The new GCSB Director

May 26th, 2016 at 10:00 am by David Farrar

Stuff reports:

He had an early exposure to the murky world of espionage when called on as director of the Office of Treaty Settlements to give evidence about claims the intelligence agencies had spied on Maori organisations and provided information to the Crown in their negotiations.

That was news to him at the time, says Hampton, and – as it turned out – news to the intelligence agencies also, given that it turned out to be a “complete hoax”.

“So I’ve not necessarily believed everything I read. But yeah, there was public concern so I wanted to reassure myself there wasn’t a basis for it. But people don’t need to take my word for it: the [Michael Cullen, Patsy Reddy] report did a really good job of looking at what GCSB does and concluded they don’t consider there is any mass surveillance underway.”

Hampton’s appointment is the next step in the evolution of the GCSB as it is brought blinking into the public glaze after years of living in the shadows. Like his predecessors – acting director Una Jagose and, before her, career public servant Ian Fletcher – Hampton’s appointment breaks with the tradition of GCSB directors drawn from the military and diplomatic worlds.

I think that has been a major beneficial change under this Government – that both the SIS and the GCSB are no longer run primarily by ex military staff. Nothing against those staff, but there was a culture that absolutely everything had to be secret, rather than assessing the balance between operational security and transparency.

Prior to the GCSB, he was at the Education Ministry (helping sort out the Novopay debacle), Crown Law and chief talent officer at the State Services Commission. And like his counterpart at sister agency the Security Intelligence Service, Rebecca Kitteridge, Hampton brings a public service sensibility to the job. He is focused on GCSB’s “customers”, and liberally uses words like accountability, transparency, and added value – things the GCSB was not so good at a few years ago.

The change has been difficult and necessary; the story of the GCSB’s bungled spy craft in relation to German entrepreneur Kim Dotcom is now history, but it remains dogged in controversy as the Inspector General of Intelligence and Security, Cheryl Gwyn, probes a series of allegations, including that the agency wrongly spied on Kiwis in the Pacific, and used its eavesdropping powers to snoop on rival candidates for the job of World Trade Organisation boss when our Government was backing former trade minister Tim Groser for the job.

Hampton says he can’t talk about the specifics of any of those inquiries but points out they are “legacy” issues, pre-dating not just himself, but his two predecessors.

But, as he is at pains to note, it shouldn’t come as a surprise to anyone that the GCSB collects foreign intelligence.

“One of our three core roles is to gather foreign intelligence. That is what we are [tasked] with doing. It’s not for us to set out own intelligence priorities, they are set for us by the Government of the day. Nor is it for us to decide what to do with that intelligence. We are not an enforcement agency. But the fact we do seek intelligence about the intentions, capabilities, and activities of foreign parties shouldn’t come as a surprise. That’s one of the key reasons we exist.”

The Inspector-General reports will be interesting. I doubt much will come of the Pacific inquiry as from what I have read any material picked up accidentally from NZers in a foreign country is disposed of. The WTO inquiry could be more interesting as that will focus on whether gathering intelligence on that contest fits within the purposes of the Act.

The Security and Intelligence Review

March 9th, 2016 at 3:00 pm by David Farrar

John Key has announced:

Prime Minister and Minister of National Security and Intelligence John Key today welcomed the report of the Independent Review of Intelligence and Security.

“The report contains an extensive range of recommendations which aim to improve the clarity and consistency of the legislative framework governing the security and intelligence agencies,” says Mr Key.

“The central recommendation is that there should be a single, comprehensive Act covering both the agencies and their oversight regime.

“The Government must now carefully consider its response to these recommendations and it will do so with the intention of reaching as broad a political consensus as possible,” says Mr Key.

The Independent Review of Intelligence and Security report is available at:

We know the Greens will oppose basically everything. Their policy previously was to abolish one or both of the intelligence agencies.

NZ First’s stance depends on what mood Winston is in.

So the real focus will be on Labour, and their position. This is their former deputy leader and deputy PM who was one of the two reviewers. Will they listen to Cullen or listen to some vocal activists?

The central conclusion is:

There should be a single, integrated and comprehensive Act of Parliament that lays out in plain English how the [intelligence] agencies are constituted; what their purposes are; how all their intelligence and security activities are authorised; and how they are overseen so as to protect those freedoms and liberties that are part of what we are as a nation.

Other recommendations are:

  • Both agencies become departments under the State Sector Act
  • Recommend removing the current restriction on the GCSB taking any action for the purpose of intercepting New Zealanders’ private communications as the restriction is confusing, does not protect New Zealanders to the extent it suggests, and hinders the Agencies’ ability to assist the government to protect New Zealand against security threats. Instead, protections for New Zealanders should be implemented through a strengthened authorisation framework. If the Agencies wish to carry out any activity for the purpose of targeting a New Zealander, a warrant approved by both the Attorney-General and a judicial commissioner should be required.
  • The legislation should require some form of authorisation for all of the Agencies’ intelligence and security activities, to ensure that appropriate safeguards apply to everything they do, with a three tier approach
  • We recommend introducing a panel of at least three judicial commissioners, headed by a Chief Commissioner of Intelligence Warrants
  • The Inspector-General should be appointed by the Governor-General on the recommendation of the House of Representatives.
  • The ISC to have up to seven members, and elect its own Chair who would normally not be the PM

Fisher on the intelligence agencies

November 10th, 2015 at 11:00 am by David Farrar

A long and interesting piece by David Fisher on the intelligence agencies:

John Key has opened up the spy agencies to public scrutiny in a way which we have never seen in New Zealand.

We know more now about what they do and even how they do it.

We know how the two agencies are managed, in that the GCSB and NZSIS both have top-flight lawyers in charge.

There will always be those who say we don’t know enough. For those people, we now have improved oversight of the agencies. This also happened under the Prime Minister’s watch as minister in charge of the agencies.

The new Inspector General of Intelligence and Security Cheryl Gwyn – another superb lawyer – has been a breath of the freshest air.

