Unnoticed guests.

The Inspector General of Intelligence and Security (IGIS) recently released a report in which he exposes the existence of a foreign intelligence partner-controlled technological “capability” inside the headquarters of the GCSB, NZ’s 5 Eyes-affiliated signals intelligence collection and analysis agency. The memorandum of understanding (MOU) governing the way in which this “capability” was used was negotiated from 2008 through to 2012, and the system went operational in early 2013. It continued to do so until 2020, when it supposedly suffered a systems failure and the equipment was removed.

The IGIS became aware of its existence while investigating an unrelated, different foreign partner-operated “capability” in the GCSB in recent years. What he found about the 2013-2020 “capability” was troublesome on several levels.

At a broad level, the IGIS appears to have indirectly confirmed what Edward Snowden revealed when he defected and leaked thousands of classified documents to investigative journalists in 2013. Those documents included descriptions of signals intercept programs such as XKeyscore, Speargun, Cortex and Prism, all of which were unknown to the public or most political leaders at the time and one of which may be the “capability” in question.

Negotiations over the MOU and entering into service of the “capability” occurred during the first two National-led Key governments. Key was the Minister for Intelligence and Security as well as PM at the time. The MOU assumed that the Minister of the day and perhaps cabinet would be informed of the “capability” following the “no surprises” policy in the Cabinet Manual regarding sensitive, controversial or security-related matters. The MOU specified that the GCSB would be informed of what the “capability” was doing in real time, what its end products/outputs were and to what purposes it was being used. The MOU was also supposed to be reviewed on a regular basis, but in fact it never was.

The “capability” was not a collection technology but an analytic mechanism to which the GCSB delivered collected inputs (intercepts) from a variety of sources. From time to time the foreign partner agency would send emails requesting “feed” settings changes on the “capability” that were done by GCSB personnel. The IGIS found evidence of 45 of these but believes there were more that went unrecorded due to faulty or patchy record keeping and, most troubling, the foreign partner agency unilaterally changing the “feed” settings on the “capability” from a remote location without notifying the GCSB.

That is just part of the problem. Whatever was intended to happen according to the MOU, in practice the Minister responsible for the GCSB–John Key in the first instance–was apparently never informed of the “capability’s” existence. Nor were any other members of the political leadership, even after the Intelligence and Security Ministerial position was divided into two (one responsible for day-to-day oversight and the other a a more general steering role). Worse yet, the senior GCSB leadership after 2013 were also kept in the dark about the “capability’s” existence. Some of that may have been due to the revolving door nature of the Director General’s (DGGCSB) position after the Kim Dotcom illegal spying fiasco of the early 2010s, where general “authorisations” were rubber-stamped by incoming DGGCSBs without paying attention to the details of what was being authorised. It is also possible that lower level technicians with hands-on roles regarding the “capability” assumed that middle management kept their superiors in the chain of command informed about the “capability” and its operational status when in fact no senior leader was the wiser about the system after in came on line. In addition, hosting of the foreign partner’s “capability” was within the law according to the 2003 GCSB Act regarding foreign intelligence sharing even if the GCSB leadership and political decision-makers were not informed about its presence. Everything was lawful and yet in violation of the MOU regarding the duty to keep Ministers and senior agency leaders informed.

Beyond that, problems remained. No legal framework or organisational protocols were developed regarding the “capability’s” usage. In fact, unlike another NZ intelligence partner country that had a similar technology installed on its soil, there was no institutional and legal frameworks developed by the GCSB and Crown Law to specifically govern the operation of the “capability.’ That meant that the “capability” was used without regard to NZ law and international legal commitments.

As an illustration of what could go wrong with this arrangement consider the following. The IGIS repeatedly mentions in his report the possibility of data from the “capability” being used for military purposes, targeting in particular. Even though “targeting” can refer to a number of intelligence-related activities beyond kinetic strikes against physical objects, the possibility remains that NZ hosted a technology that in fact may have been used to do so. Imagine a drone strike in Afghanistan using GCSB-collected data that was analysed and “packaged” by the foreign intelligence partner-operated capability located on NZ soil. Imagine that the drone strike wound up killing innocents as well as intended targets. That makes NZ culpable as an accomplice of war crimes because it was part of the kill chain even if it was not aware of being so.

That brings in the second troublesome aspect of the issue. Whatever the MOU intended, in practice the GCSB had no operational control over how the “capability” was used or what its end products were. Instead, it served as a type of maintenance engineer, maintaining the platform and changing “feed” settings on it upon request (and sometimes not even being aware that the settings were changed remotely). Evidence of the latter only became apparent when GCSB personnel noticed unexplained data outflows at odd times in which there were no setting change requests. Although this was discussed internally by those involved with the “capability,” it was never brought to the attention of the agency’s senior leadership, much less the Minister. It was only discovered by the IGIS during the course of his post-2020 investigations.

