The Kitteridge speech

May 20th, 2015 at 1:00 pm by David Farrar

A rare public speech by the SIS Director, Rebecca Kitteridge to a privacy and identity conference. Some extracts:

What I hope to show is that in a liberal democracy like New Zealand, we need both individual privacy and national security. They complement one another, and a balance must be struck between them. In order to keep our country secure and protect our citizens, we have to be able to intercept private communications in some exceptional and legally authorised circumstances. But the needs of security agencies are not absolute. Any intrusion into privacy on the grounds of national security must occur only where it is necessary and proportionate, and must be subject to oversight.

Few would disagree with that.

And this is why I was attracted to the role of Director of Security. I am not in this job because I have a fascination for spying or because I relish the thought of intruding into people’s private affairs. Leading the Security Intelligence Service appealed to me because I feel strongly about the New Zealand way of life. I want to protect that way of life so we can continue to enjoy the things that are so wonderful about New Zealand, including the 3 integrity of our institutions, the privacy of our citizens, and our democratic rights and freedoms. And that motivation and commitment is shared by every person I have met in the NZSIS.

Kitteridge gets annoyed when she is called a spy boss, rather than the SIS boss because their motivation is security. They’re not MI6.

It is rather startling to think that when I was interviewed for the Director of Security role eighteen months ago, ISIL did not feature in my interview presentation. It is a big preoccupation for me now. ISIL recruits to its extremist cause through the use of slick propaganda, distributed via social media around the world. Its recruits may be young, vulnerable, or disaffected. They are excited by the extreme nature of what they see, and are drawn to something that they think has meaning.

The internet overcomes geographic distance and enables communication between these susceptible people and those encouraging them, radicalising them and directing them. The internet, and especially social media, means it is very easy for these individuals to connect up with others who share and strengthen their world view.

The threat to our security posed by foreign terrorist fighters is real, and it continues to develop rapidly. I know that my sister agencies overseas are dismayed at the prospect of radicalised and battle-hardened foreign fighters returning to their countries of origin – in some cases in their hundreds. Regardless of how the current situation in the Middle East is resolved, the issue of returning foreign fighters is going to challenge security services around the world for many years to come.

ISIL has changed things significantly.

Domestic extremists are also a real concern. ISIL explicitly urges individuals to conduct attacks using any weapon they have – a knife, a car – without talking to anybody about their plans. Attacks of this kind are extremely difficult to stop.

ISIL is very different to Al Qaeda who insisted on tight control and approval of any attacks. ISIL encourages anyone and everyone to attack.

We have seen the consequences of ISIL’s communications strategy and tactics being experienced in Paris, Belgium, Ottawa, Melbourne and Sydney, where lives have been taken or threatened. I don’t want to overstate the situation in New Zealand. As I have said before, there is a very small number of people in New Zealand, inspired by ISIL, who are talking about, advocating or planning to commit violent acts here or elsewhere. And it is the job of the Security Intelligence Service to understand what is going on so that those violent acts can be prevented.

Sadly we are not immune.

Making a decision to intercept a New Zealand citizen’s personal communications is only permissible under a Domestic Security Warrant, which often involves months of work and is not something we apply for lightly. To obtain a Warrant, the intelligence officers have to build and present a meticulously documented application, generally with attachments that are several inches thick, showing that the Warrant meets the criteria set out in our legislation, and is necessary and proportionate.

The Warrant application is reviewed by a senior manager and is scrutinised by the legal team. Then, as Director, I review it thoroughly. The Commissioner of Security Warrants then reviews it thoroughly. And then we take it to the Minister in Charge of the NZSIS. He asks questions and may require conditions to be added before it is signed off. Every Warrant must specify a period not exceeding 12 months for which the Warrant is valid. It can be renewed, but we must make the case again.

Not exactly mass surveillance is it.

We do not live in a surveillance state where everything you do online is recorded – at least not by the government! So – please enjoy the freedom that the internet gives you. You are free to click on whatever you want on your device, and you won’t pop up on our system. Typically, we get our leads through our interaction with the public and through information provided to us by other agencies.