Mr Key has since stepped away from directly overseeing the agencies, which is a further liberation. It seems right that the most powerful weapons of state should sit with someone whose role is to objectively challenge his Cabinet colleagues.

Now, even at a ministerial level, the SIS and GCSB answer to a lawyer, this time Attorney General Chris Finlayson.

In terms of oversight and public disclosure, we are heading into an era unparalleled in our history. Citizens now have more ability to see and have explained the tasks done in their name. Again, it might not be enough but it is considerably more than we have had before.

I’m glad to see this recognition. If you go back 10 years, no PM would answer any question on the intelligence agencies. The oversight reports were few and extremely bland. It is vastly different to what we have today with both the Inspector-General and the two directors going into considerable detail (within reason) of what they do.

That’s where we have come to, three years after Mr Key had to admit Kim Dotcom and one of his co-accused had been illegally spied on by the GCSB. He also had to apologise – a concession which must have been galling.

That single event appears to be the point at which the Prime Minister stopped taking at face value the assurances given by the intelligence agencies, and began a programme for reformation which is huge in its scale and largely behind closed doors.

I think that was a catalyst, aided by the Snowden revelations. He sent in the Cabinet Secretary to review their compliance, and having found it lacking, then made her one director, and two deputy solictor-generals the other director and the Inspector-General. They are not just all lawyers, but all lawyers whose background is very focused on legal compliance.

But there have also been reports which paint a picture of the state of New Zealand’s intelligence services, past and present. None are individually explicit in their descriptions of how bad it was but the collective run of reports gives an impression of the intelligence community as an isolated part of government, lost to the public they were serving, changing purpose and shape under a cloak of secrecy.

There is a pattern which flows through these reports, whether it be NZSIS boss Rebecca Kitteridge’s investigation into the GCSB, or the Performance Improvement Framework reviews or the most recent Gwyn report. Every reviewer is insistent staff at these important and powerful agencies all had good intent, but that they were left operating in frameworks not quite right, or in some cases flat out wrong.

It is almost tragic the intelligence services sought out such eager and patriotic staff only to subject them to a bureaucratic acid trip.

Part of the problem I think is that the culture was too mixed in with the military, and the senior leadership all tended to be ex-military. Top military officers often have some very fine skills, but they are not necessarily all the skills you need to have an agency working correctly.

John Key’s response to a community which cultured problems and surprised him with embarrassment was to throw back the curtains, hire his own directors and to put serious lawyers in charge. There are those within horrified at their new reality, which includes the need to “inform the public of what we do and why it is so important”, as one recently disclosed report stated.

Accountability and transparency make the intelligence community one in which all New Zealanders have a stake, by simple virtue of it being more accessible.

John Key has made some mistakes in this area, such as personally requesting Ian Fletcher to apply. But I do think there hasn’t been enough focus on the massive changes he has introduced, and also how he personally has been far far more willing to talk on details of intelligence operations than any predecessor. There are some dangers with this, as you can’t go into detail on everything, and where you draw the line has consequences. But our level of transparency and independent review is far greater than in the past.

Inspector-General of Intelligence and Security Annual Report

November 4th, 2015 at 3:00 pm by David Farrar

The annual report of the IGIS is here, and her current work programme is here. Both are interesting reads.

What strikes me is how much more proactive the IGIS is, under their new powers and resourcing, than in the past when it was more cursory. The appointing of three lawyers to the top role in SIS and GCSB, along with of course the IGIS has made a huge difference.

Some items of interest in detailed 43 page report:

  • In particular, my office is now in a position, for the first time, to give an informed certification of the extent to which the compliance systems of New Zealand’s intelligence and security agencies are “sound”, as required by the legislation governing my office.
  • I am pleased to say the task of establishing a fully functioning, secure and fulltime oversight office has been achieved. The office, since February of this year, has comprised the Inspector-General, Deputy Inspector-General, IT Manager/Security Advisor, EA/Office Manager and four Investigating Officers.
  • In the reporting year, I received eight initial complaints and queries concerning security clearance matters and commenced four inquiries as a result. … In the course of these inquiries, I identified systemic shortcomings in the procedures followed by the NZSIS.
  • Where matters of expert judgement arose, NZSIS officers sometimes sought expert assistance, but on other occasions were left to rely upon their own non-expert assessments, for example in relation to clinical judgements and to financial audit matters. It did not disclose adverse information or inferences to candidates for response.
  • As one part of those remedies, I am pleased to acknowledge the agreement by the Director of the Service to give apologies to affected individuals.
  • The Office of the Inspector-General has not previously had a formal policy for dealing with protected disclosures. We have now developed a policy
  • On 9 December 2014, the US Senate Committee on Intelligence published redacted findings, conclusion and executive summary of its report on the CIA’s detention and interrogation programme. This report documented instances of torture and inhumane treatment of detainees in the period between 17 September 2001 and 22 January 2009.
  • As a result of the Senate report and related material, I identified a public interest in inquiring into whether New Zealand’s intelligence agencies and personnel knew or were otherwise connected with or risked connection to the activities discussed in the US Senate Report. To address that interest, I commenced an own motion inquiry.
  • I certify that the (GCSB) Bureau has sound compliance procedures and systems in place.
  • As noted above, the Service lacked a compliance framework and policy, audit framework and dedicated staffing throughout this reporting period. The absence of structures and policies meant that NZSIS staff, despite their best intentions, were not sufficiently supported to ensure compliance with NZSIS legal and policy obligations. For those reasons, I cannot conclude that NZSIS had sound compliance procedures and systems in place.

As I said the report is fascinating and far far more detailed than anything I have seen before. The IGIS has found that the GCSB systems are now sound, but the SIS systems are still a work in progress, and are not yet good enough. It is good to have this transparency.

GCSB opens up

September 30th, 2015 at 4:00 pm by David Farrar

The Herald has a copy of the speech by GCSB Acting Director Una Jagose who has given more details of Project Cortex.

