Zealand and Parliament by not explicitly mentioning the fact that the GCSB did intercept communications of NZers, when doing so for the SIS who had gained an interception warrant.

I can understand the annoyance of people that the Government had not been explicit that the GCSB prohibition on interception communications from New Zealanders, doesn’t stop them assisting the SIS and Police if they have gained warrants.

The issue going forward is should the GCSB be able to assist the SIS. Labour’s position is, as usual, God knows. The Herald reports:

Labour would consider allowing the GCSB to spy on New Zealanders in limited circumstances but only if that was recommended by a full independent review of intelligence agencies, party leader David Shearer says.

Another clear concise and brave policy.

There are basically four options when it comes to communications interceptions. They are:

1. Neither the SIS nor GCSB should ever be allowed to intercept communications of New Zealanders. 
2. The SIS can intercept the communications of NZers if they gain a warrant to do so, but the GCSB can not assist them.
3. The SIS can intercept the communications of NZers if they gain a warrant to do so, and the GCSB can assist them.
4. Both the SIS and GCSB can intercept the communications of New Zealanders

The first option is what one might call the Keith Locke position. We would of course be the only country in the world that basically bans the intelligence agencies from being able to well, do their jobs. I doubt any party in Parliament except possibly the Greens would support this.

The fourth option is also not supported by any party or MP, as far as I know. Mind you, Labour seem to suggest they might go along with that if a review recommended it!

So really it is a decision between options (2) and (3). Do you require the SIS to spend what could be tens of millions of dollars on duplicating the GCSB systems in order to do around six interceptions a year?

You can argue, yes we should. That there should be purity of separation. That the GCSB should be like the CIA and never ever intercept domestic communications. Except that actually the CIA is authorised to do so in some circumstances so the comparison is not correct.

What I think is important is that the GCSB can’t just help the SIS with any old request. That their assistance is limited to cases where the SIS has gained a warrant due to security concerns. Let’s look at the SIS Act for the criteria. That:

the interception or seizure or electronic tracking to be authorised by the proposed warrant is necessary for the detection of activities prejudicial to security

And what does security mean:

• the protection of New Zealand from acts of espionage, sabotage, and subversion, whether or not they are directed from or intended to be committed within New Zealand:

• (b)the identification of foreign capabilities, intentions, or activities within or relating to New Zealand that impact on New Zealand’s international well-being or economic well-being:

• (c)the protection of New Zealand from activities within or relating to New Zealand that—
  • (i)are influenced by any foreign organisation or any foreign person; and
  • (ii)are clandestine or deceptive, or threaten the safety of any person; and
  • (iii)impact adversely on New Zealand’s international well-being or economic well-being:

• (d)the prevention of any terrorist act and of any activity relating to the carrying out or facilitating of any terrorist act

So it is important to recall that the 88 cases cited in the Kitteridge report, all had warrants authorised under the SIS Act because they met one or more of the criteria above. The issue is not that they should not have legally had their communications intercepted – but whether the right agency did the interception.

If you do not amend the law, then there will be no reduction in the number of NZers who have interception warrants issued against them. The only difference is the SIS will do the interception directly, rather than use the GCSB.

I have to say I am incredibly impressed with the report done by Cabinet Secretary Rebecca Kitteridge into the GCSB.

All too often reports of this nature can avoid being too specific and just talk in generalities about the need for more work in this area or that area.

Kitteridge has outlined in detail the long-standing problems at GCSB, including organisational and cultural – plus of course the lack of legal rigour in some of their work.

She’s also provided 80 specific recommendations that are basically a reorganisation blueprint.

It really is worth taking the time to read the full report.

The issue that much media focus has been on is that the GCSB may have been in breach of the GCSB Act when it assisted the SIS with intercepting communications of NZers. The practice was

Firstly, it was long-standing practice – going back to before the enactment of the GCSB Act in 2003 – for GCSB to provide assistance (i.e. its specialist capabilities) to the NZSIS on the basis of NZSIS warrants. The clear understanding within GCSB was that in such cases section 14 did not apply because GCSB was acting as the agent of the requesting agency and was therefore operating under the legal authority of the warrants. If the NZSIS, with the authority of an intelligence warrant, requested GCSB to provide assistance in cases involving New Zealand citizens or permanent residents, GCSB provided that assistance.

This has been the case for probably several decades. The issue is the GCSB Act passed in 2003 may have made such assistance illegal. It is basically a matter of whether they are operating under the GCSB Act when assisting the SIS.