In effect, the problem with the arrangement governing the “capability” installed within GCSB headquarters in 2012 was two-fold: on an internal level there was no vertical accountability to their superiors inside and outside of the GCSB from those responsible for handling the technology. This is a gross violation of basic principles of democratic oversight of intelligence operations, where senior intelligence professionals and the decision-making politicians elected by the public are supposed to take responsibility for whatever choices are made regarding intelligence matters. In this instance both the political and civil service leaderships were ignored by their GCSB subordinates, who ran what could be called a type of “dark” operation within an already opaque agency when it comes to revealing or acknowledging its activities.

The second problem is one of sovereignty. The GCSB hosted a foreign espionage platform operated by an intelligence partner country without any meaningful level of scrutiny or control, legal or practical, over what that platform did. The GCSB knew about its technological attributes but little more, and certainly knew nothing about its uses and end products until, at best, after the fact (in just one instance as far as the IGIS could determine). Although the IGIS report does not mention the possibility, it is known that US personnel are regularly stationed at GCSB facilities and, according to the report, were involved in training GCSB personnel in the operation and maintenance of the “capability.” If US (presumably NSA) officers were inside the GCSB and involved in running the “capability” without the knowledge of GCSB leaders and the Intelligence and Security Minister, then the infringement on NZ sovereignty was great.

Think of it this way. Imagine that the CIA sent an undercover officer to work from within the SIS on a project tasked by the CIA. Although the MOU governing his/her work stated that the SIS would know about his/her activities and regularly review them, the SIS had no idea what the CIA officer did although it regularly provided him/her with various spycraft tools of the trade. The CIA officer answered and provided human intelligence to the CIA, which did not share with the SIS how the intelligence was used or what its end product or output was. The SIS “handlers” of the CIA officer did not inform their superiors about his/her presence and no one told the responsible Minister that s/he was even in NZ. How would people react to such news? Well, that is what has been revealed about the GCSB foreign “capability” program from 2013-20.

The irony is that had the “capability” been revealed to the responsible Ministers and GCSB leadership it would have most likely been approved given the nature of the NZ governments during that period and importance of NZ’s relationship with its 5 Eyes partners. Or, given how he governed, perhaps John Key told the GCSB that he did not want to know about sensitive operational matters because it gave him plausible deniability when asked about them. Maybe there was a bit of truth in both possibilities. Who knows?

Another interesting aspect to this story is that it is very possible that the “capability” was installed at the GCSB headquarters in Wellington because NZ’s looser intelligence and security laws at the time made it easier for the foreign intelligence partner to circumvent its own laws regarding certain types of signals intercept collection and analysis. The Snowden leaks detail instances of “bulk collection” and other types of whole-scale metadata gathering that much like some types of mass surveillance violate the right to privacy and presumption of innocence in most democracies. The IGIS report actually mentions metadata collection, albeit without specifics. It is therefore possible that the foreign intelligence partner took advantage of NZ’s looser oversight and legal control regime in order to do what it could not do at home.

One positive discovery by the ISIG was that as far as he could tell the “capability” was not used on NZ citizens or permanent residents. That reinforces the notion that the targets of the “capability” were foreign as well, military or not. Again, Snowden’s leaks alluded to this.

When the 2017 Intelligence and Security Act was promulgated, which superseded previous legislation like the 2003 GCSB Act and brought various legal artefacts into one body of legislation, things appear to have begun to tighten when it comes to internal oversight mechanisms within the GCSB and the SIS. Former GCSB Acting Associate Director General (and later SIS Director General) Rebecca Kitteridge and former Inspector General of Intelligence and Security Cheryl Gwynn were instrumental in this regard and met concerted resistance from the “old boys” ranks within both agencies. Although they resisted so-called “bureaucratic capture” by spy agency “old boys” institutional inertia was great and it ran against them. They made significant inroads when it came to reforming institutional culture and practices, but much more remains to be done.

Here the troubling aspect is also double-sided. One the one hand the culture of impunity within these agencies continues to exist, even if in diluted form. The IGIS had great difficulty obtaining records, documents and truthful statements about and from those involved with the 2013-20 “capability.” Even after leaving the GCSB, some claimed to not recall its existence even though they were directly involved with it. This indicates that they are more loyal to each other and their foreign partners than to the governments of the day and the people who paid their salaries when in government service. Wellington, there is a problem.

The second difficulty is that for all the tightening of internal oversight mechanisms, there still is no effective external oversight of the NZ intelligence community, and particularly of operational agencies like the GCSB and SIS. The parliamentary committee on Intelligence and Security remains a toothless gab-fest with no powers of compulsion under oath or any other other form of disciplinary enforcement powers levied on intelligence agencies for a lack of institutional candor or cooperation. Legal punishments for these agencies for breaking the law are limited to small fines and no personal punishments. That means that the bureaucratic culture of impunity within some elements of the intelligence community is rewarded rather than constrained because, quite frankly, agency personnel can get way with things that the rest of us cannot because they are the so-called “keepers of the secrets.”

