Archive for ‘Intelligence and Security’ Category
Posted on 18:39, September 14th, 2016 by Pablo
I spent some time talking with a Radio New Zealand reporter, who I must say is very well versed in the politics of the region, reflecting on the de facto admission of France into the Pacific Island Forum. Unlike the usual media sound bites, he gave me some room to reflect.
I get taking a stand on principles but…
So the Intelligence and Security Bill has passed its first reading in Parliament with a majority supporting it (106 votes to 15) and now goes back to select committee for further work.
The two parties who did not vote for it were the Greens and Peter Dunne (United Future).
For myself, I have read the Cullen/Reddy report that spawned the bill (170 pages), the bill itself and the all-important Regulatory Impact Statement (70 pages), followed the progress of the bill as it moved through the various layers of government and related agencies as well as talked with several of those who will be directly affected by it, should it go through, and it’s a rare day that I find myself in genuine agreement with John Key and the Government on a matter such as this.
Historically I have not been a fan of the Squirrels (one of the unofficial names used in Wellington for the intelligence services in general*), not because I do not believe they have a function in New Zealand but because my dealings with them though my current and previous work inside government has been a relatively vexing process and due to the fact that I don’t believe that these agencies remain fit for purpose in the modern world (I am an advocate of intelligence reform). Also because there is something about a high security clearance that often makes people inflate their own self-importance simply due to having said high security clearance and these agencies output seeming to have less to do with the actual security of NZ and more to do with supporting US hegemony though the Five Eyes agreement (also known as the “Anglo Saxon white peoples business empire protection club”).
Don’t get me wrong, I have several good friends and acquaintances in the squirrels, and there are many smart and dedicated souls slaving away for the greater good whose work will never be acknowledged but most of these agencies should have been shut down and replaced with something new and better a long time ago (something the report mentioned but was outside the scope of the report itself).
Unfortunately the mystique of intelligence work, as detailed by Victor Marchetti and John D. Marks in The CIA and the cult of Intelligence (and many other books**), is something that remains by virtue of people being dazzled by the idea of such work being something like a James Bond movie or by the fallacy that because something is a secret it therefore makes it special and those people that handle such material are therefore also special.
In the end the work is the same as that in many government departments but with a blanket of secrecy draped over it. Squirrels go to work, sit at desks, write reports and do many of the same things that other civil servants do. Much of the work is as mundane as that of other bureaucrats in government because they are bureaucrats also.
It’s also an atmosphere which can include a preference for ex-military intelligence personnel over talented staff already in house and a club like atmosphere in senior management characterized by the most venal examples of patch protectionism*** I have ever seen.
In my previous work the easy answer to dealing with squirrelly issues was to work around it rather than try and get them to do anything about it and it is worth relating the mechanics of such an issue to give readers an idea of how bloody obstinate these agencies can be to change or doing anything about problems or issues that exist simply because it would highlight their own failings.
In my previous role in government, my small team dealt with one of the squirrel agencies on a regular basis as part of our work processing and assessing risk cases. The process went something like this: We got a case, we assessed the case for risk using our standard measures and if certain criteria were met we then sent the case off to the appropriate section of the squirrels for comment (sometimes more than one). We then waited for that comment to come back and once it did we would complete the process and make a decision in regards to the case and the identified risk.
The problem was that once we sent the file off to the nutty clubhouse for comment it was the equivalent to throwing the file into a black hole or some sort of temporal vortex.
Once it went in there was no reliable way to predict when it was going to come out, it could be a few days, a week, a month, several months, six months, a year or in the most drawn out instances, well over a year and attempts to find out what was going on were usually met with the blank wall of secrecy.
And when I took over the team I soon found that the black hole was a real problem for our work simply because we did not know when a case was going to come out of the black hole and hence we could end up with half of the files in our cabinets waiting for the Squirrel Nutkin seal of approval and our workflow slowing down and often grinding to a halt while we waited for a result.
So being a solutions not problems sort of person I spent several months politely trying to get the fury rodents responsible for the black hole to give some time frame or indication of what was going on and soon found out that my counterparts on the other side were as over worked as much as myself and they themselves were beholden to processes much larger which were dictated to them by bigger rodents several pay grades above theirs (or my) own.
So I got my manager to arrange a meeting with their manager and we put forward a simple business case to improve the process by putting in place some simple workarounds in the form of queue streams (high and low priority) and more effective communications to enable the Stygian depth of the hole to slightly less opaque.
It was a sound proposal, would have required almost no extra effort by themselves (as we would have done most of the grunt work) and had demonstrable benefits for both parties. There was no risk of information leakage or any security being breached. All we were doing was fixing the mechanics of a process that was clearly broken.
But did squirrel management accept even one smidgen of our proposal? Noooooo, they did not and their reasons for refusing the proposal? They did not have any, they simply refused to do anything or say anything further on the matter.
So in the end I re-organised the entire process at our end to speed up all work before and after we flung the file into the back hole and made sure that our management were well aware of why time frames for files were dragging out so we could point to us having done all we could when the inevitable complaints came rolling in about “the status on these 23 files being on hold for more than six months”.
Sadly if this was an isolated example I would not be writing about it here but it’s not; time and again myself and others I have spoken with have had nothing but praise for the hard working individuals inside the shadow tailed services and lots of scorn and derision for their senior management and their archaic and byzantine practices simply because its “secret”.
And if my previous example is a bit too esoteric for the reader let me give a much clearer and more concrete example of the problem: Security Clearances.
For many people who work in government a security clearance (confidential, secret, top secret, top secret special, super- top secret, Umbra, grey alien etc) is a standard requirement for their job and these clearances range across government departments, many of which people might not imagine would need one (The Ministry of Education being a good example).
Unfortunately the process of getting a security clearance is often loooooong and sloooow which means that most people will start their jobs without the clearance the job description says they need. Now this is not an issue in itself because many clearances (such as a low level Confidential) have a minimal risk or exposure associated to them that the choice has been made to get the person into the role and proceed towards the clearance in due time. A reasonable workaround in such circumstances.
In other cases all manner of people have been in roles with all manner of documents and information with all manner of security levels passing across their desk and not a security clearance to their name in sight.