Cortex is mostly automated, with machines using information and patterns gleaned from previous attacks to scan data and systems for points of weakness and possible intrusions.

Of all data analysed, less than 0.005 per cent has to be reviewed by GCSB staff, Ms Jagose said, and there were “extraordinary” controls about how it was handled.

“Rules limit the number of people who can access it – all of them who can are computer defense specialists – who must indicate and show they have a clear understanding of the rules.

“And the Inspector General [of Intelligence and Security, Cheryl Gwyn] can view all of it. She can see a complete log of what has happened, and recorded reasons why any of that activity has been taken in relation to that data, or why an analyst is viewing that data.

“We cannot and don’t use it for any other purpose. That intelligence – sorry, that information gathered – is used for defending out networks. It is all about cyber security.”

Asked if customers of a company that is protected by Cortex were likely to understand that data may be reviewed by GCSB staff, Ms Jagose said organisations had to advise those who interact with their security systems that communications may be accessed for security purposes.


It is good to see the GCSB being more open about what they do in the cyber-security area, and also the safeguards.

Worth reading the full speech – it is very interesting.

Activists stop GCSB from being more open – well done!

September 11th, 2015 at 3:23 pm by David Farrar

Radio NZ report:

Una Jagose was about to deliver an address to a Privacy Commission technology forum in Wellington, when two anti-GCSB protesters unfurled a banner in front of the podium and refused to move.

One man from the audience appealed to the two women to allow Ms Jagose to speak, as that was what they were there to hear, but the protesters said they intended to remain for the duration of the speech.

Privacy Commissioner John Edwards then decided to cancel the event.

Afterwards, Ms Jagose said the agency had heeded public calls for greater transparency.

“Protests are a legitimate part of the democracy that we live in and I like the democracy that we live in – so is the work that the bureau does, a legitimate part of the democracy we live in,” she said.

“So it was a shame that one stopped the other from going ahead today.”

It looks like one of the protesters is Valerie Morse, whose commitment to peace is so sincere she runs around the Ureweras with illegal guns.

Ms Jagose said she was very happy to field questions from the audience, but not to deliver her speech over the top of the protest banner.

“I was going to talk about the work that we do both in foreign intelligence and cyber defence, and talk about the systems of oversight and the controls that are in place.

“I was going to talk a lot more about more than we’ve ever talked about before in public about our cyber security programme, called the Cortex programme – how we look at the privacy interests related to that programme, how it works, how it’s controlled, what it is.

“Stuff that we’ve never said before.”

Ms Jagose said she would still get more detail out to the public, and would reschedule her speech for a later date.

Mr Edwards said, in his view, the protesters were there to disrupt and prevent the messages from coming out, and he wasn’t prepared to subject his guest and the audience to the “spectacle of people being dragged out” by security.

“That would have suited the protesters, I’m sure, to have been able to garner more media attention and to shout their message but there’s no need for that.

“This is about freedom of speech; if they use their speech to shut down this really important development in the opening up of the organisation, then I think they’ve acted counter to their interests frankly.”


Well said John Edwards.

Good to see the Privacy Commissioner working with the GCSB, encouraging them to be more open with their activities. That is a good thing, and it is a pity the protesters prevented this happening.

Another IGIS inquiry

May 15th, 2015 at 10:00 am by David Farrar

The Inspector-General of Intelligence and Security has announced:

The Inspector-General of Intelligence and Security Cheryl Gwyn has commenced an inquiry into the way the Government Communications Security Bureau (GCSB) considers undertaking foreign intelligence activities.

The inquiry is in response to issues recently raised around a Minister of the Crown’s bid to become Director-General of the World Trade Organisation.

“I consider the issues raised about the process followed when the GCSB considers undertaking particular intelligence activity are of sufficient public importance to warrant an own motion inquiry,” Ms Gwyn said.

“While it is unlikely that I will be able to publicly confirm or deny the specific allegations relating to this process, I can inquire more generally into how the GCSB determines, within its statutory constraints, what intelligence activity to undertake and what policies and procedures are in place to regulate its activities.” …

The Inspector-General will approach the inquiry in terms of the following questions: 

  • how the GCSB determines whether proposed foreign intelligence activity falls within its statutory functions and within New Zealand’s particular intelligence requirements;

  • whether and how the GCSB assesses the benefits and risks of the proposed activity;

  • where there may be any issue of potential or perceived political advantage, how the GCSB identifies and manages any issue that may arise from its duty of political neutrality; and

  • how the GCSB keeps the responsible Minister(s) and the Commissioner of Security Warrants informed, and ensures effective ministerial oversight, particularly where the proposed activity involves a potentially contested assessment of the international relations and well-being and/or the economic well-being of New Zealand.

We have a strong system of checks and balances. The Inspector-General has shown a pro-active approach to her job, which was the intention of the recent law changes and increased resourcing. Her review is welcome.

Cullen to head up security law review

May 14th, 2015 at 10:00 am by David Farrar

Amy Adams announced:

A former Deputy Prime Minister and a respected lawyer are to lead the first regular review of New Zealand’s security and intelligence agencies, Acting Attorney-General Amy Adams announced today.

Ms Adams says she intends to appoint Sir Michael Cullen and Dame Patsy Reddy to carry out the review.

“This will be an important and challenging review, and I’m pleased Sir Michael and Dame Patsy have agreed to lend their expertise to the task. They bring complementary skills and experience to the role. Sir Michael is a former member of the Intelligence and Security Committee and has knowledge of national security issues. Dame Patsy has extensive governance experience and legal expertise,” Ms Adams says.

Having Michael Cullen as one of the reviewers is an inspired move, as he will take a sensible approach to such a vital issue, and it will be very difficult for certain political parties to attack the recommendations if he is part of them.

Do we benefit from Five Eyes?

