Public bigger spy threat than GCSB

A lot has been said about the risks to the New Zealand public from spying by Government agencies the SIS and the GCSB, with scant evidence of there being any actual risk to most people.

In her latest Herald column Kerry McIvor makes an interesting point, suggesting that  public ‘spies’ are a bigger risk than the GCSB – Forget GCSB, public are the spies.

She refers to the surveillance, photographing and audio recording of Aaron Smith’s toilet liaison by a couple of of ordinary people (we are led to believe, unless the SIS has a Public Morals division that we don’t know about).

Which reinforces my opinion that it’s not the Government and the GCSB we have to worry about spying on us.

Its our fellow citizens and their smartphones. Nobody is safe, as Smith discovered.

I can only imagine the incredulity from the All Blacks team management when they heard of the incident: “He’s done what?!” “He did it where?!” “They recorded it?!”

How Smith thought he could get away with a liaison in a public toilet, at an airport – while people were queued outside the door, for heaven’s sake – is beyond me. That level of idiocy is mind-boggling.

But the woman in the loo wasn’t coerced. She was a willing participant.

That’s an assumption only that’s been made. We have very little evidence provided to us (fortunately).

What we have is the court of public opinion, or rather the court of media sensationalising, driven by scant evidence given to media by a couple of public spies.

This has been just about as bad as the office sex recording in Christchurch where a couple weren’t as private as they thought but a public spy recorded them and then they were harassed to an extreme level by media.

How many innocent people have had their lives trashed by the SIS or the GCSB?

Perhaps it’s not ‘big brother’ we should be worrying about (ok, we should still worry about that a bit) but rather ‘member of public with recording device’ plus ‘media intent on sensation and clicks’ may be our biggest risk.

How long will it be until a member of the public uses a drone to record something that is then used to trash a few people’s lives?

But the biggest spy risk is probably smart phones with dumb users and dumber media.

I’m a GCSB operative

If anyone had any doubts about the credibility of a small group of muppets if this doesn’t convince you of their fantasy laced stupidity then probably nothing will.

On March 21, in amongst the usual string of inane niggles was this tweet:

Any truth to the rumours circulating that you are a GCSB operative?

While that’s more absurd than most accusations it’s as credible as all of them – it’s a joke, but I really think they seriously think that.

Because in their latest post they repeat it:

Yournz blogger Pete George, aka the Beige Badger, suspected GCSB operative; complete clown and manipulative prick. Tends toward a delusional schema, prone to taking on lost causes such as mayoralty’s, teen pregnancy, medicinal gunja and fraudsters, but like most Kiwi Bloggers, only if he thinks there might be something in it for himself.

That’s hilarious, not just for the GCSB suspicions, but this is typical transference from them – a lot of what they accuse others of applies to themselves.

The whole post may be made up drivel. Another accusation about me is certainly fabricated.

In fact, the most recent incident, wherein this myth was dragged out of the closet to be aired, for the purpose of again smearing Cameron Slater, can be found in yet another post that was also, “ostensibly”, penned by blogger Pete George (see: Hager and Whale Hypocrisy).

It was totally written by me.

George posted this piece on the 18th March.

They got that bit right.

What has subsequently become of even more interest is the fact the Pete George has in the past few days edited that post.

Like many things they claim they have made that up. Here’s proof:


That last revision time and date is exactly the same as the time and date of the post.


So they not only make up ridiculous accusations, they fabricate ‘evidence’.

Nothing they claim can be taken seriously, they are self deluded nutters. It’s hard to work out what their latest post is actually about apart from a typical scattergun attempt at smearing with nothing new.

I wonder if they understand what the GCSB is.

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations, foreign intelligence to government decision-makers, and cooperation and assistance to other New Zealand government agencies.

I’m too busy pointing out their stupidity to be involved in trivial things like that.

And laughing.

Why Bomber’s claims are totally meaningless

In his latest rant against our intelligence agencies Martyn Bradbury has bombed with a mass of misfires.