The consequence of these developments is that the lawfulness of some of GCSB’s past assistance to domestic agencies is now called into question. In relation to NZSIS, the relevant period is between 1 April 2003, when the GCSB Act came into force, and 26 September 2012, when such assistance ceased. During that period GCSB provided 55 instances of assistance to NZSIS, which potentially involved 85 New Zealand citizens or permanent residents

Now it is important to note that the SIS were legally entitled to intercept their communications. The Commissioner of Security Warrants (a former High Court Judge) and the PM must both authorise such a warrant, based on genuine security concerns.

The issue is whether the GCSB were legally able able to assist the SIS with their interception, and if not, should they be able to?

I would suggest that there is little common sense in saying the GCSB should not be allowed to assist the SIS. If you do that, you probably require the SIS to duplicate the quite costly infrastructure of the GCSB for what is just half a dozen cases a year.

But such assistance must be beyond legal doubt. Hence why a law change is going to happen. I don’t think there was any intention that the 2003 Act would prevent the GCSB from assisting the SIS. The last thing you want is silos in the intelligence community – that was a key lesson the US learnt post 9/11.

The PM has said that none of the 88 people who *may* have had the GCSB illegally intercept their communications were arrested on the basis of the info obtained. If they had been, I’d expect court action.

Some are saying that the 88 people should get an apology and/or compensation. I’d need a lot of convincing that that is a good idea. Here’s why.

1. Their communications were legally able to be intercepted due to security concerns – just by the SIS, rather than the GCSB. It is not a case of the interception being unjustified – just that the wrong agency may have done it.
2. If the 88 people were told that they had been under surveillance, it could endanger many ongoing security operations. Some of them may have links to terrorism even. Remember these were all people who had a legal interception warrant approved by the Commissioner of Security Warrants.
3. Was there any significant harm done to them as individuals that the wrong agency did the interception? There is certainly harm to NZ as a whole that the GCSB may have broken the law, but I don’t see great harm to any individual involved.

The above in no way reduces the unacceptability of the GCSB not ensuring they were acting in a beyond doubt legally complaint manner. Kitteridge explains some of the background:

For a number of years there has been only one source of legal advice at GCSB, which was the DDME, a second tier manager. …

As at the time this review commenced, in addition to legal advice, the DDME had responsibility for governance and performance, strategy and policy, risk management, the Liaison Officers, the Compliance Advisor, strategic relationships, the Chief Financial Officer, knowledge services, the registry, the Chief Information Officer, technology infrastructure, security (physical, personnel, and IT) and mission capability (IT) development. Until fairly recently he also had responsibility for HR, finance and logistics, procurement and property services.

Doesn’t leave much!

The DDME had too many hats. His multiple roles meant that there was insufficient internal debate and challenge. He was solely responsible for policy and legislative development, providing drafting instructions, interpreting the resulting law and overseeing its implementation and operation. These were conflicting roles. It is essential in an organisation that exercises intrusive powers of the state that there be robust challenge and the ability for contesting views to be expressed and explored. As the chief architect of the legislation he spoke confidently and authoritatively about the legislation and staff were not in a position to challenge that. …

The DDME’s seniority, as a Deputy Director, contributed to reluctance on the part of staff to question his judgement. Staff were unanimous in stating to me that the DDME’s view was seen as completely authoritative.

Useful to also pick up a conclusion, especially as some MPs say we don’t need a GCSB.

My belief in the importance of the work carried out by the men and women at GCSB has only increased as this review has proceeded. The world is becoming more complex, and physical borders are less relevant. The nature of the threats to national security is shifting so rapidly that keeping up with them is a challenge – let alone getting ahead.

The PM has announced:

Prime Minister John Key today released the report of Rebecca Kitteridge into compliance at the Government Communications Security Bureau.

Ms Kitteridge was seconded to the GCSB to undertake the review in October 2012.

The review had two main areas of focus – ensuring that all the GCSB’s activities are lawful; and reviewing the agency’s compliance framework.

“I had intended to release this report to the Intelligence and Security Committee next week, however the public disclosure of the contents of the report means I have taken the decision to release it today.

“Members of the Intelligence and Security Committee have received the report a short time in advance of my releasing it publicly.

“The report makes for sobering reading. At a high level it finds long-standing, systemic problems with the GCSB’s compliance systems and aspects of its organisation and culture.

Ouch. That is quite damning.

The report Andrea Vance was leaked was a draft report it seems. It would be interesting to speculate on who had a copy of the draft. Drafts normally go to people who might be the subject of critical comment, so they can respond.

“I acknowledge this review will knock public confidence in the GCSB.

“This is why the Government has a comprehensive response underway to address the organisational problems at the GCSB.

“The steps we are taking will be outlined in detail next week and are intended to begin the process of rebuilding public confidence in GCSB.”

The GCSB Act has been in place for 10 years. Over that time, GCSB has been providing assistance to other agencies, including the New Zealand Police, New Zealand Defence Force and the New Zealand Security Intelligence Service.