April 21st, 2015 at 12:00 pm by David Farrar

David Fisher writes in the NZ Herald:

The law also says such intelligence gathering must be to support the “national security of New Zealand”, the “international relations and well-being of New Zealand” and “the economic well-being of New Zealand”.

The issue which does arise is our motivations for doing so – and whether those are purely New Zealand’s motivations.

A National Security Agency document, among other material taken by Snowden, states that the GCSB “continues to be especially helpful in its ability to provide NSA ready access to areas and countries that are difficult for the United States to access”.

In essence, our relationship with China is of use to the US and allows New Zealand to operate as a Trojan Horse – or even Trojan Kiwi – for NSA intelligence gathering efforts.

Beyond doubt the US (and UK, Australia and Canada) benefit from NZ being in Five Eyes. We get them intelligence they could not easily get elsewhere.

But by the same basis, New Zealand I am sure benefits greatly by being able to access intelligence gathered by the US, UK, Canada and Australia.

This is why countries agree to co-operate on things – when it benefits both sides. And I’d say with this agreement, we gain a hell of a lot more than we give.

We present internationally as a proud, South Pacific country which is forging its own principled path through history. In our bid for a seat on the UN Security Council, Prime Minister John Key said: “New Zealand has an independent foreign policy outlook that listens to and respects the views of other countries.” Our branding for the bid carried the words: “Integrity, independence, innovation.”

It appears, from the Snowden documents, our “independent foreign policy” is supported by a dependence on the Five Eyes intelligence network of Australia, Canada, New Zealand, the United Kingdom and United States.

This argument is made a lot, often by people from the left. But I think it is a nonsense argument to suggest being in Five Eyes is incompatible with having an independent foreign policy.

First I would note empirically that we got elected to the Security Council despite our involvement in Five Eyes known to all UN members. And I am sure those countries no exactly what that means – as they do much the same when they can.

But more to the point an intelligence sharing arrangement is a fairly minor part of overall foreign policy. People judge our foreign policy on numerous things – what conflicts we get involved in, how we vote at the UN, what we say, how we deal with their countries, who we trade with etc etc.

Being independent is not the same as being non-aligned.

Successive Prime Ministers have said New Zealand gets a great deal more our of the relationship than we contribute.

I’d say a huge amount more.

Former Prime Minister David Lange carved a path for an independent foreign policy on nuclear weapons. He said in the famous Oxford debate “we have been told by some officials in the United States administration that our decision (to be nuclear-free) is not, as they put it, to be cost-free; that we are in fact to be made to pay for our action”.

It was a threat made, said Lange, “not by our enemies, but by our friends”.

If we tap the Chinese data link ourselves – assuming we are capable and it is worth the effort – and don’t pass on information, do our Five Eyes partners refuse to tell us of terror plots in our backyard?

That’s being silly, even stupid. Security agencies swap information almost daily to help prevent terror plots. Even unfriendly countries such as China, Russia and the US will share information to help prevent terror plots.

Five Eyes is a formal agreement to share all foreign (not domestic) intelligence information with each other, and (this is important) not to spy on each other. It means we don’t have to ask the US on a case by case basis to access their foreign intelligence, and vice-versa.

New Zealand has its own inquiry to come. United Future Peter Dunne voted for the new GCSB Act secure in the knowledge he had won from Mr Key a regular inquiry into the activities of the security agencies, the first due to begin prior to the end of June 2015.

Presumably the inquiry will see New Zealand talking about the activities of its security agencies.

As a forum, its a good place to answer the question about our Trojan Kiwi spying on China.

If the nation is making trade-offs, does the nation need to know?

The nation knows about Five Eyes. It will not be a bad thing to debate generally our security arrangements.

But there is a difference between publicising the agreement, and publicising details of specific interception activities. Doing the latter benefits countries other than NZ – the exact thing that it is being suggested the Five Eyes agreement does.

We spy on China and China on us

April 19th, 2015 at 12:00 pm by David Farrar

The Herald reports:

Our spies and America’s top government hackers cooked up a plan to crack into a data link between Chinese Government buildings in Auckland, new Edward Snowden documents reveal.

The project appeared aimed at tapping data flowing between the Chinese consulate and its passport office in Great South Rd — and using the link to access China’s computer systems.

The revelation is the most explosive of the information about New Zealand revealed in the Snowden documents — and has sparked a firm Chinese diplomatic response giving rise to concerns our security relationship with the United States is impacting our trade relationship with China.

A Chinese Embassy spokesman told the Herald on Sunday: “China is concerned about relevant report. We attach great importance to the cybersecurity issue.

“We will firmly safeguard our security interests and continue to guarantee our cyber and information security with concrete measures.”

Everyone who travels to China knows they will be spied on. The Chinese Government spies on every official they can of other Governments, and of course we try to spy on them. While we have a positive relationship with China, their interests are very different to ours, and the job of the GCSB is to gather foreign intelligence.

The difference is that if someone in China published details of the Chinese Government’s programme for spying on NZ and the US, they would be regarded as a traitor and executed.

I’m glad we live in NZ where media can publish what they want, without sanction from the state. However I do wish they would consider whose interests are served by publishing such details.

Salmond on GCSB

March 24th, 2015 at 9:00 am by David Farrar

Rob Salmond blogs:

I am not a serial apologist for the GCSB. I think,f or example, that their recently-uncovered trick for feeding New Zealanders’ information to the NSA is entirely too cute. I think this morning’s New Zealand Herald story, however, about the GCSB spying for Tim Groser is somewhat overblown.

The most critical question is whether trying to help Tim Groser’s, ahem, optimistic bid to become WTO Director-General falls within the GCSB’s legal mandate. I say it does. Here’s section 7 of the GCSB Act, which gives the Agency’s objectives:

The objective of the Bureau, in performing its functions, is to contribute to—
(a) the national security of New Zealand; and
(b) the international relations and well-being of New Zealand; and
(c) the economic well-being of New Zealand.