The headline: Why the ‘protections’ in new spy bill are totally meaningless

There is no new spy bill. And Independent Review has just released a report that makes observations and recommendations.

Let’s get this straight – our intelligence agencies have been caught illegally spying on NZers, were caught helping the PMs Office smear the leader of the Opposition months before the 2011 election with falsified lies, were caught being racist, were caught spying on our trade partners to try and get John Key’s mate a job, were caught out by Edward Snowden telling the NSA that legislation had loopholes to allow mass surveillance, were caught out by Edward Snowden planning to tap the Southern Cross internet cable and were caught possibly aiding the CIA rendition torture program.

Most of those claims are questionable. Some of those issues are still under inquiry so it isn’t know whether anyone has been caught doing what Bradbury asserts.

So how does Key respond to intelligence agencies drunk on their own power?

Bradbury is drunk on hyperbole. The intelligence agencies are being reported on, not requesting changes.

Why he is suggesting even more power.

No he isn’t. He is suggesting a multi-party approach to assessing the recommendations of the independent review and deciding what might be done.

Why the hell would we give the GCSB and SIS more power when they can’t manage the power they currently have?

The report says “It was clear to us from our discussions with GCSB staff and from the GCSB’s own internal policy documents that these restrictions are interpreted and applied conservatively.” Is Bradbury wanting them to apply policies more aggressively?

The reality is that the so called 3 tier system of protections being suggested by the new legislation are utterly meaningless. The loophole built into the suggested legislation allows the spies to disregard all 3 of those tiers IF they believe there is an emergency or risk to life,  they then get 48 hours of warrantless surveillance.

This allows fishing expeditions for the spies.

Again, there is no new legislation. It should not allow fishing expeditions.

We must demand more protections for ourselves from this ever growing ultra secret deep state. A modern day stasi that answers to the NSA doesn’t make our democracy safer, it makes it far more dangerous.

Demanding more protections for ourselves is fine, but protecting ourselves from others requires some secret surveillance powers.

Likening New Zealand to a “modern day stasi ” is just pathetic.

Bradbury has bombed this with his hyperbole – “an extreme exaggeration used to make a point”. The problem is this sort of hyperbole doesn’t make any point other than the lack of credibility of the ranter.

No mass surveillance

The First Independent Review of Intelligence and Security in New Zealand  looked at whether mass surveillance was being carried out by the GCSB.

The report  concludes that there is no mass surveillance.

It was clear to us from our discussions with GCSB staff and from the GCSB’s own internal policy documents that these restrictions are interpreted and applied conservatively.

Far from carrying out “mass surveillance” of New Zealanders, the GCSB is unable to intercept New Zealanders’ communications even where it is for their own safety.

For example, the GCSB would be unable to analyse the communications of a New Zealander taken hostage in a foreign country unless it was assisting the NZSIS, NZDF or Police under their legislation.

That’s unlikely to change the minds of security and surveillance critics. Green co-leader Metiria Turei:

The GCSB had already been “quite liberal and loose” with their existing activities, and they should not be given more powers until it was clear they would follow the law.

That’s the opposite of what the report found.

Here are relevant references from the report.

1.11   In New Zealand, there has been considerable debate in the media about whether the GCSB conducts “mass surveillance” of New Zealanders. Having spent some months learning about the Agencies’ operations in detail, we have concluded that this is not the case, for reasons we discuss below.  However, there is a degree of scepticism among the New Zealand public about the Agencies’ activities.

In a survey carried out by the Privacy Commissioner in 2014, 52 percent of respondents were concerned about surveillance by New Zealand government agencies. We received a number of submissions from people who did not see the need for intelligence and security agencies at all and considered there was no justification for the government intruding on individuals’ privacy.

Does the GCSB conduct “mass surveillance”?

