Posts Tagged ‘Intelligence’
Posted on 15:46, June 1st, 2016 by Pablo
I was invited to speak at a forum in Wellington on the “Privacy Security Dilemma.” It included a variety of people from government, the private sector, academia and public interest groups. The discussion basically revolved around the issue of whether the quest for security in the current era is increasingly infringing on the right to privacy. There were about 150 people present, a mixture of government servants, students, retirees, academics, foreign officials and a few intelligence officers.
There were some interesting points made, including the view that in order to be free we must be secure in our daily lives (Professor Robert Ayson), that Anglo-Saxon notions of personal identity and privacy do not account for the collective nature of identity and privacy amongst Maori (Professor Karen Coutts), that notions of privacy are contextual rather than universal (Professor Miriam Lips), that in the information age we may know more but are no wiser for it (Professor Ayson), that mass intrusions of privacy in targeted minority groups in the name of security leads to alienation, disaffection and resentment in those groups (Anjum Rahman), and that in the contemporary era physical borders are no impediment to nefarious activities carried out by a variety of state and non-state actors (various).
We also heard from Michael Cullen and Chris Finlayson. Cullen chaired the recent Intelligence Review and Finlayson is the current Minister of Security and Intelligence. Cullen summarised the main points of the recommendations in the Review and was kind enough to stay for questions after his panel. Finlayson arrived two hours late, failed to acknowledge any of the speakers other than Privacy Commissioner John Edwards (who gave an encouraging talk), read a standard stump speech from notes, and bolted from the room as soon as as he stopped speaking.
Thomas Beagle gave a strong presentation that was almost Nicky Hageresque in its denouncement of government powers of surveillance and control. His most important point, and one that I found compelling, was that the issue is not about the tradeoff between security and privacy but between security and power. He noted that expanded government security authority was more about wielding power over subjects than about simply infringing on privacy. If I understand him correctly, privacy is a commodity in a larger ethical game.
Note that I say commodity rather than prize. “Prize” is largely construed as a reward, gain, victory or the achievement of some other coveted objective, especially in the face of underhanded, dishonest, unscrupulous and often murderous opposition. However, here privacy is used as a pawn in a larger struggle between the state and its subjects. Although I disagree with his assessment that corporations do not wield power over clients when they amass data on them, his point that the government can and does wield (often retaliatory) power over people through the (mis) use of data collection is sobering at the very least.
When I agreed to join the forum I was not sure exactly what was expected from me. I decided to go for some food for thought about three basic phrases used in the information gathering business, and how the notion of consent is applied to them.
The first phrase is “bulk collection.” Bulk collection is the wholesale acquisition and storage of data for the purposes of subsequent trawling and mining in pursuit of more specific “nuggets” of actionable information. Although signals intelligence agencies such as the GCSB are known for doing this, many private entities such as social media platforms and internet service providers also do so. Whereas signals intelligence agencies may be looking for terrorists and spies in their use of filters such as PRISM and XKEYSCORE, private entities use data mining algorithms for marketing purposes (hence the targeted advertisements on social media).
“Mass surveillance” is the ongoing and undifferentiated monitoring of collective behaviour for the purposes of identifying, targeting and analysing the behaviour of specific individuals or groups. It is not the same thing as bulk collection, if for no other reason than it has a more immediate, real-time application. Mass surveillance is done by a host of public agencies, be it the Police via CCTV coverage of public spaces, transportation authorities’ coverage of roadways, railroads and airports, local council coverage of recreational facilities and areas, district health board monitoring of hospitals, etc. It is not only public agencies that engage in mass surveillance. Private retail outlets, shopping centres and malls, carparks, stadiums, entertainment venues, clubs, pubs, firms and gated communities all use mass surveillance. We know why they do so, just as we know why public agencies do so (crime prevention being the most common reason), but the salient fact is that they all do it.
“Targeted spying” is the covert or surreptitious observation and monitoring of targeted individuals and groups in order to identify specific activities and behaviours. It can be physical or electronic (i.e. via direct human observation or video/computer/telephone intercepts). Most of this is done by the Police and government intelligence agencies such as the SIS, and most often it is done under warrant (although the restrictions on warrantless spying have been loosened in the post 9/11 era). Yet, it is not only government security and intelligence agencies that undertake targeted spying. Private investigators, credit card agencies, debt collectors, background checking firms and others all use this as a tool of their trades.
What is evident on the face of things is that all of the information gathering activities mentioned here violate not only the right to privacy but also the presumption of innocence, particularly the first two. Information is gathered on a mass scale regardless of whether people are violating the law or, in the case of targeted spying, on the suspicion that they are.
The way governments have addressed concerns about this basic violation of democratic principles is through the warrant system. But what about wholesale data-gathering by private as well as public entities? Who gives them permission to do so, and how?
That is where informed consent comes in. Informed consent of the electorate is considered to be a hallmark of robust or mature democracies. The voting public are aware of and have institutional channels of expression and decision-making influence when it comes to the laws and regulations that govern their communal relations.
But how is that given? As it turns out, in the private sphere it is given by the phrase “terms and conditions.” Be it when we sign up to a social media platform or internet service, or when we park our cars, or when we enter a mall and engage in some retail therapy, or when we take a cab, ride the bus or board a train, there are public notices governing the terms and conditions of use of these services that include giving up the right to privacy in that particular context. It may be hidden in the fine print of an internet provider service agreement, or on a small sticker in the corner of a mall or shop entry, or on the back of a ticket, but in this day and age the use of a service comes attached with it the forfeiture of at least some degree of privacy. As soon as we tick on a box agreeing to the terms or make use of a given service, we consent to that exchange.
One can rightly argue that many people do not read the terms or conditions of service contracts. But that is the point: just as ignorance is no excuse for violation of the law, ignorance of the terms of service does not mean that consent has not been given. But here again, the question is how can this be informed consent? Well, it is not.
That takes us to the public sphere and issues of governance. The reality is that many people are not informed and do not even think that their consent is required for governments to go about their business. This brings up the issue of “implicit,” “implied” or inferred” consent. In Latin American societies the view is that if you do not say no then you implicitly mean yes. In Anglophone cultures the reverse is true: if you do not explicitly say yes than you mean no. But in contemporary Aotearoa, it seems that the Latin view prevails, as the electorate is often uninformed, disinterested, ignorant of and certainly not explicitly consenting to many government policy initiatives, including those in the security field and with regards to basic civil liberties such as the right to privacy and presumption of innocence.
One can argue that in representative democracy consent is given indirectly via electoral processes whereby politicians are elected to exercise the will of the people. Politicians make the laws that govern us all and the people can challenge them in neutral courts. Consent is given indirectly and is contingent on the courts upholding the legality if not legitimacy of policy decisions.
But is that really informed contingent consent? Do we abdicate any say about discrete policy decisions and legislative changes once we elect a government? Or do we broadly do so at regular intervals, say every three years, and then just forget about having another say until the next election cycle? I would think and hope not. And yet, that appears to be the practice in New Zealand.