I can readily see the argument that having our own person at the head of the governing body for world trade, however unlikely he was to actually get the job, would be good for the economic well-being of New Zealand, therefore falling under subsection (c). You could make an argument for (b), too.

If the activity was illegal, then I’m sure the Inspector-General would say so. We have a system of checks and balances to make sure any foreign intelligence gathering occurs within the law. Hager may not like what is done, but that does not make it illegal.

SIS and GCSB annual reports

March 16th, 2015 at 12:00 pm by David Farrar

They are both an interesting read. The SIS report is here. Some extracts:

Our work in 2013/14 had a significant operational focus on individuals with links to groups in both Iraq and Syria such as the Islamic State/Islamic State of Iraq and the Levant (ISIL). This work has involved investigations into individuals already embedded with terrorist organisations overseas, New Zealand citizens or permanent residents based both in New Zealand and offshore with intentions to travel overseas to engage in politically motivated violence, and individuals who are facilitating others to travel and those engaged in funding terrorist organisations.

By preventing these individuals travelling to engage in violent extremism, the NZSIS assesses that there is a real likelihood that the lives of these individuals may have been saved. In addition, had they managed to get to Syria and fight, the NZSIS has prevented the risk of battle-hardened individuals returning and compromising New Zealand’s security.

I wouldn’t mind them going so much if we could stop them returning. But generally we can’t.

Women comprise 40.5% of the NZSIS. The NZSIS achieved a significant milestone in 2013/14 with the appointment of its first female Director, Rebecca Kitteridge, and four of the nine roles that make up the NZSIS Senior Leadership Team are currently held by women.

I suspect that is very different to the past.

The NZSIS operates within an oversight and accountability framework that includes the Executive, Parliament, and independent authorities such as the Inspector-General of Intelligence and Security, the Commissioner of Security Warrants, and the Offices of the Privacy Commissioner and Ombudsman. This multi-layered approach to oversight provides an assurance that the NZSIS’s work is transparent at a number of levels.

The institutional checks are very important.

Fifty-one (51) domestic intelligence warrants were in force. Of those, thirty-four (34) were issued during the reporting period, and seventeen (17) were issued during the previous year but remained in force for some part of the reporting period.

The average length for which those warrants were in force during the reporting period was 134 days.

So a warrant is issued around every 10 days.

The GCSB report is here.

A total of 19 interception warrants were in force during the 2013/14 year. A total of 14 interception warrants were issued during the 2013/14 year.

A total of 59 access authorisations were in force during the 2013/14 year. A total of 48 access authorisations were issued during the 2013/14 year.

So the total number of warrants issued last year for the SIS and GCSB combined were 96. It is not a huge number.


Does Danyl want the GCSB to have the power to spy domestically?

March 15th, 2015 at 7:00 am by David Farrar

Danyl at Dim-Post blogged:

The justification for the expansion of the GCSB’s powers back in 2013 to give them the power to spy on New Zealanders was that there are ‘bad guys’ in our country. Terrorists. Radicals. Evil-doers who would harm innocent civilians or attack the economic infrastructure of the country to further their own deranged agenda.

What the GCSB is actually doing, we’ve learned from the Snowden leaks, is spying on New Zealanders – and everyone else – in Tuvalu, and Kiribati, and the Cook Islands, and the Antarctic research bases. And at the same time the police appear powerless to apprehend an individual or group threatening to murder babies and cripple the New Zealand economy by poisoning infant milk powder.

It is almost beyond doubt that the person or persons responsible is a New Zealander. This means that the GCSB can’t intercept their communications – both under the new and the old law.

So Danyl holding them up as a failure of the GCSB is bizarre. It is like blaming the Ministry of Education for the fruit fly problem.

The recent law change merely explicitly gave the GCSB the ability to provide technical support to other agencies such as the Police and SIS – if there is a warrant.

As no one knows who the person responsible is, then there can be no warrant to intercept their communications, so it is no surprise that the Police have not been able to locate them.

If in fact the GCSB did have the awesome powers and abilities that hysterical people claim they have, then it is possible the person responsible would have been located. So I can only assume this is what Danyl is demanding – greater powers for the GCSB.

Less surveillance than seven years ago

March 14th, 2015 at 7:00 am by David Farrar

Some very interesting revelations in the testimony to the Intelligence and Security Committee. Andrea Vance reports:

New Zealand’s foreign spies are gathering less intelligence than they did seven years ago, the country’s top spook says.

Can we banish the term “top spook” especially as they use it for both the GCSB and SIS directors.

Acting director of the Government Communications Security Bureau Una Jagose has been in the job just ten days, following the resignation of Ian Fletcher. 

Jagose was answering a question from Prime Minister John Key, who was chairing Parliament’s Intelligence and Security Committee. It is just the second time the committee has been open to the public.

“As I understand it, today we collect less intelligence than we did seven years ago…there hasn’t been any radical shift upwards as has been suggested in the media.”

Ms Jagose is a lawyer, as is SIS Rebecca Kitteridge. The intelligence agencies have not always acted well in the past, but this Government has in fact gone to great lengths to break down the military old boys network that used to run them.

Not only are both entities now run by lawyers, whose primary focus is compliance, they are both women (also a first) and non-military.

Labour’s Andrew Little tried to get to the bottom of whether the agency carries out mass surveillance or collection, and what is meant by “full-take collection”, as referenced in the Snowden documents. 

“It is very difficult to answer the question about what does it mean because it means different things to different people,” Jagose said. “The connotation that I get from those phrases is some indiscriminate, for no purpose, not necessary collection of information for collection’s sake and we do not do that. What we do is lawful and authorised and necessary and proportionate and all of it…subject to independent oversight and you don’t have to take that from me. The public can take that from the systems that are to test that.” 

Now Jagose has only been in the job a few weeks. I can’t imagine she is lying to cover up – plus the Inspector-General can verify that.