My favorite example of this is a previous manager I knew who handled a range of sensitive material but who never had the appropriate security clearance until her last week on the job and it was believed this was given to her only so it could be said that she had held the appropriate clearance rather than actually having been genuinely vetted. Nothing more than a box ticking exercise.
And again this is not an isolated incident; I have seen and herd all manner of similar stories from others in government. Much of it is due to limited staff and massive workloads so vetting has to be prioritized but still clearances don’t get given in the right circumstances.
So it’s with these thoughts in mind that I find myself reading through the Cullen/Reddy report and nodding in agreement with much it recommends and then continuing to nod my head when the government decides to take on most of these proposals with the new bill.
Will the new bill fix the technical problems noted above? No it won’t but as the report notes there is a serious fracture in the rules and regulations the various agencies use and how they work together and by having one system for both (as the new bill only really affects the SIS and GCSB with the NAB tabbed in on the side and does not affect the Police or the scoundrels in DDIS at all) with tighter rules for warrants things will actually improve all round by virtue of clarity around the rules and unification of output.
I won’t be going into the bill much further here as I intend to discuss it in greater detail in another post after it has been though a few select committees and the current issues have been worked out.
What I want to look at today is why the Greens are so opposed to the intelligence services in general and I have used my examples of some of the genuine issues with the squirrelly systems to illustrate that changes are needed but it seems that the Greens are not opposing the bill for any practical reasons.
The truth is that the Greens are opposed to the squirrels and their activities mostly on principle AND by having been subject to the intense scrutiny and machinations by sections of the squirrels in the past (and possibly even today). Such treatment would have left a rather bad feeling which is all fine and dandy but a rather strange position in this case because there are genuine issues with the squirrels which this bill could fix and it appears that the Greens are being blinded by principles rather than seeing the situation for what it is, in short principles before pragmatism.
As I noted in my Green Party post a few months back no other party in parliament would have had the level of monitoring and infiltration, in modern times, than the Greens. In the Cold War it would have been Labour and there are stories about party members (including Norm Kirk before he became PM) being watched, monitored and bugged by the SIS which when compared to the known behaviors of similar services elsewhere (MI5 in England) are more than likely to be true.
Also the traditional position of such parties is to oppose expanding the powers of the security apparatus so no surprises there. But if the Right has an ideological blind spot when it comes to social policy and viewing people and society as nothing more than crude inputs for their half-baked economic models then the Left often fails to see the very real Hobbsian argument for a strong state actor and that security is a key aspect of such a state. Hoping that we can all just get along or wishing to impose some sort of communal security arrangement ignores that security risks are real and few if any nations are immune.
So is it just really personal and the Greens can’t see that the bill might actually reign in the behavior of the squirrels rather than letting them of the leash leading to a wholesale expansion of their power (ie spying on Kiwis)?
Certainly if this rather testy exchange between Metirei Turei and IG Christopher Finlayson is to be believed, as while Finlayson has all the personality and people skills of prison camp commandant this would be one of those rare times where I can see that Turei’s questions are just point scoring and grandstanding rather than genuinely about the bill and Finlayson’s frustration and droning out the same answer again and again are entirely justified.
Then again, we expect our Green party candidates to hold and believe certain ideological positions just as much as we would expect National party members to be all for the Neo-Liberal death march to prosperity for the ultra-wealthy at the expense of all others; and the ideological position of the Greens is defiantly opposed to the intelligence services.
Which leaves me in a curious position as I usually like the policies of the Greens, ideology or not, and I myself do have issue with much of the structure and behavior of the security services in NZ but after having picked over the bill and related documents I see that the recommendations of the report are in generally sound (centralization of rules, tighter oversight and protections and clearer definitions) albeit with the need (as identified by Labour) to tighten up some of the details in the select committee process (clearer definition of “National Security” and around the levels of warrant/safeguard etc).
But that’s the details, the bill in and of itself will actually do a lot to bring the services around and in line as well as make them fully part of the public service (and subject to all that being in the public service means) but for some reason the Greens are not going to go for it and for once I find myself onside with John Key and National and genuinely wondering why the Greens hate the squirrels so much?
For those with the time I recommend reading the report (it’s very easy to read and was deliberately written that way as well as defining the issues in clear and simple terms) along with the related documents.
I do get that there are probably deeper concerns if you dug into the Greens on this issue but that’s not how it’s coming out in the media and their website also has little to say beyond their opposition to the bill and such matters.
If the Greens oppose the Squirrels for personal reasons I get that and also I support their being back on the ISC (Intelligence and Security Committee) despite Key’s protestations that their opposition makes it pointless to be there (I believe a dissenting opinion is a useful thing to guide the discussion not matter how contrary) but their voting against it, while a principled stand, really does little and ignores the opportunity that the bill presents to fix part of the problem they are moaning about.
*-So called after a 1960’s cartoon about a squirrel that was also a spy (here)
**-Decent Interval, The Big Breach and Spy Catcher being some other good works which highlight these issues.
***-As seen by myself and related to me through friends and acquaintances inside the wire. For whatever reasons such behavior seems to occur a lot more in the intelligence, risk and compliance spaces than elsewhere in government.
Sources in the US Navy have revealed that it will send an Arleigh Burke class guided missile destroyer to the RNZN 75th anniversary celebrations in November. The details of the participating ship have been sent to the New Zealand government but have not yet been released. However, I have it on good information that the ship will likely be the USS William P. Lawrence (DDG110). It is part of Pacific based Destroyer Squadron 21 and home ported at Naval Station San Diego. It is a relatively new ship, having been launched in 2009, christened in 2010 and entered into service in 2013.
Arleigh Burke class destroyers are gas turbine propelled and under peacetime conditions carry no nuclear munitions. So whether it is the USS Lawrence or a sister ship, the requirement that the visiting US grey hull be neither nuclear propelled or armed will have been met.
If indeed it is the ship being sent, the USS Lawrence has an interesting recent history. In May 2016 it participated in the freedom of navigation exercises the US Navy conducted in and around the Fiery Cross Reef in the disputed territories of the South China Sea that China has been building a reclaimed island upon. It has also conducted anti-poaching patrols and fisheries inspections in the Western Pacific in conjunction with local and regional fisheries agencies as well as the US Coast Guard, and undertook a recent port of call in Suva, Fiji. It most recently participated in the 30-nation Rim of the Pacific (RIMPAC) exercises off of Hawai’i. In its present deployment it serves as something akin to a regional USN “guard ship” for the Southwestern Pacific. It even has its own Facebook page.