It has done so in the belief that it was acting within the law on all occasions.

The essential problem is legal uncertainty over whether they can assist the SIS with communications interception, when the SIS have gained a warrant to intercept such domestic communications. There is no question the SIS were legally able to intercept communications of these people – the issue it seems is whether they could use the GCSB to assist them.

There are 88 cases identified as having a question mark over them since 2003.

Police have conducted a thorough check of all their systems. Police advise that no arrest, prosecution or any other legal processes have occurred as a result of the information supplied to NZSIS by GCSB.

“I have written to the Inspector General of Intelligence and Security and asked him to look into those cases.

“I have asked him to inquire into each of these cases to determine in each case whether or not GCSB has acted in compliance with the law. I have requested that the Inspector General determine whether any individuals have been adversely affected and, if so, what action he recommends be taken.

“It is not my intention to disclose details of those cases. However, the results of the review will be made public after its completion.

The level of transparency over this is welcome. It would have been politically easy to treat the Dotcom issue as a one off mistake. Instead the PM sent in the Cabinet Secretary to do a full review, and has published the report.

“When I return from China, I will announce details of legislative proposals the Government will be bringing to Parliament to remedy the inadequacies of the GCSB Act.

“At the same time I will announce proposals to significantly strengthen the oversight regime across the intelligence community.

That will be interesting.

The report is not online yet but will be placed on the GCSB website.

Remember all those people complaining that new GCSB Director Ian Fletcher didn’t come from the traditional military background of former directors? I think we are seeing why a change from the status quo was needed.

Andrea Vance at Stuff reports:

The Government’s beleaguered intelligence agency may have unlawfully spied on 85 people, a top secret review reveals.

The report, ordered after the Kim Dotcom fiasco, contains a raft of criticisms of the Government Communications Security Bureau (GCSB). …

The revelations are contained in the report, prepared by Cabinet Secretary Rebecca Kitteridge, and seen by Fairfax Media. …

The explosive revelations confirm that the illegal spying was far broader than the Dotcom case – and involves up to 85 people and cases dating back nearly a decade.

The illegal spying was conducted between April 2003 and September last year and done on behalf of the Security Intelligence Service, the domestic spy agency.

People should ask themselves if previous Prime Ministers would have sent in their top official to review the GCSB, and make her findings public.

Agency staff worked faithfully and were devastated to learn they were not acting within the law. There was no evidence they acted in bad faith or believed the end justified the means, the report says.

Culture problems at the agency could take a year to fix, Kitteridge says.

The GCSB’s organisation was overly complex, fragmented and had too many managers. Poor performing staff were tolerated, rather than fired or disciplined, because of fears that disgruntled former employees could pose a security risk.

And

It is understood new legislation will be introduced to Parliament soon after the report’s release.

Good. Once upon a time the Government wouldn’t even admit there was a GCSB. It was created my Muldoon in 1977 and not even Cabinet was told of it.

UPDATE: This is unusual. The entire paragraphs that I quoted from the story have now been removed from it. I wonder why?

Wow, are things getting silly.

Andrea Vance at Stuff reports:

Prime Minister John Key has outlined the nature of his friendship with chief foreign spy Ian Fletcher under questioning about the illegal surveillance on Kim Dotcom.

Their acquaintance dates back to their childhood, when their mothers were “best friends”, Key said. He also went to school with Fletcher’s brother.

Their mothers were friends. Shock horror.

I hope no one is suggesting that Ian Fletcher should not have got his job, because his mum was friends with the PM’s mum before she died.

Oh wait, they are.

Imperator Fish blogs:

 David#1:  Great news, David! I have irrefutable evidence that John Key’s been lying to the nation over what he knew about Kim Dotcom!

David#2: That is indeed great news, David. Tell me more.

David#1:  He’s gone and spoken to GCSB staff about the guy, that’s what. Apparently he cracked a joke in front of them. And he was filmed!

David#2: I don’t see the problem.

David#1:  Don’t you see? It happened in February, at a time when Key supposedly didn’t even know the GCSB were monitoring Dotcom. If it turns out that Key was joking about Dotcom to GCSB staff then it will prove Key knew about the monitoring.

David#2:  Yes, that’s pretty powerful stuff, David.

David#1:  Thank you, David. I finally think we’ve got the bastard this time.

David#2:  I can’t wait to see Key’s face when you show the film.

David#1:  I know. It’ll be gold. There’s just a minor problem, though.

David#2:  Oh?

David#1:  Look… it’s just a minor detail, and I expect we’ll have it sorted out quickly. It’s about the tape.

David#2:  The tape of John Key joking about Kim Dotcom?

David#1:  The very same. You see, I don’t actually have a copy of it.

David#2:  I see. I presume one of your staff has it.

David#1:  Ah… no.