Jagose, and Security Intelligence Service director Rebecca Kitteridge, spent time detailing the oversight mechanisms both agencies are subject to.  Jagose says all collection of information by her agency must be done under a warrant

“The very collection of information is authorised… so it’s not that we collect information and then seek authorisation for particular target issues. Everything we collect is authorised… the speculation in the public is that there is this wild collection of information for no purpose and then we have a look at it. In fact, collection is done for a purpose, and authorised.”

Labour’s David Shearer questioned if this applied to all foreign intelligence surveillance. “If we have a foreign intelligence target that we want to intercept, or otherwise access their communications, yes that is warranted,” she said. Inadvertently collected material from New Zealanders is destroyed, she said.

The ODT also reports:

The GCSB acting chief, Una Jagose, said the answer to the real tension between her bureau’s need for secrecy and the public’s demand for greater transparency lay the independent oversight of the agency, New Zealand’s foreign intelligence agency.

The post of Inspector General of Intelligence and Security is held by Cheryl Gwyn, a former deputy Solicitor-General.

“She is entitled to and does, come into the bureau at any time and she can look at anything she likes. She can question any of us under oath. She can ask for any document or explanation.”

The job used to be a part-time job held by a retired judge.

It is now full-time, with a full-time deputy and five investigators.

The checks and balances on the intelligence agencies have been greatly increased in the last few years – which is a good thing.

“In our business transparency and openness is not an easy matter. We have to make sure we do not inadvertently increase our vulnerability to people who don’t have New Zealand’s best interests at heart whether that is by revealing courses, methods we use or the targets we have.

“Actually we don’t want the people we are conducting foreign intelligence on or defending computer networks from to know we are looking at them or how we are doing that.

“And actually we don’t even want them to know what we are not capable of because that also gives insights into vulnerabilities.”

If the agency was more open with New Zealanders about what it did and did not do, people who did not have New Zealand’s interests at heart would have an advantage to act against New Zealand’s interests and give them an insight into its vulnerabilities.

“That would make the job of the Government, the bureau, the service a lot harder and possibly impossible.”

Worth remembering that Edward Snowden is holed up in Putin’s Russia, and oone thing you can guarantee is he won’t be revealing one single word of how Russia conducts intelligence gathering.

Field on spying in the Pacific

March 8th, 2015 at 10:00 am by David Farrar

Michael Field at Stuff writes:

It is not paradise out there in the South Pacific and while our friendly neighbourhood might be democratic and understand rugby’s off-side rule, corruption, self-interest and idiocy stalks their capitals. 

And dangerously surprising things like coups, civil war and mutinies happen, and they have a real and direct impact on New Zealand. 

The Snowden Papers suggest spying in the South Pacific is something new, but the reality is that we have been spying on Pacific countries for decades.

Back in 1914 London asked New Zealand soldiers to invade German Samoa. We said yes, but asked if they could give us some details of German defences. London replied we would look it up in an encyclopaedia.

These days acting like that is not on.

Time-shift to today and pick a Pacific country that suddenly finds itself with people being killed, buildings on fire and assorted bad people breaking into police armouries – as happened in the Solomon Islands. 

New Zealand’s Special Air Service was on the way to save lives – what are they expected to do for useful intelligence, Google it? 

Field makes the case that we need to do more than just collect metadata.

In the late-90s the Solomons was still known as the “happy isles” but some astute people were picking up whispers about dangerous people, one in particular, the little known Harold Keke. No one was spying on him but later he became a murderous warlord. 

So was Francis Ona, an obscure farmer who closed down the world’s biggest copper mine and sparked a decade-long Bougainville civil war. Much later into that civil war, New Zealand did a lot of spying there. 

We should have, because we were putting unarmed New Zealand soldiers on the ground.

The Snowden papers suggest we are massively collecting metadata across the South Pacific and sending it to the US. 

If this is the extent of the spying, then New Zealand’s tragedy is that we are not really listening at all to the Pacific.  

So often we have been taken by surprise. 

Foreign intelligence takes two forms. That you get by intercepts, and that you get through working networks, having conversations etc. We need both kinds.

This is the big revelation?

March 5th, 2015 at 9:00 am by David Farrar

Stuff reports:

Documents released today with refer to the Solomon Islands, Fiji, Kiribati, Tonga, Vanuatu, Nauru and Samoa as targets of the Government Communications Security Bureau.

What a stunning revelation. An agency whose mandate is primarily to collection foreign intelligence, collects foreign intelligence.

Fletcher resigns

January 13th, 2015 at 4:56 pm by David Farrar

The Herald reports:

Government Communications Security Bureau head Ian Fletcher is standing down after three years in the role.

GCSB Minister Chris Finlayson confirmed Mr Fletcher’s resignation this afternoon, saying it was “for family reasons”.

While there may be nothing at all to it, that phrase always makes me suspicious!

The minister said Mr Fletcher had decided that employing a new director would mean the same person could be involved in an upcoming statutory review of intelligence agencies and the implementation of any changes.

Makes sense, but is the the main reason?

Mr Little said Mr Fletcher’s three-year tenure had been a “rocky road” but noted that he had inherited some of the GCSB’s more problematic matters such as the fallout from the Kim Dotcom raid.

He said Mr Fletcher had done a “reasonably good job” leading the spying agency because New Zealand had not experienced the sort of cyber-attacks witnessed overseas.

I agree. The problems in the GCSB seem to have pre-dated Fletcher.

The Labour leader hoped the process of finding a new director was more transparent than the appointment of Mr Fletcher, which he said amounted to a shoulder-tap.

Fair to say that it would be better for the PM not to call any potential applicants directly. If he has names to suggest, he should just give them to the SSC to contact.

It was cyber-war

December 20th, 2014 at 9:00 am by David Farrar

Stuff reports:

The FBI has confirmed North Korea was behind the cyber attacks on Sony Pictures.

“As a result of our investigation, and in close collaboration with other US Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” a FBI statement said.

“While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,” the FBI said in the brief statement.