Readers will know that I publicly suggested that the US send the USS Mercy, a hospital ship home ported at Pearl Harbour. My reasoning was that the hospital ship could symbolise the humanitarian side of US naval operations (something that is a core mission of the RNZN) and could even do stop-overs in island states on the way to and from Auckland in order to offer check ups and exams, vaccinations and other medical assistance to disadvantaged Pacifika populations. Sending a hospital ship would be good PR for the US Navy and would also help defuse some of the opposition to the visit because it would look pretty silly for an activist flotilla to try and block an unarmed humanitarian vessel when other nation’s gunships received no such hostile welcome.
But no. That would be too much to ask of the US Navy. Instead, what they are sending is a ship of the destroyer class that succeeded the class of which the USS Buchanan (DDG-14) was part. In 1985 the USS Buchanan had pretty much the same role that the USS Lawrence does today. So after all of these years of acrimony, the US Navy has decided to send NZ the same, updated version of the boat that it tried to send in 1985.
So the US has agreed to send a ship to the RNZN 75th anniversary celebrations in November. That means that it has accepted New Zealand’s non-nuclear policy and will send a ship that is neither nuclear armed or propelled. It may have taken 33 years for it to finally loosen up on its “neither confirm or deny” policy when it comes to nukes on board, but the US realises that the geopolitical and strategic environment in which that policy was adopted is long gone and has been replaced by another in which continuing to adhere to it is a matter of hubris that is both churlish and counterproductive. Given the pressing realities of Chinese strategic competition in the Western Pacific and elsewhere, the US needs to consolidate its alliance commitments in the region. If acknowledging New Zealand’s non-nuclear stance is one way of doing so, than any loss of face is well worth it.
Pundits on the NZ Left and Right have claimed that NZ has “won” in its dispute with the US and that it is a great “victory” for the anti-nuclear movement that took to the waters of the Waitemata Harbour three decades ago. Quite frankly, I find the crowing about victory to be infantile because there were many other factors at play and decisions such as this are not a simple matter of win or lose. Moreover, with the Wellington and Washington agreements and RNZN participation in the annual US-led RIMPAC naval exercises, the bilateral military relationship between New Zealand and the US is pretty much back to first-tier partner status regardless of the symbolic stand-off about nukes. Add to that the fact that US nuclear submarines regularly patrol around (and some suggest in) NZ territorial waters, and the reality is that NZ’s non-nuclear status does not impede US naval operations near its shores regardless of what is said in public.
The issue of the US “relenting” is all about context. First off, the strategic environment has changed considerably. It is well known that US surface ships, with the exception of carriers, are all diesel power and as of 1991 have not carried tactical nuclear munitions. Even if resurgent, Russia no longer poses the global nuclear threat to the US that it once did, and although China has emerged as the giant’s rival in the last two decades, it still has limited capacity to project blue water force deep into the Pacific in a measure that would constitute a direct challenge to US maritime interests. However, the Chinese are working hard to address that imbalance, evident in their land reclamation projects in the South China Sea and their overtures to South Pacific island states with regard to naval port visits and fishing rights, something that the US views with concern and which in part motivates Vice President Biden’s whirlwind tour of the region this week. Likewise, the re-establishment of the Russian Pacific Fleet also signals that the era of US maritime supremacy is now subject to contestation, so the US well understands that it needs all of its military allies working off of the same page when it comes to these new challenges. Recognizing the RNZN on its anniversary is one small way of doing so.
More importantly, from the moment President Obama stepped into the Oval Office he made de-nuclearization a cornerstone of his foreign policy. The Iran nuclear deal, the increased sanctions levied on North Korea, the slowing of advanced weapons sales to Pakistan, the repeated attempts to engage in bilateral strategic ballistic missile reductions with Russia–all of these efforts were undertaken as part of Obama’s vision of a safer world. It is therefore completely logical given his commitment to a world without (or at least with lesser amounts of) nuclear weapons, that under his administration the US would relent on the issue of NZ’s non-nuclear policy. In fact, it can be argued that the Obama administration wants to highlight its agreement with the principled commitment to a non-nuclear stance by authorising a US ship visit on a ceremonial occasion with symbolic significance given that several other nuclear powers will be among the 30 odd nations sending naval vessels to the celebrations–including its new competitors.
I have publicly suggested that the US send the USS Mercy, a hospital ship home ported at Pearl Harbour. It would symbolise the humanitarian aspects of naval deployments that the RNZN claims as one of its core missions and would defuse the grounds for opposition of protesters who see US warships as imperialist death platforms. Surprisingly, this suggestion has been ridiculed by some (most on the Right) who say that a ship without guns is not “exciting” and is not a real naval vessel. Given that navies around the world have tenders, tankers, tugs, intelligence collection vessels and assorted other non-combat ships, it strikes me as strange that some people think that the US decision to send a navy ship is a victory for NZ and yet that victory must be confirmed with a warship visit as opposed to something with a non-combat purpose. Given that the NZDF spends much time publicising its non-combat, peacekeeping and humanitarian roles, I would have thought that a visit by a US naval vessel whose purpose was something other than kinetic operations would be perfectly suited for the occasion.
In the end the decision by the US to accept the invitation to send a ship to the RNZN anniversary celebrations was a triumph of good sense over bureaucratic intransigence within the US defense establishment, pushed as much by the president’s commitment to a nuclear weapons-free world as it is by the evolving strategic realities in the Western Pacific Rim that require the US to consolidate its military alliance commitments in the region. Some in NZ may think that it “won” and the US lost with its change of posture, but a simple glance at geopolitical realities suggests that it was not the NZ non-nuclear movement that forced the change so much as it is the influence of much broader factors in a context when haggling about nukes on board is about as relevant to modern naval warfare as is arguing about the relative merits of spinnakers and mainsails.