3.34  As we discussed in Chapter 1, there has been some debate in the public arena about whether the GCSB conducts “mass surveillance”. In light of this, we considered it important to describe what the GCSB does and does not do. While we cannot go into as much detail as we would have liked given the classified nature of the GCSB’s operational activities, we hope what we can say will inform this debate in a useful way.

3.35  “Mass surveillance” is a term that can be understood in a number of different ways. In this context it is important to distinguish between communications that are collected by GCSB systems – for example, its satellite interception station at Waihopai – and those that are actually selected and examined by an analyst.

3.36  The reality of modern communications is that it is often not possible to identify and copy a specific communication of interest in isolation. If a particular satellite might carry a relevant communication, the GCSB cannot search for that communication before interception occurs. First it needs to intercept a set of communications, most of which will be of no relevance and will be discarded without ever being examined by an analyst. This is the haystack in which the needle must be found.

3.37  Even this “haystack” represents only a tiny proportion of global communications. The GCSB conservatively estimates that there are over 1 billion communications events every day on the commercial satellites that are visible from Waihopai station. These represent approximately 25 percent of commercial satellites that match the Earth’s rotation (although signals cannot always be secured even from those satellites that are visible). We were told the proportion of those 1 billion communications that are actually intercepted equates to roughly one half of a bucket of water out of an Olympic-sized swimming pool.

3.38  To find the “needle” (or the communications that are of intelligence value), the GCSB filters intercepted material for relevance using search terms. Only those communications that meet the selection criteria are ever seen by an analyst. The GCSB has internal processes in place toensure analysts justify their use of each search term and record all searches for the purpose of internal audits and review by the Inspector-General of Intelligence and Security.

3.39 Given these controls on what information can actually be examined by analysts, in our view the GCSB’s ability to intercept sets of communications does not amount to mass surveillance. That term suggests a kind of active monitoring of the general population that does not occur. It would neither be lawful nor even possible given the GCSB’s resourcing constraints.

3.40 Capacity acts as a check on all signals intelligence agencies, although it is particularly pronounced for the GCSB given its comparatively small size. It is simply not possible to monitor communications (or other data) indiscriminately. Professor Michael Clarke, the (now retired) Director-General of the UK’s Royal United Services Institute who convened the 2015 Independent Surveillance Review, referred to this when giving evidence before the Joint Committee on the Draft Investigatory Powers Bill:97 The other great safeguard is the sheer physical capacity. One will be astonished at how little [intelligence agencies] can do, because it takes so much human energy to go down one track. The idea that the state somehow has a huge control centre where it is watching what we do is a complete fantasy. The state and GCHQ [the UK’s signal’s intelligence agency] have astonishingly good abilities, but it is as if they can shine a rather narrow beam into many areas of cyberspace and absorb what is revealed in that little, narrow beam. If they shine it there, they cannot shine it elsewhere. The human limitation on how many cases they can look at once is probably the biggest safeguard.

3.41 We also observe that there are currently restrictions on the GCSB’s ability to intercept the private communications of New Zealand citizens and permanent residents. These restrictions apply to New Zealanders anywhere in the world, not just those in New Zealand. It was clear to us from our discussions with GCSB staff and from the GCSB’s own internal policy documents that these restrictions are interpreted and applied conservatively. Far from carrying out “mass surveillance” of New Zealanders, the GCSB is unable to intercept New Zealanders’ communications even where it is for their own safety. For example, the GCSB would be unable to analyse the communications of a New Zealander taken hostage in a foreign country unless it was assisting the NZSIS, NZDF or Police under their legislation.




Security versus privacy

The review of our spy agencies the GCSB and the SIS has reignited the security versus privacy issue.

Ideally we need to find a way of improving security, which requires some surveillance, while strengthening the protection of personal privacy. We should be targeting simpler clearer laws, possibly with some greater powers but with greater transparency and much better independent and political oversight.

A number of related reports:

Jane Patterson at Radio NZ: Security v privacy: A balancing act

A review of New Zealand’s intelligence agencies has found the laws governing the Security Intelligence Service (SIS) and the Government Security Communications Bureau (GCSB) are clunky, inconsistent and preventing those agencies from properly carrying out their jobs.