Therein lies the rub. When it comes to consenting to intrusions on our privacy be they in the private or public sphere, we are more often doing so in implicit rather than informed fashion. Moreover, we tend to give broad consent to governments of the day rather than offer it on a discrete, case by case, policy by policy, law by law basis. And because we do so, both public authorities and private agencies can collect, store, manipulate and exchange our private information at their discretion rather than ours.
I wrote a short opinion piece in the Herald outlining some of my thoughts about the Brussels terrorist attacks. Unless the root causes of the problem are addressed, there will be no end to them. Even if they overlap in the form of foreign fighters, those root causes primarily reside in the disaffection and alienation produced by socio-economic and cultural grievances at home rather than in the conflicts of the Middle East. The solution is to be proactive as well as reactive to the threat posed by domestic radicalisation, and that involves social reform as well as better human intelligence collection in the communities from which home-grown jihadists emerge.
In last Monday’s press briefing, the Prime Minister took my name in vain. Responding to questions from a reporter I had talked to, he said that my concerns about the apparent illegality of undercover intelligence operations were “fundamentally wrong.” Instead, he said that although intelligence agencies could not break laws (tell that to Kim Dotcom), they might require “different laws.”
I beg to differ.
Before delving deeper, let’s address the PM’s remark about the need for “different laws” governing undercover intelligence operations. What does he mean by “different?” Is he proposing that there be one set of laws for regular citizens and another set of laws governing undercover intelligence work? How does that sit with the “equal rights under the law” premise that is at the heart of democratic jurisprudence? And if there is no provision for “different laws” governing undercover intelligence operations today, then what is there in extant law that makes otherwise illegal acts legal? How often and under what circumstances are these illegal-but-legal acts allowed and are they only allowed or legal under warrant? Something tells me that the answers to the last two questions are “frequently and routine” and “no” respectively.
The question about undercover intelligence operations was raised because during the course of conversations with a couple of reporters about the Intelligence Review in general, I pointed out that the most interesting items were buried at the back of the report. Reporters tend to read the executive summaries of official government documents but seldom have the time or inclination to read through 179 pages of dense prose and legal jargon.
But since I have the time and inclination, I did. Plus, in my former life as a US government official I actually helped draft such reports so know that the best way of reading them is from back to front. That way one can get to the meat of the report, often found in annexes, before wading through the fluff.
I should point out that my overall take on the report is this: given who was on the Review committee, the report was inevitably going to have a bias towards institutional continuity and incrementalism with regard to reforms. That is indeed what happened. The report reflects as much if not more of the spy agencies’ concerns than it does that of external parties or stakeholders like the civil society organisations and individuals that were consulted by the Committee. The result is bound to be disappointing to those who wanted a major overhaul of the intelligence community or wanted parts of it disbanded altogether, such as the Greens, but to my mind it is a small but acceptable step towards greater transparency and accountability in the NZ intelligence community and its main collection agencies, the GCSB and SIS.
Even so, there are several problematic areas in the report that are worth considering, and here I will focus on the undercover operations that the PM thinks I have interpreted so fundamentally wrong. Rather than present my views without context, here are (cut and pasted) the recommendations regarding undercover operations as listed in the Report:
163 Annex C: Full list of recommendations (abridged).
Cover for operations and employees
78.The legislation should explicitly provide for the Agencies to obtain, create and use any identification information necessary for the purpose of maintaining the secret nature of their authorised activities. This should include the ability to create cover for anyone authorised to undertake activity for the Agencies.
79. “Identity information” should include anything that could be used to establish identity – such as credit cards and shell companies in additional to traditional forms of identification (such as passports and driver licences).
80. The Agencies should also have the ability to obtain, create and use identification information necessary to keep the identity of their employees confidential.
81. The use of these powers should be covered by a tier 3 authorisation (policy statement) to ensure they are exercised only where necessary and proportionate.
82. There should be corresponding immunities from civil and criminal liability for reasonable acts done in good faith to create or maintain cover as part of an authorised operation or to keep the fact of a person’s employment with the NZSIS or GCSB secret.
83. These powers and immunities should be incorporated through general provisions in the legislation governing the Agencies, rather than by inserting specific exceptions in other legislation as is currently the case.
84. The same immunities should apply to both agencies, in line with our recommendations that the Agencies share functions and an authorisation regime.
85. Immunities should also apply to anyone required to assist the Agencies, such as telecommunications companies, or to human sources or agents acting at the Agencies’ request or direction.
86. The legislation should provide that no person should be subject to criminal liability for acts carried out in good faith and in a reasonable manner that are necessary to give effect to a tier 1 or tier 2 authorisation.
87. Employees of the Agencies should also have immunity from criminal liability for acts carried out in good faith, in a reasonable manner and in accordance with the purposes of the Act to obtain a tier 1 or tier 2 authorisation.
88. The immunities for employees of the Agencies should also extend to any relevant minor offences or infringements that may need to be committed in the course of investigations carried out under a tier 3 authorisation (such as breaches of road user rules).
89. Employees of the Agencies and any person acting at the request or direction of the Agencies should be protected from civil liability for acts or omissions in good faith in the pursuance or intended pursuance of the Agencies’ duties, functions or powers. This is the same protection as is provided to public sector employees under the State Sector Act 1988.
90. Where the GCSB or NZSIS is assisting another agency to perform its functions, any immunities that apply to the agency being assisted should also apply to the GCSB and/or NZSIS.
Readers can form their own conclusions about what these recommendations imply. But here are some thoughts. It appears that undercover operations conducted by the SIS (and to a lesser extent the GCSB) do not have specific legal cover as things currently stand. There are no provisions in the SIS or GCSB Acts that explicitly refer to a legal framework under which otherwise criminal acts undertaken by undercover intelligence agents may occur. That means, in effect, that until now undercover intelligence operations are essentially illegal except for the fact that they are conducted by agents of the State at its behest under exceptions to existing legislation (outside of the GCSB and SIS Acts or even the State Sector Act). But even then there is apparently nothing in the law that explicitly authorises undercover intelligence operations that otherwise would be criminal acts (say, burglary, forgery or credit fraud). Yet the recommendations speak directly to such acts so clearly they have been happening.
The problem is not just that SIS agents have no specific legal cover for what they do covertly, something that individually places them at considerable risk in the event that they are caught or detected. There also are no specific provisions on what they cannot do. Where is the line drawn as to what is permissible when acting as an undercover agent of the State. Murder? Arson? Extortion? Blackmail? Kidnapping? Credit card fraud? Money laundering? Burglary? Home invasions? Tail-gating? (I include this because recommendation 88 specifically mentions breaches of road user rules). If an agent is recklessly tail-gating a surveillance target and wrecks while doing so, killing or injuring passerby, is that agent immune from prosecution or liability because s/he was in the service of the State?