David#2:  Right. Your informant then, whoever that is. It’s not Fran’s bloke, is it?

David#1:  I can’t divulge my sources, David.

And the fictional conversation continues:

David#2:  So, basically, you have no tape, and your informant won’t come forward to verify your claim.

David#1:  When you put it that way it sounds like a stupid thing to do. But here’s the genius of the plan: when we demand the release of the tape and they can’t produce it, everyone will see the cynical cover-up.

David#2:  You know, David, I find this whole thing extraordinary. You are going to demand the release of a tape you aren’t certain even exists in order to prove something that you have no evidence of. I can hardly believe I am hearing this from the leader of my party. And do you know why? Because IT’S A GENIUS PLAN! Do it, man!

David#1:  This will destroy John Key.

David#2:  It will certainly be very destructive.

David#1:  And it might even precipitate a change of leadership.

David#2:  I’m certainly hoping so.

Heh, heh. One has to give Scott full credit – he mocks all parties well.

The Press editorial:

In what is turning out to be the drawn-out saga of the extradition of Kim Dotcom, the role of the Government Communications Security Bureau may be a minor irrelevance, but it appears it is about to claim its first scalp.

A senior official is reported to have been placed on leave while an internal review is conducted at the bureau. Whether the official is in any way responsible for the acknowledged errors made by the GCSB, and if so what sanction, if any, there should be, will no doubt be determined by the review and, if they are found to be necessary, any subsequent employment hearings.

In the meantime, however, it is clear that there are indications that all is not well within the organisation.

There are four or five ways in which the GCSB hasn’t performed up to the standard expected. They are:

• The original flawed legal analysis that they Dotcom was not a permanent resident
• The lack of a clear process for acting on requests from Police
• The resistance to change its view on the legality of the Dotcom interception for many months
• Not taking immediate action to inform the Minister and Inspector-General when they first became aware of uncertainty over the legality
• Taking two weeks to inform the Minister of the brief mention of Dotcom in a powerpoint presentation to him (It should have taken two hours not two weeks)

To his credit, Prime Minister John Key, the minister in charge of the GCSB, has not attempted to conceal its shortcomings. Unlike the normal practice when intelligence organisations make errors – blanket refusal to comment – Key has shown a level of candour unprecedented either in New Zealand or elsewhere. He has also ordered reviews to get to the bottom of the GCSB’s difficulties and install fresh oversight within the organisation.

If there are systemic problems in the GCSB they will not have happened overnight but, given the importance of its work, they must be fixed quickly.

My understanding is that the roasting has been of the superchargrilled variety.

The editorial is right that under Key, the level of candour has been unprecedented. Not just with the issue, but I recall that with the SAS in Afghanistan the previous Govt would often refuse to even state if they were out of the country at a particular point in time.

The Herald editorial:

Labour leader David Shearer must be wishing he had never mentioned a recording of a remark the Prime Minister is said to have made to staff of the Government Communications Security Bureau in February about the Dotcom investigation. If any recording was made of John Key’s visit to the agency that day, Mr Shearer does not have a copy of it, nor it seems does anybody else.

As I said, the smart thing is to ask if such a recording exists. The dumb thing is to state it does, and then accuse the GCSB of deleting it when they say it doesn’t.

Labour needs him to make a public impact. He has tried the high road, getting out around the country to talk about real issues, but that made little impression on the polls. Now he is resorting to parliamentary point-scoring, which seldom moves the public but can lift his MPs’ morale if done well.

They cannot be impressed by his miscue on the GCSB. But even if his tactics had been more adroit, it is doubtful that the issue would have given him a lift in the polls. Mr Shearer does not seem at ease in this sort of politics. It appears to be an effort for him to take an interest in the intricacies of the Dotcom saga and attack it with conviction.

He would be well advised to leave this sort of work to others in his team who are more naturally tenacious than he is. Leaders have to be true to themselves to command the respect of others.

Mr Shearer looked best last week at centre stage in an economic policy “summit” with fellow Opposition party leaders flanking him. Unfortunately for him, that effort was overwhelmed by the missing GCSB recording. If he has to fight on this level, he will not win.

I’m hoping this episode is a rare departure from Shearer’s normal behaviour.

David Shearer is sadly descending into the Trevor Mallard rulebook, and making things up. Andrea Vance at Stuff reports:

Earlier today Labour claimed a tape existed of Key giving speech to staff in cafeteria at the Government Communications Security Bureau’s Wellington headquarters in which he made a quip about Dotcom.

The prudent thing to do if you hear a claim like this, is to substantiate it. You file an Official Information Act request for the tape (or at least confirming the existence of it) or as an MP you can file a written question. Then when you get the answer, you trumpet it.