“Further, North Korea’s attack on SPE (Sony Pictures Entertainment) reaffirms that cyber threats pose one of the gravest national security dangers to the United States.”

The FBI said that it had “determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications.”

“The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.”

While it has seen a rising number of cyber breaches, “the destructive nature of this attack, coupled with its coercive nature, sets it apart,” the FBI said.

It’s at times like this I recall the official policy of the Green Party is to abolish the GCSB, whose role is to protect the New Zealand Government against cyber-attacks.

Greens still complaining Key revealed the truth

November 15th, 2014 at 11:09 am by David Farrar

The Greens whine:

New documents released to the Green Party show that Prime Minister John Key used New Zealand’s intelligence services for the National Party’s political ends a few days out from the 2014 election, the Green Party said today.

Documents released to the Green Party under the Official Information Act show that Prime Minister John Key pressured the Government Communications Security Bureau (GCSB) into releasing previously classified documents just days out from the election.

“The Prime Minister has arrogantly used the GCSB in order to assist the National Party’s elections chances,” Green Party Co-leader Dr Russel Norman said today.

“John Key knew that investigative journalist Glenn Greenwald and NSA whistleblower Edward Snowden were going to provide information damaging to his Government.

“In order to counter this damage John Key made certain that the GCSB declassified and released documents in an effort to provide damage control to both himself and the National Party.

“This is a Prime Minister who was using the security services for political purposes.

The Greens have so lost the plot on this.

Are they really saying that when someone makes a false claim based on partial information, the Government should not respond and prove they are wrong?

This just shows how unsuited to Government the Greens are. They seem to be on the side of the foreign journalists and opposed to the Government revealing that they had it wrong.

Project Speargun was the ditched cyber security project

September 25th, 2014 at 10:00 am by David Farrar

story from last week worth highlighting:

The Government Communications Security Bureau has tightened its defence over claims of mass surveillance by confirming the term “Project Speargun” was used to describe an abandoned element of a proposed cyber defence system.

American journalist Glenn Greenwald had accused the New Zealand Government of conflating Project Speargun, which he believed was evidence of mass surveillance, with Project Cortex, a project to defend New Zealand institutions from cyber attack.

A GCSB spokesman told Fairfax that Speargun was a code that referred to “a core component of the cyber defence project in its earlier iterations” and which comprised part of an option set out in a Cabinet paper released by Prime Minister John Key on Monday.

“The prime minister decided the Speargun component specifically would not be taken forward,” he said.

Confirmation that Speargun was a term used by the bureau to describe an abandoned element of its cyber defence system is important for two reasons.

On the one hand, it confirms the authenticity of slides presented by Greenwald at the Internet Party’s “moment of truth” event on Monday, which were the first public reference to Project Speargun.

But it provides a relatively innocuous explanation for the seemingly explosive statements those slides contained.

The most intriguing statement in the slides read: “GCSB’s cable access programme SPEARGUN phase 1; awaiting new GCSB Act expected July 2013; first meta data probe mid 2013.”

The terms “cable access” and “probe” suggest mass surveillance, but the slides could be describing the progress of a cyber defence system.

Detecting malware would necessitate inspecting the metadata of incoming packets of internet traffic. In other words, Greenwald’s smoking gun could be a cigarette lighter that looked quite like a gun.

So the moment of truth was a forged e-mail and a cyber-security initiative that was never implemented.

This is a good time to abolish the SIS and GCSB!

September 24th, 2014 at 11:00 am by David Farrar

The Green Party policy is to:

We would therefore institute a select committee enquiry into whether the SIS should be abolished and its responsibilities returned to the police. …

we will abolish the GCSB and close its two signals intelligence bases at Waihopai and Tangimoana immediately.

Meanwhile in Australia:

A TEEN terror suspect under investigation for making threats against Prime Minister Tony Abbott was shot dead by police last night after stabbing a Victorian police officer and a federal police agent.

The injured officers, both from the Joint Counter Terrorism Team, are in hospital in a stable condition. …

Senior intelligence sources confirmed that the terrorism suspect had been among a number of people whose passports were recently cancelled.

It is believed that the man was well known to police, and had displayed Islamic State flags in the local Dandenong shopping centre.

And globally:

A 42-minute audio recording by an ISIS spokesman was released on social media Sunday, in which the group calls on Muslims to kill civilians in countries that belong to the anti-ISIS, U.S.-led coalition.

If you can kill a disbelieving American or European, especially the spiteful and filthy French, or an Australian, or a Canadian or any other disbeliever, then rely upon Allah, and kill him in any manner or way however it may be,” an ISIS spokesman says.

Note the reference to “any other disbeliever”.

The Herald editorial notes:

What should New Zealand do? Does this country have malcontents who would embrace even ascetic religious fundamentalism for the sake of a cause? Have any been with Isis and returned? Should this country, too, offer special forces to assist Iraqi troops on the ground? That depends on whether the new Iraqi Government is better than the last, and whether US air support alone might be effective, as it was in protecting Kurdistan. The decision must not be influenced by the possibility of terrorism at home. As Australia has shown, good intelligence can keep us safe.

This is worth reflecting on.

That doesn’t mean that the GCSB should be allowed to do what it wants. Absolutely not. I am against mass surveillance of New Zealanders (which does not occur in NZ). But be aware the Greens are not just against mass surveillance – their official policy is to abolish the GCSB entirely – and look at abolishing the SIS also. They take an unbalanced view on these issues, and that view has dangers as our closest neighbour comes under attack.

Clark and Privacy Commissioner also say there is no mass surveillance

September 18th, 2014 at 7:00 am by David Farrar

The Privacy Commissioner has blogged:

The third development is that I have convened a meeting, which I hope to become regular, of the agencies responsible for overseeing security and intelligence agencies. That includes my office, the IGIS, the Chief Ombudsman, and the Auditor-General. Together we will be able to ensure that our efforts are as informed and coordinated as our respective legislative schemes permit.