These questions are not frivolous. From my personal experience, I know that among other things covert or undercover agents are taught how to pick locks and conduct “traceless” break-ins and burglaries (they are even provided with the tools to do so). Cyber-hacking to install malware or to steal sensitive information is a stock in trade of signals intelligence agencies. Clandestine surveillance of all sorts is the bread and butter of most human intelligence agencies. The CIA has its own lethal drone program and paramilitary branch, as do several other spy agencies. The Mossad is, among many other things, a brutally efficient assassination machine. So where does one draw the line when it comes to otherwise criminal acts carried out by intelligence agents of the NZ state?
The recommendations repeatedly speak about acting in “good faith.” But how is “good faith” defined? The SIS agents who broke into activist Aziz Chowdry’s home in 1996 were probably acting in “good faith” when they committed what otherwise would be a crime, but how is it that stealing documents from activists is justified on national security grounds? Moreover, the person who caught the SIS agents in the act of breaking and entering, David Small, had his home raided, ostensibly to search for bomb-making materials, by the Police a week later, after making the initial complaint (he was able to record the SIS get away car’s registration plate number, which was traced back to an SIS front company). How was the raid on Dr. Small done in “good faith” and at whose behest? The government was eventually forced to settle with Mr. Chowdry for a six figure amount and, worse yet, forced to apologise to him for the break in (you can read a summary of the case here).
Dr. Small also received compensation for “unreasonable search.” If we accept that an apology implies recognition of wrong doing and that “unreasonable searches” may be part of the SIS repertoire, then how and where does “good faith” come into the picture? Add to that events such as SIS break-ins at Auckland University in the late 1990s (if I am not mistaken Jane Kelsey’s office was a target), and one gets the idea that the SIS engages in otherwise illegal acts not so much for national security reasons but because it simply can under a de facto “good faith” immunity clause. So the effect of the current recommendations would be to codify what is already informal usage and practice.
The issue of “good faith” extends beyond New Zealand’s borders. Inspector General of Intelligence and Security Cheryl Gwyn is currently investigating whether the SIS was complicit in the CIA extraordinary rendition and black site program. For those unaware of these, the program involved kidnapping or detaining suspected Islamic extremists and “rendering” them to clandestine detention centres in a number of countries (Poland, Thailand and Egypt, among others). There they were subject to euphemistically labeled “enhanced” interrogation techniques (some of which are more properly classified as torture). Although some of those “rendered” by this program turned up in Guantanamo Bay or in prisons operated by US allies, many others have never been seen again. All of this was conducted off the books and outside of legal guarantees or protections for the detainees.
Assuming that Ms. Gwyn does find that in fact the SIS knew about or was complicit in the extraordinary rendition/black site program in contravention of NZ commitments to international conventions against torture and arbitrary detention, can the SIS turn around and claim that it was doing so in “good faith?” Is “good faith” nothing more than a get out of jail card for the intelligence services?
The bottom line is two-fold. First, undercover intelligence operations to date have been conducted under very porous and somewhat dubious legal cover that allows a multitude of operational sins to occur under what seems to be a wink and nod agreement with other agencies such as the police and Crown.
Secondly, the recommendations in the report about legal cover for undercover intelligence operations are very vague and broad, which allows the possibility for agents to go “rogue” so long as they can claim that they are acting in “good faith.” Neither is acceptable in a liberal democracy.
I agree that a comprehensive legal framework is needed governing the circumstances and permissible activities conducted during undercover intelligence operations. But this framework has to specify as much what is not permissible as what is, and has to ensure clear lines of responsibility as well as authorisation before and during the conduct of said operations. Otherwise we run the risk of allowing State-sanctioned criminal enterprise to masquerade as intelligence gathering.
It seems that a fair share of people are concerned about the Intelligence Review Committee’s recommendation that the GCSB be allowed to spy on the private communications of NZ citizens and residents, most often with a warrant adhering to a three tiered process that requires the signature of the Attorney General and Judicial Commissioner for the most intrusive searches of private individual’s communications and, under highly exceptional circumstances (involving the combination of imminent threat and the need for immediate real time information), accessing private individual’s communications without a warrant.
This essentially codifies what is already being done in practice under the GCSB’s “assist” role whereby it can offer its technological capabilities under warrant to other government agencies when asked and can engage in warrantless spying on NZ citizens and residents if they reside abroad or work for or are associated with foreign-based entities like NGO’s, IO’s embassies, corporations, charities and CSO’s. Remember: this is targeted eavesdropping and signals intercepts, not mass (meta-) data collection or mass surveillance. The argument goes, and I tend to agree in part with it, that the NZ threat environment has become increasingly “glocal” or “intermestic,” meaning that the boundaries between global or international affairs and domestic and local concerns are increasingly blurred thanks to advances in telecommunications, transportation and economic transaction. Hence the need for targeted GCSB involvement in matters of domestic espionage when warranted.
In any event my first question is this: why, if people are concerned about the publicly-debated legal extension of the GCSB’s de facto “assist” role, are they not concerned about the use of military assets (specifically, the deployment of light armoured vehicles, a helicopter and troops) to assist the police in the Kawerau police shooting and siege? After all, the use in a police operation of combat designed equipment and soldiers trained and equipped for external combat would seem to be stretching the proper, legally defined role of the NZDF even if we consider its civil defense responsibilities (which, if I am not mistaken, would only apply to armed intervention in instances of civil war or insurrectionist (read: Maori) upheaval). Should there not be a clear separation of NZDF missions and police matters delineated in law? Pardon my ignorance, but is there? Is there a legally outlined “assist” role for the NZDF in armed confrontations like this latest incident and the Napier siege of a few years ago? Or is the operational relationship between the NZDF and Police more ad hoc, informal and circumstantial in nature?
Then there is the suggestion by Michael Cullen that future Intelligence Reviews could consider merging the GCSB and SIS. This would be akin to merging the NZDF and NZ Police. So my next question is: would we ever consider merging the NZDF and Police? If not, why would we consider merging a signals intelligence collection agency with a human intelligence collection agency?
There is more to ask. Most of what the GCSB does is foreign intelligence collection on behalf of the 5 eyes network. The domestic side of its targeted spying is relatively small in comparison and again, done in service of or in concert with domestic agencies such as the SIS and Police, most often under warrant or given the exceptions listed above. Otherwise and for all intents and purposes, the GCSB is a branch of the 5 Eyes on NZ soil, not a fully independent or autonomous NZ spy agency. Think of the amount of money that the GCSB receives from 5 Eyes, amounts that are believed to be well in excess of its NZ government-provided budgetary allocations (the exact figures are classified so are what is known as “black” allocations under he “reciprocity agreement” that binds the GCSB to the rest of the 5 Eyes partners). Think of the highly sensitive technologies it employs. When the GCSB was first established, was the equipment and personnel used completely Kiwi in nature? Is the equipment used today completely Kiwi in nature and are the people manning the listening posts at Waihopai and Tangimoana today all NZ citizens?
Given the network resources at its disposal, were the GCSB to merge with the SIS it is possible that the latter would be subject to institutional “capture” by the former. That would mean that the intelligence priorities and requirements of 5 Eyes could come to dominate the human intelligence priorities of the SIS. I am not sure that is a good thing. And if we consider that the separation of powers concept that is at the core of democratic practice should institutionally extend beyond the tripartite structure at the apex of the state apparatus (executive, legislature, judiciary), then centralising the most intrusive spying powers of the state in one agency answerable almost exclusively to the executive branch seems to be antithetical to that premise.