But just making stuff up, and trumpeting it in a press release, is risking being the Boy who cried wold.

Fletcher said “exhaustive enquries” at the GCSB have revealed no video tape.

And Shearer doesn’t even realise

Labour leader David Shearer had called on the GCSB or Key to confirm if the recording existed.

“There is one way to clear this up. The Prime Minister should give the green light to the agency to release any and all unclassified material about the visit and John Key’s comments to staff,” he said.

Does Shearer not even know the law? The PM is not needed to give a green light. The Official Information Act applies to the GCSB. They are listed in Schedule 1. Unless the material is classified, or otherwise meets a criteria for non-release, the GCSB is required by law to release the material. Also the Ombudsman can investigate and request and decision.

Newstalk ZB also has an interesting story on where Labour may be getting their information from.

Stuff reports:

A mysterious low-pitched humming sound has been troubling some Wellington residents for the last few days and it seems no-one has any idea what it might be.

The Wellington City Council has had several calls over the past few days with the most recent being about 5am today.

Spokesman Richard MacLean said the complaints had been coming in from Mt Victoria, Newtown and Mt Cook residents. “We are interested to hear if this starts to become a constant thing. We are keeping our ear to the ground.”

It’s just feedback from the underground surveillance system, as they change frequencies to go digital!

Taken by a reader this morning. The Police are onto it!

We’ve seen an interesting comparison of two parliamentary leaders who have both not recalled a mention of an issue in a briefing or presentation.

In July 2011, then Opposition Leader Phil Goff said that he was “not aware of the allegations” around the Israeli hitchhikers.

More recently John Key said he was unaware of the GCSB involvement in the Kim Dotcom case until a couple of weeks ago.

It turned out in the case of Phil Goff he was briefed personally by the Director of the SIS in March 2011. A contemporaneous file note states that it was on the agenda, that Goff asked a question about it, that it was “discussed at length” and notes that Goff was shown the investigation paper and that Goff read it.

In the case of John Key, the GCSB has said that the PM was not briefed on the case until September 2012, but that at a visit to the GCSB offices in Feb 2012, he was given a powerpoint presentation where the Dotcom issues was briefly mentioned, and an image of Dotcom was one of 11 in a montage. The Director says he does not recall the reference, but his staff say it was mentioned briefly.

Now I have to say I believe both Phil Goff and John Key, in that they didn’t recall their respective issues. I would point out that SIS meeting with Goff was a one on one meeting specially to brief on intelligence issues – not a general “this is what we are up to” type presentation. But regardless both men have hundreds of meetings a month.

Where there is a stark difference, is when documents came to light that highlighted there was a briefing or mention.

Even though there is no written record of the matter being mentioned to him,, and even though the GCSB Director says he doesn’t recall it, John Key has said he accepts the recollection of the other GCSB staff – and at the first opportunity has made public that fact, and has said he will correct the record.

Now compare that to what Phil Goff did.  Phil Goff accused the SIS of lying, and inventing things, and said he would refuse to meet them in the future without witnesses. Even to this day, he refuses to admit his memory may have been faulty.

I think that speaks volume about character.

The PM has announced:

The review of the files found the following.

• The Prime Minister was not briefed by the GCSB on its role in the Dotcom matter, nor any issues of potential illegality, until Monday 17 September.

• The Prime Minister was not briefed by any group or official within the Department of the Prime Minister and Cabinet on the GCSB’s role in the Dotcom matter ahead of the 17 September meeting. Roy Ferguson, Director of the Intelligence Coordination Group, was made aware by GCSB of its role in the arrest of Mr Dotcom the day of the raid but only after it occurred in January 2012. Mr Ferguson has advised the Prime Minister that his records indicate he did not subsequently brief the Prime Minister on the matter. It is not Mr Ferguson’s role to brief the Prime Minister on operational matters.

• The Prime Minister visited GCSB offices on 29 February for a briefing on the broader capabilities of the bureau, and to meet the staff. A paper prepared as talking points for the staff member conducting a presentation contained a short reference to the Dotcom arrest a few weeks earlier, as an example of cooperation between the GCSB and the Police. The presentation was an electronic slide presentation. The cover slide was a montage of 11 small images, one of which was of Mr Dotcom.

• A short briefing note provided to the Prime Minister prior to the 29 February visit contained no reference to the Dotcom matter. The talking points paper was used by the staff member at the briefing, however neither that paper nor a copy of the presentation was provided to the Prime Minister either at that time or subsequently.

• No written record was kept of the meeting.

• In advising the Prime Minister of the talking points note and the electronic presentation, the Director told the Prime Minister that he had no recollection of the Dotcom matter being raised at the meeting but accepted the assurance of his staff that it was mentioned briefly, in the context of a much broader presentation.

• At no point was any reference made to questions about residency status.