Where information suggests that a person may be a threat to New Zealand’s domestic security, we will try to find out more about that person, and either determine that the person is not of interest, or build an intelligence case that may lead to a Warrant application. Our focus is on the small number of individuals who are actively interested in violent extremism, or causing some other harm to New Zealand’s security as defined in our legislation.

Around 50 a year.

I often think that if the public could see the people of the NZSIS doing their work, they would be delighted to see what hard-working, terrific people our intelligence officers are. I would love the Service to have a television show like Border Patrol.

Heh, Spy-Factor? Spy-Idol? Big Brother? 🙂

But where it is possible to talk about our work, as I am today, I think we should. With others in the New Zealand Intelligence Community, I am working on being more open and transparent.

Good. The intelligence agencies have some stuff they need to keep secret, but not everything. I recall when I worked in the Pms Office, and someone from the SIS would bring a draft press release over – on a password encrypted disk in a locked briefcase!

The Inspector-General of Intelligence and Security reviews every warrant after it is issued. In addition, the Inspector-General and her staff are free to come into our workplace, access our databases and document management systems, and look at anything and everything that we do. The Office of the Inspector-General has been greatly strengthened over the last couple of years. The Office has gone from one part-time retired Judge and a part-time secretary, to a full-time Inspector-General with a number of permanent full-time staff. That means that sunlight is beaming in across the intelligence agencies right now.

This has been I think the most important change. Also of significance is the SIS Director, GCSB Director and the Inspector-General are now all lawyers – gone are the days of the military old boys club.


Kitteridge’s first interview as SIS Director

November 3rd, 2014 at 11:00 am by David Farrar

The Herald reported:

If there’s one thing that irks Rebecca Kitteridge, it is being referred to as the new head of the SIS spy agency.

Yes, she became director of the Security Intelligence Service six months ago but it’s the spy word. It suggests the purpose of the agency is spying.

“It’s one of the things that drives me mad,” she tells the Weekend Herald.

“The purpose is security, the security of New Zealanders,” she says.

“And we have to do that by covert means because when people are planning to do ill to the country, they will try to keep that secret …

“But the purpose of it is security. The purpose of it is not to spy.”

A reasonable point that spying is the means, not the ends.

Kitteridge watched the Moment of Truth event in the Auckland Town Hall hosted by Dotcom, and featuring NSA leaker Edward Snowden via satellite from Russia, and the journalist who wrote Snowden’s story, Glenn Greenwald.

Greenwald himself was of no interest in terms of security.

“He is a journalist. He has freedom of speech. He is entitled to come here and do his thing.”

But she was annoyed over the claims of mass surveillance.

“It’s ridiculous. It’s not happening, full stop. Not even mini-surveillance let alone mass surveillance.

“What I can say is I absolutely did see what was going on at GCSB and there is no mass surveillance of New Zealanders.”

This has also been confirmed by the Inspector-General and the Privacy Commissioner.

She said the image of a typical SIS officer as an older man was rooted in the Cold War days when the focus was on Russian espionage, but the SIS had well and truly moved on.

And the old image was an anachronism to the reality of today’s 250 or so SIS staff with whom she meets every fortnight, including those in Auckland via video, in what she calls a town hall meeting.

“I had a town hall meeting today … What struck me is that it is not older men but young dynamic lively people, parents, people who go to the supermarket, people who go to the creche.

While it is an offence to identify any SIS officer except the Director, maybe the annual report could include some demographic information of the SIS workforce. My rare dealings with SIS staff had all been older males, but this was some time ago.

What happened in Canada last week — a soldier deliberately run down by a car and another soldier shot while standing guard at a memorial in Ottawa — was one of the main issues.

She said it was a wake-up call because New Zealanders saw Canada as “quite like us” and it was disturbing in that such situations would be very difficult to stop.