It could be the case that the possibility of a merger is being floated so that the SIS and GCSB can concentrate on external espionage and counter-espionage, with the domestic intelligence function reverting wholly to the police (who already have their own intelligence units). But even then the GCSB will continue to have a role in domestic signals collection, so the result of the merger would mainly impact the focus and organisation of the SIS.
I was fortunate to have a private audience with the Review Committee. From what I have read in the report so far, much of what I recommended was ignored. Even so, I do believe that the committee tried to balance civil liberties with security requirements and take what is a hodgepodge of disparate intelligence legislation and craft a uniform legal framework in which the iNZ intelligence community can conduct its operations. Heck, they even have recommendations about the legal cover given to undercover agents, both in terms of the process of assuming false identities as well as in terms of their immunity from liability when discharging their undercover tasks (apparently no such legal cover exists at the moment or is patchy at best).
Although I was disappointed that much of what I recommended to the committee did not appear in the final report, I am satisfied that their recommendations are a step forward in terms of transparency, accountability and oversight. I realise that this sentiment is not shared by many observers (for example, Nicky Hager was scathing in his appraisal of the report), but to them the questions I posed above are worth considering. To wit: If you are comfortable with the military getting involved in domestic law enforcement in exceptional (yet apparently regular) circumstances, then what is the problem with the GCSB getting more publicly involved in domestic espionage in similar circumstances?
There is much more to discuss about the Report and I may well do so as I wade through it. For the moment, here is a good critical appraisal worth reading.
The Directors of the GCSB (Acting) and SIS appeared before the Parliamentary Select Committee on Intelligence and Security (SCIS) to deliver their respective annual reports. Those reports include national threat assessments. I was not at the meeting but here is what I gleaned from the media coverage of the event:
Did the SIS Director focus on the hundreds of gang members who see violence as a way of life, to include sexual assaults, drug dealing, gun running, property crime and assorted acts of physical mayhem that result in death and injury and whose collective behaviour intimidate and terrorise sectors of the communities in which they inhabit? Answer: No.
Did the SIS Director mention the dozens of white supremacists with track records of violence against minorities and who openly call for a race war and ethnic cleansing in NZ? Answer: No.
Did the SIS Director address the infiltration of transnational organised crime into NZ and its use of business fronts, corruption, extortion, and intimidation to extend its reach in NZ and beyond? Answer: No.
Did the Director comment on the presence of foreign espionage networks in NZ seeking to obtain sensitive corporate, diplomatic, political and security information. Answer: No.
Instead, according to the media coverage, the Director focused her remarks on the handful of NZ women who are believed to have left the country in order to join Daesh in Syria and Iraq. The Director was not sure if they left to marry or to fight (or both), and wondered about the effect the experience may have on them should they decide to return. That is interesting since few of the foreign women who have left to marry into or fight with Daesh return to their homelands, most being killed in conflict zones or while trying to escape the not-so-paradisical life of a Daesh concubine. The lucky few who have managed to get back to their homelands have not committed any acts of violence after their return.
Perhaps Director Kitteridge wanted to capitalise on the recent mass shooting in the US where one of the perpetrators was a so-called “jihadi bride” in order to focus public attention on the potential threat such women pose to NZ. But the woman in San Bernadino did not surreptitiously travel to a conflict zone, marry a Daesh fighter, then return to her homeland. Instead, she was a citizen of one US ally (Pakistan) and came from another (Saudi Arabia), who appears to have deliberately married a US citizen with the explicit intent of gaining entry to the US in order to carry out acts of politically motivated violence. Similarly, the woman who was an accomplice to the Paris mass murderers had never been to Syria and was unmarried. Neither is in any way comparable to NZ women marrying quickly and heading off to the Middle East.
That these women–again, less than a dozen by the Director’s own admission–chose to do so is certainly a tragedy for their families. It is also a small social problem in that it shows the depth of alienation and desperation of some women in NZ who see life with Daesh as a better alternative to life in Aotearoa. It can be considered to be a mental health issue because, to put it bluntly, one has to be a bit unhinged to think that life under Daesh in the killing grounds of al-Raqqa and elsewhere is an attractive proposition.
One thing is even clearer: it is not a pressing national security issue and should not have been the focus of the Director’s remarks or of the press coverage given to them.
So why so much attention given to the subject? Is this not public fear-manipulation via threat distortion? Was it the Director who was playing this game or was it the media doing so in their coverage of her remarks? Again, I was not there and only saw the coverage, but either way someone IS playing games when it comes to national threat assessments.
There is one more oddity about the mention of NZ “jihadi brides.” Western women who have travelled to join Daesh are known to be more likely than male foreign fighters to try and maintain contact with their families and/or friends back at home. They are known to be more likely than men to use social media applications as well as cell phones to communicate from Daesh-controlled territory (which speaks to the strategic, tactical and technological limitations of Daesh). This makes them a highly exploitable resource for intelligence agencies seeking to establish their locations, track their movements and those of their associates as well as get a sense of life under Daesh.
So why on earth would the Director jeopardize the ability of the SIS and GCSB to do so by publicly outing the fact that these women are being “monitored” as much as possible? This is especially perplexing given that these women are undoubtably included in the 30-40 people that the Director and PM have already said are being watched because of their Daesh sympathies, so there was no compelling reason to provide a gender breakdown of the approximately one in four who are female and who may have decided to travel in order to join Daesh.
A cynic would say that the comments by both Director Kitteridge and Acting GCSB Director Una Jagose were designed to prepare public sentiment for forthcoming security legislation allowing more intrusive powers of surveillance. The PM has now repeated his concerns about the “dark web” and spoken of the problems of decoding encrypted terrorist communications. So perhaps the stage is being set for that.
We must remember that the technologies involved in encryption and decryption, including the temporary “snapshot” encrypted communications that Western security authorities claim that terrorists are now using, all originate from military and intelligence agencies themselves. Thus the cycle of encryption/decryption, much like the previous cycles of code-making and code-breaking, has been well in progress for some time and will continue to be so for the foreseeable future. In this cycle it is security agencies who have the lead, not private sector application manufacturers.
In any event, jihadi brides are unlikely to be at the leading edge of this cycle so using them, however obliquely, as the foil for extending communications security legislation is a bridge too far.
From time to time I am invited to give public presentations on subjects within my areas of interest. Depending on the topic I sometimes offer ideas for the audience to consider. At a think tank gathering last year I offered the suggestion that parliament should consider the proposition that New Zealand be the first country to publicly and formally renounce the use of lethal drones at home and abroad. I pointed out that although security conservatives and military commanders would oppose the move because it limited NZDF (and perhaps in the future NZ Police) tactical options, it was worth debating on moral and legal as well as practical grounds given New Zealand’s unique political culture and international standing. Since 90 percent of what military drones do is non-lethal and the NZDF does not have a lethal drone capability as of yet, it seems worth a try.