As things stand, as far as the IGIS report mentions none of those responsible for managing the “capability” have been held to account or disciplined in any way. The suggested agency reforms proposed by the IGIS, all accepted by the GCSB, do not address the issue of individuals discipline or accountability. It seems that impunity is its own reward.

This extends to their incompetence. One of the provisions of the Royal Commission on the Christchurch terrorist attacks was that no one within the intelligence and security communities would be held responsible for failures of a personal or institutional nature. This was supposedly done to encourage people to talk freely about what was and was not known in the lead-up to the attacks, but instead what resulted was a highly sanitised whitewash of bureaucratic and personal responsibility for the intelligence failures that facilitated the carrying out of one of NZ’s worse mass killings in modern times.

In effect, the story about this foreign intelligence “capability” secretly operated from within the GCSB is one about violation of basic principles of democratic oversight of intelligence agencies, of an abdication of sovereignty to a foreign power when it comes to intelligence collection and analysis, and above all, of an ongoing culture of impunity within NZ intelligence agencies that do not appear to have learned the right lessons from the Zaoui, Dotcom or March 15 cases when it comes to behaving ethically and taking responsibility for the actions or inactions taken on their watch.

Which begs the question: in spite of all the post 2017 tightening of internal oversight mechanisms, will it be a matter of when not if before history repeats when it comes to an intelligence agency scandal?

On intelligence oversight, a broader perspective.

The announcement that the Inspector General of Intelligence and Security (IGIS), Cheryl Gwyn, has convened an external Reference Group to discuss issues of intelligence agency oversight (specifically, that of the NZSIS and GCSB, which are the agencies under her purview) has been met with applause and controversy. The applause stems from the fact the Group is a continuation of her efforts to strengthen the oversight mechanisms governing New Zealand’s two most important intelligence collection and analysis agencies. The controversy is due to some of the persons who have accepted invitations to participate in the Group.

The Group is an unpaid, non-partisan collection of people with interest, expertise and/or background in matters broadly related to intelligence and security and their oversight. None are government employees, something that gives them freedom to speak frankly under the Chatham House rules established by the IGIS. The Group is a supplement to and not a rival of or substitute for the IGIS Advisory Panel, made up of two people with security clearances that have access to classified material and who can offer specific assistance on matters of operational concern. However, the Advisory Panel has had no members since October 2016.

The idea behind the Reference Group, which is modelled on a Dutch intelligence oversight counterpart, is to think laterally or “outside of the box” on matters relevant to intelligence oversight. Bringing together people from different backgrounds and perspectives allows Group discussions to gravitate towards areas of common concern, thereby eliminating personal agendas or extreme positions. And because the Group is made up of outsiders, it does not run the risk of becoming slave to the groupthink of agency insiders.

In contrast to the Advisory Panel, the Reference Group does not handle classified material nor discuss operational matters. Access to classified material or operational details is obviated by the fact that the Group’s focus is on the broad themes of accountability, transparency, organizational compliance and the balance between civil liberties (particularly the right to privacy) and the defense of national security as conducted by the lead intelligence agencies. These are matters of legality and propriety rather than operational conduct. And while similarly important, legality and propriety are not synonymous. Often what is legal is not proper and vice versa, and this is acutely the case when it comes to intelligence collection, analysis and usage. Since the IGIS does not oversea the NZDF and smaller intelligence “shops” such as those of the DPMC, Police, Immigration and Customs, the Group will only discuss issues relevant to oversight  of the NZSIS and GCSB.

Who are the members of the Group and why the controversy? The plurality of members are four public interest lawyers, three of them academicians and one an advocate for refugees. Two members are journalists. One is the Issue Manager for Internet NZ, one is the head of the NZ Council for Civil Liberties, one is a former Russian diplomat now serving as the Director of the Massey University Centre for Defense and Strategic Studies (CDSS), one is an economist who chairs Transparency International New Zealand and one is a private sector geopolitical and strategic analysis consultant.

Concern has been voiced about the presence of both journalists as well as the refugee advocate and the loyalties of the former Russian diplomat (although he has held positions at a US security institution as well as the NZDF-funded CDSS). The thrust of the contrary views about these and some of the other participants is that they are untrustworthy due to their personal backgrounds, professional affiliations and/or ideological orientations. An additional reason given for opposing some of the membership is that they have been strong critics of the SIS and GCSB and therefore should be disqualified a priori.

Others believe that the Group is just a whitewashing, window-dressing or co-optation device designed to neuter previous critics by bringing them “into the tent” and subjecting them to “bureaucratic capture” (whereby the logic of the agencies being overseen eventually becomes the logic accepted by the overseers or Reference Group interlocutors).