This is where she talks about “crowd-sourced terrorism”, a new term to describe lone-wolf acts of terrorism conducted by people who show no intent, after exhortation by Isis on the internet.

“What [Isis] is doing is they are sending out this material which is awful, it’s all on the internet … urges people to do small-scale attacks that are not complicated, that don’t require planning, that don’t require anything fancy, nothing more than a knife or a car or something you can light a fire with that will cause the maximum fear and devastation and havoc and loss of life.

“That is the explicit message and it is to attack the West.”

All that that was needed was intent. Capability was not difficult to put together and the whole purpose was to create a sense of terror in the population.

“I think that whole model of crowd-sourced terrorism that is actually very dispersed and where any individual can do it and they are not concerned about their own life is a very disturbing change.”

Crowd-sourced terrorism. If it catches on, it will be incredibly challenging for the reasons cited – no great capacity for planning and execution needed.

Kitteridge to head up SIS

November 12th, 2013 at 11:33 am by David Farrar

John Key has announced:

Prime Minister John Key today announced the appointment of Rebecca Kitteridge to the position of Director of Security, New Zealand Security Intelligence Service (NZSIS).

Ms Kitteridge will replace Dr Warren Tucker, who is retiring next year.

“Ms Kitteridge is a highly respected and professional public servant with experience in senior roles,” Mr Key says.

“She is currently Secretary of the Cabinet and Clerk of the Executive Council at the Department of the Prime Minister and the Cabinet (DPMC), and has served under four Prime Ministers and four Governors-General while at DPMC.

“Ms Kitteridge was also seconded to conduct a high profile compliance review of the Government Communications Security Bureau (GCSB) late last year.

This is an excellent appointment.

With the increasing focus on the intelligence agencies, public confidence is critical. Kitteridge’s background as a totally impartial Cabinet Secretary, but also as someone who is meticulous about following the law, due process, good procedure etc is just what the SIS needs.

The PM is obviously very determined that there be no more stuff ups of the Kim Dotcom variety.

Both the SIS and GCSB have tended to be headed up by those from a military or foreign affairs background. Now both are headed up by long-term career civil servants.

Also Kitteridge is the first woman to head up the SIS, and I suspect will be the youngest Director also by a considerable margin.

Slightly ironically, Kitteridge is going from one job where she can not talk publicly about most of her day to day work, to perhaps the one job where you can talk even less about what your day in the office was like. At least she’ll be used to it!

Russel calls for a leak inquiry and then denounces it for being effective

July 1st, 2013 at 3:00 pm by David Farrar

When the Kitteridge report was first leaked, Green co-leader Russel Norman was outraged by the leak. He suspected it was a deliberate leak by the PMs Office or similar, and demanded the Govt take action.

On 9 April he said:

Dr Russel Norman: In light of the fact that the cover note on the report says that the appendices are legally privileged and highly classified, does he believe that the leaking of the full Kitteridge report is a serious offence? 

So he is calling it a serious offence, if the full report was leaked.

Dr Russel Norman: If it does turn out that the full report has been leaked by someone in his Government, what consequences should face the person who leaked this information, which the Government Communications Security Bureau describes as legally privileged and highly classified? What consequences should that person face? 

And he calls for serious consequences.

Dr Russel Norman: Given that so far the only member of his Government who, he has told us, has had access to this report is the office of the Prime Minister, did he or a member of his staff leak the report?

Which was a stupid allegation to make, as the leaking of it undermined the PM’s trip to China.

Dr Russel Norman: If he does not know who leaked the report, will he launch an inquiry to get to the bottom of it, given his previous support for an inquiry into a leak at the Ministry of Foreign Affairs and Trade over documents that were probably quite considerably less sensitive?

So he explicitly called for a leak inquiry. He said the leak may be a serious offence, and called for serious consequences.

But now today, he has changed tune and decided that the leak inquiry was draconian, and went too far.

The Prime Minister’s inquiry into the leaking of the Kitteridge report appears to have acted beyond the law by accessing Peter Dunne’s email account log without his permission, and the Green Party has lodged a complaint with the Ombudsmen on this issue, Green Party Co-leader Dr Russel Norman said today.