Posted on 08:24, July 20th, 2016 by Pablo
I have observed with bemusement some of the commentary (including here at KP) that views the failed coup in Turkey as a “victory for democracy.” As someone who has lived through several coups in Latin America and who has academically studied, professionally written, and worked in developing policy for the US government on issues of comparative civil-military relations (including how to address coups), and who has written at length on the differences between coups d’etat, putsches, revolts and revolutions in the Middle East and elsewhere (some of it here on KP), I find it hard to believe that otherwise sensible commentators (with a notable exception) would think that anything good can come of the coup’s failure. This was not a simple matter of Turkish good guys versus bad guys, and the sequels to the violence will not be pleasant but will be long-lasting.
In any event, this week the Herald editorial board wrote favourably of the outcome in Turkey. My colleague Kate Nicholls (a comparative politics scholar) and I were disappointed by it and penned a response. It looks like the Herald will not publish the critique, so here it is:
As students of comparative civil-military relations, we were surprised to read the Herald’s July 19 editorial “Coup’s failure hopeful sign for democracy.” Unlike the Herald’s editors we see no positives resulting from the aborted coup. Instead we foresee the death throes of a painstakingly crafted secular, albeit imperfect, democracy, that was the crowning achievement of Kemal Atuturk and which has been under siege since the election of former Istanbul mayor Recep Erdogan to the Prime Ministry in 2003 and Presidency in 2014.
The cornerstones of the Kemalist vision of Turkish democracy were an apolitical professional military, an independent secular judiciary, and a multiparty electoral system characterized by a separation of powers and a system of checks and balances between the executive and legislative branches. Granted, Ataturk’s nationalism, which bound the country together in the wake of the collapse of the Ottoman Empire, often worked to stifle free speech and repress ethnic minorities, notably the Kurds. Turkish democracy has also always been “guarded”, meaning that the military has on occasion acted as unelected veto-player. Yet since the rise of Erdogan to power 16 years ago, things have gotten incrementally but steadily worse.
Since he assumed office, Erdogan has undermined the judiciary by appointing ideological cronies and firing or arresting independent minded jurists; sacked hundreds of senior military officers and replaced them with loyalists; introduced mandatory Islamic Studies into military curricula; censored, banned and/or arrested non-supplicant media outlets and reporters; rigged electoral rules favour of his own party; and instituted constitutional amendments designed to perpetrate his rule and re-impose Sharia precepts on public institutions (something not seen since the days of the Ottomans). He has enriched himself and his friends by using public construction projects as sources of political patronage and illicit gain. All in all, he has destroyed the promise of a moderate democratic Islamism that brought him to power in the first place. Using populist methods to reaffirm his electoral popularity with the rural and urban poor, Erdogan has been steadily eroding Turkish democracy from within.
Erdogan has also proven himself to be diplomatically incompetent. From a position of stability as the regional power in the Levant, under his guidance Turkey now finds itself at war with adversaries on two borders, estranged from the US, Russia, Egypt and Israel as well as the Gulf Arab states, at odds with Europe over a host of political and economic issues, and confronted by a rising tide of domestic terrorism. His tenure has been ruinous for Turkish aspirations for European Union membership and Turkey’s increasingly unfavorable international reputation was cemented by its loss to New Zealand and Spain in the 2014 elections for a UN Security Council temporary seat for the 2015-17 term.
Erdogan has blamed the coup attempt on the self-exiled cleric Fethullah Gulen, whose power base is to be found amongst the more educated and liberal sectors of Turkish society and whose brand of Islam appears more compatible with the older secular nationalist vision. Whether Gulen was really behind the coup attempt remains to be seen, but there are reasons to suspect the President’s version of the coup’s origins, not least that the plot was very poorly planned and doomed to failure from the outset. For example, the plotters did not grab Erdogan or take over media outlets before announcing the takeover; did not move to censor social media in order to deny Erdogan and his loyalists an alternative communications platform; did not have more than a brigade’s worth of infantry troops (mostly conscripts) trying to control the entire country; and did not have enough armour or aviation on their side to impose emergency rule. As with many failed coups it was led by junior rather than senior officers, although that is because the senior ranks are full of Erdogan loyalists. One thing about modern day coups is that those leading them have a wealth of history to learn from, learning that does not seem to be much in evidence here in spite of Turkey’s history with previous coups and the examples provided by a host of countries elsewhere.
When it comes to the future of Turkish democracy, whether the coup was instigated from Pennsylvania or just a bit closer to the President’s own office is in many ways irrelevant. Erdogan is already using the events of the past week to further purge the military of secularist factions with the arrest of at least 6000 military personnel (including 130 officers), and has broadened the retaliatory sweep by suspending 8000 police officers, 15,000 public educators and 3000 members of the judiciary (all of whom are suspected of being opposed to his Islamicisation project for the Turkish state). He has moved to reintroduce the death penalty—a move which both appeals to baser populist tendencies and will be yet another setback in Turkey’s fifty-year long negotiation over accession to the European Union. None of this is supportive of democracy.
One of the major consequences of all this will be the reconfiguration of the Turkish military as a praetorian guard rather than professional organization. Based on Roman Imperial Guards, praetorian militaries are those that are heavily politicized, intervene in national politics, engage in domestic repression and serve the government of the day rather than the commonweal. Professional militaries, in contrast, are apolitical and non-partisan, focused on external defense and serve the nation as a whole regardless of who is in government.
What prompts a military to move from professional to a praetorian posture is a combination of push (internal) and pull (external) factors. The former include horizontal (between armed services) and vertical (between ranks) cleavages as well as resistance to government interference in military affairs. The latter include government corruption, stalemate, mishandling of security matters or inability to manage threats to national security, civil society pleading for intervention and loss of business confidence.
All of these factors were at play in Turkey’s latest coup. Nearly 300 people died in inter-service clashes. Erdogan loyalists swarmed under-manned and lightly armed soldiers in the streets of Ankara and Istanbul. Seeing that, civilian coup supporters stayed at home. Cynics will note that, in spite of its apparent near-success and the intense violence directed at loyalist-controlled security agencies and parliament, the nature of the undertaking suggested not so much a well-planned and militarily precise operation in defense of democracy as it did an opportunistic manipulation of discontent within military ranks in order to justify a purge of the discontented.