The best way to allay these concerns is to consider the IGIS Reference Group is as an external focus group akin to a Town Hall meeting convened by policy-makers. Communities are made of people of many persuasions and many viewpoints, and the best way to canvass their opinions on a broad range of subjects is to bring them together in a common forum where they can debate freely the merits of any particular issue.  In the case of the Reference Group the issue of intelligence agency oversight and, more specifically, matters of institutional and individual accountability (both horizontal and vertical, that is, vis a vis other government agencies such as the judiciary and parliament, on the one hand, and vis a vis the government and public on the other); transparency within the limits imposed by national security concerns; and the juggling of what is legal and what is proper, are all set against the backdrop of respect for civil liberties inherent in a liberal democracy. These are complex subjects not taken lightly by those involved, all of whom have track records of involvement in the field and who, given the terms of reference and charter of the Group, are acting out of a sense of civic duty rather than for pecuniary or personal gain.

The IGIS does not need political or agency authorisation to construct such a Group, which has no statutory authority or bureaucratic presence. As a vehicle for interest intermediation on the subject of intelligence oversight, it serves as a sounding board not for the IGIS but for the people on it. In that light, the IGIS has called the Group’s discussion a “one-way street” where participants air their informed opinions about agenda items agreed to in advance and in which the IGIS serves as a discussion moderator and takes from it what she finds useful. Expected to meet two or three times a year over tea and coffee, the Group is not likely to tax the Treasury purse and could well deliver value for dollar in any event.

Critics of this exercise and other forms of interest intermediation or external consultation betray their closet authoritarianism because such concertative vehicles are mainstays of policy-making in advanced liberal democracies. Be it the tripartite wage negotiation structures bringing representatives of the State, labour and capital together (even at the regional or local level), to consultative boards and other social partnership vehicles that connect stakeholders and decision-makers in distinct policy areas, the use of interest intermediation is an integral feature of modern democratic regimes (for an example of the breadth of issues addressed by intermediation vehicles, see Kate Nicholls, Mediating Policy: Greece, Ireland and Portugal before the Eurozone Crisis. London: Routledge, 2015.). To argue against them because of who is represented or because they are seen as inefficient talkfests that are a waste of taxpayer money is just a cloak for a desire to silence broad public input and dissenting views in the formulation of public policy. That may have been the case under the previous government but no longer is the case now.

One of the thorniest problems in a democracy is the question of what system of checks and balances keeps the intelligence community proper as well as legal. As the most intrusive and sensitive of State activities, intelligence collection, analysis and usage must be free from reproach on a number of grounds—conflicts of interest, partisan bias, foreign control, illicit activity or criminal behaviour, etc.—and must be accountable and responsive to the public will. The broadening of consultation intermediators between the NZ intelligence community and the public is therefore a step in the right direction, and for that reason the Reference Group is a welcome contribution to the oversight authority vested in the IGIS.

References: http://www.igis.govt.nz/media-releases/announcements/establishment-of-igis-reference-group/

http://www.igis.govt.nz/media-releases/announcements/reference-group/

Disclosure: The author is a member of the Reference Group. The views expressed are his own.

A matter of insubordination and contempt.

In her latest annual report, Inspector General of Intelligence and Security (IGIS) Cheryl Gwyn detailed that the NZSIS unlawfully collected Customs data on thousands of travellers from 1997-2016. This bulk collection was not done under warrant and was instead done on industrial scale: anyone who passed through New Zealand ports of entry during this time period can assume that their personal data was “harvested” by the New Zealand Security Intelligence Service (NZSIS) for its own purposes. Current NZSIS Director Rebecca Kitteridge defended the practice as a necessary part of fighting terrorism (which presumes that SIS concern with terrorism started in 1997 if her claim is correct) and maintains that legal advice at the time made the SIS believe that the practice of bulk collection was lawful. Think about that–warrantless indiscriminate collection of the personal information about thousands of people was deemed, if we are to believe the Director, lawful by the best in-house legal minds within the NZSIS. This happened even though the NZSIS Act was revised several times during the time in which the unlawful bulk collection occurred, so it is clear that when it came to warrantless access of traveler’s personal information, be they citizens, visitors, immigrants or officials, the senior staff in the agency thought that it was fair game–or at least thought that they could get away with it. One gets the impression that this is the same legal team that thought it was lawful for the GCSB to spy on Kim Dotcom after he gained permanent residency–a practice clearly prohibited in the GCSB Act in force at the time of the illegal wire-tapping. Perhaps it is time for these legal geniuses to step down.

IGIS Gwyn also noted that the NZSIS refused to cooperate, impeded and/or raised obstacles to her search for primary documents related to the unlawful monitoring of travellers as well as on other issues. Let’s be clear on this: New Zealand’s primary human intelligence agency deliberately impeded the work of the main oversight officer to which it is responsible. This, in spite of legal requirements to do so. The answer to this contempt for their statutory obligations may rest in the fact that under the current SIS Act the maximum penalty levied on the NZSIS for unlawful acts (of which obstruction is one) is NZ$5000–payable by the agency, not the individuals who authorised the unlawful acts or who refused to cooperate with the IG’s requests.