The challenge confronting lawmakers, past and present, is how to balance citizens’ rights to living in a safe and secure country, against their rights to privacy.

She concludes:

The review has attempted to balance the rights of security against privacy by proposing stronger oversight and warranting provisions.

It is now up to the politicians to strike that balance in line with the expectations of the New Zealand public.

A look at our chief security overseer at Stuff: National Portrait: Inspector-General of Intelligence and Security Cheryl Gwyn

Gwyn is the official spy watchdog, and she bites.

Gwyn has begun a series of inquiries which ask dangerous questions about both the SIS and the other intelligence agency, the GCSB.

Did the GCSB use its powers to help former Trade Minister Tim Groser in his (unsuccessful) bid to become head of the World Trade Organisation?

Were New Zealand spies involved with the CIA’s torture of prisoners between September 2001 and January 2009?

Does the GCSB snoop on the communications of New Zealanders working or holidaying in the South Pacific?

This could be a breach of the law preventing the GCSB from bugging New Zealand citizens or permanent residents. It was the bureau’s illegal bugging of permanent resident Kim Dotcom that lit a firestorm under the GCSB.

Claire Trevett on Michael Cullen and the review: The ex-politician who came in from the cold

Cullen proved the perfect man to front the report for the Government. His own lengthy tenure as Deputy Prime Minister and Attorney-General meant he was well aware of the type of information the intelligence agencies provide, and the importance of that information for a government.

He told the spy agencies to up their game when it came to public relations if they wanted to reduce public scepticism about their role. He then proceeded to do that PR for them, running through a list of threats to New Zealand from domestic attacks to cybercrimes. He spoke of whether the GCSB could help if a New Zealander was lost at sea or taken hostage – hypothetical situations but based on actual risks New Zealand had faced.

That it also makes it harder for Labour to quibble with the recommendations put forward is almost the only the cherry on the top.

If we are to achieve better security and better privacy it’s essential for both National and Labour to work together on this without partisan sniping. They will both at times be in the most responsible position for providing security for the country and protection of us, the citizens.

Cullen on virtual merger of GCSB and SIS

The security review was forbidden from suggesting a merger of our two spy agencies, SIS and GCSB, but it has gone as far as it can in recommending much closer links between the two.

Claire Trevett: A proposed ‘civil union’ of two intelligence agencies

Sir Michael Cullen has never been one to mince words so when he was asked why he and Dame Patsy Reddy had not simply recommended a merger of the two intelligence agencies, he was blunt: it was because the Government had not allowed it under the terms of reference.

That didn’t stop him recommending what amounts to a merger in all but name, which will see the GCSB and SIS remain technically separate entities but controlled by the same legislation with very similar powers – it was, as Dr Cullen said “a civil union”.

The most controversial aspect of it is likely to be the recommendation to allow the GCSB to spy on New Zealanders without requiring a warrant to do so on the behalf of other parties. It breaks a longstanding split between the SIS and GCSB under which the GCSB could only spy on foreigners and the SIS on New Zealanders.

The examples Dr Cullen gave of the virtue of extending that to the GCSB were rather sympathetic to his own case – he spoke of a New Zealander lost at sea and said the GCSB would not be able to use its cellphone tracking technology to find that person because they were a New Zealander.

In reality the split of powers had become increasingly redundant anyway. The review team also proposed a strong authorisation process to ensure there was not indiscriminate spying. In reality that split of powers had become increasingly redundant.

Sir Michael pointed out the SIS had the power to spy domestically but the GCSB had the technology to do so. In terms of the difference in the technology between the two, he said “it’s really a question of can you use Snicko and Hawkeye or can’t you in order to establish whether there was a no ball?”