Norman seems to be arguing that the Henry inquiry should have merely asked every Minister if they leaked the report, and when they said “no, it wasn’t me”, should have left it there.

If the Henry inquiry had done that, Norman would no doubt have been calling it a cover up.




An excellent report

April 10th, 2013 at 7:00 am by David Farrar

I have to say I am incredibly impressed with the report done by Cabinet Secretary Rebecca Kitteridge into the GCSB.

All too often reports of this nature can avoid being too specific and just talk in generalities about the need for more work in this area or that area.

Kitteridge has outlined in detail the long-standing problems at GCSB, including organisational and cultural – plus of course the lack of legal rigour in some of their work.

She’s also provided 80 specific recommendations that are basically a reorganisation blueprint.

It really is worth taking the time to read the full report.

The issue that much media focus has been on is that the GCSB may have been in breach of the GCSB Act when it assisted the SIS with intercepting communications of NZers. The practice was

Firstly, it was long-standing practice – going back to before the enactment of the GCSB Act in 2003 – for GCSB to provide assistance (i.e. its specialist capabilities) to the NZSIS on the basis of NZSIS warrants. The clear understanding within GCSB was that in such cases section 14 did not apply because GCSB was acting as the agent of the requesting agency and was therefore operating under the legal authority of the warrants. If the NZSIS, with the authority of an intelligence warrant, requested GCSB to provide assistance in cases involving New Zealand citizens or permanent residents, GCSB provided that assistance.

This has been the case for probably several decades. The issue is the GCSB Act passed in 2003 may have made such assistance illegal. It is basically a matter of whether they are operating under the GCSB Act when assisting the SIS.

The consequence of these developments is that the lawfulness of some of GCSB’s past assistance to domestic agencies is now called into question. In relation to NZSIS, the relevant period is between 1 April 2003, when the GCSB Act came into force, and 26 September 2012, when such assistance ceased. During that period GCSB provided 55 instances of assistance to NZSIS, which potentially involved 85 New Zealand citizens or permanent residents

Now it is important to note that the SIS were legally entitled to intercept their communications. The Commissioner of Security Warrants (a former High Court Judge) and the PM must both authorise such a warrant, based on genuine security concerns.

The issue is whether the GCSB were legally able able to assist the SIS with their interception, and if not, should they be able to?

I would suggest that there is little common sense in saying the GCSB should not be allowed to assist the SIS. If you do that, you probably require the SIS to duplicate the quite costly infrastructure of the GCSB for what is just half a dozen cases a year.

But such assistance must be beyond legal doubt. Hence why a law change is going to happen. I don’t think there was any intention that the 2003 Act would prevent the GCSB from assisting the SIS. The last thing you want is silos in the intelligence community – that was a key lesson the US learnt post 9/11.

The PM has said that none of the 88 people who *may* have had the GCSB illegally intercept their communications were arrested on the basis of the info obtained. If they had been, I’d expect court action.

Some are saying that the 88 people should get an apology and/or compensation. I’d need a lot of convincing that that is a good idea. Here’s why.

  1. Their communications were legally able to be intercepted due to security concerns – just by the SIS, rather than the GCSB. It is not a case of the interception being unjustified – just that the wrong agency may have done it.
  2. If the 88 people were told that they had been under surveillance, it could endanger many ongoing security operations. Some of them may have links to terrorism even. Remember these were all people who had a legal interception warrant approved by the Commissioner of Security Warrants.
  3. Was there any significant harm done to them as individuals that the wrong agency did the interception? There is certainly harm to NZ as a whole that the GCSB may have broken the law, but I don’t see great harm to any individual involved.