Although I find it very hard to believe, let us assume that SIS managers who authorised the mass tapping of Customs data were doing so in good faith while under the impression that the practice was lawful. If that is the case, they should be reprimanded and counselled on their statutory obligations. But those who obstructed or impeded the IGIS’s work need to be fired. In fact, if they are not, then Director Kitteridge needs to either resign or herself be dismissed. That task falls to Andrew Little, the Minister responsible for Intelligence and Security. Yet, although he has made some noises to the effect that he expects the agency to comply with IGIS requests, he has made no moves to punish those responsible for this blatant disregard for and defiance of the intelligence oversight process.

It is now abundantly clear that even though the IGIS is better funded and staffed and has better powers of proactive as well as post facto investigative authority (ostensibly including the powers of legal compulsion) than her predecessors, her office remains effectively marginal, if not subordinate to the bureaucratic logics internal to the agencies she oversees. These logics are founded on a deliberate opaqueness when it comes to transparency and statutory compliance and a deeply ingrained disregard for external advice, scrutiny or oversight. The old boys club will do as it sees fit to do regardless of the arrows slung by nosy outsiders. They are the gatekeepers and guardians of the secrets, and it is they who decide what is proper and what is not when it comes to legality and oversight adherence. Perhaps in this particular case the SIS managers do not like Ms. Gwyn or her somewhat unconventional career path on the way to becoming IGIS, but even if that is true their personal feelings have no place impeding the effective discharge of her duties.

The problem of ineffectual oversight of the NZ intelligence community (NZIC) highlighted by the IGIS’s frustrations with SIS obstructionism is rooted in a bureaucratic culture of impunity within the SIS and GCSB and in the lack of strong parliamentary oversight. The Select Committee on Intelligence and Security (SCIS) remains a highly partisan paper tiger devoid of real compulsion or enforcement authority. For their part ministers responsible for intelligence and security such as Andrew Little are all to often reluctant to confront spies about their excesses, when not prone to “bureaucratic capture” by them (a situation where an ostensible overseer becomes captivated by the logics and rationales of  subordinates with specialised expertise in a given policy field, leading to a lack of critical appraisal and independent review of actions taken in that field). Some of this may be due to the history of politicization that surrounds the SIS, which often appears to serve the government of the day rather than the common interest (in which case Mr. Little’s soft response has a politically opportunistic basis). But most of the oversight failures when it comes to the NZIC is grounded in the lack of effective and enforceable legal authority granted to the IGIS and the SCIS.

The only answer to this culture of insubordination and contempt within the NZIC, in this case specifically the SIS, is to hold individuals legally accountable for their actions. For example, rather than levy paltry fines on the SIS for its unlawful activities, the fines should be increased 20 fold and levied against the individuals who either knowingly ordered the illegal project(s) and/or who deliberately obstructed, concealed, tampered with or otherwise impeded the IGIS investigation into their activities. Likewise, the SCIS needs to become a dedicated organ of Parliament with its own professional staff and dedicated funding so that it can be come an independent research and investigatory arm answerable but not subordinate to the government of the day. The political appointments at the top could remain as stands (five members, the PM and two members nominated by him/her plus the Leader of the Opposition and his/her one nominee). Or it could be revised to include leaders of parties who reach a significant electoral threshold (say, ten percent of the popular vote). Either way, the SCIS should be provided powers of compulsion under oath, arrest and other means of legal enforcement of its oversight mandate so that the NZIC understands that it answers to the people of Aotearoa via elected officials as well as the IGIS, not the other way around.

The new Labour government has a golden opportunity to promote effective reform of the NZIC armed with the justification provided by Gwyn’s report on the SIS. Much like rot, there is a culture of contempt as well as impunity amongst at least some senior staffers in the NZIC that needs to be extirpated and replaced by those who understand that in a democracy it is not the spies who determine what is lawful and what is not (or for that matter, what is secret and what is not), but instead it is the specialized oversight agencies entrusted by the people and grounded in law (such as when it comes to definitions of national security threats) who do so. But for that to be the case, the oversight agencies and mechanisms need teeth, and it is exactly that which continues to be missing from the current oversight scheme.

Threat Distortion as Fear Manipulation.

The Directors of the GCSB (Acting) and SIS appeared before the Parliamentary Select Committee on Intelligence and Security (SCIS) to deliver their respective annual reports. Those reports include national threat assessments. I was not at the meeting but here is what I gleaned from the media coverage of the event:

Did the SIS Director focus on the hundreds of gang members who see violence as a way of life, to include sexual assaults, drug dealing, gun running, property crime and assorted acts of physical mayhem that result in death and injury and whose collective behaviour intimidate and terrorise sectors of the communities in which they inhabit?  Answer: No.