Whether the coup was done as a last ditch defense of the Kemalist democratic legacy or not, the outcome is now clear: Turkey has veered hard towards outright dictatorship with Erdogan as the primary beneficiary. The President’s announcement that he will now “clean all state institutions of the virus” that led to the coup is an ominous sign of things to come.
PS: The Herald was kind enough to publish a short version of the original essay on July 21, 2016.
Posted on 15:46, June 1st, 2016 by Pablo
I was invited to speak at a forum in Wellington on the “Privacy Security Dilemma.” It included a variety of people from government, the private sector, academia and public interest groups. The discussion basically revolved around the issue of whether the quest for security in the current era is increasingly infringing on the right to privacy. There were about 150 people present, a mixture of government servants, students, retirees, academics, foreign officials and a few intelligence officers.
There were some interesting points made, including the view that in order to be free we must be secure in our daily lives (Professor Robert Ayson), that Anglo-Saxon notions of personal identity and privacy do not account for the collective nature of identity and privacy amongst Maori (Professor Karen Coutts), that notions of privacy are contextual rather than universal (Professor Miriam Lips), that in the information age we may know more but are no wiser for it (Professor Ayson), that mass intrusions of privacy in targeted minority groups in the name of security leads to alienation, disaffection and resentment in those groups (Anjum Rahman), and that in the contemporary era physical borders are no impediment to nefarious activities carried out by a variety of state and non-state actors (various).
We also heard from Michael Cullen and Chris Finlayson. Cullen chaired the recent Intelligence Review and Finlayson is the current Minister of Security and Intelligence. Cullen summarised the main points of the recommendations in the Review and was kind enough to stay for questions after his panel. Finlayson arrived two hours late, failed to acknowledge any of the speakers other than Privacy Commissioner John Edwards (who gave an encouraging talk), read a standard stump speech from notes, and bolted from the room as soon as as he stopped speaking.
Thomas Beagle gave a strong presentation that was almost Nicky Hageresque in its denouncement of government powers of surveillance and control. His most important point, and one that I found compelling, was that the issue is not about the tradeoff between security and privacy but between security and power. He noted that expanded government security authority was more about wielding power over subjects than about simply infringing on privacy. If I understand him correctly, privacy is a commodity in a larger ethical game.
Note that I say commodity rather than prize. “Prize” is largely construed as a reward, gain, victory or the achievement of some other coveted objective, especially in the face of underhanded, dishonest, unscrupulous and often murderous opposition. However, here privacy is used as a pawn in a larger struggle between the state and its subjects. Although I disagree with his assessment that corporations do not wield power over clients when they amass data on them, his point that the government can and does wield (often retaliatory) power over people through the (mis) use of data collection is sobering at the very least.
When I agreed to join the forum I was not sure exactly what was expected from me. I decided to go for some food for thought about three basic phrases used in the information gathering business, and how the notion of consent is applied to them.
The first phrase is “bulk collection.” Bulk collection is the wholesale acquisition and storage of data for the purposes of subsequent trawling and mining in pursuit of more specific “nuggets” of actionable information. Although signals intelligence agencies such as the GCSB are known for doing this, many private entities such as social media platforms and internet service providers also do so. Whereas signals intelligence agencies may be looking for terrorists and spies in their use of filters such as PRISM and XKEYSCORE, private entities use data mining algorithms for marketing purposes (hence the targeted advertisements on social media).
“Mass surveillance” is the ongoing and undifferentiated monitoring of collective behaviour for the purposes of identifying, targeting and analysing the behaviour of specific individuals or groups. It is not the same thing as bulk collection, if for no other reason than it has a more immediate, real-time application. Mass surveillance is done by a host of public agencies, be it the Police via CCTV coverage of public spaces, transportation authorities’ coverage of roadways, railroads and airports, local council coverage of recreational facilities and areas, district health board monitoring of hospitals, etc. It is not only public agencies that engage in mass surveillance. Private retail outlets, shopping centres and malls, carparks, stadiums, entertainment venues, clubs, pubs, firms and gated communities all use mass surveillance. We know why they do so, just as we know why public agencies do so (crime prevention being the most common reason), but the salient fact is that they all do it.
“Targeted spying” is the covert or surreptitious observation and monitoring of targeted individuals and groups in order to identify specific activities and behaviours. It can be physical or electronic (i.e. via direct human observation or video/computer/telephone intercepts). Most of this is done by the Police and government intelligence agencies such as the SIS, and most often it is done under warrant (although the restrictions on warrantless spying have been loosened in the post 9/11 era). Yet, it is not only government security and intelligence agencies that undertake targeted spying. Private investigators, credit card agencies, debt collectors, background checking firms and others all use this as a tool of their trades.
What is evident on the face of things is that all of the information gathering activities mentioned here violate not only the right to privacy but also the presumption of innocence, particularly the first two. Information is gathered on a mass scale regardless of whether people are violating the law or, in the case of targeted spying, on the suspicion that they are.
The way governments have addressed concerns about this basic violation of democratic principles is through the warrant system. But what about wholesale data-gathering by private as well as public entities? Who gives them permission to do so, and how?
That is where informed consent comes in. Informed consent of the electorate is considered to be a hallmark of robust or mature democracies. The voting public are aware of and have institutional channels of expression and decision-making influence when it comes to the laws and regulations that govern their communal relations.
But how is that given? As it turns out, in the private sphere it is given by the phrase “terms and conditions.” Be it when we sign up to a social media platform or internet service, or when we park our cars, or when we enter a mall and engage in some retail therapy, or when we take a cab, ride the bus or board a train, there are public notices governing the terms and conditions of use of these services that include giving up the right to privacy in that particular context. It may be hidden in the fine print of an internet provider service agreement, or on a small sticker in the corner of a mall or shop entry, or on the back of a ticket, but in this day and age the use of a service comes attached with it the forfeiture of at least some degree of privacy. As soon as we tick on a box agreeing to the terms or make use of a given service, we consent to that exchange.
One can rightly argue that many people do not read the terms or conditions of service contracts. But that is the point: just as ignorance is no excuse for violation of the law, ignorance of the terms of service does not mean that consent has not been given. But here again, the question is how can this be informed consent? Well, it is not.