That proposition went nowhere. Some left leaning commentators supported the motion (most notably No Right Turn and one of the authors at The Standard). But no a single political party, to include the Greens, Mana and the Internet Party, adopted it as a policy proposition and it was never brought up in parliament.
This year I was at another event that featured academicians, students, policy practitioners, journalists and diplomats (foreign and Kiwi) discussing New Zealand’s past, present and future foreign policy. I was matched with a representative of the New Zealand intelligence community and a security academic on a panel that addressed intelligence issues, specifically, New Zealand’s intelligence role in foreign policy.
As part of the discussion I suggested that Edward Snowden had done us a favour by exposing the extent to which NZ is a fully integrated member of the 5 Eyes signals intelligence network. The reason is that with the revelations that have come from the documents that he passed on to journalists, New Zealand has an opportunity to re-negotiate some of the terms of its participation in 5 Eyes. I noted that withdrawal from 5 Eyes was not an option–I said that it was like trying to leave the mafia. But the specific terms of what the GCSB does for 5 Eyes could be discussed given that New Zealand is by far the most vulnerable of the 5 Eyes partners to retaliation from the countries that it targets as part of the division of labour within Echelon. I specifically mentioned that NZ might broach the subject of reducing its role in spying on China given how trade dependent NZ is on the Asian giant.
A couple of journalists in the room ran stories on the suggestion and the PM was asked about it at his weekly press conference. He rejected it out of hand and said that NZ would not modify its intelligence operations because of trade considerations because what it did in was in the national interest.
The Snowden documents suggest otherwise, but that argument can be left for another moment.
Let me explain why NZ has an opportunity to re-negotiate the terms of its agreement with the Anglophone powers even though it cannot withdraw from 5 Eyes entirely.
If NZ were to withdraw from 5 Eyes it would lose the substantial benefits, unique to a small country, that it accrues from being in an alliance with four bigger partners with global reach. The flow of intelligence within 5 Eyes is very much reciprocal but what NZ receives is far more than what it delivers to the network. It is tasked with using shared technological means located on or operated from NZ soil (including its diplomatic missions) to target specific entities of common interest to the larger partners, and in exchange it receives global as well as more NZ-specific intelligence from those partners.
That is just one reason why withdrawal is unlikely. But think of the consequences if NZ unilaterally decided to opt out of Echelon. It is in possession of some of the most advanced signals interception technologies on the planet. The GCSB knows the processes, procedures, means, methods and protocols of the entire network. Fear that this knowledge and technologies (say, for example, X-Keyscore and Prism) could fall into hostile hands will inevitably prompt a negative response from NZ’s erstwhile intelligence allies, and that response will not be confined to the field of intelligence (I am aware of reports that some of the technologies and methods mentioned in the Snowden documents have been decrypted by Russian and Chinese intelligence but am not sure as to what extent this may have occurred).
Were NZ to try and establish an alternative signals intelligence network with other powers, the remaining 5 Eyes countries would likely move beyond defensive measures and into the field of offensive intelligence operations against NZ. In other words, the exit costs will be too high given the uncertain benefits received in the event of withdrawal.
That being said, the GCSB is integral to 5 Eyes operations. The partners cannot afford to alienate NZ on issues that are critical to NZ but marginal or less costly to them. Although they never thought that their operations would be exposed in the measure that they have, the 5 Eyes partners are now acutely aware, thanks to Snowden, that they rise and fall together when it comes to exposing how they go about signals intelligence acquisition and who they target. They can therefore ill afford to call NZ’s bluff on a matter that is of critical importance to the latter.
I would argue that bilateral trade with China is one such matter. Even if they have a pretty good idea of what the GCSB does for Echelon, public revelation of NZ having a lead role in spying on the Chinese at home and abroad will force the PRC to retaliate in some fashion, even if just to save face as an emerging great power with super power pretensions. It must show that it should not be disrespected and meddled in by small states no matter who those states are allied with. The means by which it can reach out and touch NZ in a bad way are myriad and not confined to diplomatic or economic relations.
The only reason that it would not do so is if it has counter-intelligence access to GCSB operations and wants to keep those “backdoor” channels open in spite of the publication of specifics about NZ espionage against it.
If NZ were to say to its partners that given its vulnerability to Chinese utu the GCSB would prefer not to take a major role in spying on the PRC, it is possible that the other partners will listen and consider the request. The GCSB can still spy on South Pacific, Latin American and other nations that do not have much leverage over it, as well as the UN, various NGOs and private firms as it is doing now. But it would give a pass to spying, at least in a major way outside of NZ territory, on the Chinese.
In my view, such a position would not prevent the GCSB (and SIS) from conducting counter-intelligence operations against Chinese espionage at home and abroad. Even if they know about these defensive measures the Chinese will likely not make an issue of them given that they instigated the back and forth. Where I would draw the line is on offensive operations against Chinese targets, especially when at the behest of the larger partners.
I am not surprised that John Key has no interest in this proposition. To do so requires political courage and a commitment to putting NZ national interests first. Neither is in his repertoire. Plus, even if he were to think about the dilemma posed by NZ’s increasingly counter-poised trade and security interests, any renegotiation along the lines I have posed would be done quietly and not publicly announced, much less at a press Q&A. But I doubt the latter is the case.
In any event, this is a potential moment of opportunity to redefine the terms and conditions of NZ’s involvement in 5 Eyes, however implausible that may seem at first glance. There is a supposed review of the NZ intelligence community now underway that could serve as a sounding board for opinions on the suggestion, and I am happy to add my two cents to the discussion should that be deemed worthwhile.
The slow drip feed of classified NSA material taken by Edward Snowden and published by journalists Glen Greenwald, Nicky Hager, David Fisher and others in outlets such as The Intercept and New Zealand Herald caused a stir when first published. Revelations of mass surveillance and bulk collection of telephone and email data of ordinary citizens in the 5 Eyes democracies and detailed accounts of how the NSA and its companion signals intelligence agencies in Australia, Canada, New Zealand and the UK spy on friend and foe alike, including trade partners and the personal telephones of the German prime minister and Indonesian president, caused both popular and diplomatic uproars. In New Zealand the outrage was accentuated by revelations about the illegal GCSB spying on Kim Dotcom and the government’s extension of its spying powers even after it was found to have operated outside its legal charter in other instances as well.
But now it seems that public interest in the issue has faded rather than grown. Revelations that the GCSB spies on Pacific island states such as Fiji, Samoa and Tonga as well as Pacific French territories, followed by news that it spied on candidates for the World Trade Organisation presidency on behalf of Trade Minister Tim Groser (himself a candidate), has been met not with street demonstrations and popular protests but by a collective yawn by the public at large.
Why is this so?