Did the SIS Director mention the dozens of white supremacists with track records of violence against minorities and who openly call for a race war and ethnic cleansing in NZ? Answer: No.

Did the SIS Director address the infiltration of transnational organised crime into NZ and its use of business fronts, corruption, extortion, and intimidation to extend its reach in NZ and beyond? Answer: No.

Did the Director comment on the presence of foreign espionage networks in NZ seeking to obtain sensitive corporate, diplomatic, political and security information. Answer: No.

Instead, according to the media coverage, the Director focused her remarks on the handful of NZ women who are believed to have left the country in order to join Daesh in Syria and Iraq. The Director was not sure if they left to marry or to fight (or both), and wondered about the effect the experience may have on them should they decide to return. That is interesting since few of the foreign women who have left to marry into or fight with Daesh return to their homelands, most being killed in conflict zones or while trying to escape the not-so-paradisical life of a Daesh concubine. The lucky few who have managed to get back to their homelands have not committed any acts of violence after their return.

Perhaps Director Kitteridge wanted to capitalise on the recent mass shooting in the US where one of the perpetrators was a so-called “jihadi bride” in order to focus public attention on the potential threat such women pose to NZ. But the woman in San Bernadino did not surreptitiously travel to a conflict zone, marry a Daesh fighter, then return to her homeland. Instead, she was a citizen of one US ally (Pakistan) and came from another (Saudi Arabia), who appears to have deliberately married a US citizen with the explicit intent of gaining entry to the US in order to carry out acts of politically motivated violence. Similarly, the woman who was an accomplice to the Paris mass murderers had never been to Syria and was unmarried. Neither is in any way comparable to NZ women marrying quickly and heading off to the Middle East.

That these women–again, less than a dozen by the Director’s own admission–chose to do so is certainly a tragedy for their families. It is also a small social problem in that it shows the depth of alienation and desperation of some women in NZ who see life with Daesh as a better alternative to life in Aotearoa. It can be considered to be a mental health issue because, to put it bluntly, one has to be a bit unhinged to think that life under Daesh in the killing grounds of al-Raqqa and elsewhere is an attractive proposition.

One thing is even clearer: it is not a pressing national security issue and should not have been the focus of the Director’s remarks or of the press coverage given to them.

So why so much attention given to the subject? Is this not public fear-manipulation via threat distortion? Was it the Director who was playing this game or was it the media doing so in their coverage of her remarks? Again, I was not there and only saw the coverage, but either way someone IS playing games when it comes to national threat assessments.

There is one more oddity about the mention of NZ “jihadi brides.” Western women who have travelled to join Daesh are known to be more likely than male foreign fighters to try and maintain contact with their families and/or friends back at home. They are known to be more likely than men to use social media applications as well as cell phones to communicate from Daesh-controlled territory (which speaks to the strategic, tactical and technological limitations of Daesh). This makes them a highly exploitable resource for intelligence agencies seeking to establish their locations, track their movements and those of their associates as well as get a sense of life under Daesh.

So why on earth would the Director jeopardize the ability of the SIS and GCSB to do so by publicly outing the fact that these women are being “monitored” as much as possible? This is especially perplexing given that these women are undoubtably included in the 30-40 people that the Director and PM have already said are being watched because of their Daesh sympathies, so there was no compelling reason to provide a gender breakdown of the approximately one in four who are female and who may have decided to travel in order to join Daesh.

A cynic would say that the comments by both Director Kitteridge and Acting GCSB Director Una Jagose were designed to prepare public sentiment for forthcoming security legislation allowing more intrusive powers of surveillance. The PM has now repeated his concerns about the “dark web” and spoken of the problems of decoding encrypted terrorist communications. So perhaps the stage is being set for that.

We must remember that the technologies involved in encryption and decryption, including the temporary “snapshot” encrypted communications that Western security authorities claim that terrorists are now using, all originate from military and intelligence agencies themselves. Thus the cycle of encryption/decryption, much like the previous cycles of code-making and code-breaking, has been well in progress for some time and will continue to be so for the foreseeable future. In this cycle it is security agencies who have the lead, not private sector application manufacturers.

In any event, jihadi brides are unlikely to be at the leading edge of this cycle so using them, however obliquely, as the foil for extending communications security legislation is a bridge too far.

So much for intelligence community reform.

It turns out that nearly 5 months after getting re-elected, the government has decided on the composition of the Intelligence and Security Committee (ISC). Besides himself as Chair of the ISC, the Prime Minister gets to select two members from the government parties and the Opposition Leader gets to select one member from opposition parties.  In both cases the respective Leaders are expected under Section 7 (1) (c,d) of the 1996 Intelligence and Security Committee Act to consult with the other parties on their side of the aisle before selecting the remaining members of the committee. The language of the Act is quite specific: “c) 2 members of the House of Representatives nominated for the purpose by the Prime Minister following consultation with the leader of each party in Government: (d) 1 member of the House of Representatives nominated for the purpose by the Leader of the Opposition, with the agreement of the Prime Minister, following consultation with the leader of each party that is not in Government or in coalition with a Government party.” (1996 ISCA, pp. 6-7).