That takes us to the public sphere and issues of governance. The reality is that many people are not informed and do not even think that their consent is required for governments to go about their business. This brings up the issue of “implicit,” “implied” or inferred” consent. In Latin American societies the view is that if you do not say no then you implicitly mean yes. In Anglophone cultures the reverse is true: if you do not explicitly say yes than you mean no. But in contemporary Aotearoa, it seems that the Latin view prevails, as the electorate is often uninformed, disinterested, ignorant of and certainly not explicitly consenting to many government policy initiatives, including those in the security field and with regards to basic civil liberties such as the right to privacy and presumption of innocence.
One can argue that in representative democracy consent is given indirectly via electoral processes whereby politicians are elected to exercise the will of the people. Politicians make the laws that govern us all and the people can challenge them in neutral courts. Consent is given indirectly and is contingent on the courts upholding the legality if not legitimacy of policy decisions.
But is that really informed contingent consent? Do we abdicate any say about discrete policy decisions and legislative changes once we elect a government? Or do we broadly do so at regular intervals, say every three years, and then just forget about having another say until the next election cycle? I would think and hope not. And yet, that appears to be the practice in New Zealand.
Therein lies the rub. When it comes to consenting to intrusions on our privacy be they in the private or public sphere, we are more often doing so in implicit rather than informed fashion. Moreover, we tend to give broad consent to governments of the day rather than offer it on a discrete, case by case, policy by policy, law by law basis. And because we do so, both public authorities and private agencies can collect, store, manipulate and exchange our private information at their discretion rather than ours.
Posted on 14:49, March 29th, 2016 by Pablo
I have had a professional interest in torture since my days doing human rights work in Latin America. As part of that work I talked to victims as well as perpetrators of state terrorism and subsequently wrote professionally about its usage in Argentina. Later on I consorted with members of the US counter-intelligence community who were responsible for interrogations of suspected spies and other bad people. They helped me understand the difference between coercive (as opposed to passive or sympathetic) interrogations and torture. The combination of experiences made clear to me that torture is more about punishment and collective deterrence through fear than it is about timely and sensitive information-gathering.
When the US started using its “enhanced interrogation techniques” after 9/11, descending into the medieval weirdness of Abu Ghraib and camp X-Ray at Guantanamo Bay, I tried to make sense of it.
In recent years the US Congress and the CIA have conducted investigations into the enhanced interrogation program. The bottom line is twofold: enhanced interrogations did not work any better than “normal” interrogations in extracting valuable information from terrorism suspects; and the justifications for using them was specious and deceptive at best. The best way of garnering valuable intelligence, as it turns out, is through a combination of timely signals collections working in concert with old fashion human intelligence gathering on the ground.
Now along comes Donald Trump claiming that not only does torture work but that he would “do worse” to suspects than water boarding in order to extract information from them. By now it should be clear that he is a blithering idiot on foreign relations, military affairs, intelligence operations, and pretty much everything else when it comes to public policy, to say nothing of being a serial liar with the purest case of narcissistic personality disorder seen since Narcissus himself (and were it that he could only suffer the same fate).
Heck, he makes Al Gore’s claim about inventing the internet look like a child’s fib in comparison!
In any event, Trump is dangerously wrong.
In an interview with a NZ business publication, this is what I had to say bout Trump’s remarks.
I wrote a short opinion piece in the Herald outlining some of my thoughts about the Brussels terrorist attacks. Unless the root causes of the problem are addressed, there will be no end to them. Even if they overlap in the form of foreign fighters, those root causes primarily reside in the disaffection and alienation produced by socio-economic and cultural grievances at home rather than in the conflicts of the Middle East. The solution is to be proactive as well as reactive to the threat posed by domestic radicalisation, and that involves social reform as well as better human intelligence collection in the communities from which home-grown jihadists emerge.
In last Monday’s press briefing, the Prime Minister took my name in vain. Responding to questions from a reporter I had talked to, he said that my concerns about the apparent illegality of undercover intelligence operations were “fundamentally wrong.” Instead, he said that although intelligence agencies could not break laws (tell that to Kim Dotcom), they might require “different laws.”
I beg to differ.
Before delving deeper, let’s address the PM’s remark about the need for “different laws” governing undercover intelligence operations. What does he mean by “different?” Is he proposing that there be one set of laws for regular citizens and another set of laws governing undercover intelligence work? How does that sit with the “equal rights under the law” premise that is at the heart of democratic jurisprudence? And if there is no provision for “different laws” governing undercover intelligence operations today, then what is there in extant law that makes otherwise illegal acts legal? How often and under what circumstances are these illegal-but-legal acts allowed and are they only allowed or legal under warrant? Something tells me that the answers to the last two questions are “frequently and routine” and “no” respectively.
The question about undercover intelligence operations was raised because during the course of conversations with a couple of reporters about the Intelligence Review in general, I pointed out that the most interesting items were buried at the back of the report. Reporters tend to read the executive summaries of official government documents but seldom have the time or inclination to read through 179 pages of dense prose and legal jargon.
But since I have the time and inclination, I did. Plus, in my former life as a US government official I actually helped draft such reports so know that the best way of reading them is from back to front. That way one can get to the meat of the report, often found in annexes, before wading through the fluff.
I should point out that my overall take on the report is this: given who was on the Review committee, the report was inevitably going to have a bias towards institutional continuity and incrementalism with regard to reforms. That is indeed what happened. The report reflects as much if not more of the spy agencies’ concerns than it does that of external parties or stakeholders like the civil society organisations and individuals that were consulted by the Committee. The result is bound to be disappointing to those who wanted a major overhaul of the intelligence community or wanted parts of it disbanded altogether, such as the Greens, but to my mind it is a small but acceptable step towards greater transparency and accountability in the NZ intelligence community and its main collection agencies, the GCSB and SIS.
Even so, there are several problematic areas in the report that are worth considering, and here I will focus on the undercover operations that the PM thinks I have interpreted so fundamentally wrong. Rather than present my views without context, here are (cut and pasted) the recommendations regarding undercover operations as listed in the Report:
163 Annex C: Full list of recommendations (abridged).
Cover for operations and employees
78.The legislation should explicitly provide for the Agencies to obtain, create and use any identification information necessary for the purpose of maintaining the secret nature of their authorised activities. This should include the ability to create cover for anyone authorised to undertake activity for the Agencies.