The above in no way reduces the unacceptability of the GCSB not ensuring they were acting in a beyond doubt legally complaint manner. Kitteridge explains some of the background:

For a number of years there has been only one source of legal advice at GCSB, which was the DDME, a second tier manager. …

As at the time this review commenced, in addition to legal advice, the DDME had responsibility for governance and performance, strategy and policy, risk management, the Liaison Officers, the Compliance Advisor, strategic relationships, the Chief Financial Officer, knowledge services, the registry, the Chief Information Officer, technology infrastructure, security (physical, personnel, and IT) and mission capability (IT) development. Until fairly recently he also had responsibility for HR, finance and logistics, procurement and property services.

Doesn’t leave much!

The DDME had too many hats. His multiple roles meant that there was insufficient internal debate and challenge. He was solely responsible for policy and legislative development, providing drafting instructions, interpreting the resulting law and overseeing its implementation and operation. These were conflicting roles. It is essential in an organisation that exercises intrusive powers of the state that there be robust challenge and the ability for contesting views to be expressed and explored. As the chief architect of the legislation he spoke confidently and authoritatively about the legislation and staff were not in a position to challenge that. …

The DDME’s seniority, as a Deputy Director, contributed to reluctance on the part of staff to question his judgement. Staff were unanimous in stating to me that the DDME’s view was seen as completely authoritative.

Useful to also pick up a conclusion, especially as some MPs say we don’t need a GCSB.

My belief in the importance of the work carried out by the men and women at GCSB has only increased as this review has proceeded. The world is becoming more complex, and physical borders are less relevant. The nature of the threats to national security is shifting so rapidly that keeping up with them is a challenge – let alone getting ahead.


GCSB report released

April 9th, 2013 at 4:12 pm by David Farrar

The PM has announced:

Prime Minister John Key today released the report of Rebecca Kitteridge into compliance at the Government Communications Security Bureau.

Ms Kitteridge was seconded to the GCSB to undertake the review in October 2012.

The review had two main areas of focus – ensuring that all the GCSB’s activities are lawful; and reviewing the agency’s compliance framework.

“I had intended to release this report to the Intelligence and Security Committee next week, however the public disclosure of the contents of the report means I have taken the decision to release it today.

“Members of the Intelligence and Security Committee have received the report a short time in advance of my releasing it publicly.

“The report makes for sobering reading. At a high level it finds long-standing, systemic problems with the GCSB’s compliance systems and aspects of its organisation and culture.

Ouch. That is quite damning.

The report Andrea Vance was leaked was a draft report it seems. It would be interesting to speculate on who had a copy of the draft. Drafts normally go to people who might be the subject of critical comment, so they can respond.

“I acknowledge this review will knock public confidence in the GCSB.

“This is why the Government has a comprehensive response underway to address the organisational problems at the GCSB.

“The steps we are taking will be outlined in detail next week and are intended to begin the process of rebuilding public confidence in GCSB.”

The GCSB Act has been in place for 10 years. Over that time, GCSB has been providing assistance to other agencies, including the New Zealand Police, New Zealand Defence Force and the New Zealand Security Intelligence Service.

It has done so in the belief that it was acting within the law on all occasions.

The essential problem is legal uncertainty over whether they can assist the SIS with communications interception, when the SIS have gained a warrant to intercept such domestic communications. There is no question the SIS were legally able to intercept communications of these people – the issue it seems is whether they could use the GCSB to assist them.

There are 88 cases identified as having a question mark over them since 2003.

Police have conducted a thorough check of all their systems. Police advise that no arrest, prosecution or any other legal processes have occurred as a result of the information supplied to NZSIS by GCSB.

“I have written to the Inspector General of Intelligence and Security and asked him to look into those cases.

“I have asked him to inquire into each of these cases to determine in each case whether or not GCSB has acted in compliance with the law. I have requested that the Inspector General determine whether any individuals have been adversely affected and, if so, what action he recommends be taken.

“It is not my intention to disclose details of those cases. However, the results of the review will be made public after its completion.

The level of transparency over this is welcome. It would have been politically easy to treat the Dotcom issue as a one off mistake. Instead the PM sent in the Cabinet Secretary to do a full review, and has published the report.