Not surprisingly the government has nominated two National MPs, Attorney General Chris Finlayson and Justice Minister Amy Adams, for membership on the ISC. It is not clear if ACT, the Maori Party and United Future were consulted before their selection. What is more surprising is that Andrew Little nominated David Shearer and did not consult with opposition parties before making his selection. While Shearer is a person with considerable international experience and has been a consumer of intelligence (as opposed to a practitioner) during his career, Mr. Little has been neither. In fact, it can be argued that Mr. Little has the least experience of all the proposed members when it comes to issues of intelligence and security, which means that he will have to lean very heavily on Mr. Shearer if he is not not be overmatched within the ISC.

Moreover, in past years Russell Norman, Peter Dunne and Winston Peters have been on the ISC, so the move to re-centralise parliamentary oversight in the two major parties represents a regression away from the democratisation of representation in that oversight role. Since these two parties have been in government during some of the more egregious acts of recent intelligence agency misbehaviour (for example, the Zaoui case, where intelligence was manipulated by the SIS to build a case against him at the behest of or in collusion with the 5th Labour government, and the case of the illegal surveillance of Kim Dotcom and his associates by the GCSB in collusion or at the behest of the US government under National, to say nothing of the ongoing data mining obtained via mass electronic trawling under both governments), this does not portend well for the upcoming review of the New Zealand intelligence community that this ISC is charged with undertaking.

The Greens have expressed their disgust at being excluded and have, righty in my opinion, pointed out that they are the only past members of the ISC that have taken a critical look at the way intelligence is obtained, analysed and used in New Zealand. But that appears to be exactly why they were excluded. According to John Key,  Labour’s decision was “the right call” and he “totally supports it.” More tellingly, Mr. Key said the following: “A range of opposition voices from the minor parties could railroad the process. I don’t think the committee was terribly constructive over the last few years, I think it was used less as a way of constructing the right outcomes for legislation, and more as a sort of political battleground” (my emphasis added).

In other words, Russell Norman took his membership on the ISC seriously and did not just follow along and play ball when it came to expanding state powers of search and surveillance under the Search and Surveillance Act of 2012 and GCSB Act of 2014.

That is a very big concern. Mr. Key believes that the “right” outcomes (which have had the effect of expanding state espionage powers while limiting its accountability or the institutional checks imposed on it) need to be produced by the ISC when it comes to the legal framework governing the intelligence community. Those who would oppose such outcomes are not suitable for membership, a view with which Andrew Little seems to agree.

This is so profoundly an undemocratic view on how intelligence oversight should work that I am at a loss for words to  explain how it could come from the mouth of a Prime Minister in a liberal democracy and be tacitly seconded by the Leader of the Opposition–unless they have genuine contempt for democracy. That is a trait that W. Bush, Tony Blair and John Howard shared as well, but what does that say about the state of New Zealand democracy?

Mr. Little has given his reason to exclude Metiria Turei of the Greens from ISC membership as being due to the fact the Mr. Norman is stepping down in May and Mr. Little wanted “skills, understanding and experience” in that ISC position. Besides insulting Ms. Turei (who has been in parliament for a fair while and co-Leader of the Greens for 5 years), he also gave the flick to Mr. Peters, presumably because that old dog does not heel too well. As for Mr. Dunne, well, loose lips have sunk his ship when it comes to such matters.

The bottom line is that Mr. Little supports Mr. Key’s undemocratic approach to intelligence oversight. Worse yet, it is these two men who will lead the review of the NZ intelligence community and propose reform to it, presumably in light of the debacles of the last few years and the eventual revelations about NZ espionage derived from the Snowden files.

As I said last year in the built-up to the vote on the GCSB Amendment Act,  I doubted very much that for all its rhetorical calls for an honest and thorough review process that led to significant reform, Labour would in fact do very little to change the system as given because when it is in government it pretty much acts very similar to National when it comes to intelligence and security. If anything, the differences between the two parties in this field are more stylistic than substantive.

What I could not have foreseen was that Labour would drop all pretence of bringing a critical mindset to the review and instead join National in a move to limit the amount of internal debate allowable within the ISC at a time when it finally had an important task to undertake (in the form of the intelligence community review).

As a result, no matter how many public submissions are made, or how many experts, interest groups and laypeople appear before the ISC hearings, and how much media coverage is given to them, I fear that the end result will be more of the same: some cosmetic changes along the margins, some organisational shuffles and regroupings in the name of streamlining information flows, reducing waste and eliminating duplication of functions in order to promote bureaucratic efficiency, and very little in the way of real change in the NZ intelligence community, especially in the areas of oversight and accountability.