It appears that the New Zealand public is weary of the death by a thousand cuts approach used by Mr. Hager and his investigative colleagues. Beyond the usual array of diversions presented by popular culture and media, the reason for this disinterest seems to lie in the fact that the information released to date is seen as trivial, uncontroversial and tediously never-ending. Take for example the reaction to the news that the UK spied on Argentina after the Falklands/Malvinas War and carried on until 2011. Numerous pundits asked whether that is surprising. What is the UK expected to do when Argentina remains hostile to it and has never renounced its territorial claims over the islands? Similarly, others have pointed out that since New Zealand is utterly trade dependent, why not try to advance Mr. Groser’s candidacy for the WTO job using surreptitious as well as diplomatic means? Likewise, is it news that Australia and New Zealand spy on small Pacific neighbours who depend on them for a significant amount of foreign aid and are being courted by the Chinese? Why not given the levels of corruption and intrigue present in the region?
This does not mean that there are no constitutional, diplomatic, security and trade concerns raised by the Snowden leaks coming into the public domain. My belief is that there is much to be alarmed about in the Snowden files and they should serve as a catalyst or window of opportunity for a thorough review of the NZ intelligence community and perhaps even a renegotiation of the terms and conditions of its participation in Anglophone intelligence networks.
But the way in which it has been presented to New Zealand audiences has induced fatigue rather than fervour. Add to that the government’s strategy of obfuscation, denial and attacking the motives, ethics and character of the journalistic messengers, and the result is a jaded public with little interest in spies or what they do and whom they do it to. Cast against a backdrop in which personal data and private information is already bulk accessed by private firms and a host of social media platforms with profit-maximising in mind, the general attitude seems to be one of unconcern about what the guardians of the public interest are doing in that regard. In such a climate the old Nazi refrain “you have nothing to fear if you have nothing to hide” resonates quite well.
Unless Mr. Greenwald, Mr. Hager and their colleagues have bombshells that they have yet to drop, it appears that like Mr. Dotcom’s much-hyped “Moment of Truth” last year, their efforts have fizzled rather than fired. For the sake of their credibility as well as the public good, it is time for them to stand up and deliver something of significance that transcends the Wellington beltway or if not, to walk away.
Should Mr. Hager and company opt to deliver a bombshell, they need to consider one more thing: what good purpose is served by revealing the foreign espionage activities of New Zealand and its closest intelligence partners? Even if it uncovers myriad spying efforts that have nothing to do with national security (and terrorism, that old canard), will it advance the cause of transparency and selectivity in intelligence operations and make some governments more responsive to public concerns about privacy? Will it curtail spying by the 5 Eyes partners or any other nation? Will it encourage whistleblowing on illegal government surveillance? Will it advance New Zealand’s interests in the world or force a reconsideration of its relationship with its security partners?
Or will it simply damage New Zealand’s reputation and relations with the countries that have been spied on? Given that New Zealand is the most vulnerable of the 5 Eyes partners and is, indeed, almost totally trade dependent, the negative consequences of any potential backlash or retaliation by aggrieved states could be significant.
That is why the issue is important. The thrust of the most recent revelations have moved beyond domestic mass surveillance and into the realm of traditional inter-state espionage, which is not confined to the activities of the 5 Eyes partners and is an integral, if unspoken necessary evil of international relations. Given that the focus of the Snowden material is solely on 5 Eyes spying and not on its counterespionage efforts or the intelligence operations of other states, could it not seem to the general public to be a bit one-sided and deliberately injurious to continue to unveil only what NZ and its partners undertake by way of signals intelligence collection (as some in government and supportive of it have insinuated)?
In the end, will ongoing revelations about New Zealand foreign espionage serve the public interest and common good? Or will it have the opposite effect?
And will average Kiwis care either way?
A short version of this essay appeared in the New Zealand Herald, April 10, 2015.
Posted on 08:35, January 20th, 2015 by Pablo
The post 9/11 security environment has been dominated by the spectre of terrorism, mostly if not exclusively of the Islamic-inspired sort. In most liberal democracies the response to the threat of this type of extremist violence has been the promulgation of a raft of anti-terrorism laws and organisational changes in national security agencies, the sum total of which has been an erosion of civil liberties in the pursuit of better security. Some have gone so far as to speak of a “war” on terrorism, arguing that Islamicist terrorism in particular is an existential threat to Western societies that demands the prioritisation of security over individual and collective rights.
Although ideological extremists see themselves at war, this response on the part of democratic states, and the characterisation of the fight against terrorism as a “war” marshalled along cultural or civilisation lines, is mistaken. The proper response is to see terrorism not in ideological terms, with the focus on the motivation of the perpetrators, but in criminal terms, where the focus is on the nature of the crime. Seeing terrorism as the latter allows those who practice it to be treated as part of a violent criminal conspiracy much like the Mafia or international drug smuggling syndicates. This places the counter-terrorism emphasis on the act rather than the motivation, thereby removing arguments about cause and justification from the equation.
There is no reason for Western democracies to go to war. Whatever its motivation, terrorism poses no existential threat to any stable society, much less liberal democracies. Only failed states, failing states and those at civil war face the real threat of takeover from the likes of the Islamic State or al-Qaeda in the Arabian Peninsula. For Western democracies under terrorist attack, the institutional apparatus of the State will not fall, political society will not unravel and the social fabric will to tear. But there is a caveat to this: both the democratic state and society must beware the sucker ploy.
As an irregular warfare tactic terrorism is a weapon of the militarily weak that is not only a form of intimidation but a type of provocation as well. It has a target, a subject and an objective. Here is where the sucker ploy comes into play. Terrorist attacks against defenceless targets are designed to lure democratic states into undertaking security measures out of proportion to the real threat involved. The weaker adversary commits an atrocity or outrage in order to provoke an overreaction from the stronger subject, in this case from Western liberal democracies. The overreaction victimises more than the perpetrators and legitimises their grievances. In doing so, the democratic state plays into the hands of the terrorist objectives by providing grounds for recruitment, continuation and expansion of their struggle. When democratic societies, panicked by fear, begin to retaliate against domestic minority populations from whence terrorists are believed to emanate, then the sucker ploy will have proven successful.
The sucker ploy has been at the core of al-Qaeda’s strategy from the beginning. Enunciated by Osama bin Laden, the idea behind the attacks on the World Trade Centre and Pentagon, then the Bali, Madrid and London bombings, was to cause the entire West to overreact by scapegoating all Muslims and subjecting them to undemocratic security checks, to include mass surveillance, warrantless searches and arrest and detention without charge. With the majority supporting such moves, the Muslim minorities in the West become further alienated. That serves to confirm the al-Qaeda narrative that the West is at war with all of the Muslim world, which bin Laden and his acolytes hoped would generate a groundswell of conflict between Muslims and non-Muslims on a global scale.
The US and UK duly obliged by using 9/11 as one pretext for invading Iraq, which had nothing to do with the events of that day and which had no Islamic extremists operating in its midst at the time. It does now.
After the possibility of staging spectacular large scale attacks like 9/11 became increasingly difficult due to Western counter-measures, al-Qaeda 2.0 emerged. Its modus operandi, as repeatedly outlined and exhorted by the on-line magazine Inspire, is to encourage self-radicalised jihadis born in the West to engage in low-level, small cell (2-5 people) or so-called “lone wolf” attacks by single individuals on targets of opportunity using their local knowledge of the cultural and physical terrain in which they live.