The Prime Minister acknowledged the findings of the review and has made them public at the earliest opportunity.

“I have been clear from the outset that I received no briefing on the operation from GCSB prior to 17 September, and this review confirms that,” says Mr Key.

“While neither the GCSB Director nor I can recall the reference to the Dotcom matter being made during my visit to the bureau back in February, I accept that it may well have been made.

“Given the public statements I have made in Parliament and in the media, it is important that I take this opportunity to provide this additional information.

“I will be correcting my answers to the House when it resumes on Tuesday 16 October.”

The DPMC and SSC have announced:

Andrew Kibblewhite, Chief Executive of the Department of the Prime Minister and Cabinet, and Ian Fletcher, Director of the Government Communications Security Bureau (GCSB), announced today that Rebecca Kitteridge, the Secretary of the Cabinet,  is to be seconded immediately to the GCSB for an initial period of up to three months in the new role of Associate Director of the Bureau.

Ms Kitteridge will be responsible to the Director of the GCSB for the implementation of an immediate capability, governance and performance review.   This work will provide assurance to the GCSB Director that the Bureau’s activities are undertaken within its powers, and that adequate assurance and safeguards are in place.

As Associate Director, Ms Kitteridge will also act as Deputy Chief Executive.

Ms Kitteridge was appointed as Secretary of the Cabinet and Clerk of the Executive Council in April 2008. She is a senior public servant who is responsible for the security and integrity of the Cabinet decision-making system and the New Zealand Royal Honours systems.  She provides advice on ethics and conduct in relation to Ministers of the Crown, and is a key constitutional advisor to the Governor-General and the Prime Minister of the day.

Ms Kitteridge is a lawyer by training and a focus in private practice was on legal compliance for corporate entities. Since joining the public service she has specialised in constitutional matters at both the Cabinet Office and in the Legal Division of the Ministry of Foreign Affairs and Trade. While in Cabinet Office she has advised four Prime Ministers and four Governors-General.

This is a very smart and welcome move.

Cabinet Secretaries such as Rebecca, and before her Marie Shroff, are officials of the utmost integrity and neutrality. They play a key role in accountable democratic government.

Kitteridge is seconded to GCSB to specifically review their systems, improve their compliance framework and to specifically establish new approval processes for requests from law enforcement agencies.

The Cabinet Office is the king of rigorous process. I think they even have a process for if you ask them the time of day . As I said, I think this is a very smart move.

Slate, an influential US publication, notes:

Most governments are unwilling to own up to unlawful surveillance. But not in New Zealand. The country’s prime minister this week admittedthat one of its spy agencies illegally intercepted Megaupload founder Kim Dotcom’s communications for a full month—prompting aninquiry into how it was allowed to happen. …

In response to the revelation, New Zealand Prime Minister John Key has apologized to Dotcom. Key has also ordered the GCSB to review all cases dating back to 2009. That Key has apologised is commendable, as is his handling of the illegal spying generally. There are few governments in the world willing to candidly publicly acknowledge wrongdoing by their intelligence agencies, especially when it comes to high profile cases. When authorities commit wrongdoing the tendency is often to keep it under wraps in a self-interested bid to protect reputations. In this case, despite knowing it would cause controversy and a storm of negative reaction, N.Z.’s government chose disclosure over secrecy. A rare example of transparency more countries could do well to follow.

Also former Labour PM Sir Geoffrey Palmer has said:

Well it’s hard for me to say that, but it is clear to me that the Prime Minister did really get stuck into this agency very heavily when he found out what they’d done.  I am sure they’re all running  very scared there now, and that they are trying to rectify what was an egregious error, and it seems to me that that’s what a minister should do when confronted with this sort of situation.  The doctrine of administerial responsibility says you have to put it right.

The PM sent in the Inspector-General when notified, informed the public what had happened, released the IG’s report, and gave the GCSB a powerful public booting.  Other PMs might have kept it all private.

Palmer was asked:

Is there a need do you think then, for a wider inquiry?

His response:

Well I think you have to be very careful about this.  These two intelligence agencies, the GCSB and the Security Intelligence Service are both intelligence agencies.  You can’t have an open inquiry like a commission of inquiry with evidence in public about that, because these agencies will cease to be any use if their secrecy is not preserved.

Hat Tip to Whale for the Slate link.

The report is online here. It seems that the only information the Police asked of the GCSB was where he would be on a particular date and time, to minimise risks around his arrest. This is quite different from collecting information to be used in the prosecution around him.

The PM has said:

“At the time in question, Kim Dotcom was not a New Zealand citizen. He was, however, classed as the holder of a residence class visa, but it was not interpreted by the Police or GCSB at the time that he fell into the protected category of permanent resident.