From now on it is all about going through the motions and giving the appearance of undertaking a serious review within the ISC. For lack of a better word, let’s call this the PRISM approach to intelligence community reform.

LINK: The Intelligence and Security Committee Act 1996.

On the need for intelligence accountability and oversight reform.

One thing has become clear after the revelations of multiple New Zealand intelligence agency failures, malfeasance and incompetence over the past few years. That is what happens when there is no effective oversight on, or accountability by those agencies. As things stand the Prime Minster is the sole oversight on New Zealand’s intelligence community. The parliamentary intelligence and security committee is a toothless wonder that gets semi-regular general briefings on intelligence matters (at a rate of less than once a month), and the inspector general (IG) of intelligence–the person who is supposed to independently investigate the actions of the intelligence community–is currently a geriatric former judge who has the equivalent of a .5 full time employee and whose office and resources are provided by the agencies he is supposed to independently assess. His predecessor, another retired judge, resigned under a cloud brought about by the Ahmed Zaoui political asylum  case, where the Security Intelligence Services (SIS)  was shown to have clearly manipulated analysis of intelligence flows derived from foreign partners and the IG demonstrated bias in favor of  the SIS version  of events prior to releasing his findings.

Add to that the fact that the IG has limited powers of investigation and a parliamentary committee that cannot be told about operational matters and has no powers to subpoena or authority to force testimony under oath, and what you have is a recipe for institutional “stretch:” the tendency of institutions to exceed and play loose with the rules, laws and regulations governing their charter in the absence of effective oversight and accountability. That has become glaring apparent in recent weeks.

The problem is somewhat mitigated when the Prime Minister is a hands-on type of manager who is knowledgeable about intelligence matters, to include methods of collection and analysis. Although it raises the possibility of PM misuse of intelligence flows for political purposes, it does have the merit of forcing intelligence officials to be accountable to someone. However, if the PM is disinterested, ignorant or laissez-faire in managerial approach to intelligence matters, then the possibility of intelligence agency institutional stretch becomes quite real, as we have now seen.

Given the revelations about the GCSB and prior instances of SIS “stretch,” the time is now perfect for a reform of the intelligence oversight apparatus. Although the PM can and should remain as the minister for intelligence and security, the parliamentary committee needs to be granted effective and binding oversight authority that includes powers to investigate operational issues and force intelligence agency officials of all ranks  to respond under oath to questions about the how, when and why of specific intelligence matters. Likewise, the Inspector General’s position needs to be expanded into a three person panel that includes a mix of people with experience in handling sensitive information and knowledge of how intelligence collection and analysis works, and who answer to and are resourced by parliament rather than the PM and SIS, respectively.

Unchecked executive oversight of intelligence agencies is prone to what might be called the authoritarian tendency (by which elected executives assume quasi-dictatorial powers of managerial control), and is in fact the mark of many authoritarian regimes. This avoids the system of checks and balances that is not only a hallmark of democratic political systems, but of their institutional component as well. The issue, as the intelligence community well knows, is about triangulation: there needs to be at least three independent (if overlapped) sources of critical institutional scrutiny for information or oversight to be validated (which are manifest in policy or administrative decisions).

That system of institutional checks and balances is what provides oversight and promotes accountability within public bureaucracies as a whole. Such accountability is horizontal–between different public agencies such as the judiciary and security apparatus–as well as vertical (where public agencies answer to political authorities separated into legislative and executive components). The institutionalized oversight aggregate mitigates against public agency stretch and political manipulation.

Having one individual, whatever his or her persuasion with regard to issues of intelligence collection, analysis and political impact (something driven by the political context of the moment, including  the relationship between government and opposition and the  personal and partisan implications of any given decision regarding security and intelligence) is, in a democracy, antithetical. In mature democracies policy decisions are not individualized; they are institutionalized and subject to effective oversight.

This is simply a matter of democratic good practice. Effective, independent oversight not only keeps intelligence agencies honest and prevents institutional stretch. It reassure the voting public that the larger common interest, rather than narrow political, diplomatic or corporate concerns, are served by the intelligence and security agencies charged with defending the commonweal.

Follow up on the SIS files and what should be done.

When I found out that I was mentioned in the SIS files on Keith Locke (apparently in an unflattering letter), I got to thinking further about what can  be done to improve that agency and rid it of an institutional culture that is seemingly unprofessional, unaccountable and biased in its presentation of threats. There is more to the story, which revolves around the window of opportunity presented to the new government by the director-general of the SIS, Warren Tucker,  in opening up the SIS files to public scrutiny. Rather that repeat it here, please see the link below, where I outline the broader picture. I do not mean to be shameless with the link, just synergistic. A full post (on direct action) is forthcoming soon.

http://www.scoop.co.nz/stories/HL0902/S00209.htm