In recent years the Syrian civil war and rise of the Islamic State have provided recruits with the opportunity to sharpen their knowledge of weaponry, tactics and combat skills with an eye towards future use at home in the event that they survive the foreign adventure (although less than 50 percent of them do). With reportedly 15,000 foreign fighters joining Syrians and Iraqis in the Islamic State ranks and a number of Westerners gravitating towards al-Qaeda, that leaves plenty of returning jhadis to be concerned about.
Shopping malls, sports venues, transportation hubs, entertainment venues, non-military government offices, media outlets, houses of worship, schools and universities–all of these present soft targets with significant symbolic value where a relatively small criminal act of violence can generate waves of apprehension across the larger population, thereby prompting a government overreaction as much in an effort to calm public fears as it is to prevent further attacks. The range and number of these targets makes guarding all them very difficult, and if the perpetrators plan in secret and maintain operational secrecy up until the moment of engagement, then they are impossible to stop regardless of the security measures in place. Short of adopting a garrison state or open-air prison approach to society as a whole, there is no absolute physical defense against determined and prepared low level operators, especially when they have access to not only to weapons but common household or industrial products that can be used to untoward ends.
Although it risks detection because of the coordination and numbers involved, one variant of the low-level, decentralised terrorist strategy is the so-called “swarm” attack, whereby several small cells engage multiple targets simultaneously or in rapid sequence, even in several countries if possible. This is designed to stretch the security apparatus to its limits, thereby causing confusion and delays in response while demonstrating the attacker’s capability to strike at will virtually anywhere. At that point the military–ostensibly used for external defense–is often called in, thereby giving all the appearance of a nation at war. Such is now happening in Belgium and France.
The evolution of terrorist tactics notwithstanding, if we strip away all the ideological gloss what is left is a transnational criminal enterprise. The response required is therefore more police than military in nature, and requires increased intelligence sharing and police cooperation amongst nations. The legislative response should be not to create a separate body of political crimes deserving of increased (and undemocratic) coercive attention from the state, but to bolster criminal law to include hard penalties for carrying out, financing, supporting or encouraging politically motivated violence. All of this can be done without militarising the state and compromising basic democratic values regarding the freedoms of speech, assembly and movement.
What is not needed but unfortunately has been the majority response in the West, is expanded anti-terrorist legislation and sweeping powers of search, surveillance and seizure that cover the entire population rather than those suspected of harbouring extremist tendencies. This violates the presumption of innocence as well as the right to privacy of the vast majority of citizens, to which can now be added restrictions on freedom of movement for those who, even without criminal backgrounds, are suspected of planning to travel to join extremist groups abroad.
Worse yet, such measures are not entirely effective, as the Boston Marathon bombings, Sydney hostage crisis (the work of a lone mentally ill individual with delusions of Islamic grandeur who was out on bail for sexual crimes and accessory to murder) and the Charlie Hebdo attacks have shown (Australia, the US and France have very strong antiterrorism measures, to include the Patriot Act and NSA/FBI mass surveillance in the US, overtly authoritarian security legislation dating back to the Fifth Republic in France–which was a response to the Algerian Crisis of 1958– and increasingly hard anti-terrorist legislation in Australia).
There is a clear need to upgrade police intelligence gathering, sharing and operational procedures in order to combat the terrorism threat. The main impediment to that has not been a public lack of cooperation or the inadequacy of extant criminal law (which needs regular upgrading in any event due to the evolution of crime–for example, 30 years ago cyber security and cyber crime were not issues that needed to be covered by law). Instead, it has mainly been due to inter-agency rivalries between domestic security and intelligence agencies and a lack of international cooperation on ideologically charged matters such as Islamic terrorism (for example, between Israel and its Arab neighbours and the US and China). Given advents in telecommunications technologies, there has to be a priority focus on social media intelligence gathering, particularly of platforms that use encryption to shield criminal behaviour. But all of that can be done without the mass curtailment of civil liberties, and without militarising the response to the point that it gives all the appearances of cultures at war.
It should be obvious that the underlying causes of terrorism in the West need to be addressed as part of a comprehensive strategy for dealing with the problem. These involve a host of socio-economic and cultural policy areas and a willingness by politicians to broach debate on sensitive topics related to them (such as the question of assimilation of migrants, minority youth unemployment etc.). But in the narrow sense of security counter-measures, the key is to not exaggerate the terrorist threat, to strip it of its political significance and to use more efficient policing and intelligence gathering backed by criminal law to treat it not as a special type of (political) crime but as just the violent acts of criminal conspirators.
Although its threat environment (including terrorist threats) is far less menacing than that of its major security partners, New Zealand has adopted antiterrorist and search and surveillance legislation that is more appropriate for the threats faced by India or Pakistan than by a small isolated democratic island state. Other small democracies outside of Europe like Costa Rica, Portugal or Uruguay have not seen the need to adopt such legislation, and Uruguay in fact has accepted released Guantanamo detainees for re-settlement. Thus the question begs as to why New Zealand has chosen to privilege security over freedom when the threat environment does not warrant it? So far, in spite of crying wolf about the spectre of home grown jihadists and returning foreign fighters, the New Zealand authorities have not provided any concrete evidence of plots or other indicators of terrorists at work that would justify the expansion of what is now a full-fledged security and surveillance state.
One can only hope that as part of the forthcoming intelligence agency review an honest discussion of terrorism and other threats can be had so that perspective can be gained and the proper response undertaken. That may well mean rolling back some of the security legislation passed during the last decade while refining specific provisions of the Crimes Act and attendant legislation so that the balance between security and civil liberties can be re-equilibrated in more even fashion.
For an interesting take on the subject, here is an article by a US security academic with clear pro-establishment views.
In a New Zealand Herald op ed I discuss Edward Snowden’s actions and their implications for New Zealand. It is possible that he may not be what he claims to be, but whether he is or not, there will be inevitable consequences for New Zealand stemming from his leaks.
The Parliamentary Select Committee hearings on the Bills to amend the 2003 GCSB Act and 2004 Telecommunications (Interception Capability and Security) Act have begun this week. There is much interest in the hearings not only because of the content of the Bills under consideration, but also because they are open to the public. The cast of characters scheduled to present is as colorful as it is deep: Kim Dotcom, the CTU, the Law Society, Internet NZ and several telecommunications firms are among those representing.
Even so, some of the public discussion surrounding the proposed reforms has been stunningly stupid. In recent weeks the Herald featured two editorials supporting the proposed changes. The first claimed that the changes would help prevent a Boston Bombing scenario (a claim that the Prime Minister has parroted; Winston Peters prefers to use the train station bombing hypothetical). That ignores the fact that US intelligence agencies could not do so even with their massive meta data-mining schemes and a tip from Russian authorities. Nor could they prevent the Fort Hood massacre even though the perpetrator was in regular email contact with an al-Qaeda leader in Yemen prior to the shooting.