79. “Identity information” should include anything that could be used to establish identity – such as credit cards and shell companies in additional to traditional forms of identification (such as passports and driver licences).
80. The Agencies should also have the ability to obtain, create and use identification information necessary to keep the identity of their employees confidential.
81. The use of these powers should be covered by a tier 3 authorisation (policy statement) to ensure they are exercised only where necessary and proportionate.
82. There should be corresponding immunities from civil and criminal liability for reasonable acts done in good faith to create or maintain cover as part of an authorised operation or to keep the fact of a person’s employment with the NZSIS or GCSB secret.
83. These powers and immunities should be incorporated through general provisions in the legislation governing the Agencies, rather than by inserting specific exceptions in other legislation as is currently the case.
84. The same immunities should apply to both agencies, in line with our recommendations that the Agencies share functions and an authorisation regime.
85. Immunities should also apply to anyone required to assist the Agencies, such as telecommunications companies, or to human sources or agents acting at the Agencies’ request or direction.
86. The legislation should provide that no person should be subject to criminal liability for acts carried out in good faith and in a reasonable manner that are necessary to give effect to a tier 1 or tier 2 authorisation.
87. Employees of the Agencies should also have immunity from criminal liability for acts carried out in good faith, in a reasonable manner and in accordance with the purposes of the Act to obtain a tier 1 or tier 2 authorisation.
88. The immunities for employees of the Agencies should also extend to any relevant minor offences or infringements that may need to be committed in the course of investigations carried out under a tier 3 authorisation (such as breaches of road user rules).
89. Employees of the Agencies and any person acting at the request or direction of the Agencies should be protected from civil liability for acts or omissions in good faith in the pursuance or intended pursuance of the Agencies’ duties, functions or powers. This is the same protection as is provided to public sector employees under the State Sector Act 1988.
90. Where the GCSB or NZSIS is assisting another agency to perform its functions, any immunities that apply to the agency being assisted should also apply to the GCSB and/or NZSIS.
Readers can form their own conclusions about what these recommendations imply. But here are some thoughts. It appears that undercover operations conducted by the SIS (and to a lesser extent the GCSB) do not have specific legal cover as things currently stand. There are no provisions in the SIS or GCSB Acts that explicitly refer to a legal framework under which otherwise criminal acts undertaken by undercover intelligence agents may occur. That means, in effect, that until now undercover intelligence operations are essentially illegal except for the fact that they are conducted by agents of the State at its behest under exceptions to existing legislation (outside of the GCSB and SIS Acts or even the State Sector Act). But even then there is apparently nothing in the law that explicitly authorises undercover intelligence operations that otherwise would be criminal acts (say, burglary, forgery or credit fraud). Yet the recommendations speak directly to such acts so clearly they have been happening.
The problem is not just that SIS agents have no specific legal cover for what they do covertly, something that individually places them at considerable risk in the event that they are caught or detected. There also are no specific provisions on what they cannot do. Where is the line drawn as to what is permissible when acting as an undercover agent of the State. Murder? Arson? Extortion? Blackmail? Kidnapping? Credit card fraud? Money laundering? Burglary? Home invasions? Tail-gating? (I include this because recommendation 88 specifically mentions breaches of road user rules). If an agent is recklessly tail-gating a surveillance target and wrecks while doing so, killing or injuring passerby, is that agent immune from prosecution or liability because s/he was in the service of the State?
These questions are not frivolous. From my personal experience, I know that among other things covert or undercover agents are taught how to pick locks and conduct “traceless” break-ins and burglaries (they are even provided with the tools to do so). Cyber-hacking to install malware or to steal sensitive information is a stock in trade of signals intelligence agencies. Clandestine surveillance of all sorts is the bread and butter of most human intelligence agencies. The CIA has its own lethal drone program and paramilitary branch, as do several other spy agencies. The Mossad is, among many other things, a brutally efficient assassination machine. So where does one draw the line when it comes to otherwise criminal acts carried out by intelligence agents of the NZ state?
The recommendations repeatedly speak about acting in “good faith.” But how is “good faith” defined? The SIS agents who broke into activist Aziz Chowdry’s home in 1996 were probably acting in “good faith” when they committed what otherwise would be a crime, but how is it that stealing documents from activists is justified on national security grounds? Moreover, the person who caught the SIS agents in the act of breaking and entering, David Small, had his home raided, ostensibly to search for bomb-making materials, by the Police a week later, after making the initial complaint (he was able to record the SIS get away car’s registration plate number, which was traced back to an SIS front company). How was the raid on Dr. Small done in “good faith” and at whose behest? The government was eventually forced to settle with Mr. Chowdry for a six figure amount and, worse yet, forced to apologise to him for the break in (you can read a summary of the case here).
Dr. Small also received compensation for “unreasonable search.” If we accept that an apology implies recognition of wrong doing and that “unreasonable searches” may be part of the SIS repertoire, then how and where does “good faith” come into the picture? Add to that events such as SIS break-ins at Auckland University in the late 1990s (if I am not mistaken Jane Kelsey’s office was a target), and one gets the idea that the SIS engages in otherwise illegal acts not so much for national security reasons but because it simply can under a de facto “good faith” immunity clause. So the effect of the current recommendations would be to codify what is already informal usage and practice.
The issue of “good faith” extends beyond New Zealand’s borders. Inspector General of Intelligence and Security Cheryl Gwyn is currently investigating whether the SIS was complicit in the CIA extraordinary rendition and black site program. For those unaware of these, the program involved kidnapping or detaining suspected Islamic extremists and “rendering” them to clandestine detention centres in a number of countries (Poland, Thailand and Egypt, among others). There they were subject to euphemistically labeled “enhanced” interrogation techniques (some of which are more properly classified as torture). Although some of those “rendered” by this program turned up in Guantanamo Bay or in prisons operated by US allies, many others have never been seen again. All of this was conducted off the books and outside of legal guarantees or protections for the detainees.
Assuming that Ms. Gwyn does find that in fact the SIS knew about or was complicit in the extraordinary rendition/black site program in contravention of NZ commitments to international conventions against torture and arbitrary detention, can the SIS turn around and claim that it was doing so in “good faith?” Is “good faith” nothing more than a get out of jail card for the intelligence services?