“The GCSB relied on information provided to it by the Organised and Financial Crime Agency New Zealand. In my view, reliance on another party by GCSB is unacceptable.

“GCSB had a responsibility to fully understand what the change to the Immigration legislation in 2009 meant for its own operations, including whether individual visa holders were protected or not.

“It is the GCSB’s responsibility to act within the law, and it is hugely disappointing that in this case its actions fell outside the law. I am personally very disappointed that the agency failed to fully understand the workings of its own legislation.”

“I have received an apology from the Director of the GCSB and an assurance that he will take every step to rebuild public confidence in his organisation.”

As part of that process, Mr Key has sought an assurance that there are no other cases of people’s communications being intercepted unlawfully. The GCSB will be reviewing past cases back to 2009 when the Immigration Act was changed, and will report to the Prime Minister and the Inspector-General on this matter as soon as possible.

The GCSB will also:

• Establish new approval processes in the support of Police and other law enforcement agencies. This type of operation is halted meanwhile.
• Agree with Police and other law enforcement agencies how to confirm immigration status, before operations in support of law enforcement activity are undertaken within New Zealand.

The GCSB will submit these proposed changes to the Inspector-General in advance of their implementation.

So as I understood it they knew he was a resident, but did not think his type of residency was one which qualified him to be regarded as a permanent resident.

Later in this post, I’ll come to how the NZ law enforcement agencies have behaved, but initially I want to cover Dotcom himself. While I admire his intelligence, technical, gaming and PR skills, I’m not quite in the category that he is a poor little innocent victim.

First of all, it is worth recalling he does have a less than clean record to date, before Megaupload. Specifically:

• hacking, including selling access codes
• arrested trafficking in stolen phone calling card numbers
• convicted of 11 counts of computer fraud and 10 counts of data espionage
• accepting gang-related stolen goods
• guilty of insider trading in Germany’s then largest ever case of its type
• guilty of embezzlement

The pattern is someone who is very focused on making money, and pushes the rules, sometimes breaking them.

There is also a reasonable amount of evidence he is a bit of a fantasist, as detailed here. No that’s fine – we all want to be James Bond to some degree, but it is perhaps a reason not to regard everything he says as the holy gospel.

We then have Megaupload. This case is essentially about copyright infringement. I think most people know I was a prominent campaigner against the original S92A and the blackout campaign as it would have seen people lose Internet access upon accusation.

I’ve generally been against most of the demands of the music and film industries with NZ copyright law, and am involved in the fair deal campaign to support NZ standing firm in the TPP negotiations against any provisions which would require a change to our domestic intellectual property laws.

I’m also very firmly in the camp that Internet sites should not be held responsible for the actions of their users, so long as they comply with the law.

However on the basis of evidence seen to date, I don’t quite buy the argument that Megaupload was merely a file-sharing service the same as YouTube or Rapidshare. Their business model is one that arguably encouraged peoplee to not just share popular infringing material, but to make money from it – as did Megauplaod. Quite different to non-commercial torrent sharing.

It is claimed for example that one user, VW, uploaded 17,000 files over six years resulting in 334 million views, and none of the files had ever been deleted, despite takedown notices. My understanding is that links to files were deleted, but not files.

In my personal opinion, Dotcom built a business absolutely based on making money from people sharing popular files, that they did not have copyright of. There is a reason it become 4% of all Internet traffic.

However there is a big *If*. He may have done it legally. While one can debate the ethics of certain actions, it is the law which states enforce. He may have managed to set up his business model in such a way that he made tens of millions from the site, and didn’t break US laws. Ultimately this issue will be decided by Judges – initially in NZ on whether there is enough evidence of offences that would be illegal in both NZ and the US – and then if extradited in the US in a trial.

As with his previous actions, I think Dotcom set out to push the law to its boundary. He may have stepped over. He may not have. That is for the legal system to decide. But I don’t accept the analogy that Megaupload operated just like YouTube or Rapidshare, and that a guilty verdict for Dotcom would affect those other sites greatly.

We then come to the NZ side of things. The exact details of the GCSB role should be made public soon, and will be fascinating. Graeme Edgeler has an excellent post on this issue. He raises the issue of should the GCSB have been involved at all, even of Dotcom did not have residency.

The overall impression I have of NZ law enforcement agencies is they were desperately keen to impress the boys from the US. To have the FBI and likes over here saying this guy is wanted for hundreds of millions of dollars of charges, and this case will be globally massive seemed to have got people into a mindset that we have to make sure we don’t disappoint Uncle Sam by just sending in Constable Smith to interview Dotcom.