Worse yet, the Prime Minister and others such as this editorial writer make it seem as if counter-terrorism is the primary function of intelligence operations. It is not. Traditional inter-state espionage, no matter what the technologies used, remain the major part of intelligence work. The counter-terrorism angle provides a convenient fig leaf for the expansion of intelligence networks and the scope of their authority, but in reality occupies a relatively small amount of intelligence resources and attention. This is particularly true for countries that are not on the front lines of the so-called “war on terrorism.”
The second editorial, by a supposed former intelligence officer, claimed that those who oppose the Bill are scaremongers and uninformed, even though the Law Society, Internet NZ and several other professional groups have registered their opposition on legal as well as technical grounds. The author also asserted that because civil servants drafted the proposed changes, we should accept them in good faith. Yeah right.
I beg to differ. There is clearly a need to “tidy up” the legal framework governing GCSB activities on home soil because under the current Act the role of the GCSB in domestic espionage is murky. But civil libertarians and privacy rights activists have legitimate reason to oppose the GCSB Bill in its present form.
The Bill expands the terms and conditions under which the GCSB can engage in domestic espionage, including reasons that have nothing to do with national security and for agencies unrelated to it. Those responsible for issuing the warrants under which the GCSB would “assist” domestic agencies would be those who currently do so, in a cross-signed fashion in the case of spying on New Zealand citizens and residents. If the targeted entity falls under the foreign intelligence collection mandate of the GCSB (which targets “foreign entities,” in New Zealand, including private firms as well as diplomatic missions), warrantless intercepts can be authorized even if they extend to New Zealanders.
In light of past excesses and mistakes it is evident that leaving warrant issuance to the Prime Minister and a retired judge (the Commissioner for Security Warrants) is pure folly even when done in combination. These are the individuals who were on watch during the Dotcom raid and, in the case of the Prime Minister, claimed ignorance after the fact as to how and why the GCSB became unlawfully involved in it.
The definition of threat to national security under which the GCSB would act is too nebulous and broad to prevent mission creep into common law enforcement and encroachments on individual and group privacy. For example, under the proposed legislation the GCSB could assist the Department of Primary Industries to spy on environmental activists on behalf of fishing, logging or mining interests if their protests were deemed injurious to the economic well-being of the nation, which can be construed as a threat to national security under current definition of the term.
The oversight mechanisms proposed by the Kitteridge Report are a veneer on what currently exists. Even if bolstered by a Deputy and some additional clerical staff and funding, the Inspector General of Intelligence and Security is simply too dependent and too powerless to effectively serve as the overseer of the New Zealand intelligence community. Absent effective independent oversight such as that which could come by making the Inspector General’s office a Department of Parliament responsible to a Parliamentary Committee with powers of compulsion under oath, the room for unaccountable manipulation of intelligence flows and analysis remains great.
The Telecommunications (Interception Capability and Security) BIll that accompanies the GCSB Bill is more draconian than similar legislation under the US Patriot Act. It compels telecommunications companies to provide access to their source and encryption codes (that is, provide warrantless access before the fact to private accounts when no threats are evident). It authorizes GCSB espionage operations without the consent of affected private entities as part of its “information assurance and cyber assurance” function, which is designed to safeguard a broadly defined information infrastructure consisting all forms of telecommunications emissions, systems and networks. In other words, one way or another the GCSB would have the ability to surreptitiously monitor all New Zealand based telecommunications regardless of whether or not they involved clear threats to national security.
Since New Zealand is not a major target of inter-state cyber espionage or in the so-called war on terrorism, that is an overreach. India, Brazil, Italy, Spain, Canada, Germany and many other democracies who arguably are much more at risk for espionage and terrorism do not have such legislation. In most the separation of foreign and domestic espionage is made quite clear in law, with the latter carried out mostly by the Police, national gendarmes or local investigative agencies with help from foreign-focused intelligence agencies only in the most exceptional circumstances (even then, agencies like Interpol exist as the first line of recourse used to facilitate international crime investigations).
What is the problem in requesting voluntary telecommunications company cooperation with national security investigations, particularly when they are clearly focused on clear and present threats? What telecommunications provider would refuse such a request, especially if issued under warrant specifying the reasons? If such a system works for the countries mentioned above, why can it not work here?
The official presumption in the T(ICS) bill that telecommunications firms need to be compelled rather than be allowed to voluntarily cooperate with intelligence agencies on matters of national security says more about the disposition of the government than it does about that of the firms involved.
By expanding the GCSB’s domestic “assistance” role in two capacities (information assurance and cyber security to public and private entities as well as technical assistance to sister agencies), the proposed changes run the risk of deviating it from its main foreign signals intelligence and counter-cyber espionage efforts. It will add a further burden to it’s already stretched staff of analysts, engineers, linguists and cryptographers. Since increased funding and recruitment are circumscribed by the present climate of fiscal austerity, it does not appear likely that resources for the GCSB will be increased commiserate with the increase in its domestic assistance authority.
Interestingly, the GCSB and T(ICS) Bills were proposed soon after issuance of the Kitteridge Report on the GCSB, which was driven by the unlawful electronic monitoring of Kim Dotcom and associates by that agency. Given the level of detail in the Bills, that suggests that they were drafted before Ms. Kitteridge’s findings and recommendations were finalized. This contradicts the government’s claim that the Bills came in response to the findings of that report.
In a world in which threats are increasingly “intermestic” or “glocal” in nature and in which the boundary between national law enforcement and international security is increasingly blurred, there is reason to adjust the legislative apparatus governing the role, scope and functions of the New Zealand intelligence community, including its international commitments. At present the GCSB and sister agencies appear rudderless, unsure of who and what purpose they serve, much less how they should prioritize their essential responsibilities.
This is why a full inquiry into the New Zealand intelligence community is needed before any reforms are made to its legal architecture, especially given that the last review of New Zealand intelligence operations occurred in the 1970s.
The inquiry could well start with exploring what New Zealand’s threat environment consists of now and in the near to medium future, including proximate and distant threats of a physical (environmental and epidemiological), economic, military, diplomatic and criminal nature. It could then turn to outlining the specific meaning of “national security” in light of these threats (with the balance between minimalist and expansive definitions of national security needing to be debated and precisely defined).
It might consider how current policy decisions or orientations can set the stage for the emergence or facilitation of future threats (such as by trying to play off trade and security relations with competing great powers as a form of hedging or strategic balancing act). Having done that, it could proceed to review the way in which the intelligence community operates so as to offer prescriptions for its better tailoring to the threat environment extant and foreseeable.
Much has happened since the last intelligence review, both in terms of the nature of national security threats as well as the technologies they employ and those used to counter them. It is therefore prudent to pause and review how New Zealand intelligence operations are conducted rather than rush to pass legislation that retroactively exculpates past unlawful behavior by the GCSB while expanding the reach of those who authorized it.
A short version of this essay appeared in the New Zealand Herald on July 2, 2013 under the title “GCSB bill going too far too fast.”