Dr Cullen argued it was not a vast expansion of powers, but rather an attempt to clear up the current conflict for the GCSB. The legislation covering the GCSB already allows it to spy on behalf of other agencies with a warrant. One of Dr Cullen’s more surprising admissions was that despite the attempt to change the GCSB’s legislation to specify when it could spy on New Zealanders, the GCSB had only become more hesitant to do so. That happened after it was found to have unlawfully spied on more than 100 people due to confusion over its powers when acting on behalf of other agencies.

Dr Cullen said the GCSB and it had become overly cautious in the wake of that controversy to an extent it was impacting on its work. That had, he argued, almost put the Government in a position of failing in its duty to protect the lives of New Zealanders.

In short the review recommends a simplification of multiple laws, clarification of what powers the SIS and especially the GCSB have, and better oversight.

If the recommendations are followed – and they will need the approval of both National and Labour at least – it could leave two separate agencies but in practice sets up a virtual merger.

Balancing the need for effective security with the privacy of individuals will continue to be contentious.

Intelligence and security review

The report of the First Independent Review of Intelligence and Security in New Zealand was released today.

Stuff reports: Spy agencies explainer: What you need to know about the report into spying laws

What’s this spying report about?

Sir Michael Cullen and Dame Patsy Reddy have published their independent report on the laws that cover New Zealand’s spy agencies – more specifically, whether they’re fit for purpose or need changes.

What have they said?

There are 107 recommendations, but the main one is a new law to cover both the SIS and the GCSB. The agencies are currently covered by various pieces of legislation dating as far back as the 1960s, and Cullen says having one law for both agencies will eliminate the confusion and contradictions that are stopping them from working together more effectively.


What do our politicians think about the report?

Key has been fairly complimentary, saying it makes “some very valid points” about improving the balance between national security and the public’s right to privacy.

Labour leader Andrew Little says he “certainly sees some sense” in having one law for both agencies, but he has some concerns about how far the GCSB’s powers will be expanded, as well as proposals to provide the agencies with greater access to government agencies’ databases.

Green Party co-leader Metiria Turei is scathing about the report, saying the recommended changes would represent “one of the most significant erosions in New Zealanders’ privacy that we’ve seen in modern times”.


So, what happens next?

Key says the Government will take a look at the recommendations and speak to Labour about what the two parties could back together.

Any new legislation would be put forward by July, although the Government wouldn’t necessarily adopt every proposal, and the law would go before a select committee so the public could share their thoughts.

Key is keen to win cross-party support, and Little’s initial comments seem to indicate Labour could back some form of new law, which would provide a comfortable majority.

Spy overhaul needs cross party support

Security versus privacy and protection from spying is a difficult balancing act for the Government, with more transparency and oversight being very important without compromising the ability of our spy agencies to do their jobs effectively.

A report on the future of New Zealand’s spy agencies is due this week, and the results of several spy inquiries are due soon too.

This poses a test of John Key’s ability to bring together other parties into working on and agreeing on a way forward for our spy agencies. It it also a test of Andrew Little’s willingness to deal with this in a non-partisan way, given that the major parties have historically mostly put politics aside when it comes to security and intelligence.

Tracey Watkins writes Spy agency overhaul needs political buy-in to restore public confidence.

When John Key and Andrew Little eyeball each other across the table during a closed door session of Parliament’s intelligence and security committee this week, the prime minister will be ready to turn the tables on his opponents.

Key is asking Labour to back him on legislation overhauling the country’s spy agencies, the Government Communications Security Bureau and Security Intelligence Service.

The only tables being turned should be on dysfunction between National and Labour in particular on security issues.

The rise of the brutal Islamic State, and the emergence of its “lone wolf” disciples so close to home  – think Sydney’s Martin Place Cafe seige – have caused a further shift in the weight of the debate around individual privacy versus national security.

In that environment, this week’s report to Parliament’s intelligence and security committee takes on even greater significance.