Caution seems to have been thrown to the wind, in an attempt to impress that we are up to the job. Ironically the opposite has happened, and NZ authorities have ended up with egg on their face several times. Nowhere it seems were senior officials saying “Hey, let’s slow down and make sure everything is watertight and double checked”. The list of mistakes include:

• An arguably over the top use of Police resources in the original raid. Armed Police were warranted as Dotcom did have weapons and did not initially surrender, but not sure quite that much force was needed.
• A paperwork error saw his property seized without giving proper notice
• Invalid search warrants for the raid
• The probable unlawful interception of communications by the GCSB

NZ authorities absolutely have an obligation to assist the US with legal extradition efforts. I am not one of those saying we should not have co-operated. If someone broke the law in NZ, and lived in the US, we value the fact that extradition treaties allow them to be sent to NZ.

Whether or not Dotcom broke US law is a matter for Judges. It is unknown at this stage if any significant evidence will be inadmissible due to mistakes made by NZ authorities.  Time will tell. And as I have said, I think Dotcom’s strategy was to push the boundary of the law as far as he could, and he may or may not have stepped outside it. Ultimately that is not a matter for us.

What is a matter for us, is the response from NZ law enforcement agencies. I doubt I am alone is concluding the culture was shall we say too overly enthusiastic, and not cautious enough. The end result has been considerable embarrassment for them, for the Government, and potentially a significant weakening of the case against Dotcom. Hopefully there will be lessons learnt.

I was about to blog my theory that the GCSB was monitoring the communications of the Finns involved with Megaupload, and failed to throw away any communications involving Dotcom. Then I read in stuff, that is pretty much what happened:

The Kim Dotcom extradition case could collapse after government spies were found to have illegally bugged the Megaupload millionaire.

The Government Communications Security Bureau unlawfully snooped on Dotcom and co-accused Bram van der Kolk, it emerged yesterday.

Prime Minister John Key said he was “quite shocked” by the revelation and has ordered a probe by an independent watchdog. But he has refused to take responsibility for what he said was “a mistake, an error”.

It appears the blunder occurred because security services were unaware German Dotcom and his co-accused were New Zealand residents. The GCSB is only permitted to monitor foreign intelligence.

Labour and NZ First have been trying to score petty points over this with John Key. If Shearer or Peters could point to an actual single thing that they think John Key did wrong, or that they would have dine differently, then they may have some credibility. The simple fact of the matter is the moment Key was informed, he ordered a full inquiry.

Peters and Shearer have been claiming that Key must have signed an interception warrant, and hence must have known of Kim Dotcom before he claims he did.  This just shows their woeful understanding of the GCSB Act 2003. What is alarming about this, is they are both current or former members of the Intelligence and Security Committee of Parliament. Key has confirmed he was not asked to sign an interception warrant or briefed o the operation in advance.

It throws into question the attempt to extradite Dotcom to the United States on anti-piracy charges.

Yes, and no. The extradition is primarily on the evidence compiled by US authorities. However any evidence which was based on unlawful GCSB intercepts will not be allowed in court. It is unknown at this stage, what this is.

Dotcom responded to the revelations by tweeting: “I’m now a real life James Bond villain in a real life political copyright thriller scripted by Hollywood and the White House.” He called the GCSB “the NZ equivalent of the CIA”.

I responded, pointing out that they are in fact more the NZ equivalent of the NSA. The CIA equivalent is more the SIS.

PM John Key has announced:

Prime Minister John Key today announced he has requested an inquiry by the Inspector-General of Intelligence and Security into the circumstances of unlawful interception of communications of certain individuals by the Government Communications Security Bureau.

Mr Key says the Crown has filed a memorandum in the High Court in the Megauploadcase advising the Court and affected parties that the GCSB had acted unlawfully while assisting the Police to locate certain individuals subject to arrest warrants issued in the case. The Bureau had acquired communications in some instances without statutory authority.

After being informed about the matter by the Director of the GCSB on September 17, the Prime Minister referred the Bureau’s actions to the Inspector-General, Hon Paul Neazor. The Inspector-General is an independent statutory officer with the power to enquire into any matter related to a government intelligence agency’s compliance with the law.

Mr Key says he has also asked the Inspector-General to recommend any measures he considered necessary to prevent the issue from happening again.

Mr Key expressed his disappointment that unlawful acts had taken place.

“I expect our intelligence agencies to operate always within the law. Their operations depend on public trust.

“I look forward to the Inspector-General’s inquiry getting to the heart of what took place and what can be done about it,” says Mr Key. “Because this is also a matter for the High Court in its consideration of the Megaupload litigation, I am unable to comment further.”

There have been so many stuff ups by law enforcement in this case, that once the court action is concluded it could be worth having a wider inquiry into the entire way NZ authorities deal with extradition cases such as this.

It’s good there is no attempt to hide what happened, and that there will be a formal inquiry into what the GCSB did, and who was responsible for authoring actions that they did not have authority for.