“When I return from China, I will announce details of legislative proposals the Government will be bringing to Parliament to remedy the inadequacies of the GCSB Act.

“At the same time I will announce proposals to significantly strengthen the oversight regime across the intelligence community.

That will be interesting.

The report is not online yet but will be placed on the GCSB website.

Fixing GCSB

April 9th, 2013 at 9:00 am by David Farrar

Remember all those people complaining that new GCSB Director Ian Fletcher didn’t come from the traditional military background of former directors? I think we are seeing why a change from the status quo was needed.

Andrea Vance at Stuff reports:

The Government’s beleaguered intelligence agency may have unlawfully spied on 85 people, a top secret review reveals.

The report, ordered after the Kim Dotcom fiasco, contains a raft of criticisms of the Government Communications Security Bureau (GCSB). …

The revelations are contained in the report, prepared by Cabinet Secretary Rebecca Kitteridge, and seen by Fairfax Media. …

The explosive revelations confirm that the illegal spying was far broader than the Dotcom case – and involves up to 85 people and cases dating back nearly a decade.

The illegal spying was conducted between April 2003 and September last year and done on behalf of the Security Intelligence Service, the domestic spy agency.

People should ask themselves if previous Prime Ministers would have sent in their top official to review the GCSB, and make her findings public.

Agency staff worked faithfully and were devastated to learn they were not acting within the law. There was no evidence they acted in bad faith or believed the end justified the means, the report says.

Culture problems at the agency could take a year to fix, Kitteridge says.

The GCSB’s organisation was overly complex, fragmented and had too many managers. Poor performing staff were tolerated, rather than fired or disciplined, because of fears that disgruntled former employees could pose a security risk.


It is understood new legislation will be introduced to Parliament soon after the report’s release.

Good. Once upon a time the Government wouldn’t even admit there was a GCSB. It was created my Muldoon in 1977 and not even Cabinet was told of it.

UPDATE: This is unusual. The entire paragraphs that I quoted from the story have now been removed from it. I wonder why?

Cabinet Secretary seconded to GCSB

October 1st, 2012 at 3:44 pm by David Farrar

The DPMC and SSC have announced:

Andrew Kibblewhite, Chief Executive of the Department of the Prime Minister and Cabinet, and Ian Fletcher, Director of the Government Communications Security Bureau (GCSB), announced today that Rebecca Kitteridge, the Secretary of the Cabinet,  is to be seconded immediately to the GCSB for an initial period of up to three months in the new role of Associate Director of the Bureau.

Ms Kitteridge will be responsible to the Director of the GCSB for the implementation of an immediate capability, governance and performance review.   This work will provide assurance to the GCSB Director that the Bureau’s activities are undertaken within its powers, and that adequate assurance and safeguards are in place.

As Associate Director, Ms Kitteridge will also act as Deputy Chief Executive.

Ms Kitteridge was appointed as Secretary of the Cabinet and Clerk of the Executive Council in April 2008. She is a senior public servant who is responsible for the security and integrity of the Cabinet decision-making system and the New Zealand Royal Honours systems.  She provides advice on ethics and conduct in relation to Ministers of the Crown, and is a key constitutional advisor to the Governor-General and the Prime Minister of the day.

Ms Kitteridge is a lawyer by training and a focus in private practice was on legal compliance for corporate entities. Since joining the public service she has specialised in constitutional matters at both the Cabinet Office and in the Legal Division of the Ministry of Foreign Affairs and Trade. While in Cabinet Office she has advised four Prime Ministers and four Governors-General.

This is a very smart and welcome move.

Cabinet Secretaries such as Rebecca, and before her Marie Shroff, are officials of the utmost integrity and neutrality. They play a key role in accountable democratic government.

Kitteridge is seconded to GCSB to specifically review their systems, improve their compliance framework and to specifically establish new approval processes for requests from law enforcement agencies.

The Cabinet Office is the king of rigorous process. I think they even have a process for if you ask them the time of day :-). As I said, I think this is a very smart move.