The report, prepared by former Labour deputy Sir Michael Cullen and lawyer Dame Patsy Reddy, will likely recommend closer cooperation between the spy agencies. Greater transparency and oversight also seems to be on the cards after Sir Michael publicly criticised the overly secretive ways of those spy agencies and a culture of keeping things secret for secrecy’s sake.

Both moves are long overdue.

And both national and Labour need to deal with this responsibly.

Any move toward granting more intrusive powers to either spy agency will be fiercely opposed by the Labour’s activist base.

But Little’s job will be trading off those concerns against those of middle New Zealand, where he has to grow Labour’s votes.

He also has to put a priority on his responsibility to the country as a whole, regardless of some activists and voters.

The pending release of three serious inquiries may further strain the Labour leader’s ability to back any new powers, given that they go to the heart of confidence in our spy agencies.

The first of those inquiries, by the Inspector General of Intelligence and Security, Cheryl Gwyn, is the most serious, looking at whether the intelligence agencies spied on other governments to boost the prospects of former Trade Minister Tim Groser against his rivals for the top World Trade Organisation job.

The other two inquiries, into whether the GCSB picked up the private communications of New Zealanders in the South Pacific, and its links to America’s CIA, may be less controversial.

Regardless of the outcomes of these inquiries they are likely to stir up opposition to spying.

But given the current state of unease and fear worldwide at the rise of terrorism, any further loss of public confidence in our spy agencies would be serious and significant.

Which is why both John Key and Andrew Little might want to see eye to eye on this one rather than go into another election campaign squabbling about spies.

It’s critical that Key and Little put politics aside and together workout what is best for the country as a whole, and for the rights of us, the citizens.

Any overhaul of our spy agencies and protection of our right to privacy needs to be as non-political as possible. At least National and Labour need to be more or less on the same page.

About Cortex

An announcement is expected today from Justice Minister Amy Adams on a new cyber security plan.

Ahead of this the Government Communications Security Bureau has published details of cyber security and surveillance:



David Fisher summarise at NZ Herald in GCSB ‘Cortex’ system aimed at ISPs:

The “Cortex” system Prime Minister John Key made public to counter claims of mass surveillance of New Zealanders is now being aimed at the internet service providers handling the emails and online data of everyday Kiwis.

But the Government Communications Security Bureau said Kiwis’ Twitter communications were safe, with the “eligible” internet service providers (ISPs) carrying less than 1 per cent of the country’s internet traffic. Of that, it was expected 1 per cent at most of that traffic would contain suspect cyber activity and only 0.01 per cent to 0.5 per cent would be seen by a GCSB analyst alerted by an automated system.

Cortex was revealed at last year’s election amid allegations of mass surveillance by US National Security Agency whistleblower Edward Snowden and journalist Glenn Greenwald.

Cortex was introduced as a defensive system which would be bolted onto critical infrastructure in the private and public sector and sniff out trouble in its online traffic. Cortex was cast as fitting with its comparatively benign cyber security job.

The details on the GCSB website say it is carrying out a “malware free networks” pilot with an ISP which could later be rolled out to others. It says it is not compulsory for ISPs to join and ISPs are obliged to tell customers their data is being screened.

However, it also says ISPs are not allowed to name the GCSB as being involved because doing so could give hackers a signpost to valuable targets.

It rejected any suggestion it is “mass surveillance”, saying it had an automated searching function to sniff out malicious traffic.

However, it also conceded that a rare set of circumstances could lead to GCSB staff reading people’s emails. In those cases, “all a GCSB analyst would be looking for in an email is evidence of malicious cyber activity”.

It says Cortex protection is important in dealing with intellectual property theft and data theft – including credit cards, destruction or hacking of private communications, holding data for ransom or attacking IT services.

The Herald link also makes the document released by the GCSB available to read.


SIS and GCSB annual reviews

Newstalk ZB’s political editor Felix Marwick  has audios of the annual reviews of the SIS and GCSB directors.

For those interested – full audio of SIS Director Rebecca Kitteridge at today’s annual review hearing (27 minutes)