The bottom line is two-fold. First, undercover intelligence operations to date have been conducted under very porous and somewhat dubious legal cover that allows a multitude of operational sins to occur under what seems to be a wink and nod agreement with other agencies such as the police and Crown.
Secondly, the recommendations in the report about legal cover for undercover intelligence operations are very vague and broad, which allows the possibility for agents to go “rogue” so long as they can claim that they are acting in “good faith.” Neither is acceptable in a liberal democracy.
I agree that a comprehensive legal framework is needed governing the circumstances and permissible activities conducted during undercover intelligence operations. But this framework has to specify as much what is not permissible as what is, and has to ensure clear lines of responsibility as well as authorisation before and during the conduct of said operations. Otherwise we run the risk of allowing State-sanctioned criminal enterprise to masquerade as intelligence gathering.
It seems that a fair share of people are concerned about the Intelligence Review Committee’s recommendation that the GCSB be allowed to spy on the private communications of NZ citizens and residents, most often with a warrant adhering to a three tiered process that requires the signature of the Attorney General and Judicial Commissioner for the most intrusive searches of private individual’s communications and, under highly exceptional circumstances (involving the combination of imminent threat and the need for immediate real time information), accessing private individual’s communications without a warrant.
This essentially codifies what is already being done in practice under the GCSB’s “assist” role whereby it can offer its technological capabilities under warrant to other government agencies when asked and can engage in warrantless spying on NZ citizens and residents if they reside abroad or work for or are associated with foreign-based entities like NGO’s, IO’s embassies, corporations, charities and CSO’s. Remember: this is targeted eavesdropping and signals intercepts, not mass (meta-) data collection or mass surveillance. The argument goes, and I tend to agree in part with it, that the NZ threat environment has become increasingly “glocal” or “intermestic,” meaning that the boundaries between global or international affairs and domestic and local concerns are increasingly blurred thanks to advances in telecommunications, transportation and economic transaction. Hence the need for targeted GCSB involvement in matters of domestic espionage when warranted.
In any event my first question is this: why, if people are concerned about the publicly-debated legal extension of the GCSB’s de facto “assist” role, are they not concerned about the use of military assets (specifically, the deployment of light armoured vehicles, a helicopter and troops) to assist the police in the Kawerau police shooting and siege? After all, the use in a police operation of combat designed equipment and soldiers trained and equipped for external combat would seem to be stretching the proper, legally defined role of the NZDF even if we consider its civil defense responsibilities (which, if I am not mistaken, would only apply to armed intervention in instances of civil war or insurrectionist (read: Maori) upheaval). Should there not be a clear separation of NZDF missions and police matters delineated in law? Pardon my ignorance, but is there? Is there a legally outlined “assist” role for the NZDF in armed confrontations like this latest incident and the Napier siege of a few years ago? Or is the operational relationship between the NZDF and Police more ad hoc, informal and circumstantial in nature?
Then there is the suggestion by Michael Cullen that future Intelligence Reviews could consider merging the GCSB and SIS. This would be akin to merging the NZDF and NZ Police. So my next question is: would we ever consider merging the NZDF and Police? If not, why would we consider merging a signals intelligence collection agency with a human intelligence collection agency?
There is more to ask. Most of what the GCSB does is foreign intelligence collection on behalf of the 5 eyes network. The domestic side of its targeted spying is relatively small in comparison and again, done in service of or in concert with domestic agencies such as the SIS and Police, most often under warrant or given the exceptions listed above. Otherwise and for all intents and purposes, the GCSB is a branch of the 5 Eyes on NZ soil, not a fully independent or autonomous NZ spy agency. Think of the amount of money that the GCSB receives from 5 Eyes, amounts that are believed to be well in excess of its NZ government-provided budgetary allocations (the exact figures are classified so are what is known as “black” allocations under he “reciprocity agreement” that binds the GCSB to the rest of the 5 Eyes partners). Think of the highly sensitive technologies it employs. When the GCSB was first established, was the equipment and personnel used completely Kiwi in nature? Is the equipment used today completely Kiwi in nature and are the people manning the listening posts at Waihopai and Tangimoana today all NZ citizens?
Given the network resources at its disposal, were the GCSB to merge with the SIS it is possible that the latter would be subject to institutional “capture” by the former. That would mean that the intelligence priorities and requirements of 5 Eyes could come to dominate the human intelligence priorities of the SIS. I am not sure that is a good thing. And if we consider that the separation of powers concept that is at the core of democratic practice should institutionally extend beyond the tripartite structure at the apex of the state apparatus (executive, legislature, judiciary), then centralising the most intrusive spying powers of the state in one agency answerable almost exclusively to the executive branch seems to be antithetical to that premise.
It could be the case that the possibility of a merger is being floated so that the SIS and GCSB can concentrate on external espionage and counter-espionage, with the domestic intelligence function reverting wholly to the police (who already have their own intelligence units). But even then the GCSB will continue to have a role in domestic signals collection, so the result of the merger would mainly impact the focus and organisation of the SIS.
I was fortunate to have a private audience with the Review Committee. From what I have read in the report so far, much of what I recommended was ignored. Even so, I do believe that the committee tried to balance civil liberties with security requirements and take what is a hodgepodge of disparate intelligence legislation and craft a uniform legal framework in which the iNZ intelligence community can conduct its operations. Heck, they even have recommendations about the legal cover given to undercover agents, both in terms of the process of assuming false identities as well as in terms of their immunity from liability when discharging their undercover tasks (apparently no such legal cover exists at the moment or is patchy at best).
Although I was disappointed that much of what I recommended to the committee did not appear in the final report, I am satisfied that their recommendations are a step forward in terms of transparency, accountability and oversight. I realise that this sentiment is not shared by many observers (for example, Nicky Hager was scathing in his appraisal of the report), but to them the questions I posed above are worth considering. To wit: If you are comfortable with the military getting involved in domestic law enforcement in exceptional (yet apparently regular) circumstances, then what is the problem with the GCSB getting more publicly involved in domestic espionage in similar circumstances?
There is much more to discuss about the Report and I may well do so as I wade through it. For the moment, here is a good critical appraisal worth reading.