To date, I have seen no evidence of mass surveillance being undertaken by GCSB that would contradict this assurance given by the Director at our Privacy Forum [PDF, 83 KB]earlier this year.

I look forward to continuing to play a role in providing assurance to New Zealanders that the activities of our security and intelligence agencies are lawful and proportional.

And Stuff has reported:

Labour leader David Cunliffe has been given assurances by former prime minister and party leader Helen Clark that New Zealanders weren’t been spied on under her leadership.


So those saying there is no mass surveillance include:

  • The PM
  • The former PM
  • The Inspector-General of Intelligence and Security
  • The Privacy Commissioner
  • The GCSB Director
  • The former GCSB Director

I believe them over Kim Dotcom, and his Moment of Truth circus.  Don’t let Dotcom distract from the real issues of our economy, our hospitals, our schools, our welfare system and our justice system.

A reader on Five Eyes

September 17th, 2014 at 12:00 pm by David Farrar

A reader e-mails:

… one point that you might like to make is that it is true that New Zealanders are being subject to mass surveillance.  Multiple governments are listening to every phone call we make, every e-mail we send, and watching every website we visit.  But thanks to the “five eyes agreement” we know that the US, Canada, Britain and Australia are not on the list of governments.  But China, Japan, Russia, Korea, some of the ASEANs, Taiwan, Israel and some of the Arabs all have the capability and incentive to be listening in.  “Five eyes” helps ensure that all they are monitoring are our private conversations because of government communications are subject to the heaviest encryption around.  And “five eyes” keeps an eye on those doing the spying on us.

Of course our own domestic GCSB legislation means our own government is not allowed to monitor our private communications without a warrant.  Of course it is being picked up, every electronic communication in the world is being picked up.  But it cannot be read by our government or the four other partners.

There is no NSA presence in Auckland or north of Auckland.  They may sweep the US Consulate from time to time in the same way GCSB sweeps our Embassies around the world.  And they may have the occasional person seconded to NZ to work with GCSB as we have GCSB people seconded to DSD, GCHQ, NSA and the CSE.  If they are here they are working for GCSB while in NZ.

I note that many of those so worked up about the possiblility of the GCSB or NSA intercepting communications, were loud cheerleaders for the rights of criminals to hack bloggers and have that material published. They’re not very consistent.

IGIS says no indiscriminate interception of data

September 17th, 2014 at 9:12 am by David Farrar


This screenshot is from Felix Marwick.

Ms Gwyn is a former Deputy Solictor-General and Deputy Secretary of Justice. Her appointment was made after consultation with Parliament’s Intelligence and Security Committee which includes Russel Norman and David Cunliffe.

And in case anyone thinks she is some ideological friend of the current Government, I would point out she was a member of the Young Socialists and was involved with the Nicaragua Solidarity Committee, which included Nicky Hager and Keith Locke! I trust Ms Gwyn when she says she has not identified any indiscriminate interception of New Zealanders’ data.

PM on surveillance claims

September 15th, 2014 at 5:55 pm by David Farrar

John Key has done a release stating:

Prime Minister John Key tonight corrected misinformation that has been put in the public domain concerning the operations of the Government Communications Security Bureau.

“Claims have been made tonight that are simply wrong and that is because they are based on incomplete information,” Mr Key says.

“There is not, and never has been, a cable access surveillance programme operating in New Zealand.

“There is not, and never has been, mass surveillance of New Zealanders undertaken by the GCSB.

“Regarding XKEYSCORE, we don’t discuss the specific programmes the GCSB may, or may not use, but the GCSB does not collect mass metadata on New Zealanders, therefore it is clearly not contributing such data to anything or anyone,” Mr Key says.

“I am setting the record straight tonight because I believe New Zealanders deserve better than getting half of a story, embellished for dramatic effect and political gain, and based on incomplete information.

“The GCSB undertakes cyber security operations to protect individual public and private sector entities from the increasing threat of cyber-attack and this is very important work.

“It does not, however, remotely resemble what has been claimed,” Mr Key says.

The GCSB’s cyber security operations occur within its legal framework and only when the following conditions are met: 

  • Each entity must provide individual legal consent to be protected by the GCSB;
  • The independent Commissioner of Security Warrants must be satisfied each individual case is within the law, and a legal warrant must be co-signed by the Prime Minister and the Commissioner;
  • Warrants are subject to a two-step process, as outlined by the Prime Minister when legislation was passed last year. A warrant is required for high level cyber protection for an individual entity, and the content of a New Zealander’s communications cannot be looked at by a GCSB employee unless a specific cyber threat is identified which relates to that communication. If that is the case, the GCSB must return to the Prime Minister and the Commissioner to make the case for a second warrant in order to access that communication.

In addition to this, the Inspector General of Intelligence and Security has substantially stronger powers to monitor the GCSB’s activities and ensure they are appropriate and within the law.

“Our cyber security programme began operating this year after a lengthy process of assessing options for protection,” Mr Key says.

“The process began in late 2011 when the GCSB made it clear to me that cyber-attacks were a growing threat to our country’s data and intellectual property and the Government needed to invest in addressing that.

“The Bureau assessed a variety of options for protection and presented an initial range to Cabinet for consideration in 2012.

“These options ranged from the highest possible form of protection to a much weaker form of security, with some in between.

“The Cabinet initially expressed an interest in GCSB developing a future business case for the strongest form of protection for our public and private sectors, but it later revoked that decision and opted for what we have now – something known as Cortex.

“The business case for the highest form of protection was never completed or presented to Cabinet and never approved. Put simply, it never happened,” Mr Key says.

The Prime Minister tonight also released declassified material, including a Cabinet minute to show what occurred.

“I can assure New Zealanders that there is not, and never has been, mass surveillance by the GCSB.

“In stark contrast, the Bureau actually operates a sound, individually-based form of cyber protection only to entities which legally consent to it,” Mr Key says.

The attachments are below.

1 2 3 4